Course Outline Version 5

Module 1: Introduction to Ethical Hacking

ρ Why Security?

ρ Essential Terminologies

ρ Elements of Security

ρ The Security, Functionality, and Ease of Use Triangle

ρ What Does a Malicious Hacker Do?

ρ Reconnaissance

ρ Scanning

ρ Gaining access

ρ Maintaining access

ρ Covering Tracks

§ Types of Hacker Attacks

o Operating System attacks
o Application-level attacks
o Shrink Wrap code attacks
o Misconfiguration attacks
§ Hacktivism
§ Hacker Classes
§ Hacker Classes and Ethical Hacking
§ What Do Ethical Hackers Do?
§ Can Hacking be Ethical?
§ How to Become an Ethical Hacker?
§ Skill Profile of an Ethical Hacker
§ What is Vulnerability Research?
§ Why Hackers Need Vulnerability Research?
§ Vulnerability Research Tools
§ Vulnerability Research Websites
§ How to Conduct Ethical Hacking?
§ Approaches to Ethical Hacking
§ Ethical Hacking Testing
§ Ethical Hacking Deliverables
 § Computer Crimes and Implications
§ Legal Perspective

µ U.S. Federal Law

µ Japan’s Cyber Laws

µ United Kingdom’s Cyber Laws

µ Australia’s Cyber Laws

µ Germany’s Cyber Laws

µ Singapore’s Cyber Laws

Module 2: Footprinting

§ Revisiting Reconnaissance
§ Defining of Footprinting
§ Information Gathering Methodology
§ Unearthing Initial Information
§ Finding a Company’s URL
§ Internal URL
§ Extracting Archive 0f a Website
§ Google Search for Company’s Info.
§ People Search
§ Footprinting Through Job Sites
§ Passive Information Gathering
§ Competitive Intelligence Gathering
§ Why Do You Need Competitive Intelligence?
§ Companies Providing Competitive Intelligence Services
§ Competitive Intelligence
µ When Did This Company Begin?

µ How Did It Develop?

µ What Are This Company's Plans?

µ What Does Expert Opinion Say About The Company?

µ Who Are The Leading Competitors?

§ Public and Private Websites

§ Tools
µ DNS Enumerator

µ SpiderFoot

µ Sensepost Footprint Tools

µ BiLE.pl

µ BiLE-weigh.pl

µ tld-expand.pl

µ vet-IPrange.pl

µ qtrace.pl

µ vet-mx.pl

µ jarf-rev

µ jarf-dnsbrute

o Wikito Footprinting Tool

o Web Data Extractor Tool
o Whois
o Nslookup
o Necrosoft
o ARIN
o Traceroute
o Neo Trace
o GEOSpider
o Geowhere
o GoogleEarth
o VisualRoute Trace
o Kartoo Search Engine
o Touchgraph Visual Browser
o SmartWhois
o VisualRoute Mail Tracker
o eMailTrackerPro
o Read Notify
o HTTrack Web Site Copier
o Web Ripper
 o robots.txt
o Website watcher
o E-mail Spider
o Power E-mail Collector Tool
§ Steps to Perform Footprinting

Module 3: Scanning

ρ Definition of Scanning

ρ Types of Scanning

ρ Port Scanning

ρ Network Scanning

ρ Vulnerability Scanning

ρ Objectives of Scanning

ρ CEH Scanning Methodology

ρ Check for live systems

ICMP Scanning
Angry IP
HPING2
Ping Sweep
Firewalk
o Check for open ports
Nmap
TCP Communication Flags
Three Way Handshake
SYN Stealth / Half Open Scan
Stealth Scan
Xmas Scan
FIN Scan
NULL Scan
IDLE Scan
ICMP Echo Scanning/List Scan
 TCP Connect / Full Open Scan
FTP Bounce Scan
FTP Bounce Attack
SYN/FIN Scanning Using IP Fragments
UDP Scanning
Reverse Ident Scanning
RPC Scan
Window Scan
Blaster Scan
PortScan Plus, Strobe
IPSecScan
NetScan Tools Pro
WUPS – UDP Scanner
SuperScan
IPScanner
MegaPing
Global Network Inventory Scanner
Net Tools Suite Pack
FloppyScan
War Dialer Technique
Why War Dialing?
Wardialing
PhoneSweep
THC Scan
SandTrap Tool
o Banner grabbing/OS Fingerprinting
OS Fingerprinting
Active Stack Fingerprinting
Passive Fingerprinting
Active Banner Grabbing Using Telnet
GET REQUESTS
p0f – Banner Grabbing Tool
p0f for Windows
Httprint Banner Grabbing Tool
Active Stack Fingerprinting
XPROBE2
 RING V2
Netcraft
Disabling or Changing Banner
Apache Server
IIS Server
IIS Lockdown Tool
ServerMask
Hiding File Extensions
PageXchanger 2.0
o Identify Service
o Scan for Vulnerability
Bidiblah Automated Scanner
Qualys Web-based Scanner
SAINT
ISS Security Scanner
Nessus
GFI LANGuard
SATAN (Security Administrator’s Tool for Analyzing Networks)
Retina
NIKTO
SAFEsuite Internet Scanner
IdentTCPScan
o Draw network diagrams of Vulnerable hosts
Cheops
FriendlyPinger
o Prepare proxies
Proxy Servers
Use of Proxies for Attack
SocksChain
Proxy Workbench
ProxyManager Tool
Super Proxy Helper Tool
Happy Browser Tool (Proxy-based)
MultiProxy
TOR Proxy Chaining Software
o Anonymizers
 Primedius Anonymizer
Browzar
Torpark Browser
G-Zapper - Google Cookies
o SSL Proxy Tool
o HTTP Tunneling Techniques
o HTTPort
o Spoofing IP Address - Source Routing
o Detecting IP Spoofing
o Despoof Tool
o Scanning Countermeasures
o Tool: SentryPC

Module 4: Enumeration

§ Overview of System Hacking Cycle

§ What is Enumeration?
§ Techniques for Enumeration
§ Netbios Null Sessions
§ Tool
o DumpSec
o NetBIOS Enumeration Using Netview
o Nbtstat
o SuperScan4
o Enum
o sid2user
o user2sid
o GetAcct

ρ Null Session Countermeasures

ρ PSTools

ρ PsExec

ρ PsFile

ρ PsGetSid

ρ PsKill
 ρ PsInfo

ρ PsList

ρ PsLoggedOn

ρ PsLogList

ρ PsPasswd

ρ PsService

ρ PsShutdown

ρ PsSuspend

ρ PsUptime

ρ SNMP Enumeration

ρ Management Information Base

ρ Tools

ρ SNMPutil

ρ Solarwinds

ρ SNScan V1.05

ρ Getif SNMP MIB Browser

ρ UNIX Enumeration

ρ SNMP UNIX Enumeration

ρ SNMP Enumeration Countermeasures

ρ Tools

ρ Winfingerprint

ρ Windows Active Directory Attack Tool

ρ IP Tools Scanner

ρ Enumerate Systems Using Default Passwords

 ρ Steps to Perform Enumeration

Module 5: System Hacking

ρ Cracking Passwords

ρ Password Types

ρ Types of Password Attacks

ρ Passive Online – Wire Sniffing

ρ Passive Online Attacks

ρ Active Online – Password Guessing

ρ Offline Attacks

ρ Dictionary Attack

ρ Hybrid Attack

ρ Brute-force Attack

ρ Pre-computed Hashes

o Non-Technical Attacks
o Password Mitigation
o Permanent Account Lockout – Employee Privilege Abuse
o Administrator Password Guessing
o Manual Password Cracking Algorithm
o Automatic Password Cracking Algorithm
o Performing Automated Password Guessing
o Tools
NAT
Smbbf (SMB Passive Brute Force Tool)
SmbCrack Tool
Legion
LOphtcrack
o Microsoft Authentication - LM, NTLMv1, and NTLMv2
o Kerberos Authentication
o What is LAN Manager Hash?
 o Salting
o Tools
PWdump2 and Pwdump3
Rainbowcrack
KerbCrack
NBTDeputy
NetBIOS DoS Attack
John the Ripper
o Password Sniffing
o How to Sniff SMB Credentials?
o Sniffing Hashes Using LophtCrack
o Tools
ScoopLM
SMB Replay Attacks
Replay Attack Tool: SMBProxy
Hacking Tool: SMB Grind
Hacking Tool: SMBDie
o SMBRelay Weaknesses & Countermeasures
o Password Cracking Countermeasures
o LM Hash Backward Compatibility
o How to Disable LM HASH?
o Tools
Password Brute-Force Estimate Tool
Syskey Utility

ρ Escalating Privileges

o Privilege Escalation
o Cracking NT/2000 Passwords
o Active@ Password Changer
o Change Recovery Console Password
o Privilege Escalation Tool: x.exe

ρ Executing applications

o Tool:
Psexec
Remoexec
Alchemy Remote Executor
 Keystroke Loggers
E-mail Keylogger
Spytector FTP Keylogger
IKS Software Keylogger
Ghost Keylogger
Hardware Keylogger
Keyboard Keylogger: KeyGhost Security Keyboard
USB Keylogger:KeyGhost USB Keylogger
o What is Spyware?
o Tools
Spyware: Spector
Remote Spy
eBlaster
Stealth Voice Recorder
Stealth Keylogger
Stealth Website Logger
Digi-Watcher Video Surveillance
Desktop Spy Screen Capture Program
Telephone Spy
Print Monitor Spy Tool
Perfect Keylogger
Stealth Email Redirector
Spy Software: Wiretap Professional
Spy Software: FlexiSpy
PC PhoneHome
o Keylogger Countermeasures
o Anti-Keylogger
o PrivacyKeyboard

ρ Hiding Files

o Hacking Tool: RootKit

o Why Rootkits?
o Rootkits in Linux
o Detecting Rootkits
o Rootkit Detection Tools
BlackLight from F-Secure Corp
RootkitRevealer from Sysinternals
 Malicious Software Removal Tool from Microsoft Corp
o Sony Rootkit Case Study
o Planting the NT/2000 Rootkit
o Rootkits
Fu
AFX Rootkit 2005
Nuclear
Vanquish
o Rootkit Countermeasures
o Patchfinder2.0
o RootkitRevealer
o Creating Alternate Data Streams
o How to Create NTFS Streams?
o NTFS Stream Manipulation
o NTFS Streams Countermeasures
o NTFS Stream Detectors
ADS Spy
ADS Tools
o What is Steganography?
o Tools
Merge Streams
Invisible Folders
Invisible Secrets 4
Image Hide
Stealth Files
Steganography
Masker Steganography Tool
Hermetic Stego
DCPP – Hide an Operating System
Camera/Shy
Mp3Stego
Snow.exe
o Video Steganography
o Steganography Detection
o SIDS ( Stego intrusion detection system )
o High-Level View
 o Tool : dskprobe.exe

ρ Covering tracks

o Disabling Auditing
o Clearing the Event Log
o Tools
elsave.exe
Winzapper
Evidence Eliminator
Traceless
Tracks Eraser Pro
ZeroTracks

Module 6: Trojans and Backdoors

§ Introduction
§ Effect on Business
§ What is a Trojan?
§ Overt and Covert Channels
§ Working of Trojans
§ Different Types of Trojans
§ What Do Trojan Creators Look For?
§ Different Ways a Trojan Can Get into a System
§ Indications of a Trojan Attack
§ Ports Used by Trojans
§ How to Determine which Ports are “Listening”?
§ Classic Trojans Found in the Wild
§ Trojans
o Tini
o iCmd
o NetBus
o Netcat
o Beast
o MoSucker
o Proxy Server
o SARS Trojan Notification
§ Wrappers
§ Wrapper Covert Program
§ Wrapping Tools
o One file EXE Maker
o Yet Another Binder
o Pretator Wrapper

ρ Packaging Tool: WordPad

ρ RemoteByMail

ρ Tool: Icon Plus

ρ Defacing Application: Restorator

ρ HTTP Trojans

ρ Trojan Attack through Http

ρ HTTP Trojan (HTTP RAT)

ρ Shttpd Trojan - HTTP Server

ρ Reverse Connecting Trojans

ρ Nuclear RAT Trojan (Reverse Connecting)

ρ Tool: BadLuck Destructive Trojan

ρ ICMP Tunneling

ρ ScreenSaver Password Hack Tool – Dummylock

ρ Trojan

ρ Phatbot

ρ Amitis

ρ Senna Spy

ρ QAZ

ρ Back Orifice

ρ Back Oriffice 2000

ρ SubSeven

ρ CyberSpy Telnet Trojan

 ρ Subroot Telnet Trojan

ρ Let Me Rule! 2.0 BETA 9

ρ Donald Dick

ρ RECUB

ρ Hacking Tool: Loki

ρ Atelier Web Remote Commander

ρ Trojan Horse Construction Kit

ρ How to Detect Trojans?

ρ Tools

ρ Netstat

ρ fPort

ρ TCPView

ρ CurrPorts

ρ Process Viewer

ρ What’s on My Computer

ρ Super System Helper

ρ Delete Suspicious Device Drivers

ρ Inzider - Tracks Processes and Ports

ρ Tools

ρ What's Running?

ρ MSConfig

ρ Registry-What’s Running

ρ Autoruns

ρ Hijack This (System Checker)

 ρ Startup List

ρ Anti-Trojan Software

ρ Evading Anti-Virus Techniques

ρ Evading Anti-Trojan/Anti-Virus Using Stealth Tools v2.0

ρ Backdoor Countermeasures

ρ Tools

ρ Tripwire

ρ System File Verification

ρ MD5sum.exe

ρ Microsoft Windows Defender

ρ How to Avoid a Trojan Infection?

Module 7: Sniffers

ρ Definition of Sniffing

ρ Protocols Vulnerable to Sniffing

ρ Tool: Network View – Scans the Network for Devices

ρ The Dude Sniffer

ρ Ethereal

ρ tcpdump

§ Types of Sniffing

µ Passive Sniffing

µ Active sniffing

µ ARP - What is Address Resolution Protocol?

µ ARP Spoofing Attack

µ How Does ARP Spoofing Work?

 µ ARP Poisoning

µ Mac Duplicating Attack

µ Tools for ARP Spoofing

µ Arpspoof (Linux-based tool)

µ Ettercap (Linux and Windows)

µ MAC Flooding

µ Tools for MAC Flooding

µ Macof (Linux-based tool)

µ Etherflood (Linux and Windows)

µ Threats of ARP Poisoning

µ IRS – ARP Attack Tool

µ ARPWorks Tool

µ Tool: Nemesis

µ Sniffer Hacking Tools (dsniff package)

µ Arpspoof

µ Dnsspoof

µ Dsniff

µ Filesnarf

µ Mailsnarf

µ Msgsnarf

µ Tcpkill

µ Tcpnice

µ Urlsnarf

µ Webspy

µ Webmitm
µ DNS Poisoning Techniques

µ Types of DNS Poisoning:

µ Intranet DNS Spoofing (Local network)

µ Internet DNS Spoofing (Remote network)

µ Proxy Server DNS Poisoning

µ DNS Cache Poisoning

µ Interactive TCP Relay

µ Sniffers

µ HTTP Sniffer: EffeTech

µ Ace Password Sniffer

µ MSN Sniffer

µ SmartSniff

µ Session Capture Sniffer: NetWitness

µ Session Capture Sniffer: NWreader

µ Cain and Abel

µ Packet Crafter Craft Custom TCP/IP Packets

µ SMAC

µ NetSetMan Tool

µ Raw Sniffing Tools

µ Sniffit

µ Aldebaran

µ Hunt

µ NGSSniff

µ Ntop
 µ Pf

µ IPTraf

µ EtherApe

µ Netfilter

µ Network Probe

µ Maa Tec Network Analyzer

µ Tools

µ Snort

µ Windump

µ Etherpeek

µ Mac Changer

µ Iris

µ NetIntercept

µ WinDNSSpoof

µ How to Detect Sniffing?

µ AntiSniff Tool

µ ArpWatch Tool

µ Countermeasures

Module 8: Denial of Service

ρ What are Denial of Service Attacks?

ρ Goal of DoS

ρ Impact and the Modes of Attack

ρ Types of Attacks
 ρ DoS attack

ρ DDos attack

ρ DoS Attack Classification

ρ Smurf

ρ Buffer Overflow Attack

ρ Ping of death

ρ Teardrop

ρ SYN Attack

ρ DoS Attack Tools

ρ Jolt2

ρ Bubonic.c

ρ Land and LaTierra

ρ Targa

ρ Blast20

ρ Nemesy

ρ Panther2

ρ Crazy Pinger

ρ Some Trouble

ρ UDP Flood

ρ FSMax

ρ Botnets

ρ Uses of botnets

ρ Types of Bots

ρ Agobot/Phatbot/Forbot/XtremBot

ρ SDBot/RBot/UrBot/UrXBot
 ρ mIRC-based Bots - GT-Bots

ρ Tool: Nuclear Bot

ρ What is DDoS Attack?

ρ Characteristics of DDoS Attacks

ρ DDOS Unstoppable

ρ Agent Handler Model

ρ DDoS IRC based Model

ρ DDoS Attack Taxonomy

ρ Amplification Attack

ρ Reflective DNS Attacks

ρ Reflective DNS Attacks Tool: ihateperl.pl

ρ DDoS Tools

ρ Trin00

ρ Tribe Flood Network (TFN)

ρ TFN2K

ρ Stacheldraht

ρ Shaft

ρ Trinity

ρ Knight

ρ Mstream

ρ Kaiten

ρ Worms

ρ Slammer Worm

ρ Spread of Slammer Worm – 30 min

ρ MyDoom.B
 ρ SCO Against MyDoom Worm

ρ How to Conduct a DDoS Attack

ρ The Reflected DoS Attacks

ρ Reflection of the Exploit

ρ Countermeasures for Reflected DoS

ρ DDoS Countermeasures

ρ Taxonomy of DDoS Countermeasures

ρ Preventing Secondary Victims

ρ Detect and Neutralize Handlers

ρ Detect Potential Attacks

ρ Mitigate or Stop the Effects of DDoS Attacks

ρ Deflect Attacks

ρ Post-attack Forensics

ρ Packet Traceback

Module 9: Social Engineering

ρ What is Social Engineering?

ρ Human Weakness

ρ “Rebecca” and “Jessica”

ρ Office Workers

ρ Types of Social Engineering

ρ Human-based

ρ Computer-based

ρ Preventing Insider Threat

ρ Common Targets of Social Engineering

ρ Factors that make Companies Vulnerable to Attacks

ρ Why is Social Engineering Effective?

ρ Warning Signs of an Attack

ρ Tool : Netcraft Anti-Phishing Toolbar

ρ Phases in a Social Engineering Attack

ρ Behaviors Vulnerable to Attacks

ρ Impact on the Organization

ρ Countermeasures

ρ Policies and Procedures

ρ Security Policies - Checklist

ρ Phishing Attacks and Identity Theft

ρ What is Phishing?

ρ Phishing Report

ρ Attacks

ρ Hidden Frames

ρ URL Obfuscation

ρ URL Encoding Techniques

ρ IP Address to Base 10 Formula

ρ Karen’s URL Discombobulator

ρ HTML Image Mapping Techniques

ρ Fake Browser Address Bars

ρ Fake Toolbars

ρ Fake Status Bar

ρ DNS Cache Poisoning Attack

Module 10: Session Hijacking

ρ What is Session Hijacking?

ρ Spoofing vs. Hijacking

ρ Steps in Session Hijacking

ρ Types of Session Hijacking

ρ Active

ρ Passive

ρ The 3-Way Handshake

ρ TCP Concepts 3-Way Handshake

ρ Sequence Number Prediction

ρ TCP/IP Hijacking

ρ RST Hijacking

ρ RST Hijacking Tool: hijack_rst.sh

ρ Programs that Perform Session Hijacking

ρ Hacking Tools

ρ Juggernaut

ρ Hunt

ρ TTY Watcher

ρ IP Watcher

ρ T-Sight

ρ Paros HTTP Session

ρ Remote TCP Session Reset Utility

ρ Dangers Posed by Hijacking

ρ Protecting against Session Hijacking

ρ Countermeasure: IP Security
 ρ IP-SEC

Module 11: Hacking Web Servers

ρ How Web Servers Work

ρ How are Web Servers Compromised?

ρ How are Web Servers Defaced?

ρ Apache Vulnerability

ρ Attacks Against IIS

ρ IIS Components

ρ IIS Directory Traversal (Unicode) Attack

ρ Unicode

ρ Unicode Directory Traversal Vulnerability

ρ Hacking Tool: IISxploit.exe

ρ Msw3prt IPP Vulnerability

ρ WebDAV / ntdll.dll Vulnerability

ρ RPC DCOM Vulnerability

ρ ASN Exploits

ρ ASP Trojan (cmd.asp)

ρ IIS Logs

ρ Network Tool: Log Analyzer

ρ Hacking Tool: CleanIISLog

ρ Unspecified Executable Path Vulnerability

ρ Metasploit Framework

ρ Immunity CANVAS Professional

ρ Core Impact
 ρ Hotfixes and Patches

ρ What is Patch Management?

ρ Solution: UpdateExpert

ρ Patch Management Tool

ρ Qfecheck

ρ HFNetChk

ρ cacls.exe Utility

ρ Vulnerability Scanners

ρ Online Vulnerability Search Engine

ρ Network Tools

ρ Whisker

ρ N-Stealth HTTP Vulnerability Scanner

ρ Hacking Tool: WebInspect

ρ Network Tool: Shadow Security Scanner

ρ SecureIIS

ρ Countermeasures

ρ File System Traversal Countermeasures

ρ Increasing Web Server Security

ρ Web Server Protection Checklist

Module 12: Web Application Vulnerabilities

ρ Web Application Setup

ρ Web Application Hacking

ρ Anatomy of an Attack

ρ Web Application Threats

ρ Cross-Site Scripting/XSS Flaws

ρ Countermeasures

ρ SQL Injection

ρ Command Injection Flaws

ρ Countermeasures

ρ Cookie/Session Poisoning

ρ Countermeasures

ρ Parameter/Form Tampering

ρ Buffer Overflow

ρ Countermeasures

ρ Directory Traversal/Forceful Browsing

ρ Countermeasures

ρ Cryptographic Interception

ρ Cookie Snooping

ρ Authentication Hijacking

ρ Countermeasures

ρ Log Tampering

ρ Error Message Interception

ρ Attack Obfuscation

ρ Platform Exploits

ρ DMZ Protocol Attacks

ρ Countermeasures

ρ Security Management Exploits

ρ Web Services Attacks

ρ Zero-Day Attacks

ρ Network Access Attacks

 ρ TCP Fragmentation

ρ Hacking Tools

ρ Instant Source

ρ Wget

ρ WebSleuth

ρ BlackWidow

ρ WindowBomb

ρ Burp

ρ cURL

ρ dotDefender

ρ Google Hacking

ρ Acunetix Web Scanner

ρ AppScan – Web Application Scanner

ρ AccessDiver

Module 13: Web-based Password Cracking Techniques

ρ Definition of Authentication

ρ Authentication Mechanisms

ρ HTTP Authentication

Basic Authentication
Digest Authentication

µ Integrated Windows (NTLM) Authentication

µ Negotiate Authentication

µ Certificate-based Authentication

µ Forms-based Authentication
 µ RSA Secure Token

µ Biometrics

Face recognition
Iris scanning
Retina scanning
Fingerprinting
Hand geometry
Voice recognition

ρ How to Select a Good Password?

ρ Things to Avoid in Passwords

ρ Changing Your Password

ρ Protecting Your Password

ρ How Hackers get hold of Passwords?

ρ Windows XP: Remove Saved Passwords

ρ Microsoft Password Checker

ρ What is a Password Cracker?

ρ Modus Operandi of an Attacker Using Password Cracker

ρ How does a Password Cracker Work?

ρ Classification of Attacks

ρ Password Guessing

ρ Query String

ρ Cookies

ρ Dictionary Maker

ρ Available Password Crackers

ρ LOphtcrack

ρ John The Ripper

ρ Brutus
 ρ Hacking Tools

ρ Obiwan

ρ Authforce

ρ Hydra

ρ Cain And Abel

ρ RAR

ρ Gammaprog

ρ WebCracker

ρ Munga Bunga

ρ PassList

ρ SnadBoy

ρ WinSSLMiM

ρ ReadCookies.html

ρ Wireless WEP Key Password Spy

ρ RockXP

ρ WinSSLMiM

ρ Password Spectator

ρ Countermeasures

Module 14: SQL Injection

ρ Introducing SQL injection

ρ Exploiting Web Applications

ρ SQL Injection Steps

ρ What Should You Look For?

ρ What If It Doesn’t Take Input?

 ρ OLE DB Errors

ρ Input Validation Attack

ρ SQL Injection Techniques

ρ How to Test for SQL Injection Vulnerability?

ρ How does it Work?

ρ Executing Operating System Commands

ρ Getting Output of SQL Query

ρ Getting Data from the Database Using ODBC Error Message

ρ How to Mine all Column Names of a Table?

ρ How to Retrieve any Data?

ρ How to Update/Insert Data into Database?

ρ Automated SQL Injection Tool

ρ AutoMagic SQL

ρ Absinthe

ρ SQL Injection in Oracle

ρ SQL Injection in MySql Database

ρ Attack against SQL Servers

ρ SQL Server Resolution Service (SSRS)

ρ Osql L- Probing

ρ SQL Injection Automated Tools

ρ SQLDict

ρ SqlExec

ρ SQLbf

ρ SQLSmack
 ρ SQL2.exe

ρ SQL Injection Countermeasures

ρ Preventing SQL Injection Attacks

ρ SQL Injection Blocking Tool: SQLBlock

ρ Acunetix Web Vulnerability Scanner

Module 15: Hacking Wireless Networks

ρ Introduction to Wireless Networking

ρ Wired Network vs. Wireless Network

ρ Effects of Wireless Attacks on Business

ρ Types of Wireless Networks

ρ Advantages and Disadvantages of a Wireless Network

ρ Wireless Standards

ρ 802.11a

ρ 802.11b – “WiFi”

ρ 802.11g

ρ 802.11i

ρ 802.11n

ρ Related Technology and Carrier Networks

ρ Antennas

ρ Cantenna

ρ Wireless Access Points

ρ SSID

ρ Beacon Frames

ρ Is the SSID a Secret?

ρ Setting Up a WLAN

ρ Detecting a Wireless Network

ρ How to Access a WLAN

ρ Terminologies

ρ Authentication and Association

ρ Authentication Modes

ρ Authentication and (Dis)Association Attacks

ρ Rogue Access Points

ρ Tools to Generate Rogue Access Points: Fake AP

ρ Tools to Detect Rogue Access Points: Netstumbler

ρ Tools to Detect Rogue Access Points: MiniStumbler

ρ Wired Equivalent Privacy (WEP)

ρ What is WPA?

ρ WPA Vulnerabilities

ρ WEP, WPA, and WPA2

ρ Steps for Hacking Wireless Networks

ρ Step 1: Find networks to attack

ρ Step 2: Choose the network to attack

ρ Step 3: Analyze the network

ρ Step 4: Crack the WEP key

ρ Step 5: Sniff the network

ρ Cracking WEP

ρ Weak Keys (a.k.a. Weak IVs)

ρ Problems with WEP’s Key Stream and Reuse

ρ Automated WEP Crackers

ρ Pad-Collection Attacks

ρ XOR Encryption

ρ Stream Cipher

ρ WEP Tools

ρ Aircrack

ρ AirSnort

ρ WEPCrack

ρ WepLab

ρ Temporal Key Integrity Protocol (TKIP)

ρ LEAP: The Lightweight Extensible Authentication Protocol

ρ LEAP Attacks

ρ MAC Sniffing and AP Spoofing

ρ Tool to Detect MAC Address Spoofing: Wellenreiter V2

ρ Man-in-the-Middle Attack (MITM)

ρ Denial-of-Service Attacks

ρ Dos Attack Tool: Fatajack

ρ Phone Jammers

ρ Scanning Tools

ρ Redfang 2.5

ρ Kismet

ρ THC-WarDrive

ρ PrismStumbler

ρ MacStumbler

ρ Mognet

ρ WaveStumbler
 ρ StumbVerter

ρ Netchaser V1.0 for Palm Tops

ρ AP Scanner

ρ SSID Sniff

ρ Wavemon

ρ Wireless Security Auditor (WSA)

ρ AirTraf

ρ Wifi Finder

ρ AirMagnet

ρ Sniffing Tools

ρ AiroPeek

ρ NAI Wireless Sniffer

ρ Ethereal

ρ Aerosol v0.65

ρ vxSniffer

ρ EtherPEG

ρ DriftNet

ρ AirMagnet

ρ WinDump

ρ ssidsniff

ρ Multiuse Tool: THC-RUT

ρ PCR-PRO-1k Hardware Scanner

ρ Tools

ρ WinPcap

ρ AirPcap
 ρ Securing Wireless Networks

ρ Auditing Tool: BSD-Airtools

ρ AirDefense Guard

ρ WIDZ: Wireless Intrusion Detection System

ρ Radius: Used as Additional Layer in Security

ρ Google Secure Access

Module 16: Virus and Worms

ρ Introduction to Virus

ρ Virus History

ρ Characteristics of a Virus

ρ Working of Virus

ρ Infection Phase

ρ Attack Phase

ρ Why People create computer viruses?

ρ Symptoms of Virus-Like Attack

ρ Virus Hoaxes

ρ Chain Letters

ρ How is a Worm different from a Virus?

ρ Indications of Virus Attack

ρ Hardware Threats

ρ Software Threats

ρ Virus Damage

ρ Modes of Virus Infection

ρ Stages of Virus Life

ρ Virus Classification

ρ How does a Virus Infect?

ρ Storage Patterns of a Virus

ρ System Sector Viruses

ρ Stealth Virus

ρ Bootable CD-ROM Virus

ρ Self-Modification

ρ Encryption with a Variable Key

ρ Polymorphic Code

ρ Viruses

ρ Metamorphic Virus

ρ Cavity Virus

ρ Sparse Infector Virus

ρ Companion Virus

ρ File Extension Virus

ρ I Love You Virus

ρ Melissa Virus

ρ Famous Virus/Worms – JS.Spth

ρ Klez Virus Analysis

ρ Writing a Simple Virus Program

ρ Virus Construction Kits

ρ Virus Detection Methods

ρ Virus Incident Response

ρ What is Sheep Dip?

ρ Sheep Dip Computer

 ρ Virus Analysis - IDA Pro Tool

ρ Prevention is Better than Cure

ρ Latest Viruses

ρ Top 10 Viruses- 2006

ρ Anti-Virus Software

ρ AVG Free Edition

ρ Norton Antivirus

ρ McAfee

ρ Socketshield

ρ Popular Anti-Virus Packages

ρ Virus Databases

Module 17: Physical Security

ρ Security Statistics

ρ Physical Security Breach Incidents

ρ Understanding Physical Security

ρ What Is the Need for Physical Security?

ρ Who Is Accountable for Physical Security?

ρ Factors Affecting Physical Security

ρ Physical Security Checklist

ρ Company surroundings

ρ Premises

ρ Reception

ρ Server

ρ Workstation area
 ρ Wireless access points

ρ Other equipment, such as fax, and removable media

ρ Access control

ρ Biometric Devices

ρ Smart Cards

ρ Security Token

ρ Computer equipment maintenance

ρ Wiretapping

ρ Remote access

ρ Locks

ρ Information Security

ρ EPS (Electronic Physical Security)

ρ Wireless Security

ρ Laptop Theft: Security Statistics

ρ Laptop Theft

ρ Laptop Security Tools

ρ Laptop Tracker - XTool Computer Tracker

ρ Tools to Locate Stolen Laptops

ρ Stop's Unique, Tamper-proof Patented Plate

ρ Tool: TrueCrypt

ρ Laptop Security Countermeasures

ρ Mantrap

ρ TEMPEST

ρ Challenges in Ensuring Physical Security

ρ Spyware Technologies
 ρ Spying Devices

ρ Physical Security: Lock Down USB Ports

ρ Tool: DeviceLock

ρ Blocking the Use of USB Storage Devices

ρ Track Stick GPS Tracking Device

Module 18: Linux Hacking

ρ Why Linux?

ρ Linux Distributions

ρ Linux – Basics

ρ Linux Live CD-ROMs

ρ Basic Commands of Linux

ρ Linux File Structure

ρ Linux Networking Commands

ρ Directories in Linux

ρ Compiling the Linux Kernel

ρ How to Install a Kernel Patch?

ρ Compiling Programs in Linux

ρ GCC Commands

ρ Make Install Command

ρ Linux Vulnerabilities

ρ Chrooting

ρ Why is Linux Hacked?

ρ Linux Vulnerabilities in 2005

ρ How to Apply Patches to Vulnerable Programs?

ρ Scanning Networks

ρ Tools

ρ Nmap in Linux

ρ Scanning Tool: Nessus

ρ Tool: Cheops

ρ Port Scan Detection Tools

ρ Password Cracking in Linux

ρ Firewall in Linux: IPTables

ρ Basic Linux Operating System Defense

ρ SARA (Security Auditor's Research Assistant)

ρ Linux Tool

ρ Netcat

ρ tcpdump

ρ Snort

ρ SAINT

ρ Ethereal

ρ Abacus Port Sentry

ρ DSniff Collection

ρ Hping2

ρ Sniffit

ρ Nemesis

ρ LSOF

ρ IPTraf

ρ LIDS

ρ Hunt
 ρ TCP Wrappers

ρ Linux Loadable Kernel Modules

ρ Hacking Tool: Linux Rootkits

ρ Rootkits

ρ Knark

ρ Torn

ρ Tuxit

ρ Adore

ρ Ramen

ρ Beastkit

ρ Rootkit Countermeasures

ρ Linux Tools: Application Security

ρ Advanced Intrusion Detection Environment (AIDE)

ρ Linux Tools

ρ Security Testing Tools

ρ Encryption

ρ Log and Traffic Monitors

ρ Security Auditing Tool (LSAT)

ρ Linux Security Countermeasures

ρ Steps for Hardening Linux

Module 19: Evading IDS, Firewalls, and Honeypots

ρ Introduction to Intrusion Detection Systems

ρ Terminologies

ρ Intrusion Detection System (IDS)

 IDS Placement
Ways to Detect an Intrusion
Types of Intrusion Detection Systems
System Integrity Verifiers (SIV)
Tripwire
Cisco Security Agent (CSA)
Signature Analysis
General Indications of Intrusion System Indications
General Indications of Intrusion File System Indications
General Indications of Intrusion Network Indications
Intrusion Detection Tools
Snort 2.x
Steps to Perform After an IDS Detects an Attack
Evading IDS Systems
Ways to Evade IDS
Tools to Evade IDS
IDS Evading Tool: ADMutate
Packet Generators

µ Firewall

What is a Firewall?
What does a Firewall do?
Packet Filtering
What can't a Firewall do?
How does a Firewall Work?
Firewall Operations
Hardware Firewall
Software Firewall
Types of Firewalls
Packet Filtering Firewall
IP Packet Filtering Firewall
Circuit-Level Gateway
TCP Packet Filtering Firewall
Application-Level Firewall
Application Packet Filtering Firewall
Stateful Multilayer Inspection Firewall
 λ Firewall Identification

λ Firewalking

λ Banner Grabbing

λ Breaching Firewalls

λ Bypassing a Firewall Using HTTP Tunnel

λ Placing Backdoors Through Firewalls

λ Hiding behind a Covert Channel: LOKI

λ ACK Tunneling

λ Tools to Breach Firewalls

λ Common Tool for Testing Firewall & IDS

IDS Informer
Evasion Gateway
Firewall Informer
o Honeypot

λ What is a Honeypot?

λ The Honeynet Project

λ Types of Honeypots

λ Advantages and Disadvantages of a Honeypot

λ Where to Place a Honeypot ?

λ Honeypots

SPECTER
honeyd
KFSensor
Sebek
λ Physical and Virtual Honeypots

λ Tools to Detect Honeypots

λ What to do When Hacked?

Module 20: Buffer Overflows

ρ Why are Programs/Applications Vulnerable?

ρ Buffer Overflows

ρ Reasons for Buffer Overflow Attacks

ρ Knowledge Required to Program Buffer Overflow Exploits

ρ Types of Buffer Overflows

ρ Stack-based Buffer Overflow

ρ Understanding Assembly Language

ρ Understanding Stacks

ρ Shellcode

ρ Heap/BSS-based Buffer Overflow

ρ How to Detect Buffer Overflows in a Program

ρ Attacking a Real Program

ρ NOPS

ρ How to Mutate a Buffer Overflow Exploit

ρ Defense Against Buffer Overflows

ρ Tool to Defend Buffer Overflow

ρ Return Address Defender (RAD)

ρ StackGuard

ρ Immunix System

ρ Vulnerability Search – ICAT

ρ Simple Buffer Overflow in C

ρ Code Analysis
Module 21: Cryptography

ρ Public-key Cryptography

ρ Working of Encryption

ρ Digital Signature

ρ RSA (Rivest Shamir Adleman)

ρ RC4, RC5, RC6, Blowfish

ρ Algorithms and Security

ρ Brute-Force Attack

ρ RSA Attacks

ρ Message Digest Functions

ρ One-way Bash Functions

ρ MD5

ρ SHA (Secure Hash Algorithm)

ρ SSL (Secure Sockets Layer)

ρ RC5

ρ What is SSH?

ρ SSH (Secure Shell)

ρ Government Access to Keys (GAK)

ρ RSA Challenge

ρ distributed.net

ρ Cleversafe Grid Builder

ρ PGP (Pretty Good Privacy)

ρ Code Breaking: Methodologies

ρ Cryptography Attacks
 ρ Disk Encryption

ρ Hacking Tool

ρ PGP Crack

ρ Magic Lantern

ρ WEPCrack

ρ Cracking S/MIME Encryption Using Idle CPU Time

ρ CypherCalc

ρ Command Line Scriptor

ρ CryptoHeaven

Module 22: Penetration Testing

ρ Introduction to Penetration Testing

ρ Categories of Security Assessments

ρ Vulnerability Assessment

ρ Limitations of Vulnerability Assessment

ρ Types of Penetration Testing

ρ Risk Management

ρ Do-it-Yourself Testing

ρ Outsourcing Penetration Testing Services

ρ Terms of Engagement

ρ Project Scope

ρ Pentest Service Level Agreements

ρ Testing Points

ρ Testing Locations

ρ Automated Testing
ρ Manual Testing

ρ Using DNS Domain Name and IP Address Information

ρ Enumerating Information about Hosts on Publicly-Available Networks

ρ Testing Network-Filtering Devices

ρ Enumerating Devices

ρ Denial of Service Emulation

ρ Tools

ρ Appscan

ρ HackerShield

ρ Cerberus Internet Scanner

ρ Cybercop Scanner

ρ FoundScan Hardware Appliances

ρ Nessus

ρ NetRecon

ρ SAINT

ρ SecureNET Pro

ρ SecureScan

ρ SATAN

ρ SARA

ρ Security Analyzer

ρ STAT Analyzer

ρ VigilENT

ρ WebInspect

ρ Evaluating Different Types of Pentest Tools

ρ Asset Audit
ρ Fault Trees and Attack Trees

ρ GAP Analysis

ρ Threat

ρ Business Impact of Threat

ρ Internal Metrics Threat

ρ External Metrics Threat

ρ Calculating Relative Criticality

ρ Test Dependencies

ρ Defect Tracking Tools

ρ Web-based Bug/Defect Tracking Software

ρ SWB Tracker

ρ Advanced Defect Tracking Web Edition

ρ Disk Replication Tools

ρ Snapback DUP

ρ Daffodil Replicator

ρ Image MASSter 4002i

ρ DNS Zone Transfer Testing Tools

ρ DNS analyzer

ρ Spam blacklist

ρ Network Auditing Tools

ρ eTrust Audit (AUDIT LOG REPOSITORY)

ρ iInventory

ρ Centennial Discovery

ρ Trace Route Tools and Services

ρ Ip Tracer 1.3
 ρ Trellian Trace Route

ρ Network Sniffing Tools

ρ Sniff’em

ρ PromiScan

ρ Denial-of-Service Emulation Tools

ρ FlameThrower®

ρ Mercury LoadRunner™

ρ ClearSight Analyzer

ρ Traditional Load Testing Tools

ρ WebMux

ρ SilkPerformer

ρ PORTENT Supreme

ρ System Software Assessment Tools

ρ Database Scanner

ρ System Scanner

ρ Internet Scanner

ρ Operating System Protection Tools

ρ Bastille Linux

ρ Engarde Secure Linux

ρ Fingerprinting Tools

ρ Foundstone

ρ @Stake LC 5

ρ Port Scanning Tools

ρ Superscan

ρ Advanced Port Scanner

 ρ AW Security Port Scanner

ρ Directory and File Access Control Tools

ρ Abyss Web Server for windows

ρ GFI LANguard Portable Storage Control

ρ Windows Security Officer - wso

ρ File Share Scanning Tools

ρ Infiltrator Network Security Scanner

ρ Encrypted FTP 3

ρ Password Directories

ρ Passphrase Keeper 2.60

ρ IISProtect

ρ Password Guessing Tools

ρ Webmaster Password Generator

ρ Internet Explorer Password Recovery Master

ρ Password Recovery Toolbox

ρ Link Checking Tools

ρ Alert Link Runner

ρ Link Utility

ρ LinxExplorer

ρ Web Testing-based Scripting Tools

ρ Svoi.NET PHP Edit

ρ OptiPerl

ρ Blueprint Software Web Scripting Editor

ρ Buffer Overflow Protection Tools

ρ StackGuard
 ρ FormatGuard

ρ RaceGuard

ρ File Encryption Tools

ρ Maxcrypt

ρ Secure IT

ρ Steganos

ρ Database Assessment Tools

ρ EMS MySQL Manager

ρ SQL Server Compare

ρ SQL Stripes

ρ Keyboard Logging and Screen Reordering Tools

ρ Spector Professional 5.0

ρ Handy Keylogger

ρ Snapshot Spy

ρ System Event Logging and Reviewing Tools

ρ LT Auditor Version 8.0

ρ ZVisual RACF

ρ Network Intelligence Engine LS Series

ρ Tripwire and Checksum Tools

ρ SecurityExpressions

ρ MD5

ρ Tripwire for Servers

ρ Mobile-Code Scanning Tools

ρ Vital Security

ρ E Trust Secure Content Manager 1.1

 ρ Internet Explorer Zones

ρ Centralized Security Monitoring Tools

ρ ASAP eSMART™ Software Usage by ASAP Software

ρ WatchGuard VPN Manager

ρ Harvester

ρ Web Log Analysis Tools

ρ AWStats

ρ Azure Web Log

ρ Summary

ρ Forensic Data and Collection Tools

ρ Encase tool

ρ SafeBack

ρ ILook Investigator

ρ Security Assessment Tools

ρ Nessus Windows Technology

ρ NetIQ Security Manager

ρ STAT Scanner

ρ Multiple OS Management Tools

ρ Multiple Boot Manager

ρ Acronis OS Selector

ρ Eon

ρ Phases of Penetration Testing

ρ Pre-Attack Phase

ρ Attack Phase

ρ Post-Attack Phase
 ρ Penetration Testing Deliverables Templates

SELF-STUDY MODULES

Covert Hacking
§ Insider attacks
§ What is covert channel?
§ Security Breach
§ Why Do You Want to Use Covert Channel?
§ Motivation of a Firewall Bypass
§ Covert Channels Scope
§ Covert Channel: Attack Techniques
§ Simple Covert Attacks
§ Advanced Covert Attacks
§ Reverse Connecting Agents
§ Covert Channel Attack Tools
o Netcat
o DNS tunnel

o DNS Tunneling
Covert Channel Using DNS Tunneling
DNS Tunnel Client
DNS Tunneling Countermeasures
o SSH reverse tunnel
Covert Channel Using SSH
Covert Channel using SSH (Advanced)
o HTTP/S Tunneling Attack
o Covert Channel Hacking Tool: Active Port Forwarder
o Covert Channel Hacking Tool: CCTT
o Covert Channel Hacking Tool: Firepass
o Covert Channel Hacking Tool: MsnShell
o Covert Channel Hacking Tool: Web Shell
o Covert Channel Hacking Tool: NCovert
o Covert Channel Hacking via Spam E-mail Messages
o Hydan
o Covert Channel Hacking Tool: NCOVERT
Writing Virus Codes
§ Introduction of Virus
§ Types of Viruses
§ Symptoms of a Virus Attack
§ Prerequisites for Writing Viruses
§ Required Tools and Utilities
§ Virus Infection Flow Chart
o Step – I Finding file to infect
Directory Traversal Method
“dot dot” Method
o Step – II Check viruses infection criteria
o Step – III Check for previous infection
Marking a File for Infection
o Step – IV Infect the file
o Step – V Covering tracks

o
§ Components of Viruses
§ Functioning of Replicator part
§ Diagrammatical representation
§ Writing Replicator
§ Writing Concealer
§ Dispatcher
§ Writing Bomb/Payload
§ Trigger Mechanism
§ Brute Force Logic Bombs
§ Testing Virus Codes
§ Tips for Better Virus Writing

Assembly Language Tutorial

§ Number System
§ Base 10 System
§ Base 2 System
§ Decimal 0 to 15 in Binary
§ Binary Addition (C stands for Canary)
§ Hexadecimal Number
§ Hex Example
§ Hex Conversion
§ nibble
§ Computer memory
§ Characters Coding
§ ASCII and UNICODE
§ CPU
§ Machine Language
§ Compilers
§ Clock Cycle
§ Original Registers
§ Instruction Pointer
§ Pentium Processor
§ Interrupts
§ Interrupt handler
§ External interrupts and Internal interrupts
§ Handlers
§ Machine Language
§ Assembly Language
§ Assembler
§ Assembly Language Vs High-level Language
§ Assembly Language Compilers
§ Instruction operands
§ MOV instruction
§ ADD instruction
§ SUB instruction
§ INC and DEC instructions
§ Directive
§ preprocessor
§ equ directive
§ %define directive
§ Data directives
§ Labels
§ Input and output
§ C Interface
§ Call
§ Creating a Program
§ Why should anyone learn assembly at all?
o First.asm
 § Assembling the code
§ Compiling the C code
§ Linking the object files
§ Understanding an assembly listing file
§ Big and Little Endian Representation
§ Skeleton File
§ Working with Integers
§ Signed integers
§ Signed Magnitude
§ Two’s Compliment
§ If statements
§ Do while loops
§ Indirect addressing
§ Subprogram
§ The Stack
§ The SS segment
§ ESP
§ The Stack Usage
§ The CALL and RET Instructions
§ General subprogram form
§ Local variables on the stack
§ General subprogram form with local variables
§ Multi-module program
§ Saving registers
§ Labels of functions
§ Calculating addresses of local variables

Exploit Writing
§ Exploits Overview
§ Prerequisites for Writing Exploits and Shellcodes
§ Purpose of Exploit Writing
§ Types of Exploits
o Stack Overflow
o Heap Corruption
o Format String
o Integer Bug Exploits
o Race Condition
 o TCP/IP Attack
§ The Proof-of-Concept and Commercial Grade Exploit
§ Converting a Proof of Concept Exploit to Commercial Grade Exploit
§ Attack Methodologies
§ Socket Binding Exploits
§ Tools for Exploit Writing
o LibExploit
o Metasploit
o CANVAS
§ Steps for Writing an Exploit
§ Differences Between Windows and Linux Exploits
§ Shellcodes
o NULL Byte
o Types of Shellcodes
§ Tools Used for Shellcode Development
o NASM
o GDB
o objdump
o ktrace
o strace
o readelf
§ Steps for Writing a Shellcode
§ Issues Involved With Shellcode Writing
o Addressing problem
o Null byte problem
o System call implementation

Smashing the Stack for Fun and Profit

§ What is a Buffer?
§ Static Vs Dynamic Variables
§ Stack Buffers
§ Data Region
§ Memory Process Regions
§ What Is A Stack?
§ Why Do We Use A Stack?
§ The Stack Region
§ Stack frame
§ Stack pointer
§ Procedure Call (Procedure Prolog)
§ Compiling the code to assembly
§ Call Statement
§ Return Address (RET)
§ Word Size
§ Stack
§ Buffer Overflows
§ Error
§ Why do we get a segmentation violation?
§ Segmentation Error
§ Instruction Jump
§ Guess Key Parameters
§ Calculation
§ Shell Code
o The code to spawn a shell in C
§ Lets try to understand what is going on here. We'll start by studying main:
§ execve()
o execve() system call
§ exit.c
o List of steps with exit call
§ The code in Assembly
§ JMP
§ Code using indexed addressing
§ Offset calculation
§ shellcodeasm.c
§ testsc.c
§ Compile the code
§ NULL byte
§ shellcodeasm2.c
§ testsc2.c
§ Writing an Exploit
§ overflow1.c
§ Compiling the code
§ sp.c
§ vulnerable.c
§ NOPs
o Using NOPs
o Estimating the Location
Windows Based Buffer Overflow Exploit Writing
§ Buffer Overflow
§ Stack overflow
§ Writing Windows Based Exploits
§ Exploiting stack based buffer overflow
§ OpenDataSource Buffer Overflow Vulnerability Details
§ Simple Proof of Concept
§ Windbg.exe
§ Analysis
§ EIP Register
µ Location of EIP

µ EIP

§ Execution Flow
§ But where can we jump to?
§ Offset Address
§ The Query
§ Finding jmp esp
§ Debug.exe
§ listdlls.exe
§ Msvcrt.dll
§ Out.sql
§ The payload
§ ESP
§ Limited Space
§ Getting Windows API/function absolute address
§ Memory Address
§ Other Addresses
§ Compile the program
§ Final Code

Reverse Engineering
§ Positive Applications of Reverse Engineering
§ Ethical Reverse Engineering
§ World War Case Study
§ DMCA Act
§ What is Disassembler?
§ Why do you need to decompile?
§ Professional Disassembler Tools
§ Tool: IDA Pro
§ Convert Machine Code to Assembly Code
§ Decompilers
§ Program Obfuscation
§ Convert Assembly Code to C++ code
§ Machine Decompilers
§ Tool: dcc
§ Machine Code of compute.exe Prorgam
§ Assembly Code of compute.exe Program
§ Code Produced by the dcc Decompiler in C
§ Tool: Boomerang
§ What Boomerang Can Do?
§ Andromeda Decompiler
§ Tool: REC Decompiler
§ Tool: EXE To C Decompiler
§ Delphi Decompilers
§ Tools for Decompiling .NET Applications
§ Salamander .NET Decompiler
§ Tool: LSW DotNet-Reflection-Browser
§ Tool: Reflector
§ Tool: Spices NET.Decompiler
§ Tool: Decompilers.NET
§ .NET Obfuscator and .NET Obfuscation
§ Java Bytecode Decompilers
§ Tool: JODE Java Decompiler
§ Tool: JREVERSEPRO
§ Tool: SourceAgain
§ Tool: ClassCracker
§ Python Decompilers
§ Reverse Engineering Tutorial
§ OllyDbg Debugger
§ How Does OllyDbg Work?
§ Debugging a Simple Console Application