2.1 Introduction to Ethical Hacking
- Information Security Threats and Attack Vectors
- Motives, goals, and objectives of information security attacks
- Top information security attack vectors
- Information security threat categories
- Types of attacks on a system
- Information warfare
- Hacking Concepts
- What is hacking?
- Who is a hacker?
- Hacker classes
- Hacking phases
- Ethical Hacking Concepts
- What is Ethical Hacking?
- Why is Ethical Hacking necessary?
- Scope and limitations of Ethical Hacking
- Skills of an Ethical Hacker
- Information Security Controls
- Information Assurance (IA)
- Information security management program
- Enterprise Information Security Architecture (EISA)
- Network security zoning
- Defense-in-Depth
- Information security policies
- Physical security
- What is risk?
- Threat modeling
- Incident management
- Security Incident and Event Management (SIEM)
- User Behavior Analytics (UBA)
- Network security controls
- Identity and Access Management (IAM)
- Data leakage, backup, and recovery
- The role of AI/ML in Cyber Security
- Penetration Testing Concepts
- Why penetration testing?
- Security audit
- Vulnerability assessment
- Blue Teaming/Red Teaming
- Types and phases of penetration testing
- Security testing methodology
- Information Security Laws and Standards
- Payment Card Industry Data Security Standard (PCI-DSS)
- ISO/IEC 27001:2013
- Health Insurance Portability and Accountability Act (HIPAA)
- Sarbanes Oxley Act (SOX)
- The Digital Millennium Copyright Act (DMCA)
- Federal Information Security Management Act (FISMA)
- Cyber law in different countries
2.2 Footprinting and Reconnaissance
- Footprinting through Search Engines
- Footprinting through search engines
- Footprint using advanced Google hacking techniques
- Information gathering using Google Advanced Search and Image Search
- Google Hacking Database
- VoIP and VPN footprinting through Google Hacking Database
- Footprinting through Web Services
- Finding the company’s Top-level Domains (TLDs) and sub-domains
- Finding the geographical location of the target
- People Search on social networking sites and people search services
- Gathering information from LinkedIn
- Gather information from financial services
- Footprinting through job sites
- Monitoring target using alerts
- Information gathering using groups, forums, and blogs
- Determining the OS
- VoIP and VPN footprinting through SHODAN
- Footprinting through Social Networking Sites
- Collecting information through social engineering on social networking sites
- Website Footprinting
- Website Footprinting
- Mirroring the entire website
- Extracting website information
- Monitoring web pages for updates and changes
- Email Footprinting
- Tracking email communications
- Collecting information from the email header
- Email tracking tools
- Competitive Intelligence
- Whois Footprinting
- Whois Lookup
- Whois Lookup result analysis
- Whois Lookup tools
- Finding IP geolocation information
- DNS Footprinting
- Extracting DNS information
- DNS interrogation tools
- Network Footprinting
- Locate the network range
- Traceroute
- Traceroute analysis and tools
- Footprinting Through Social Engineering
- Footprinting through social engineering
- Eavesdropping
- Shoulder surfing
- Dumpster diving
- Footprinting Tools
- Maltego
- Recon-ng
- FOCA
- Recon-Dog
- OSRFramework
- Additional footprinting tools
- Footprinting Countermeasures
- Footprinting Pen Testing
2.3 Scanning Networks
- Introduction to Network Scanning
- Scanning tools: Nmap, Hping2 / Hping3, and Hping commands
- Scanning Techniques
- ICMP scanning
- Ping sweep
- ICMP echo scanning
- TCP connect / full-open scan
- Stealth Scan / half-open scan
- Inverse TCP flag scanning
- Xmas scan
- ACK flag probe scanning
- IDLE/IPID header Ssan
- UDP scanning
- SSDP and list scanning
- Port scanning countermeasures
- Scanning Beyond IDS and Firewall
- IDS/Firewall Evasion Techniques
- Packet fragmentation
- Source routing
- IP address decoy
- IP address spoofing
- Proxy servers
- Anonymizers
- Banner Grabbing
- How to identify target system OS
- Banner grabbing countermeasures
- Draw Network Diagrams
- Drawing network diagrams
- network discovery and mapping tools
- network discovery tools for mobile
- Scanning Pen Testing
2.4 Enumeration
- Enumeration Concepts
- What is Enumeration?
- Techniques for enumeration
- Services and ports to enumerate
- NetBIOS Enumeration
- NetBIOS enumeration tools
- Enumerating user accounts
- Enumerating shared resources using Net View
- SNMP Enumeration
- SNMP (Simple Network Management Protocol) enumeration
- Working of SNMP
- Management Information Base (MIB)
- SNMP enumeration tools
- LDAP Enumeration
- LDAP Enumeration
- LDAP Enumeration tools
- NTP Enumeration
- NTP Enumeration
- NTP Enumeration tools
- SMTP and DNS Enumeration
- SMTP enumeration
- SMTP enumeration tools
- DNS enumeration using zone transfer
- Other Enumeration Techniques
- IPsec enumeration
- VoIP enumeration
- RPC enumeration
- Unix/Linux User enumeration
- Enumeration Countermeasures
- Enumeration Pen Testing
2.5 Vulnerability Analysis
- Vulnerability Assessment Concepts
- What is vulnerability assessment?
- Vulnerability classification and research
- Vulnerability-Management Life Cycle
- Vulnerability Assessment Solutions
- Vulnerability scanning solutions
- Types of vulnerability assessment tools
- Choosing a vulnerability assessment tool
- Vulnerability Scoring Systems
- Common Vulnerability Scoring System (CVSS)
- Common Vulnerabilities and Exposures (CVE)
- National Vulnerability Database (NVD)
- Resources for Vulnerability Research
- Vulnerability Assessment Reports
- Vulnerability assessment reports
- Analyzing vulnerability scanning report
2.6 System Hacking
- System Hacking Concepts
- CEH Hacking Methodology (CHM)
- System hacking goals
- Cracking Passwords
- Password cracking
- Types of password attacks
- Password recovery tools
- Password salting
- Password cracking tools
- Escalating Privileges
- Privilege escalation techniques
- How to defend against privilege escalation?
- Executing Applications
- Tools for executing applications
- Keylogger
- Spyware
- Hiding Files
- Rootkits
- NTFS Data Stream
- What is steganography?
- Covering Tracks
- Covering tracks
- Disabling auditing: Auditpol
- Clearing logs
- Clear online tracks
- Covering BASH shell tracks,
- Covering tracks on the network and OS
- Covering tracks tools
2.7 Malware Threats
- Malware Concepts
- Introduction to malware
- Components of malware
- Trojan Concepts
- What is a trojan and its types?
- Trojan horse construction kit
- Wrappers
- Crypters
- Evading anti-virus techniques
- Virus and Worm Concepts
- Introduction to viruses
- Stages of virus life
- Different types of viruses
- Virus hoaxes
- Fake antiviruses
- Ransomware
- Creating virus
- Computer worms
- Worm makers
- Malware Analysis
- Introduction to malware analysis
- What is Sheep Dip Computer?
- Anti-virus sensor systems
- Malware analysis procedure
- Countermeasures
- Trojan countermeasures
- Backdoor countermeasures
- Virus and worms countermeasures
- Anti-Malware Software
- Anti-trojan software
- Antivirus software
- Malware Penetration Testing
2.8 Sniffing
- Sniffing Concepts
- Network sniffing
- Types of sniffing
- Hardware protocol analyzers
- SPAN port
- Wiretapping
- Lawful interception
- Sniffing Technique:
- MAC attacks
- DHCP attacks
- ARP poisoning
- Spoofing attacks
- DNS poisoning
- Sniffing Tools
- Wireshark
- Wireshark filters
- Sniffing tools
- Packet sniffing tools for mobile
- Countermeasures
- How to Defend Against Sniffing
- Sniffing Detection Techniques
- How to detect sniffing
- Promiscuous detection tools
- Sniffing penetration testing
2.9 Social Engineering
- Social Engineering Concepts
- What is social engineering?
- Phases of a social engineering attack
- Social Engineering Techniques
- Types of social engineering
- Human-based social engineering
- Computer-based social engineering
- Mobile-based social engineering
- Insider Threats
- Insider threat/insider attack
- Types of insider threats
- Impersonation on Social Networking Sites
- Social engineering through impersonation on social networking sites
- Social networking threats to corporate networks
- Identity Theft
- Countermeasures
- Social engineering countermeasures
- Insider threats countermeasures
- Identity theft countermeasures
- Detect phishing emails
- Anti-phishing toolbar
- Common social engineering targets and defense strategies
- Social Engineering Pen Testing
- Social engineering pen testing
- Social engineering pen testing tools
2.10 Denial-of-Service
- DoS/DDoS Concepts
- What is a Denial-of-Service attack?
- What is distributed Denial-of-Service attack?
- DoS/DDoS Attack Techniques
- Basic categories of DoS/DDoS attack vectors
- UDP, ICMP, and SYN flood attack
- Ping of death and smurf attack
- Fragmentation attack
- HTTP GET/POST and slowloris attacks
- Multi-vector attack
- Peer-to-peer attacks
- Permanent Denial-of-Service attack
- Distributed reflection Denial-of-Service (DRDoS)
- Botnets
- Organized cyber crime: organizational chart
- Botnet ecosystem
- Botnet Trojans
- DDoS Case Study
- DDoS attack
- Hackers advertise links to download botnet
- Use of mobile devices as botnets for launching DDoS attacks
- DDoS Case Study: Dyn DDoS Attack
- DoS/DDoS Attack Tools
- DoS/DDoS attack tools
- DoS and DDoS attack tool for mobile
- Countermeasures
- Detection techniques
- DoS/DDoS countermeasure strategies
- DDoS Attack countermeasures
- Techniques to defend against botnets
- DoS/DDoS protection at ISP Level
- DoS/DDoS Protection Tools
- Advanced DDoS protection appliances
- DoS/DDoS protection tools
- DoS/DDoS Penetration Testing
- Denial-of-Service (DoS) Attack Pen Testing
2.11 Session Hijacking
- Session Hijacking Concepts
- What is session hijacking?
- Session hijacking process
- Types of Session hijacking
- Packet analysis of a local session hijack
- Session hijacking in OSI Model
- Spoofing vs. hijacking
- Application Level Session Hijacking
- Application level session hijacking
- Compromising session IDs using sniffing and by predicting session token
- Man-in-the-Middle attack
- Man-in-the-Browser attack
- Client-side attacks
- Client-side attacks:
- Cross-site script attack
- Compromising session IDs
- Session fixation
- Session hijacking using proxy servers
- CRIME attack
- Forbidden attack
- Network Level Session Hijacking
- TCP/IP hijacking
- IP spoofing: source routed packets
- RST hijacking
- Blind hijacking
- UDP hijacking
- MiTM attack using forged ICMP and ARP spoofing
- Session Hijacking Tools
- Session hijacking tools
- Session hijacking tools for mobile
- Countermeasures
- Session hijacking detection methods
- Protection against session hijacking
- Session hijacking detection and prevention tools
- IPSec
- Penetration Testing
2.12 Evading IDS, Firewalls, and Honeypots
- IDS, Firewall and Honeypot Concepts
- Intrusion Detection System (IDS)
- Firewall
- Honeypot
- IDS, Firewall and Honeypot Solutions
- Intrusion detection tool
- Firewalls and honeypot tools
- Evading IDS
- IDS/firewall evasion tools and techniques
- Packet Fragment Generator Tools
- Detecting Honeypots
- Detecting and defeating honeypots
- Honeypot detection tool: Send-Safe Honeypot Hunter
- IDS/Firewall Evasion Countermeasures
- How to defend against IDS evasion
- How to defend against firewall evasion
- Firewall/IDS Penetration Testing
2.13 Hacking Web Servers
- Web Server Concepts
- Web server operations
- Open source web server architecture
- IIS web server architecture
- Web server security issue
- Web Server Attacks
- DoS/DDoS attacks
- DNS server hijacking
- DNS amplification attack
- Directory traversal attacks
- Man-in-the-Middle/sniffing attack
- Phishing attacks
- Website defacement
- Web Server misconfiguration
- HTTP response splitting attack
- Web cache poisoning attack
- SSH brute force attack
- Web server password cracking
- Web application attacks
- Web Server Attack Methodology
- Information gathering
- Web server footprinting/banner grabbing
- Website mirroring
- Vulnerability scanning
- Session hijacking
- Web server passwords hacking
- Using application server as a proxy
- Web Server Attack Tools
- Metasploit
- Web server attack tools
- Countermeasures
- Web servers in separate secure server security segment
- Countermeasures
- Detecting web server hacking attempts
- Defend against web server attacks
- HTTP response splitting
- Web cache poisoning
- DNS hijacking
- Patch Management
- What is patch management
- Patches and hotfixes
- Installation of a patch
- Patch management tools
- Web Server Security Tools
- Web application security scanners
- Web server security scanners
- Web server security tools
- Web Server Pen Testing
- Web server penetration testing
- Web server pen testing tools
2.14 Hacking Web Applications
- Web App Concepts
- Introduction to web applications
- Web application architecture
- Web 2.0 applications
- Vulnerability stack
- Web App Threats
- OWASP Top 10 Application Security Risks
- Web app hacking methodology
- Footprint web Infrastructure
- Attack web servers
- Analyze web applications
- Bypass client-side controls
- Attack authentication mechanism
- Attack authorization schemes
- Attack access controls
- Attack session management mechanism
- Perform injection/input validation attacks
- Attack application logic flaws
- Attack database connectivity
- Attack web app client
- Attack web services
- Web App Hacking Tools
- Countermeasures
- Web application fuzz testing
- Source code review
- Encoding schemes
- Defend against injection attacks
- Web application attack countermeasures
- Defend against web application attacks
- Web App Security Testing Tools
- Web application security testing tools
- Web application firewall
- Web App Pen Testing
- Web application pen testing
- Web application pen testing framework
2.15 SQL Injection
- SQL Injection Concepts
- What is SQL injection?
- SQL injection and server-side technologies
- HTTP POST Request
- Normal SQL Query
- SQL Injection Query
- Code Analysis
- Types of SQL Injection
- SQL Injection Methodology
- SQL Injection Tools
- SQL power injector and SQLmap
- The mole and SQL injection
- SQL injection tools for mobile
- Evasion Techniques:
- Evading IDS
- Types of signature evasion techniques:
- In-line comment
- Char encoding
- String concatenation
- Obfuscated codes
- Manipulating white spaces
- Hex encoding
- Sophisticated matches
- URL encoding
- Null Byte
- Case variation
- Declare variable
- IP fragmentation
- Countermeasures
- Defend against SQL injection attacks
- SQL injection detection tools
2.16 Hacking Wireless Networks
- Wireless Concepts
- Wireless terminologies, networks, and standards
- Service Set Identifier (SSID)
- Wi-Fi authentication modes
- Wi-Fi authentication process using a centralized authentication server
- Types of wireless antennas
- Wireless Encryption
- Types of wireless encryption
- WEP vs. WPA vs. WPA2
- WEP issues
- Weak Initialization Vectors (IV)
- Wireless Threats
- Rogue access point attack
- Client mis-association
- Misconfigured access point attack
- Unauthorized association
- Ad hoc connection attack
- Honeypot access point attack
- AP MAC spoofing
- Denial-of-Service attack
- Key Reinstallation Attack (KRACK)
- Jamming signal attack
- Wireless Hacking Methodology
- Wi-Fi discovery
- GPS mapping
- Wireless traffic analysis
- Launch wireless attacks
- Crack Wi-Fi encryption
- Wireless Hacking Tools
- WEP/WPA cracking tools
- WEP/WPA cracking tool for mobile
- Wi-Fi sniffer
- Wi-Fi traffic analyzer tools
- Other wireless hacking tools
- Bluetooth Hacking
- Bluetooth stack
- Bluetooth hacking
- Bluetooth threats
- How to blueJack a victim
- Bluetooth hacking tools
- Countermeasures
- Wireless security layers
- How to defend against WPA/WPA2 cracking, KRACK attacks, wireless attacks, and bluetooth hacking
- How to detect and block rogue AP
- Wireless Security Tools
- Wireless intrusion prevention systems
- Wireless IPS deployment
- Wi-Fi security auditing tools
- Wi-Fi predictive planning tools
- Wi-Fi vulnerability scanning tools
- Bluetooth security tools
- Wi-Fi security tools for mobile
- Wireless Pen Testing
- Wireless Penetration Testing,
- Wireless Penetration Testing Framework
2.17 Hacking Mobile Platforms
- Mobile Platform Attack Vectors
- Vulnerable areas in mobile business environment
- OWASP top 10 mobile risks
- Anatomy of a mobile attack
- Mobile attack vectors
- Mobile platform vulnerabilities
- Security issues arising from App stores
- App sandboxing issues
- Mobile spam
- SMS Phishing Attack (SMiShing)
- Hacking Android OS
- Android OS and rooting
- Blocking Wi-Fi access using NetCut
- Hacking with zANTI
- Hacking networks using Network Spoofer
- Launching DoS attack using Low Orbit Ion Cannon (LOIC)
- Performing session hijacking using DroidSheep
- Hacking with Orbot Proxy
- Android-based sniffers
- Android trojans
- Securing android devices
- Android security tools
- Android device tracking tools
- Hacking iOS
- Apple iOS
- Jailbreaking iOS
- iOS trojans
- Guidelines for securing iOS devices
- iOS device security and tracking tools
- Mobile Spyware
- Mobile Device Management
- Mobile Device Management (MDM)
- MDM solutions
- Bring Your Own Device (BYOD)
- Mobile Security Guidelines and Tools
- General guidelines for mobile platform security
- Mobile device security guidelines for Administrator
- SMS phishing countermeasures
- Mobile protection tools
- Mobile anti-spyware
- Mobile Pen Testing
- Android Phone Pen Testing,
- iPhone Pen Testing,
- Mobile Pen Testing Toolkit: Hackode
2.18 IoT Hacking
- IoT Concepts
- What is IoT?
- How does IoT work?
- IoT architecture
- IoT application areas and devices
- IoT technologies and protocols
- IoT communication models
- Challenges of IoT
- Threat vs opportunity
- IoT Attacks
- IoT security problems
- OWASP top 10 IoT vulnerabilities and obstacles
- IoT attack surface areas
- IoT threats
- Hacking IoT devices
- IoT attacks
- Case Study: Dyn Attack
- IoT Hacking Methodology
- What is IoT device hacking?
- IoT hacking methodology
- IoT hacking tools
- Information gathering tools
- Sniffing Tools
- Vulnerability scanning tools
- Countermeasures
- How to defend against IoT hacking
- General guidelines for IoT device manufacturing companies
- OWASP Top 10 IoT vulnerabilities solutions
- IoT framework security considerations
- IoT security tools
- IoT Penetration Testing
2.19 Cloud Computing
- Cloud Computing Concepts
- Introduction to cloud computing
- Separation of responsibilities in cloud
- Cloud deployment models
- NIST cloud deployment reference architecture
- Cloud computing benefits
- Virtualization
- Cloud Computing Threats
- Cloud Computing Attacks
- Service hijacking using social engineering attacks
- Service hijacking using network sniffing
- Session hijacking using XSS attack
- Session hijacking using session riding
- Domain Name System (DNS) attacks
- Side channel attacks or cross-guest VM breaches
- SQL Injection attacks
- Cryptanalysis attacks
- Wrapping attack
- DoS and DDoS attacks
- Man-in-the-Cloud attack
- Cloud Security
- Cloud security control layers
- Cloud computing security considerations
- Placement of security controls in the cloud
- Best practices for securing cloud
- NIST recommendations for cloud security
- Organization/Provider cloud security compliance checklist
- Cloud Security Tools
- Cloud Penetration Testing
- What is cloud pen testing?
- Key considerations for pen testing in the cloud
- Recommendations for Cloud Testing
2.20 Cryptography
- Cryptography Concepts
- Cryptography
- Types of cryptography
- Government Access to Keys (GAK)
- Encryption Algorithms
- Ciphers
- Data Encryption Standard (DES)
- Advanced Encryption Standard (AES)
- RC4, RC5, and RC6 algorithms
- Twofish
- The DSA and related signature schemes
- Rivest Shamir Adleman (RSA)
- Diffie-Hellman
- Message digest (One-Way Hash) functions
- Cryptography Tools
- MD5 hash calculators
- Hash calculators for mobile
- Cryptography tools
- Cryptography tools for mobile
- Public Key Infrastructure (PKI)
- Public Key Infrastructure (PKI)
- Certification authorities
- Signed certificate (CA) vs. self-signed certificate
- Email Encryption
- Digital signature
- Secure Sockets Layer (SSL)
- Transport Layer Security (TLS)
- Cryptography toolkit
- Pretty Good Privacy (PGP)
- Disk Encryption
- Disk encryption
- Disk encryption tools
- Cryptanalysis
- Cryptanalysis methods
- Code Breaking methodologies
- Cryptography attacks
- Cryptanalysis tools
- Online MD5 decryption tools
- Countermeasures: How to Defend Against Cryptographic Attacks