Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more ➡
Download
Standard view
Full view
of .
Add note
Save to My Library
Sync to mobile
Look up keyword or section
Like this
23Activity
×

Table Of Contents

The Business and Legal Issues of Ethical Hacking
Hackers, Crackers, and Other Related Terms
Ethical Hacking Objectives and Motivations
Steps in Malicious Hacking
Covering, Clearing Tracks, and Installing Back Doors
Hacker and Ethical Hacker Characteristics and Operations
Skills Needed by an Ethical Hacker
Steps in an Infosec Evaluation
Types of Information System Security Testing
Protections and Obligations for the Ethical Hacker
Related Types of Computer Crime
Law and Legal Systems
Administrative Law
Common Law Organization
Statutory Law
U.S. Common Law System Categories
Computer Security Crime Laws
Privacy Principles and Laws
Computer Crime Penalties
Ethics
Assessment Questions
Penetration Testing from a Business Perspective
Penetration Test Approach and Results
Valuating Assets
Penetration Testing Steps Summarized
Selecting a Penetration Testing Consulting Organization
Justification of Penetration Testing through Risk Analysis
Risk Analysis Process
Typical Threats and Attacks
Impact Determination
One Gathering information
Gathering Information
Whois
Nslookup
Open Source Searching
Locating the Network Range
Determining the Network Range with ARIN
Traceroute and TTL
Email Tracking Programs
Identifying Active Machines
Ping
Ping Sweeps
Ping Tools
Identifying Open Ports and Available Services
Port Scanning
TCP/UDP Scanning Types
Determining the Operating System
Scanning Tools
Vulnerable Ports
Port Scanning Issues
Banner Grabbing
War Dialing
War Driving and War Walking
Wireless Scanners
Wireless Packet Sniffers
Fingerprinting
Passive Fingerprinting
Active Fingerprinting
Mapping the Network
Protection Rings
Windows Architecture
Windows Security Elements
SAM Database
Local Security Authority Subsystem Service
NetBIOS
Active Directory (AD)
Enumerating Techniques for Windows
NetBIOS Enumerating
Net View
NBTSTAT
Nbtscan
User2sid and Sid2user
Other Tools
SNMP Enumeration
SNMPutil
Other SNMP Enumeration Tools
DNS Zone Transfer
Active Directory Enumeration
Countermeasures
NetBIOS Null Sessions
SNMP Enumeration Countermeasures
DNS Zone Transfer Countermeasures
Password Guessing
Automated Password Guessing
Password Sniffing
L0phtcrack
KerbCrack
Alternate Means
Keystroke Loggers
Hardware Keyloggers
Software Keyloggers
Keylogging Tools
Redirecting SMB
Privilege Escalation
Password Cracking
Password Cracking Techniques
Dictionary Attack
Brute Force Attack
Hybrid Attack
Rainbow Attack
Stealing SAM
Cracking Tools
Covering Tracks
Disabling Auditing
Clearing the Event Log
Trojan Attack Vectors
Wrappers
Covert Communication
Trusted Computer System Evaluation Criteria (TCSEC)
TCPView
Process Viewer
Inzider
Sniffers
Sniffing Exploits
ARP Spoofing
DDoS Attacks
Prevention of DoS Attacks
Prevention of DDoS Attacks
Session Hijacking
The TCP/IP Protocol Stack
Layered Protocol Roles
Sequence Numbers
Session Hijacking Steps
Tools for Session Hijacking
Protecting Against Session Hijacking
Penetration Testing Overview
Legal and Ethical Implications
The Three Pretest Phases
Footprinting
Scanning
Enumerating
Penetration Testing Tools and Techniques
Port Scanners
Vulnerability Scanners
Password Crackers
Trojan Horses
SQL Injection Attack
Cross Site Scripting (XSS)
Wireless Network Penetration Testing
WLAN Vulnerabilities
SSID Issues
WEP Weaknesses
MAC Address Vulnerabilities
Wireless Scanning Tools
Social Engineering
Intrusion Detection System (IDS)
Linux History
Scanning Networks with Linux Tools
NMap
Nessus
Cheops and Cheops-ng
Linux Hacking Tools
John the Ripper
SARA
Sniffit
HPing
Linux Rootkits
Linux Security Tools
Linux Firewalls
IPChains
IPTables
Linux Application Security Tools
Linux Intrusion Detection Systems (IDS)
Linux Encryption Tools
Linux Log and Traffic Monitors
Port Scan Detection Tools
Human-Based (Person-to-Person) Social Engineering
Computer-Based Social Engineering
Example Social Engineering Attacks
Motivations for Individuals to Respond to Social Engineers
Reverse Social Engineering
Phishing
Hidden Frames
URL Obfuscation
HTML Image Mapping
Identity Theft
Defending Against Social Engineering Attacks
Physical Security
Physical Security Implementation
Company Facility Controls and Issues
Company Personnel Controls
Environmental Controls
Heating, Ventilation, and Air Conditioning (HVAC)
Fire Safety Controls
Access Controls
Fax Machines
Physical Facility Controls
Web Server Hacking
Web Server Hacking and Web Application Vulnerabilities
Client to Server Data Exchange
Web Servers
Web Server Security Issues
ISAPI and DLL
IIS Attacks
Apache Attacks
Patch Management
Web Application Vulnerabilities
Related Hacking Tools
Netcat
Black Widow
Instant Source
Wget
Websleuth
Nikto
Wikto
Network Utilities
SQL Injection Testing and Attacks
Preparing for an Attack
Conducting an Attack
Lack of Strong Typing
Union Select Statements
Acquiring Table Column Names
Stored Procedures
Extended Stored Procedures
Server System Tables
SQL Injection Prevention and Remediation
Automated SQL Injection Tools
Symmetric Key Cryptography
Symmetric Key Encipherment
Substitution Cipher
Vernam Cipher (One-Time Pad)
Transposition (Permutation) Cipher
The Exclusive Or (XOR) Function
Symmetric Key Cryptography Characteristics
Data Encryption Standard (DES)
Triple DES
The Advanced Encryption Standard (AES)
The Blowfish Algorithm
The Twofish Algorithm
The IDEA Cipher
RC5/RC6
Public Key Cryptosystems
One-Way Functions
Public Key Algorithms
El Gamal
Elliptic Curve (EC)
Summaries of Public Key Cryptosystem Approaches
Digital Signatures
Hash Function
Developing the Digital Signature
The U.S. Digital Signature Standard (DSS)
Public Key Certificates
Digital Certificates
Public Key Infrastructure (PKI)
Cryptanalysis
Managing Encryption Keys
Email Security
Electronic Transaction Security
Wireless Security
Disk Encryption
Hacking Tools
Authentication
Authentication Methods
Basic Authentication
Digest Authentication
NTLM (NT LAN Manager) Authentication
Negotiate Authentication
Certificate Based Authentication
Forms-Based Authentication
RSA Secure Token
Biometrics
Password Considerations and Issues
Selecting Passwords
Protecting Passwords
Computer Password Cracking and Support Tools
Web Password Cracking Tools
Wireless Technology
The Cellular Phone Network
Worldwide Cellular via LEO Satellites
Cellular Network Elements
Global Wireless Transmission Systems
AMPS
TDMA
CDMA
CDPD
TACS
General Packet Radio Service (GPRS)
Enhanced Data Rates for Global Evolution (EDGE)
Wireless Networking
Direct Sequence Spread Spectrum (DSSS)
Frequency Hopping Spread Spectrum (FHSS)
The IEEE 802.11 Family
WLAN Operational Modes
Ad Hoc Mode
Infrastructure Mode
Association Frames
Service Set Identifier (SSID)
Bluetooth
BT Security
BT Attacks
The Wireless Application Protocol (WAP)
Wired Equivalent Privacy (WEP)
WEP Encryption
WEP Decryption
WEP Authentication Methods
Open System Authentication
Shared Key Authentication
Media Access Control Authentication
WEP Key Management
WEP Cracking
WPA and WPA2
802.1x and EAP
Extensible Authentication Protocol (EAP)
EAP Transport Level Security (EAP-TLS)
Lightweight Extensible Authentication Protocol (LEAP)
WLAN Threats
Denial of Service Attacks
SSID Problems
The Broadcast Bubble
War Driving
Rogue Access Points
MAC Spoofing
Wireless Hacking Tools
NetStumbler
AiroPeek
AirSnort
Kismet
WEPCrack
Other WLAN Tools
Securing WLANs
Standards and Policy Solutions
MAC Address Filtering
SSID Solutions
Antenna Placement
VLANS
Wireless VPNs
Wireless RADIUS
Dynamic WEP Keys
Enable WEP, WPA2, EAP, and 802.1x
Site Surveys and IDS
Firewalls
Firewall Types
Proxy Firewall
Packet Level Filtering Firewall
Stateful Inspection Firewalls
Hardware and Software Firewalls
Firewall Architectures
Packet-Filtering Routers
Dual-Homed Hosts
Screened Host
Screened-Subnet Firewalls
Firewall Identification
Firewall Ports
Scanning with TCP
Scanning with UDP
Firewalking
Breaching and Bypassing Firewalls
Traceroute
Covert Channeling
ACK Tunneling
HTTP Tunneling
Firewall Backdoors
Firewall Informer
Intrusion Detection and Response
Host-Based ID Systems
Network-Based ID systems
IDS Detection Methods
Statistical Anomaly Detection
Pattern Matching Detection
Protocol Detection
IDS Responses
Using an IDS in a Switched Environment
Evading IDSs
Tools for Evading and Testing IDSs
Intrusion Prevention Systems
SNORT 2.x
Cisco Security Agent
Incident Handling
Computer Incident Response Team
Incident Notification
Honeypots
Honeypot Applications
Discovering Honeypots
Viruses
The Virus Lifecycle
Macro Viruses
Polymorphic Viruses
Stealth Viruses
Spyware
Web Bugs
Spambots
Pop-Up Downloads
Drive-By Downloads
Bogus Spyware Removal Programs
Multistage and Blended Threats
Worms
Virus and Worm Examples
Chernobyl
Explore.Zip
LoveLetter
Melissa Virus
Nimda Virus
Pretty Park
BugBear
Klez
SirCam Worm
Code Red Worm
Other Worms of Interest
Buffer Overflows
Preventing Malicious Code and Buffer Overflows
Virus Scanners
Virus Prevention
Virus Detection
Defending Against Buffer Overflows
0 of .
Results for:
No results containing your search query
P. 1
oo28

oo28

Ratings: (0)|Views: 17,775|Likes:
Published by Emre Bozlak

More info:

Published by: Emre Bozlak on Jul 26, 2011
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See More
See less

06/10/2013

pdf

text

original

You're Reading a Free Preview
Pages 15 to 189 are not shown in this preview.
You're Reading a Free Preview
Pages 204 to 205 are not shown in this preview.
You're Reading a Free Preview
Pages 220 to 226 are not shown in this preview.
You're Reading a Free Preview
Pages 241 to 599 are not shown in this preview.
You're Reading a Free Preview
Pages 614 to 737 are not shown in this preview.