4.1 Introduction to Ethical Hacking
- Understanding Information Security
- The Internet’s Integral Role in Personal and Business Life
- Crucial Terminology
- Elements of Securing Information
- Balancing Security, Functionality, and Usability
- Exploring Threats to Information Security
- Motives, Objectives, and Goals in Security Attacks
- Primary Information Security Attack Vectors
- Categories of Information Security Threats
- Varieties of System Attacks
- Insights into Information Warfare
- Hacking Fundamentals
- Defining Hacking
- Identifying Hackers
- Categorizing Hacker Types
- Breakdown of Hacking Phases
- Basics of Ethical Hacking
- The Essence of Ethical Hacking
- Necessity of Ethical Hacking
- Ethical Hacking’s Boundaries and Scope
- Skills of Ethical Hackers
- Information Security Controls
- Upholding Information Assurance (IA)
- Managing Information Security Programs
- Enterprise Information Security Architecture (EISA)
- Network Security Zones
- Embracing Defense-in-Depth
- Crafting Information Security Policies
- Safeguarding Physical Security
- Assessing Risk
- Understanding Threat Modeling
- Handling Incidents
- Security Incident and Event Management (SIEM)
- Leveraging User Behavior Analytics (UBA)
- Implementing Network Security Controls
- Navigating Identity and Access Management (IAM)
- Addressing Data Leakage
- Ensuring Data Backup
- Strategies for Data Recovery
- Role of Artificial Intelligence and Machine Learning in Cybersecurity
- Concepts of Penetration Testing
- Delving into Penetration Testing
- Significance of Penetration Testing
- Comparing Security Audit, Vulnerability Assessment, and Penetration Testing
- Understanding Blue Teaming and Red Teaming
- Various Forms of Penetration Testing
- Phases in the Penetration Testing Process
- Methodology for Security Testing
- Laws and Standards in Information Security
- Payment Card Industry Data Security Standard (PCI-DSS)
- ISO/IEC 27001:2013
- Health Insurance Portability and Accountability Act (HIPAA)
- Sarbanes-Oxley Act (SOX)
- The Digital Millennium Copyright Act (DMCA)
- Federal Information Security Management Act (FISMA)
- Cybersecurity Legislation Across Nations
4.2 Footprinting and Reconnaissance
- Understanding Footprinting
- Defining Footprinting
- Aims of Footprinting
- Exploring Footprinting via Search Engines
- Conducting Footprinting through Search Engines
- Employing Advanced Google Hacking Techniques for Footprinting
- Information Gathering through Google Advanced Search and Image Search
- Leveraging the Google Hacking Database
- VoIP and VPN Footprinting via Google Hacking Database
- Utilizing Web Services for Footprinting
- Discovering Company’s Top-Level Domains (TLDs) and Sub-Domains
- Determining the Geographical Location of the Target
- People Search on Social Networking Sites and People Search Services
- Collecting Information from LinkedIn
- Gathering Data from Financial Services
- Footprinting via Job Sites
- Monitoring Targets with Alerts
- Information Gathering via Groups, Forums, and Blogs
- Identifying the Operating System
- VoIP and VPN Footprinting through SHODAN
- Footprinting on Social Networking Sites
- Acquiring Information through Social Engineering on Social Networking Sites
- Website Footprinting
- Investigating Website Footprinting
- Website Footprinting using Web Spiders
- Duplicating Entire Websites
- Extracting Website Information from https://archive.org
- Gleaning Metadata from Public Documents
- Monitoring Web Pages for Updates and Changes
- Email Footprinting
- Tracing Email Communications
- Gathering Information from Email Headers
- Email Tracking Tools
- Competitive Intelligence
- Gathering Competitive Intelligence
- Exploring Competitive Intelligence – Company Origins and Development
- Analyzing Competitive Intelligence – Company Plans
- Assessing Competitive Intelligence – Expert Opinions on the Company
- Monitoring Website Traffic of Target Companies
- Tracking the Online Reputation of the Target
- Footprinting using Whois
- Whois Data Lookup
- Analyzing Whois Lookup Results
- Whois Lookup Tools
- Uncovering IP Geolocation Information
- DNS Footprinting
- Retrieving DNS Information
- DNS Interrogation Tools
- Network Footprinting
- Pinpointing the Network Range
- Conducting Traceroute
- Analyzing Traceroute Results
- Utilizing Traceroute Tools
- Footprinting via Social Engineering
- Employing Social Engineering for Footprinting
- Collecting Information via Eavesdropping, Shoulder Surfing, and Dumpster Diving
- Tools for Footprinting
- Employing Maltego
- Utilizing Recon-ng
- Leveraging FOCA
- Exploring Recon-Dog
- Employing OSRFramework
- Exploring Additional Footprinting Tools
- Countermeasures
- Implementing Footprinting Countermeasures
- Footprinting Penetration Testing
- Executing Footprinting Penetration Testing
- Utilizing Footprinting Penetration Testing Report Templates
4.3 Network Scanning
- Concepts of Network Scanning
- Grasping Network Scanning Fundamentals
- TCP Communication Flags
- Understanding TCP/IP Communication
- Crafting Custom Packets Using TCP Flags
- Scanning in IPv6 Networks
- Tools for Scanning
- Utilizing Nmap
- Leveraging Hping2 / Hping3
- Exploring Scanning Tools
- Discovering Scanning Tools for Mobile
- Techniques for Scanning
- Exploring Scanning Techniques
- Scanning Beyond IDS and Firewall
- Evasion Techniques for IDS/Firewall
- Banner Grabbing
- Mastering Banner Grabbing
- Mastering Banner Grabbing
- Employing Banner Grabbing Countermeasures
- Network Diagrams
- Creating Network Diagrams
- Utilizing Network Discovery and Mapping Tools
- Discovering Network Discovery Tools for Mobile
- Scanning Penetration Testing
- Conducting Scanning Penetration Testing
4.4 Basics of Enumeration
- Understanding Enumeration Concepts
- Defining Enumeration
- Methods for Enumeration
- Identifying Enumerated Services and Ports
- NetBIOS Enumeration
- NetBIOS Enumeration Overview
- NetBIOS Enumeration Utilities
- Enumerating User Accounts
- Discovering Shared Resources via Net View
- SNMP Enumeration
- Simplifying Network Management Protocol (SNMP) Enumeration
- How SNMP Operates
- Management Information Base (MIB)
- SNMP Enumeration Tools
- LDAP Enumeration
- LDAP Enumeration Overview
- LDAP Enumeration Software
- NTP Enumeration
- NTP Enumeration Overview
- NTP Enumeration Commands
- NTP Enumeration Tools
- SMTP and DNS Enumeration
- SMTP Enumeration
- SMTP Enumeration Software
- DNS Enumeration and Zone Transfers
- Other Enumeration Techniques
- IPsec Enumeration
- VoIP Enumeration
- RPC Enumeration
- Enumeration on Unix/Linux Systems
- Enumeration Countermeasures
- Strategies to Mitigate Enumeration Risks
- Enumeration Penetration Testing
- Enumeration Penetration Testing Techniques
4.5 Vulnerability Analysis
- Understanding Vulnerability Assessment
- Exploring Vulnerability Research
- Categorizing Vulnerabilities
- Defining Vulnerability Assessment
- Varieties of Vulnerability Assessment
- The Vulnerability Management Lifecycle
- Solutions for Assessing Vulnerabilities
- Evaluating Vulnerability Assessment Approaches
- Functionality of Vulnerability Scanning Solutions
- Types of Tools for Vulnerability Assessment
- Qualities of Effective Vulnerability Assessment Solutions
- Selecting a Vulnerability Assessment Tool
- Key Criteria for Tool Selection
- Optimal Practices in Tool Selection
- Vulnerability Scoring Systems
- Common Vulnerability Scoring System (CVSS)
- Common Vulnerabilities and Exposures (CVE)
- National Vulnerability Database (NVD)
- Resources for Vulnerability Research
- Vulnerability Assessment Tools
- Instrumentation for Vulnerability Assessment
- Vulnerability Assessment Tools for Mobile Devices
- Generating Vulnerability Assessment Reports
- Crafting Reports on Vulnerability Assessment
- Analyzing Reports from Vulnerability Scanning
4.6 Basics of System Hacking
- Exploring System Hacking Concepts
- CEH Hacking Methodology (CHM)
- Objectives of System Hacking
- Cracking Passwords
- Password Cracking Overview
- Types of Password Attack Techniques
- Password Retrieval Utilities
- Microsoft Authentication Mechanisms
- Windows SAM Password Hash Storage
- NTLM Authentication Process
- Kerberos Authentication Process
- Password Salting Mechanism
- Tools for Extracting Password Hashes
- Password Cracking Software
- Defending Against Password Cracking
- Protecting Against LLMNR/NBT-NS Poisoning
- Privilege Escalation
- Privilege Escalation Strategies
- DLL Hijacking for Privilege Escalation
- Vulnerability-Based Privilege Escalation
- Dylib Hijacking for Privilege Escalation
- Spectre and Meltdown-Based Privilege Escalation
- Other Privilege Escalation Techniques
- Defending Against Privilege Escalation
- Executing Applications
- Application Execution
- Understanding Keyloggers
- Spyware Overview
- Defense Against Keyloggers
- Defense Against Spyware
- File Concealmen
- Uncovering Rootkits
- NTFS Data Stream Concealment
- Unveiling Steganography
- Covering Tracks
- Erasing Digital Footprints
- Auditpol for Disabling Auditing
- Log Clearance Methods
- Manual Event Log Purging
- Eliminating Online Traces
- Concealing BASH Shell Tracks
- Camouflaging Network Activity
- Obscuring Operating System Traces
- Tools for Covering Tracks
- Penetration Testing
- Password Cracking in Penetration Testing
- Privilege Escalation in Penetration Testing
- Application Execution in Penetration Testing
- File Concealment in Penetration Testing
- Covering Tracks in Penetration Testing
4.7 Malware Threats
- Understanding Malware Concepts
- Malware Introduction
- Entry Points for Malware
- Distribution Techniques Employed by Attackers
- Elements of Malicious Software
- Trojan Concepts
- Trojan Overview
- Hacker Exploitation with Trojans
- Ports Associated with Trojans
- Trojan System Infiltration Methods
- Trojan Development Kit
- Trojan Wrappers
- Crypters
- Trojan Deployment by Attackers
- Exploit Kits
- Evasion of Antivirus Measures
- Trojan Types
- Virus and Worm Concepts
- Virus Introduction
- Phases in a Virus Lifecycle
- Virus Functionality
- Indicators of Virus Presence
- Modes of Virus Infection
- Virus Deceptions
- Fake Antivirus Programs
- Understanding Ransomware
- Virus Varieties
- Crafting Viruses
- Exploring Computer Worms
- Worm Development
- Malware Analysis
- Sheep Dip Computers Explained
- Anti-Malware Sensor Systems
- Introduction to Malware Analysis
- Malware Analysis Process: Preparing Test Environment
- Static Malware Analysis
- Dynamic Malware Analysis
- Approaches to Virus Detection
- ZeuS/Zbot Trojan Analysis
- Analyzing WannaCry Virus
- Countermeasures
- Countering Trojans
- Combating Backdoors
- Measures Against Viruses and Worms
- Anti-Malware Solutions
- Anti-Trojan Tools
- Antivirus Applications
- Malware Penetration Testing
- Malware Penetration Testing
4.8 Sniffing Fundamentals
- Understanding Sniffing Concepts
- Network Packet Analysis
- Sniffing Varieties
- Exploiting Networks via Sniffers
- Vulnerable Protocols to Sniffing
- OSI Model Data Link Layer Sniffing
- Hardware Protocol Analyzers
- SPAN Port Usage
- Wiretapping Explained
- Legal Network Monitoring
- MAC Attacks as Sniffing Technique
- MAC Addresses and CAM Tables
- CAM Table Functionality
- CAM Table Overload Scenarios
- MAC Flooding
- Stealing Switch Ports
- Preventing MAC Attacks
- DHCP Attacks as Sniffing Technique
- How DHCP Operates
- DHCP Request/Reply Messages
- DHCP Starvation Attack
- Rogue DHCP Server Attack
- Countermeasures for DHCP Threats
- ARP Poisoning as Sniffing Technique
- Address Resolution Protocol (ARP) Explanation
- ARP Spoofing
- Risks of ARP Poisoning
- ARP Poisoning Tools
- Defending Against ARP Spoofing
- Implementing Security on Cisco Switches
- ARP Spoofing Detection Tools
- Spoofing Attacks as Sniffing Technique
- MAC Spoofing/Duplication
- Windows MAC Spoofing Technique
- MAC Spoofing Utilities
- IRDP Spoofing
- Mitigating MAC Spoofing
- DNS Poisoning as Sniffing Technique
- DNS Spoofing Approaches
- Safeguarding Against DNS Spoofing
- Sniffing Tools
- Wireshark Sniffing Tool
- Filtering in Wireshark
- Additional Wireshark Filters
- Various Sniffing Tools
- Mobile Packet Sniffing Tools
- Countermeasures
- Protecting Against Sniffing Threats
- Detection Techniques for Sniffing
- Detecting Sniffing Incidents
- Identifying Sniffers
- Tools for Detecting Promiscuous Mode
- Penetration Testing for Sniffing
- Sniffing Vulnerability Assessment
4.9 Understanding Social Engineering
- Concepts of Social Engineering
- Defining Social Engineering
- Phases in Social Engineering Attacks
- Social Engineering Techniques
- Varieties of Social Engineering Attacks
- Human-Centric Social Engineering
- Computer-Centric Social Engineering
- Mobile-Centric Social Engineering
- Dealing with Insider Threats
- Insider Threats and Attacks
- Categories of Insider Threats
- Impersonation on Social Networks
- Exploiting Social Networks through Impersonation
- Impersonation Tactics on Facebook
- Social Network Hazards to Business Networks
- Understanding Identity Theft
- The Problem of Identity Theft
- Implementing Countermeasures
- Safeguarding Against Social Engineering
- Countermeasures for Insider Threats
- Preventing Identity Theft
- Detecting Phishing Emails
- The Anti-Phishing Toolbar
- Defending Against Common Social Engineering Targets
- Social Engineering Penetration Testing
- Conducting Social Engineering Tests
- Tools for Social Engineering Penetration Testing
4.10 Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) Attacks
- Understanding DoS/DDoS Attacks
- Exploring Denial-of-Service Assaults
- What Constitutes a Distributed Denial-of-Service Attack?
- Methods Employed in DoS/DDoS Offensives
- Primary Categories of DoS/DDoS Attack Methods
- The UDP Flood Attack
- ICMP Flood Attack Mechanism
- Ping of Death and Smurf Attacks
- SYN Flood Attack Strategy
- The Fragmentation Attack
- Attacks Leveraging HTTP GET/POST and Slowloris
- The Multi-Vector Attack Approach
- Peer-to-Peer Offensive Techniques
- The Permanent Denial-of-Service Attack
- The Mechanics of Distributed Reflection Denial-of-Service (DRDoS)
- Understanding Botnets
- Organized Cybercrime: Organizational Hierarchy
- Delving into the Botnet Concept
- An Illustrative Botnet Configuration
- The Botnet Ecosystem
- Techniques for Scanning and Identifying Vulnerable Systems
- The Propagation of Malicious Code
- Insights into Botnet Trojans
- A Deep Dive into DDoS Incidents
- Examining Distributed Denial-of-Service Episodes
- Hackers’ Promotion of Botnet Download Links
- Mobile Devices as Instruments for DDoS Attacks
- A DDoS Case Study: The Dyn DDoS Attack
- Tools Employed in DoS/DDoS Attacks
- Utilities for Executing DoS/DDoS Attacks
- Mobile DoS and DDoS Attack Instruments
- Implementing Protective Measures
- Approaches to Detection
- Strategies for Mitigating DoS/DDoS Threats
- Countering Distributed Denial-of-Service Attacks
- Defensive Techniques against Botnets
- Enhancing Protection from DoS/DDoS Threats
- Implementing DoS/DDoS Safeguards at the ISP Level
- Enabling TCP Intercept with Cisco IOS Software
- Tools for DoS/DDoS Protection
- Advanced Appliances for DDoS Protection
- Tools for Safeguarding against DoS/DDoS Threats
- Conducting DoS/DDoS Penetration Testing
- Penetration Testing for Denial-of-Service (DoS) Attacks
4.11 Session Hijacking
- Understanding Session Hijacking
- Defining Session Hijacking
- Factors Behind Session Hijacking Success
- The Session Hijacking Process
- Analyzing Packets in Local Session Hijacking
- Categories of Session Hijacking
- Session Hijacking within OSI Model
- Spoofing versus Hijacking
- Session Hijacking at the Application Level
- Application-Level Session Hijacking
- Gaining Access to Session IDs via Sniffing and Predicting Tokens
- Session ID Compromise through Man-in-the-Middle Attacks
- Session ID Compromise via Man-in-the-Browser Attacks
- Session ID Compromise through Client-Side Attacks
- Client-Side Attacks: Cross-Site Scripting (XSS)
- Client-Side Attacks: Cross-Site Request Forgery (CSRF)
- Session ID Compromise through Session Replay Attacks
- Session ID Compromise via Session Fixation
- Proxy Server-Based Session Hijacking
- Session Hijacking Using CRIME Attack
- Session Hijacking via Forbidden Attack
- Session Hijacking at the Network Level
- Session Hijacking in TCP/IP
- IP Spoofing and Source-Routed Packets
- RST Hijacking
- Blind Session Hijacking
- Session Hijacking in UDP
- Man-in-the-Middle Attacks Employing Forged ICMP and ARP Spoofing
- Tools for Session Hijacking
- Instruments for Session Hijacking
- Session Hijacking Tools for Mobile Devices
- Implementing Protective Measures
- Detecting Session Hijacking
- Safeguarding Against Session Hijacking
- Prevention Methods for Web Developers
- Prevention Methods for Web Users
- Tools for Detecting Session Hijacking
- Vulnerable Approaches and Their Protective Measures
- Strategies for Preventing Session Hijacking
- Implementing IPSec
- Tools for Preventing Session Hijacking
- Conducting Session Hijacking Penetration Testing
- Penetration Testing for Session Hijacking
4.12 Evading IDS, Firewalls, and Honeypots
- Understanding IDSs, Firewalls, and Honeypots
- Intrusion Detection Systems (IDS)
- Firewalls
- Honeypots
- Solutions for IDSs, Firewalls, and Honeypots
- IDS Solutions
- Firewall Solutions
- Honeypot Tools
- Evasion of IDS
- Techniques for Evading IDS
- Evasion of Firewalls
- Techniques for Evading Firewalls
- Tools for Evading IDS and Firewalls
- Tools for Evading IDS and Firewalls
- Tools for Generating Packet Fragments
- Detecting Honeypots
- Identifying Honeypots
- Detection and Bypassing Honeypots
- Honeypot Detection Tool: Send-Safe Honeypot Hunter
- Countermeasures Against IDS and Firewall Evasion
- Defending Against IDS Evasion
- Defending Against Firewall Evasion
- Penetration Testing for Firewalls and IDS
- Penetration Testing for Firewalls and IDS
4.13 Hacking Web Servers
- Understanding Web Server Operations
- Functioning of Web Servers
- Architecture of Open Source Web Servers
- Architecture of IIS Web Servers
- Security Concerns in Web Servers
- Causes of Web Server Compromises
- Consequences of Web Server Breaches
- Web Server Vulnerabilities and Attacks
- Denial-of-Service (DoS) and Distributed DoS Attacks
- Hijacking DNS Servers
- DNS Amplification Attacks
- Exploiting Directory Traversal
- Man-in-the-Middle and Sniffing Attacks
- Phishing Incidents
- Incidents of Website Defacement
- Web Server Configuration Errors
- Attacks via HTTP Response Splitting
- Web Cache Poisoning Attempts
- SSH Brute Force Attacks
- Cracking Web Server Passwords
- Web Application Breaches
- Approach to Web Server Attacks
- Preliminary Information Gathering
- Footprinting and Banner Retrieval for Web Servers
- Website Mirroring Techniques
- Vulnerability Scanning Procedures
- Session Hijacking Methods
- Gaining Access through Application Servers
- Tools Employed for Web Server Offensives
- Metasploit Framework
- Tools for Attacking Web Servers
- Protection and Defense
- Isolate Web Servers in a Secure Network Segment
- Safeguarding Measures
- Identifying Web Server Attack Attempts
- Strategies for Web Server Security
- Safeguarding against HTTP Response Splitting and Web Cache Poisoning
- Countermeasures against DNS Hijacking
- Management of Security Patches
- Security Patches and Hotfixes
- The Concept of Patch Management
- Installing Software Patches
- Tools for Patch Management
- Security Tools for Web Servers
- Scanners for Web Application Security
- Scanners for Web Server Security
- Tools for Enhancing Web Server Security
- Web Server Penetration Testing
- Evaluating Web Server Security
- Tools for Web Server Penetration Testing
4.14 Understanding Web Application Hacking
- Understanding Web Applications
- Introduction to Web-Based Applications
- Web Application Architecture Overview
- Evolution of Web 2.0 Applications
- Vulnerability Stack in Web Apps
- Security Threats to Web Applications
- OWASP’s Top 10 Application Security Risks (2017)
- Other Threats Targeting Web Applications
- Approach to Web Application Hacking
- Methodology for Hacking Web Applications
- Profiling the Web Infrastructure
- Attacking Web Servers
- Assessing Web Application Code
- Circumventing Client-Side Security Measures
- Exploiting Authentication Mechanisms
- Targeting Authorization Schemes
- Exploiting Access Controls
- Manipulating Session Management
- Executing Injection and Input Validation Offensives
- Exploiting Application Logic Flaws
- Compromising Database Connectivity
- Attacking Web App Clients
- Targeting Web Services
- Tools for Web Application Hacking
- Utilizing Tools for Web Application Attacks
- Safeguarding Web Applications
- Fuzz Testing for Web Applications
- Reviewing Source Code
- Implementing Encoding Strategies
- Strategies to Counter Injection Attacks
- Countermeasures for Web Application Attacks
- Fortifying Against Web App Attacks
- Testing Tools for Web Application Security
- Tools for Evaluating Web App Security
- Web Application Firewalls
- Web Application Penetration Testing
- Assessing Web Application Security
- Frameworks for Web App Penetration Testing
4.15 Fundamentals of SQL Injection
- Understanding SQL Injection
- Definition and Nature of SQL Injection
- SQL Injection in the Context of Server-side Technologies
- Insights into HTTP POST Requests
- Comprehending Regular SQL Queries
- Grasping the Structure of an SQL Injection Query
- Deconstructing an SQL Injection Query – Code Examination
- Illustrating a Web Application Vulnerable to SQL Injection (aspx)
- Analyzing an SQL Injection Vulnerable Web App Attack
- Instances of SQL Injection Exploits
- Diverse SQL Injection Variations
- Categorizing Different SQL Injection Forms
- SQL Injection Strategy
- Strategy Employed in SQL Injection Attacks
- SQL Injection Utilities
- Tools for SQL Injection Exploitation
- Utilizing SQL Injection Software
- SQL Injection Instruments Tailored for Mobile Platforms
- Techniques to Evade Detection
- Bypassing Intrusion Detection Systems
- Varied Approaches to Avoiding Signature Detection
- Preventive Measures
- Safeguarding Against SQL Injection Attacks
- Tools for Identifying SQL Injection Attempts
- Resources for Detecting SQL Injection Attacks
4.16 Wireless Network Exploitation
- Wireless Fundamentals
- Wireless Terminologies
- Types of Wireless Networks
- Wireless Standards Unveiled
- The Essence of Service Set Identifier (SSID)
- Wi-Fi Authentication Modes Decoded
- Demystifying Wi-Fi Authentication via a Centralized Authentication Server
- The Spectrum of Wireless Antenna Types
- Wireless Encryption
- Exploring Wireless Encryption Varieties
- Unveiling WEP, WPA, and WPA2 Differences
- The Pitfalls of WEP Encryption
- Vulnerabilities Stemming from Weak Initialization Vectors (IV)
- Wireless Menaces
- The Landscape of Wireless Threats
- Wireless Assault Approach
- The Art of Wireless Assault
- Tools for Wireless Intrusion
- Arsenal for WEP/WPA Deciphering
- On-the-Go WEP/WPA Deciphering Tools
- Profiling Wi-Fi Traffic with Sniffers
- Analyzing Wi-Fi Traffic with Traffic Analyzer Tools
- Diverse Toolbox for Wireless Intrusion
- Bluetooth Intrusion
- Unraveling the Bluetooth Stack
- Penetrating Bluetooth Networks
- The Realm of Bluetooth Threats
- Mastering BlueJack Attacks
- Leveraging Bluetooth Intrusion Gear
- Countermeasures
- Multilayered Wireless Protection Strategies
- Safeguarding Against WPA/WPA2 Break-ins
- Vigilance Against KRACK Attacks
- Locating and Foiling Rogue Access Points
- Building Resilience Against Wireless Intrusions
- Shielding Against Bluetooth Intrusion Techniques
- Wireless Security Tools
- Wireless Intrusion Prevention Systems Unveiled
- Orchestrating Wireless IPS Deployments
- Tools for Wi-Fi Security Auditing
- Leveraging Wi-Fi Intrusion Prevention Systems
- Planning Wi-Fi Networks with Predictive Tools
- Scanning for Wi-Fi Vulnerabilities
- Harnessing Bluetooth Security Measures
- Mobile Wi-Fi Security Toolset
- Wireless Penetration Testing
- Delving into Wireless Penetration Testing
- A Framework for Wireless Penetration Testing
4.17 Mobile Platform Exploitation
- Mobile Platform Vulnerabilities
- Weak Points in the Mobile Business Landscape
- OWASP’s Top 10 Mobile Threats in 2016
- Anatomy of Mobile Assaults
- Exploiting Mobile Compromises for Profit
- Mobile Attack Vectors and Platform Vulnerabilities
- App Store-Related Security Dilemmas
- Challenges with App Sandboxing
- Unraveling Mobile Spam
- Delving into SMS Phishing (SMiShing)
- Exploiting Open Bluetooth and Wi-Fi Device Pairing
- Cracking Android OS
- The Android Operating System Uncovered
- Android Rooting Techniques
- Network Access Control via NetCut
- Mobile Hacking with zANTI
- Network Manipulation Using Network Spoofer
- Unleashing Denial-of-Service Attacks with Low Orbit Ion Cannon (LOIC)
- Seizing Sessions with DroidSheep
- Privacy Invasion via Orbot Proxy
- Android-Based Sniffers in Action
- Delving into Android Trojans
- Fortifying Android Devices
- Securing Android with Find My Device
- The Arsenal of Android Security Tools
- Scanning Android Vulnerabilities
- Tracking Android Devices
- iOS Exploitation
- Apple’s iOS Explored
- The Art of iOS Jailbreaking
- iOS Trojans Unveiled
- Safeguarding iOS Devices
- Tracking iOS Devices
- iOS Device Security Toolbox
- Mobile Espionage Software
- The World of Mobile Spyware
- Spotlight on Mobile Spyware: mSpy
- The Spectrum of Mobile Spywares
- Mobile Device Management
- Navigating Mobile Device Management (MDM)
- Options for Mobile Device Management
- The BYOD Challenge
- Mobile Security Tools and Guidelines
- Prudent Mobile Platform Security Guidelines
- Mobile Device Security Advice for Administrators
- Battling SMS Phishing Threats
- The Arsenal of Mobile Protection Tools
- Tools for Taming Mobile Spyware
- Mobile Penetration Testing
- Penetration Testing on Android Phones
- Penetration Testing on iPhones
- Mobile Penetration Testing Toolkit: Hackode
4.18 IoT Exploitation Fundamentals
- Understanding IoT
- Unpacking the World of IoT
- The Inner Workings of IoT
- IoT Architecture Unveiled
- IoT’s Reach Across Applications and Devices
- The Tech and Protocols Fueling IoT
- Navigating IoT Communication Models
- Confronting IoT Challenges
- Balancing IoT Threats and Opportunities
- IoT Vulnerabilities and Threats
- Probing IoT’s Security Quandaries
- OWASP’s Top 10 IoT Vulnerabilities
- Scoping Out IoT’s Attack Surface
- Posing IoT Threats
- Unmasking IoT Device Hacking: A General Overview
- A Close Look at IoT Attacks
- IoT Attacks Across Diverse Sectors
- The Dyn Attack Case Study
- IoT Hacking Methodology
- Demystifying IoT Device Hacking
- The IoT Hacking Approach
- Tools for IoT Exploitation
- Tools for Information Gathering
- Sniffing Aids for IoT
- Tools for Scanning Vulnerabilities
- The Arsenal of IoT Hacking Tools
- Mitigation Strategies
- Safeguarding Against IoT Exploitation
- Guidelines for IoT Device Manufacturers
- Addressing OWASP’s Top 10 IoT Vulnerabilities
- Embracing IoT Framework Security Practices
- Tools to Fortify IoT Security
- IoT Penetration Testing
- Diving Deep into IoT Penetration Testing
4.19 Basics of Cloud Computing
- Cloud Computing Concepts
- Introduction to Cloud Computing
- Separation of Responsibilities in Cloud
- Cloud Deployment Models
- NIST Cloud Deployment Reference Architecture
- Cloud Computing Benefits
- Understanding Virtualization
- Cloud Computing Threats
- Cloud Computing Attacks
- Service Hijacking using Social Engineering Attacks
- Service Hijacking using Network Sniffing
- Session Hijacking using XSS Attack
- Session Hijacking using Session Riding
- Domain Name System (DNS) Attacks
- Side-Channel Attacks or Cross-guest VM Breaches
- SQL Injection Attacks
- Cryptanalysis Attacks
- Wrapping Attack
- Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) Attacks
- Man-in-the-Cloud Attack
- Cloud Security
- Cloud Security Control Layers
- Cloud Security is the Responsibility of both Cloud Provider and Consumer
- Cloud Computing Security Considerations
- Placement of Security Controls in the Cloud
- Best Practices for Securing Cloud
- NIST Recommendations for Cloud Security
- Organization/Provider Cloud Security Compliance Checklist
- Cloud Security Tools
- What is Cloud Pen Testing?
- Key Considerations for Pen Testing in the Cloud
- Cloud Penetration Testing
- Recommendations for Cloud Testing
4.20 Cryptography Essentials
- Understanding Cryptography
- Unraveling the Realm of Cryptography
\Navigating Government Access to Keys (GAK)
- Encryption Techniques
- Delving into Encryption Methods
- The Legacy of Data Encryption Standard (DES)
- Championing Advanced Encryption Standard (AES)
- Peering at RC4, RC5, and RC6 Algorithms
- Unveiling Twofish
- The World of DSA and Related Signature Schemes
- Deciphering Rivest Shamir Adleman (RSA)
- Embarking on the Diffie-Hellman Journey
- Harnessing the Power of Message Digest (One-Way Hash) Functions
- Cryptography Utilities
- Tools for MD5 Hash Calculation
- Mobile-Friendly Hash Calculation Tools
- The Cryptographer’s Toolbox
- Cryptography Utilities for Mobile Devices
- Exploring Public Key Infrastructure (PKI)
- Navigating Public Key Infrastructure (PKI)
- Email Encryption Methods
- Embracing Digital Signatures
- Secure Communication with Secure Sockets Layer (SSL)
- Elevating Security with Transport Layer Security (TLS)
- Equipping with Cryptographic Toolkits
- The Power of Pretty Good Privacy (PGP)
- Securing Data with Disk Encryption
- Safeguarding Data through Disk Encryption
- Tools for Disk Encryption
- Cryptanalysis and Countermeasures
- Decrypting Cryptanalysis Methods
- Unmasking Code-Breaking Methodologies
- Cryptography Attacks: An Inside Look
- Tools for Cryptanalysis
- Online MD5 Decryption Aids
- Countermeasures and Defense
- Strategies to Counter Cryptographic Attacks
Courses
×
