Ethical Hacking & Countermeasures - Attack Phases by EC Council

Overview

Below is an outline for the ebook "Ethical Hacking & Countermeasures - Attack Phases" by EC Council. If you’re a member, then you can log into the Library and view it in your browser using the email address you signed up with. PS. Only members can successfully log in.

  • Click HERE to log into the library (Members only).
  • Folder: Books and Guides > Security - Penetration Testing

If you are having issues logging in, please check the following help guide, HERE.

 

Outline

1. Introduction to Ethical Hacking
2. Objectives
3. Key Terms
4. Case Example
5. Introduction to Ethical Hacking
6. Importance of Security
6.1.1. Threats and Vulnerabilities
6.1.2. Attacks
6.1.3. Security Breaches
6.1.4. Exposure
7. Elements of Security
7.1.1. Accountability
7.1.2. Reusability
7.1.3. The Security Functionality and Ease of Use Triangle
8. Phases of an Attack
8.1.1. Phase 1: Reconnaissance
8.1.2. Phase 2: Scanning
8.1.3. Phase 3: Gaining Access
8.1.4. Phase 4: Maintaining Access
8.1.5. Phase 5: Covering Tracks
9. Types of Hacker Attacks
9.1.1. Operating System Attacks
9.1.2. Application-Level Attacks
9.1.3. Shrink- Wrap Code Attacks
9.1.4. Misconfiguration Attacks
10. Hacktivism
10.1.1. Hacker Classes
11. Ethical Hackers
11.1.1. What Do Ethical Hackers Do?
11.1.2. Can Hacking Be Ethical?
11.1.3. Skills of an Ethical Hacker
12. What Is Vulnerability Research?
12.1.1. Why Hackers Need Vulnerability Research
12.1.2. Vulnerability Research Web Sites
13. Conducting Ethical Hacking
13.1.1. How Do They Go About It?
13.1.2. Approaches to Ethical Hacking
13.1.3. Ethical Hacking Testing
13.1.4. Ethical Hacking Deliverables
14. Computer Crimes and Implications
15. Case Example Revisited
16. Chapter Summary
17. Review Questions
18. Hands-On Projects

19. Footprinting
20. Objectives
21. Key Terms
22. Case Example
23. Introduction to Footprinting
23.1.1. Why Is Footprinting Necessary?
23.1.2. Revisiting Reconnaissance
24. Information-Gathering Methodology
24.1.1. Unearthing Initial Information
24.1.2. What Is an IP Address?
24.1.3. Finding a Company's URL
24.1.4. People Searching
24.1.5. Footprinting Through Job Sites
24.1.6. Information Gathering Stances
25. Footprinting Tools
25.1.1. Sensepost Footprint Tools 3
25.1.2. Big Brother
25.1.3. Advanced Administrative Tools
25.1.4. Wikto
26. WHOIS Tools
26.1.1. WHOIS
26.1.2. SmartWhois
26.1.3. ActiveWhois
26.1.4. LanWhoIs
26.1.5. CountryWhois
26.1.6. CallerIP
26.1.7. Web Data Extractor
27. DNS Information Tools
27.1.1. DNS Enumerator
27.1.2. SpiderFoot
27.1.3. Nslookup
27.1.4. DNSstuff.com
27.1.5. Expired Domains
27.1.6. DomainKing
27.1.7. Domain Inspect
27.1.8. MSR Strider URL Tracer
27.1.9. Mozzle Domain Name Pro
28. Locating the Network Range
28.1.1. ARIN
28.1.2. Traceroute
28.1.3. 3D Traceroute
28.1.4. NeoTrace (now McAfee Visual Trace)
28.1.5. VisualRoute
28.1.6. Path Analyzer Pro
28.1.7. Maltego
28.1.8. TouchGraph
29. E-Mail Spiders
29.1.1. 1st Email Address Spider
29.1.2. Power Email Collector
30. Locating Network Activity
30.1.1. GEO Spider
30.1.2. Google Earth
31. Meta Search Engines
31.1.1. Dogpile
31.1.2. WebFerret
31.1.3. robots.txt
31.1.4. WTR - Web The Ripper 2
31.1.5. Web Site Watcher
32. Faking Web Sites Using Man-In-The-Middle Phishing Kit
33. Case Example Revisited
34. Chapter Summary
35. Review Questions
36. Hands-On Projects

37. Scanning
38. Objectives
39. Key Terms
40. Introduction to Scanning
41. Scanning Defined
42. Objectives of Scanning
43. Scanning Methodology
43.1.1. Step 1: Check for Live Systems
43.1.2. Step 2: Check for Open Ports
43.1.3. Step 3: Fingerprint the Operating System
43.1.4. Step 4: Scan for Vulnerabilities
43.1.5. Step 5: Probe the Network
43.1.6. Surfing Anonymously
43.1.7. Scanning Countermeasures
44. Tools
44.1.1. Live System Scanning Tools
44.1.2. Port Scanning Tools
44.1.3. War Dialing Tools
44.1.4. Banner Grabbing Tools
44.1.5. Tools for Active Stack Fingerprinting
44.1.6. File Extension Concealment Tools
44.1.7. Vulnerability Scanning
44.1.8. Network Mapping Tools
44.1.9. Proxy Tools
44.1.10. Anonymizer Tools
44.1.11. Spoofing Tools
45. Chapter Summary
46. Review Questions
47. Hands-On Projects

48. Enumeration
49. Objectives
50. Key Terms
51. Introduction to Enumeration
52. Enumeration Defined
53. Enumeration Techniques
53.1.1. Null Session Enumeration
53.1.2. SNMP Enumeration
53.1.3. UNIX Enumeration
53.1.4. LDAP Enumeration
53.1.5. NTP Enumeration
53.1.6. SMTP Enumeration
53.1.7. Web Enumeration
53.1.8. Web Application Directory Enumeration
53.1.9. Default Password Enumeration
54. Enumeration Procedure
55. Tools
55.1.1. Null Session Tools
55.1.2. User Account Tools
55.1.3. Null Session Countermeasure Tools
55.1.4. SNMP Enumeration Tools
55.1.5. LDAP Enumeration Tools
55.1.6. SMTP Enumeration Tools
55.1.7. General Enumeration Tools
56. Chapter Summary
57. Review Questions
58. Hands-On Projects

59. System Hacking
60. Objectives
61. Key Terms
62. Introduction to System Hacking
63. Cracking Passwords
63.1.1. Password Types
63.1.2. Four Types of Password Attacks
64. Password Cracking Web Sites
65. http://www.defaultpassword.com
66. http://www.cirt.net/cgi-bin/passwd.pl
67. http://www.virus.org/default-password
68. Abcom PDF Password Cracker
69. Password Guessing
69.1.1. Administrator Password Guessing
69.1.2. Manual Password Cracking Algorithm
69.1.3. Automatic Password Cracking Algorithm
69.1.4. Performing Automated Password Guessing
69.1.5. Tool: NAT
69.1.6. Tool: Smbbf SMB Passive Brute Force Tool
69.1.7. Tool: SMBCrack
69.1.8. Hacking Tool: 0phtCrack
69.1.9. Microsoft Authentication
69.1.10. PWdump2 and PWdump3
69.1.11. Tool: RainbowCrack
69.1.12. Hacking Tool: KerbCrack
69.1.13. Hacking Tool: John the Ripper
69.1.14. Password Sniffing
70. Password Cracking Tools
70.1.1. Tool: LCP
70.1.2. Tool: ophcrack
70.1.3. Tool: Crack
70.1.4. Tool: Access PassView
70.1.5. Tool: Asterisk Logger
71. Password Cracking Countermeasures
71.1.1. Do Not Store LAN Manager Hashes in the SAM Database
71.1.2. Disabling LM Hashes
71.1.3. Syskey Utility
71.1.4. AccountAudit
72. Escalating Privileges
72.1.1. Cracking NT/2000 Passwords
72.1.2. Active@ Password Changer
72.1.3. Privilege Escalation Tool: X.exe
72.1.4. Login Hack: Example
73. Executing Applications
73.1.1. Tool: PsExec
73.1.2. Tool: Alchemy Remote Executor
73.1.3. Tool: Emsa FlexInfo Pro
74. Keyloggers and Spyware
74.1.1. Keystroke Loggers
74.1.2. Tool: SCKeyLog
74.1.3. Tool: Revealer Keylogger
74.1.4. Tool: Handy Keylogger
74.1.5. Tool: Ardamax Keylogger
74.1.6. Tool: Powered Keylogger
74.1.7. Tool: Elite Keylogger
74.1.8. Tool: Quick Keylogger
74.1.9. Tool: Spy Keylogger
74.1.10. Tool: Perfect Keylogger
74.1.11. Tool: Invisible Keylogger
74.1.12. Tool: Actual Spy
74.1.13. Tool: Spytector
74.1.14. Tool: Invisible KeyLogger Stealth
74.1.15. Tool: Ghost Keylogger
74.1.16. Tool: KeyGhost Hardware Keylogger
74.1.17. Tool: 007 Spy Software
74.1.18. Tool: Spector Pro
74.1.19. Tool: RemoteSpy
74.1.20. Tool: Spytech SpyAgent
74.1.21. Tool: SpyBuddy
74.1.22. Tool: Stealth KeyLogger
74.1.23. Tool: AceSpy
74.1.24. Tool: Keystroke Spy
74.1.25. Tool: Desktop Spy
74.1.26. Tool: Activity Monitor
74.1.27. Tool: Wiretap Professional
74.1.28. Tool: eBlaster
74.1.29. Tool: Stealth Recorder
74.1.30. Tool: Stealth Website Logger
74.1.31. Tool: DigiWatcher Video Surveillance
74.1.32. Tool: Phone Spy
74.1.33. Tool: Print Monitor Pro
74.1.34. Tool: Stealth Email Redirector
74.1.35. Tool: FlexiSpy
74.1.36. Tool: PC PhoneHome
75. Keylogger and Spyware Countermeasures
75.1.1. Tool: PrivacyKeyboard
75.1.2. Tool: Advanced Anti Keylogger
75.1.3. Tool: SpyHunter
75.1.4. Tool: Spy Sweeper
75.1.5. Tool: Spyware Terminator
75.1.6. Tool: WinCleaner AntiSpyware
76. Hiding Files
77. Rootkits
77.1.1. Why Rootkits
77.1.2. Hacking Tool NT/2000 Rootkit
77.1.3. Rootkit: Fu
77.1.4. Rootkit: AFX Rootkit
77.1.5. Rootkit: Nuclear
77.1.6. Rootkit: Vanquish
77.1.7. Steps for Detecting Rootkits
77.1.8. Rootkit Detection Tools
77.1.9. Rootkit Countermeasures
77.1.10. Creating Alternate Data Streams
77.1.11. How to Create NTFS Streams
77.1.12. NTFS Stream Manipulation
77.1.13. NTFS Stream Countermeasures
77.1.14. NTFS Stream Detectors
77.1.15. Tool: USBDumper
78. Steganography
78.1.1. Process of Hiding Information in Image Files
78.1.2. LeastSignificantBit Insertion in Image Files
78.1.3. Masking and Filtering in Image Files
78.1.4. Algorithms and Transformation
78.1.5. Steganography Tools
78.1.6. Steganography Detection
78.1.7. Steganalysis Tools
79. Covering Tracks
79.1.1. Disabling Auditing
79.1.2. Clearing the Event Log
79.1.3. Tool: ELSave
79.1.4. Tool: WinZapper
79.1.5. Tool: Evidence Eliminator
79.1.6. Tool: Traceless
79.1.7. Tool: Tracks Eraser Pro
79.1.8. Tool: Armor Tools
79.1.9. Tool: ZeroTracks
80. Chapter Summary
81. Review Questions
82. Hands-On Projects

83. Penetration Testing
84. Objectives
85. Key Terms Introduction to Penetration Testing
85.1.1. Security Assessments
85.1.2. Types of Penetration Testing
86. Phases of Penetration Testing
86.1.1. Best Practices
86.1.2. Planning Phase
86.1.3. Preattack Phase
86.1.4. Attack Phase
86.1.5. Postattack Phase
86.1.6. Planning Phase
86.1.7. Enumerating Devices
86.1.8. Preattack Phase
86.1.9. Attack Phase
86.1.10. Postattack Phase
87. Tools
87.1.1. Choosing Different Types of Pen-Test Tools
87.1.2. Penetration-Testing Tools
87.1.3. Other Tools Useful in a Pen-Test
88. Chapter Summary
89. Review Questions
90. Hands-On Projects
91. Index

 

-----

Next steps:

This article was contributed by Jason Jacobs from Guyana. Jason is a member of the Caribbean CSPA. 

 

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Article is closed for comments.