POSTED BY GAURAV BAPLAWAT on MAY 25, 2011
• Security testing methodologies • The Ethical Hacking Profession • Passive Intelligence Gathering – 2007 Version • Network Sweeps • Stealthily Network Recon • Passive traffic identification • Identifying system vulnerabilities • Abusing Domain Name System (DNS) • Abusing Simple Network Management Protocol (SNMP) • Introduction to Remote Exploits • Engineering remote exploits • Running shellcode in RAM vs. on disk • Heap Buffer Overflows • Compromising Windows 2003 Server Systems • Compromising Solaris Unix and Linux Systems • Attacking RDP (Remote Desktop Protocol) in Windows XP, 2003 & Vista • Windows password weaknesses & Rainbow Tables • Unix password weaknesses • Attacking Cisco’s IOS password weaknesses
Trojan genres • Windows, Unix and Linux Trojans • Kernel Mode Windows Rootkits – System Call Hijacking and Direct Kernel Object Modification • Kernel Mode Linux Rootkits • Covert communication channels • Spoofing endpoints of communication tunnels • Tunneling through IPSec VPNs by abusing ESP • Steganographic Tunnels • Remote command execution • Sniffing and hijacking SSL encrypted sessions • Installing sniffers on low privilege account in Windows 2003 Server • Stealthy Remote keylogger installation • Circumventing Antivirus Modifying syslog entries • Raw binary editing to prevent forensic investigations • Editing the Windows Event Log • Abusing Windows Named Pipes for Domain Impersonation • Impersonation of other Users- Hijacking kernel tokens • Disguising network connections • Attacking Cisco IOS • Attacking STP & BGP protocols • Wireless Insecurity • Breaking Wireless Security – WEP, WPA, WPA2 • Blinding IDS & IPS • Attacking IDS & IPS Malicious event log editing • Binary filesystem modification for anti-forensics • Named Pipe abuse • Kernel Token Hijacking • Attacking Border Gateway Protocol (BGP) • Attack WEP • Cracking WPA • Cracking WPA2 • Cisco IOS Exploits • Breaking into Cisco routers • Blinding IPS • Attacking IPS
Abusing Web Applications • Attacking Java Applets • Breaking web app authentication • SQL Injection techniques • Modifying form data • Attacking session IDs • Cookie stealing • Cross Site Scripting • Cross Site Request Forgery (CSRF) Attacks
Remote buffer overflow exploit lab • Custom compiling Shellcode • Running payloads in RAM • Hiding exploit payloads in jpeg and gif image files • Attacking email vectors (Lotus Notes and Microsoft Exchange, and Outlook Web Access) • Registry manipulation • Client side IE & Firefox exploits • Using custom Trojans to circumvent Antivirus • Remote kernel overflows • RDP (Remote Desktop Protocol) Exploitation • Cracking Windows Passwords • Building Rainbow Tables • Cracking Windows 2003 native mode passwords • Brute forcing salted Unix passwords • Attacking Kerberos Pre-Auth Hashes • Cracking IOS and PIX passwords
• Compromise a DMZ setting with port redirection • Circumvent firewall IP access list (ACL) • Customizing Trojans to avoid Antivirus • Deploying kernel mode rootkits on Windows 2003 & Vista • Installing LKM rootkits on Linux servers • Hijacking MSN messenger traffic • Running commands remotely • Breaking wireless encryption – WEP, WPA, WPA2 • Installing sniffers in low privilege user accounts • Sniffing remotely and retrieving results • Remote keylogging • Tunneling with cover channels through IPSec VPNs • Hijack and capture SSL traffic
Network Sweeping • Scanning from spoofed IP addresses • Stealthy Recon • Injecting p0f for passive OS fingerprinting • Scanning through firewalls • IPv6 Scanning • Discover all subdomains owned by an organization • Inspect changes to whois record over last 3 years • Windows 2003 Server & Vista DNS Cache Poisoning Attacks • Pumping SNMP for data – OID Dissection • Attacking SNMP
|