Ethical Hacking & Countermeasure Specialist - EC-Council
Ethical Hacking & Countermeasure Specialist - EC-Council
Ethical Hacking & Countermeasure Specialist - EC-Council
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
<strong>Ethical</strong> <strong>Hacking</strong> & <strong>Countermeasure</strong> <strong>Specialist</strong><br />
EHS301<br />
Course Title:<br />
<strong>Ethical</strong> <strong>Hacking</strong> & <strong>Countermeasure</strong> <strong>Specialist</strong>: Attack Phases<br />
Page 1 of 12<br />
Attack Phases Copyright © by <strong>EC</strong>-<strong>Council</strong><br />
All Rights Reserved. Reproduction is Strictly Prohibited.
<strong>Ethical</strong> <strong>Hacking</strong> & <strong>Countermeasure</strong> <strong>Specialist</strong><br />
EHS301<br />
Course Description<br />
This certification covers a plethora of the offensive security topics ranging from how perimeter defenses<br />
work to scanning and attacking the simulated networks. A wide variety of tools, viruses, and malware is<br />
presented in this and the other four books, providing a complete understanding of the tactics and tools<br />
used by hackers. By gaining a thorough understanding of how hackers operate, an <strong>Ethical</strong> Hacker will be<br />
able to set up strong countermeasures and defensive systems to protect an organization's critical<br />
infrastructure and information.<br />
Certificate Info<br />
<strong>Ethical</strong> <strong>Hacking</strong> & <strong>Countermeasure</strong> <strong>Specialist</strong>: Attack Phases<br />
Who Should Attend<br />
This course will significantly benefit the security officers, auditors, security professionals, site<br />
administrators, and anyone who is concerned about the integrity of the network infrastructure.<br />
Course Duration<br />
2 days (9:00AM – 5:00PM)<br />
CPE/<strong>EC</strong>E Qualification<br />
16 <strong>EC</strong>E Credits awarded for attendance (1 for each classroom hour)<br />
Suggested Retail:<br />
$799 USD<br />
Page 2 of 12<br />
Attack Phases Copyright © by <strong>EC</strong>-<strong>Council</strong><br />
All Rights Reserved. Reproduction is Strictly Prohibited.
<strong>Ethical</strong> <strong>Hacking</strong> & <strong>Countermeasure</strong> <strong>Specialist</strong><br />
EHS301<br />
Required Courseware:<br />
Visit www.cengage.com/community/eccouncil and click on Training Workshops for ordering details.<br />
What’s included<br />
Physical Courseware<br />
1 year Access To <strong>EC</strong>-<strong>Council</strong> Student LMS for Practical Labs (if applicable), testing, and Certificate<br />
Course + Supplement Cost:<br />
See the “Training Workshops” section at www.cengage.com/community/eccouncil for current pricing<br />
information.<br />
Related Certificates:<br />
<strong>Ethical</strong> <strong>Hacking</strong> and <strong>Countermeasure</strong>s: Threats and Defense Mechanisms<br />
<strong>Ethical</strong> <strong>Hacking</strong> and <strong>Countermeasure</strong>s: Web Applications and Data Servers<br />
<strong>Ethical</strong> <strong>Hacking</strong> and <strong>Countermeasure</strong>s: Linux, Macintosh and Mobile Systems<br />
<strong>Ethical</strong> <strong>Hacking</strong> and <strong>Countermeasure</strong>s: Secure Network Infrastructures<br />
Page 3 of 12<br />
Attack Phases Copyright © by <strong>EC</strong>-<strong>Council</strong><br />
All Rights Reserved. Reproduction is Strictly Prohibited.
<strong>Ethical</strong> <strong>Hacking</strong> & <strong>Countermeasure</strong> <strong>Specialist</strong><br />
Course Briefing<br />
EHS301<br />
1. Introduction to <strong>Ethical</strong> <strong>Hacking</strong><br />
Chapter Brief:<br />
As computers have become strategic in the way business is conducted, companies leveraged their<br />
capabilities to conduct commerce. Enterprises have begun to realize the need to evaluate their<br />
systems for vulnerabilities and correct the security lapses.<br />
<strong>Ethical</strong> hacking is broadly defined as the methodology that ethical hackers adopt to discover the<br />
existing vulnerabilities in information systems’ operating environments. Their job is to evaluate<br />
the security of targets, provide updates regarding any discovered vulnerabilities, and recommend<br />
the appropriate mitigation procedures.<br />
The module “Introduction to <strong>Ethical</strong> <strong>Hacking</strong>” gives an introduction to cyber warfare and security<br />
threats. It briefs about hacking and also describes <strong>Ethical</strong> <strong>Hacking</strong>. It talks about the<br />
prerequisites to become an <strong>Ethical</strong> Hacker, the scope and limitations of ethical hacking, and the<br />
classification of ethical hackers. The module explains the steps that should be followed while<br />
conducting an ethical hacking process.<br />
2. Footprinting<br />
Chapter Brief:<br />
Footprinting is the blueprint of the security profile of an organization that is undertaken in a<br />
methodological manner, which gives a unique system profile of an organization. Information<br />
unveiled at various network levels (Internet/intranet/extranet/wireless) can include details<br />
regarding: domain name, intrusion detection systems, specific IP addresses, access control<br />
mechanisms and related lists, contact addresses, authentication mechanisms, and system<br />
enumeration. An attacker spends 90% of the time in profiling an organization and 10% in<br />
launching the attack.<br />
This module discusses about Footprinting terminologies, information gathering methodology,<br />
and competitive intelligence gathering. It explains about different Footprinting tools that can be<br />
used to intrude into a system or network and explains the process of creating fake websites and<br />
the tools used to create fake websites.<br />
3. Scanning<br />
Chapter Brief:<br />
Scanning is one of the most important phases of intelligence gathering for an attacker. In the<br />
process of scanning, the attacker tries to gather information about the specific IP addresses that<br />
can be accessed over the Internet, their target’s operating systems, system architecture, and the<br />
services running on each computer.<br />
This module explains about the scanning methodology that is used to identify the vulnerabilities<br />
in a network. It explains about the types of scanning, objectives of Scanning, and different tools<br />
present to perform scanning. It briefs about CEH scanning methodology that includes checking<br />
for live systems and ports, identifying services, Banner Grabbing/OS Fingerprinting, scanning for<br />
vulnerability, drawing network diagrams of the vulnerable hosts, and preparing proxies.<br />
Page 4 of 12<br />
Attack Phases Copyright © by <strong>EC</strong>-<strong>Council</strong><br />
All Rights Reserved. Reproduction is Strictly Prohibited.
<strong>Ethical</strong> <strong>Hacking</strong> & <strong>Countermeasure</strong> <strong>Specialist</strong><br />
4. Enumeration<br />
EHS301<br />
Chapter Brief:<br />
The attacker’s objective is to identify the valid user’s accounts or groups where he/she can remain<br />
inconspicuous once the system has been compromised. Enumeration involves making active<br />
connections to the target system or subjecting it to direct queries.<br />
The module “Enumeration” explains about the process of extracting the user names. It explains<br />
the techniques for Enumeration, enumerating user accounts, SNMP enumeration, UNIX/Linux<br />
enumeration, LDAP enumeration, NTP enumeration, SMTP enumeration, DNS enumeration, and<br />
web enumeration. The module lists the enumeration tools that can be used to extract the data.<br />
5. System <strong>Hacking</strong><br />
Chapter Brief:<br />
With the advent of Internet, securing the systems has become a major concern for organizations<br />
and governments alike. The fear of the trade secrets, financial information, and customer<br />
information being compromised has urged organizations to evaluate the threat scenario to their<br />
organizational networks. This led to the organizations hiring “ethical hackers” to launch system<br />
hacking on the systems and learn about the vulnerabilities in the networks. In System <strong>Hacking</strong>,<br />
the system refers to the applications and software that perform business functions or support key<br />
processes.<br />
The module “System <strong>Hacking</strong>” describes the CEH system hacking process which is classified into<br />
3 stages: gaining access (by cracking passwords and escalating privileges), maintaining access<br />
(executing applications and hiding files), and clearing access (covering tracks). The module also<br />
explains the hacking tools that aid the hacking process. The module explains how the attackers<br />
penetrate into a system with the help of examples and tools. It also presents the countermeasures<br />
that can be applied in each stage to prevent an attack on the system.<br />
6. Penetration Testing (PT)<br />
Chapter Brief:<br />
A penetration test is a simulation of a potential attack from an attacker. The test involves<br />
analyzing the system for vulnerabilities that may be used by the attacker to break in. It involves<br />
using proprietary and open source tools to test for known and unknown technical vulnerabilities<br />
in the networked systems. Apart from the automated techniques, penetration testing involves<br />
manual techniques for conducting the targeted testing on the specific systems to ensure that there<br />
are no security flaws that may have gone undetected earlier.<br />
This module explains how to penetrate through a system or network. It gives an introduction to<br />
penetration testing, risk management, manual testing, and automated testing. It discusses on how<br />
to enumerate the devices and DoS enumeration and explains about HackerShield, pen-test using<br />
different devices, VigilENT, WebInspect, and the tools used for penetration testing.<br />
Page 5 of 12<br />
Attack Phases Copyright © by <strong>EC</strong>-<strong>Council</strong><br />
All Rights Reserved. Reproduction is Strictly Prohibited.
<strong>Ethical</strong> <strong>Hacking</strong> & <strong>Countermeasure</strong> <strong>Specialist</strong><br />
Course Outline<br />
EHS301<br />
Chapter 1: Introduction to <strong>Ethical</strong> <strong>Hacking</strong><br />
• Case Example<br />
• Introduction to <strong>Ethical</strong> <strong>Hacking</strong><br />
• Importance of Security<br />
• Threats and Vulnerabilities<br />
• Attacks<br />
• Security Breaches<br />
• Exposure<br />
• Elements of Security<br />
• The Security, Functionality, and Ease of Use Triangle<br />
• The Growth of <strong>Hacking</strong><br />
• Phases of an Attack<br />
o Phase 1—Reconnaissance<br />
o Phase 2—Scanning<br />
o Phase 3—Gaining Access<br />
o Phase 4—Maintaining Access<br />
o Phase 5—Covering Tracks<br />
• Types of Hacker Attacks<br />
• Hacktivism<br />
• <strong>Ethical</strong> Hackers<br />
• What Do <strong>Ethical</strong> Hackers Do<br />
• Can <strong>Hacking</strong> Be <strong>Ethical</strong><br />
• Skills of an <strong>Ethical</strong> Hacker<br />
• What Is Vulnerability Research<br />
• Why Hackers Need Vulnerability Research<br />
• Vulnerability Research Web Sites<br />
• Conducting <strong>Ethical</strong> <strong>Hacking</strong><br />
• How Do They Go About It<br />
• <strong>Ethical</strong> <strong>Hacking</strong> Testing<br />
• <strong>Ethical</strong> <strong>Hacking</strong> Deliverables<br />
• Computer Crimes and Implications<br />
• Case Example Revisited<br />
Page 6 of 12<br />
Attack Phases Copyright © by <strong>EC</strong>-<strong>Council</strong><br />
All Rights Reserved. Reproduction is Strictly Prohibited.
<strong>Ethical</strong> <strong>Hacking</strong> & <strong>Countermeasure</strong> <strong>Specialist</strong><br />
Chapter 2: Footprinting<br />
EHS301<br />
• Case Example<br />
• Introduction to Footprinting<br />
• Why Is Footprinting Necessary<br />
• Revisiting Reconnaissance<br />
• Footprinting Terminologies<br />
o<br />
Open Source Footprinting<br />
• Information-Gathering Methodology<br />
o<br />
Unearthing Initial Information<br />
• What Is an IP Address<br />
• Finding a Company’s URL<br />
• Finding the Internal URLs<br />
• Public and Private Websites<br />
• People Searching<br />
• WHOIS Lookup<br />
• Whois Lookup Result Analysis<br />
• WHOIS Lookup Result<br />
• Footprinting Through Job Sites<br />
• Information Gathering Stances<br />
• Why Do Hacker Need Competitive Intelligence<br />
• Competitive Intelligence Tools<br />
• Footprinting Tools<br />
• Big Brother<br />
• Wikto<br />
• Exomind<br />
• WHOIS Tools<br />
• SmartWhois<br />
• ActiveWhois<br />
• CountryWhois<br />
• CallerIP<br />
• Web Data Extractor<br />
• DNS Information Tools<br />
• DNSstuff.com<br />
• Expired Domains<br />
o<br />
Locating the Network Range<br />
• NeoTrace (now McAfee Visual Trace)<br />
Page 7 of 12<br />
Attack Phases Copyright © by <strong>EC</strong>-<strong>Council</strong><br />
All Rights Reserved. Reproduction is Strictly Prohibited.
<strong>Ethical</strong> <strong>Hacking</strong> & <strong>Countermeasure</strong> <strong>Specialist</strong><br />
• Path Analyzer Pro<br />
• TouchGraph<br />
• E-Mail Spiders<br />
• Locating Network Activity<br />
• Google Earth<br />
• Meta Search Engines<br />
• Faking Web Sites Using Man-In-The-Middle Phishing Kit<br />
• Case Example Revisited: What Happened Next<br />
EHS301<br />
Chapter 3: Scanning<br />
• Introduction to Scanning<br />
• Scanning Defined<br />
• Objectives of Scanning<br />
• Scanning Methodology<br />
• Surfing Anonymously<br />
• Scanning <strong>Countermeasure</strong>s<br />
• Tools<br />
o Angry IP Scanner<br />
• Firewalk Tool<br />
o Firewalk<br />
o Firewalk Output<br />
o Nmap<br />
• Nmap: Scan Methods<br />
• Nmap Scan Options<br />
• Nmap Output Format<br />
• Nmap Timing Options<br />
• Nmap Options<br />
• Nmap: Output<br />
• Nmap: Host/Ports Details<br />
• Nmap: Host Details<br />
• Nmap: Hosts Viewer<br />
o NetScanTools<br />
o WUPS<br />
o SuperScan<br />
o Global Network Inventory<br />
o Net Tools Suite Pack<br />
Page 8 of 12<br />
Attack Phases Copyright © by <strong>EC</strong>-<strong>Council</strong><br />
All Rights Reserved. Reproduction is Strictly Prohibited.
<strong>Ethical</strong> <strong>Hacking</strong> & <strong>Countermeasure</strong> <strong>Specialist</strong><br />
o FloppyScan<br />
EHS301<br />
o<br />
o<br />
o<br />
o<br />
o<br />
o<br />
o<br />
o<br />
o<br />
o<br />
o<br />
o<br />
o<br />
o<br />
o<br />
o<br />
o<br />
o<br />
o<br />
o<br />
o<br />
o<br />
o<br />
o<br />
o<br />
o<br />
o<br />
o<br />
o<br />
o<br />
o<br />
o<br />
o<br />
o<br />
o<br />
o<br />
Atelier Web Ports Traffic Analyzer<br />
Atelier Web Security Port Scanner<br />
Ike-scan<br />
Infiltrator Network Security Scanner<br />
YAPS: Yet another Port Scanner<br />
Advanced Port Scanner<br />
NetGadgets<br />
P-Ping Tools<br />
LANView<br />
NetBrute<br />
Advanced IP Scanner<br />
Colasoft MAC Scanner<br />
Active Network Monitor<br />
Advanced Serial Data Logger<br />
WotWeb<br />
Antiy Ports<br />
Port Detective<br />
PhoneSweep<br />
Httprint<br />
IIS Lockdown Wizard<br />
ServerMask<br />
PageXchanger<br />
SAINT<br />
ISS Security Scanner<br />
Nessus<br />
Retina Network Security Scanner<br />
IPsonar<br />
BSA Visibility<br />
SocksChain<br />
Happy Browser<br />
Browzar<br />
Torpark<br />
Proxy+<br />
JAP<br />
HTTPort<br />
SentryPC<br />
Page 9 of 12<br />
Attack Phases Copyright © by <strong>EC</strong>-<strong>Council</strong><br />
All Rights Reserved. Reproduction is Strictly Prohibited.
<strong>Ethical</strong> <strong>Hacking</strong> & <strong>Countermeasure</strong> <strong>Specialist</strong><br />
EHS301<br />
Chapter 4: Enumeration<br />
• Introduction to Enumeration<br />
• Enumeration Defined<br />
• Techniques for Enumeration<br />
• Null Session Enumeration<br />
• Windows Session Establishment<br />
• Establishing Netbios Null Sessions<br />
• So What's the Big Deal<br />
• SNMP Enumeration<br />
• Management Information Base<br />
• SNMP UNIX Enumeration<br />
• UNIX Enumeration<br />
• LDAP Enumeration<br />
• NTP Enumeration<br />
• SMTP Enumeration<br />
• Web Enumeration<br />
• Web Application Directory Enumeration<br />
• Default Password Enumeration<br />
• Enumeration Procedure<br />
• Enumerating User Accounts on Linux and OS X with rpcclient<br />
• Tools<br />
o Null Session Tools<br />
o User Account Tools<br />
o PsTools<br />
o SNMP Enumeration Tools<br />
o LDAP Enumeration Tools<br />
o General Enumeration Tools<br />
Chapter 5: System <strong>Hacking</strong><br />
• Introduction to System <strong>Hacking</strong><br />
• Gaining Access<br />
• Cracking Passwords<br />
• Types of Password Attacks<br />
o Passive Online Attack: Wire Sniffing<br />
o Passive Online Attack: Man-in-the-Middle and Replay Attacks<br />
o Active Online Attack: Password Guessing<br />
Page 10 of 12<br />
Attack Phases Copyright © by <strong>EC</strong>-<strong>Council</strong><br />
All Rights Reserved. Reproduction is Strictly Prohibited.
<strong>Ethical</strong> <strong>Hacking</strong> & <strong>Countermeasure</strong> <strong>Specialist</strong><br />
o Offline Attacks<br />
EHS301<br />
• Brute-force Attack<br />
• Attack: Pre-Computed Hashes<br />
o<br />
o<br />
o<br />
o<br />
Syllable Attack/ Rule-based Attack<br />
Distributed Network Attack<br />
Rainbow Attack<br />
Non-Technical Attacks<br />
o Password Cracking Web Sites<br />
• Password Guessing<br />
• Tool:<br />
o<br />
o<br />
Windows Password Cracker<br />
Windows Password Recovery<br />
• Microsoft Authentication<br />
• Password Cracking Tools<br />
• Password Cracking <strong>Countermeasure</strong>s<br />
• Escalating Privileges<br />
• Cracking NT/2000 Passwords<br />
• Login Hack: Example<br />
• Executing Applications<br />
• Keyloggers and Spyware<br />
• Keylogger and Spyware <strong>Countermeasure</strong>s<br />
• Hiding Files<br />
• Rootkits<br />
• Steganography<br />
• Steganography Tools<br />
• Steganography Detection<br />
• Steganalysis Tools<br />
• Covering Tracks<br />
Chapter 6: Penetration Testing (PT)<br />
• Introduction to Penetration Testing<br />
• Security Assessments<br />
• Types of Penetration Testing<br />
o<br />
o<br />
o<br />
o<br />
Black-box Penetration Testing<br />
Grey-box Penetration Testing<br />
White-box Penetration Testing<br />
Announced Testing/ Unannounced Testing<br />
Page 11 of 12<br />
Attack Phases Copyright © by <strong>EC</strong>-<strong>Council</strong><br />
All Rights Reserved. Reproduction is Strictly Prohibited.
<strong>Ethical</strong> <strong>Hacking</strong> & <strong>Countermeasure</strong> <strong>Specialist</strong><br />
• Why Penetration Testing<br />
EHS301<br />
• What Should be Tested<br />
• What Makes a Good Penetration Test<br />
• Strategies of Penetration Testing<br />
o<br />
o<br />
o<br />
o<br />
o<br />
o<br />
o<br />
External Penetration Testing<br />
Internal Security Assessment<br />
Application Security Assessment<br />
Network Security Assessment<br />
Wireless/Remote Access Assessment<br />
Telephony Security Assessment<br />
Social Engineering<br />
• Phases of Penetration Testing<br />
o<br />
o<br />
o<br />
o<br />
o<br />
Planning Phase<br />
Enumerating Devices<br />
Pre-attack Phase<br />
Attack Phase<br />
Post-attack Phase<br />
• Tools<br />
• Other Tools Useful in a Pen-Test<br />
Page 12 of 12<br />
Attack Phases Copyright © by <strong>EC</strong>-<strong>Council</strong><br />
All Rights Reserved. Reproduction is Strictly Prohibited.