Hacking, Penetration Testing and Countermeasures

ENO.com
Stafford, Virginia, United States

Course Format: Classroom | E-learning | Virtual Class | Online | On-site | Blended | Self-paced

Course Description:

'' Our training videos will show you how to scan, test, hack and secure your own systems. The intensive lab demonstrations gives each student in-depth knowledge and practical experience with the current security systems. You will begin by understanding how perimeter defenses work and then be lead into scanning and attacking your own networks. You will then learn how intruders escalate privileges and what steps can be taken to secure a system. Students will also learn about Penetration Testing and Countermeasures, Intrusion Detection, Policy Creation, Social Engineering, DDoS Attacks, Buffer Overflows and Virus Creation.

Included with this Program:

Multimedia DVD-ROM featuring 15+ Hours of in depth Expert-led classroom sessions with full motion video/audio, demonstration components through out the entire training
Real-world examples, and scenarios
eWorkbook - 725 pages Student eWorkbook developed by Shon Harris
300+ Penetration Testing Review Questions
Certificate of Completion


Course Outline:

Module 1 - Ethical Hacking and Penetration Testing

Ethical Hacking and Penetration Testing
Security 101
Hacking Hall of Fame
What are Today’s hackers Like?
Today’s Hackers
Risk Management
Evolution of Threats
Typical Vulnerability Life Cycle
What is Ethical Hacking?
Rise of the Ethical Hacker
Types of Security Test
Penetration Test (Pen-test)
Red Teams
Testing Methodology
VMWare Workstation
Windows and Linux Running VMWare
Linux Is a Must
Linux Survival Skills
Useful vi Editor Commands
Module 1 Review
Module 2 - Footprinting and Reconnaissance

Footprinting and Reconnaissance
Desired Information
Find Information by the Target (Edgar)
terraserver.microsoft.com
Network Reconnaissance & DNS Search
Query Whois Databases
Command-Line Whois Searches
ARIN whois: Search IP Address Blocks
SamSpade Tool and Website
Internet Presence
Look Through Source Code
Mirror Website
Find Specific Types of Systems
Big Brother
AltaVista
Specific Data Being Available?
Anonymizers
Countermeasures to Information Leakage
Social Engineering
DNS Zone Transfer
Nslookup command-line utility
Zone Transfer from Linux
Automated Zone Transfers
Zone Transfer Countermeasures
www.CheckDNS.net
Tracing Out a Network Path
tracert Output
Free Tools
Paratrace
War Dialing for Hanging Modems
Manual and Automated War Dialing
Case Study
www.guidedogs.com
Footprinting Countermeasures
Demo - Footprinting & Info Gathering
Module 2 Review
Module 3 - TCP/IP Basics and Scanning

TCP/IP Basics and Scanning
The OSI Model
TCP/IP Protocol Suite Layers
Encapsulation
Data-Link Protocols
IP - Internet Protocol, Datagram (Packet)
ICMP Packets
UDP ? User Datagram Protocol
UDP Datagram
TCP ? Transmission Control Protocol
TCP Segment
TCP/IP 3-Way Handshake and Flags
TCP and UDP Ports
Ping Sweeps
Good Old Ping, Nmap, TCP Ping Sweep
TCP Sweep Traffic Captured
Unix Pinging Utilities
Default TTLs
Pinging Countermeasures
Port Scanning
Nmap
Advanced Probing Techniques
Scanrand
Port Probing Countermeasures
Watch Your Own Ports
Demo - Scanning Tools
Module 3 Review
Module 4 - Enumeration and Verification

Enumeration and Verification
Operating System Identification
Differences Between OS TCP/IP Stack
Nmap -O
Active vs Passive Fingerprinting
Xprobe/Xprobe2
Countermeasures
SNMP Overview
SNMP Enumeration
SMTP, Finger, and E-mail Aliases
Gleaning Information from SMTP
SMTP E-mail Alias Enumeration
SMTP Enumeration Countermeasures
CIFS/SMB
Attack Methodology
Find Domains and Computers
NetBIOS Data
NBTscan
NULL Session
Local and Domain Users
Find Shares with net view
enum: the All-in-one
Winfo and NTInfoScan (ntis.exe)
Digging in the Registry
NetBIOS Attack Summary
NetBIOS Countermeasures
What?s this SID Thing Anyway?
Common SIDs and RIDs
whoami
RestrictAnonymous
USER2SID/SID2USER
psgetsid.exe and UserDump Tool
LDAP and Active Directory
GUI Tools to Perform the Same Actions
Demo - Enumeration
Module 4 Review
Module 5 - Hacking & Defending Wireless/Modems

Hacking & Defending Wireless/Modems
Phone Numbers & Modem Background
Phone Reconnaissance
Modem Attacks
Wireless Reconnaissance
Wireless Background
Wireless Reconnaissance Continued
Wireless Sniffing
Cracking WEP Keys
Defending Wireless
Module 5 Review
Module 6 - Hacking & Defending Web Servers

Hacking & Defending Web Servers
Web Servers in General: HTTP
Uniform Resource Locator: URL
Apache Web Server Functionality
Apache: Attacking Mis-configurations
Apache: Attacking Known Vulnerabilities
Defending Apache Web Server
Microsoft Internet Information Server
(IIS)
IIS: Security Features
IIS: Attacking General Problems
IIS: IUSER or IWAM Level Access
IIS: Administrator or Sys Level Access
IIS: Clearing IIS Logs
IIS: Defending and Countermeasures
Web Server Vulnerability Scanners
Demo - Hacking Web Servers
Module 6 Review
Module 7 - Hacking & Defending Web Applications

Hacking & Defending Web Applications
Background on Web Threat & Design
Basic Infrastructure Information
Information Leaks on Web Pages
Hacking over SSL
Use the Source, Luke�
Functional/Logic Testing
Attacking Authentication
Attacking Authorization
Debug Proxies: @stake webproxy
Input Validation Attacks
Attacking Session State
Attacking Web Clients
Cross-Site Scripting (XSS) Threats
Defending Web Applications
Module 7 Review
Module 8 - Sniffers and Session Hijacking

Sniffers and Session Hijacking
Sniffers
Why Are Sniffers so Dangerous?
Collision & Broadcast Domains
VLANs and Layer-3 Segmentation
tcpdump & WinDump
Berkley Packet Filter (BPF)
Libpcap & WinPcap
BUTTSniffing Tool and dSniff
Ethereal
Mitigation of Sniffer Attacks
Antisniff
ARP Poisoning
MAC Flooding
DNS and IP Spoofing
Session Hijacking
Sequence Numbers
Hunt
Ettercap
Source Routing
Hijack Countermeasures
Demo - Sniffers
Module 8 Review
Module 9 - Hacking & Defending Windows Systems

ASP.NET 2.0 Advanced User Interface
Physical Attacks
LANMan Hashes and Weaknesses
WinNT Hash and Weaknesses
Look for Guest, Temp, Joe Accounts
Direct Password Attacks
Before You Crack: Enum Tool Finding
More Account Information
Cracking Passwords
Grabbing the SAM
Crack the Obtained SAM
LSA Secrets and Trusts
Using the Newly Guessed Password
Bruteforcing Other Services
Operating System Attacks
Hiding Tracks: Clearing Logs
Hardening Windows Systems
Strong 3-Factor Authentication
Creating Strong Passwords
Authentication
Windows Account Lockouts
Auditing Passwords
File Permissions
Demo - Attacking Windows Systems
Module 9 Review
Module 10 - Hacking & Defending Unix Systems

Hacking & Defending Unix Systems
Physical Attacks on Linux
Password Cracking
Brute Force Password Attacks
Stack Operation
Race Condition Errors
Format String Errors
File System Attacks
Hiding Tracks
Single User Countermeasure
Strong Authentication
Single Sign-On Technologies
Account Lockouts
Shadow Password Files
Buffer Overflow Countermeasures
LPRng Countermeasures
Tight File Permissions
Hiding Tracks Countermeasures
Removing Unnecessary Applications
DoS Countermeasures
...''

Phone:(888) 742-3214 or 540-720-9660

School Address:

E&A Information Services Inc. (DBA: Eno.com)
6 St. Charles Ct
Stafford, VA 22556. USA


Jobs & Resumes: Stafford
Houses & Roommates: Stafford

CompTIA Linux+ 2005
CompTIA Server+ 2005
CCNA
Cisco Wireless LAN Support Specialist
CWNA (Certified Wireless Network Administrator)
CCNP
Office 2003 MOUS
CEH: Certified Ethical Hacker
Computer Forensics - Digital Forensics and Electronic Discovery
Computer Forensics - Advanced Digital Forensic Techniques
Microsoft.NET Basics
Visual Studio .NET
C# .NET
ASP.NET for C# Developers
ASP.NET for VB Developers
ASP.NET Web Services
Visual Basic .NET
.NET Security
XML Development in .NET

Notice: The course description on this page was captured from the Internet as historical reference or submitted by visitors. It was archived statically and not updated from day to day.
 

Facts: We provide free training course catalog service since 2003, in English and Chinese. Tens of thousands of visitors search our database from our portal and partners' websites each day.