Prerequisites: Network administration experience and working knowledge of TCP/IP
recommended. Current CompTIA Security + certification and Cisco® CCNA certification
helpful.
| Course Contents: |
| Session 1 |
| Section A: |
Introduction Certifications Security Intro IT Security Resource Types
Risk |
| Section B: |
Hacking Fundamentals Exploiting Weakness Exploit Process Threat/Vulnerability
Types White-Hat vs. Black-Hat Persistent vs. Casual Motivations |
| Section C: |
Methodologies Overview Reconnaissance Scanning Nmap Scan Enumeration Penetration
System Elevation Network Elevation |
| Section D: |
More Methodologies Pilfer Expansion Housekeeping Common Tools More Tools |
| Section E: |
Net Hacking Phase 1 & 2 Overview Network Topology Network as a Target
Discovery Scan the Network Scanning Tools |
| Section F: |
Net Hacking Phase 3 & CDP Enumerating Packet Analyzers CDP CDP Demo Weak
Passwords Common Conventions |
| |
|
| Session 2 |
| Section A: |
Management & Physical Threats Device Management Design Errors Solarwinds
Physical Security Physical Tools |
| Section B: |
Routers Router Concepts Dynamic Routing Tools Attacks RIP |
| Section C: |
Bridges & Switches Concepts Root Bridges Vulnerabilities ARP Poisoning |
| Section D: |
Firewalls Firewall Concepts Vulnerabilities Design Vulnerabilities Firewall
Setup Firewall Transversal |
| Section E: |
Wireless Wireless Concepts WEP Management Console Wireless Security Wireless
Modes Vulnerabilities War Chalking/War Driving |
| Section F: |
W2K Hack Phase 1 & 2 Overview Discovery/Recon Scanning |
| Section G: |
Enumerating Servers Overview Database Servers Mail/1M Servers Network/Web
Servers Syslog/IAS Servers |
| |
|
| Session 3 |
| Section A: |
Enumeration Strategies & Tools Tool Concepts Net Login Terminal Service
General Banner Grabbing Assorted Tools Est. Anon. Connections/DHCP Browser/Client
Net Commands LOAP Query Tools |
| Section B: |
Using Enumeration Tools Net Cat Cain & Abel Null Session Dump Sec |
| Section C: |
Penetrating Windows 2000/NT Identification Weaknesses Default Configuration
Default Accounts Account Management Inherent OS Weaknesses NetBIOS API Tools |
| Section D: |
Penetrating Tools & Strategies LSA Sniffer Password Cracker Notepad Execution |
| Section E: |
Elevation on Windows 2000/NT Overview SAM Dump Tools/Vulnerabilities L0phtcrack
SAM File Registry |
| Section F: |
Pilferage Permissions Use Data Targets More Targets |
| Section G: |
File Permission Auditing Folder Permissions Registry Permissions File
Delete Child |
| Session 4 |
| Section A: |
Expansion Overview Scanning/Enumeration Authentication Relays & Proxies
Service Accounts User Rights Account Policies Local Policies |
| Section B: |
Housekeeping Cleaning Up Re-entry File Header Tools Strategies |
| Section C: |
Event Log Management Log Utilities Setup Audits Audit Options Audit Object
Access |
| Section D: |
Terminal Server Vulnerabilities TASC Detection Tools Monitoring Tools
Attack Applications Pipeupadmin |
| Section E: |
IIS Evaluation Weaknesses Input Validation Permissions Application Analysis
Tools |
| Section F: |
Exploiting IIS Overview File Traversal View Results IIS Log |
| Section G: |
Securing IIS Directory Structure IDS Internet Service Manager DLLs ISAPI
Filters Directory Browsing Authentication IIS Lockdown |
| Session 5 |
| Section A: |
Securing Windows 2000/NT Analyze Best Practices Communication User Education
Penetration Analysis Backups Tools Restriction |
| Section B: |
Baseline Security Analysis Security Analyzer Security Report Score & Templates
Options Reports |
| Section C: |
UNIX Hacking Phases 1-3 Overview Versions Usage Discovery Scanning Enumeration |
| Section D: |
UNIX Phases 4-7 Concepts Brute Force Attack Dir. Serv/Remoting Pilfer
Points Expansion Housekeeping UNIX Resources |
| Section E: |
Security Policies Overview Adapting to Security Security Plan Risk Assessment
Cost Personal/Culture |
| Section F: |
Prevention Strategies Passive/Protective Plan Testing & Documentation
Fall Back Plan When It Happens Discovery Reaction |
