|
|
Title |
Duration |
|
|
|
Certified Ethical Hacker Series Introduction
This Nugget provides an overview of topics you will learn in the Certified Ethical Hacker series. You can obtain the specific exam objectives from http://www.eccouncil.org/certification/exam_information/ceh_exam_312-50.aspx.
|
00:12:25 |
|
|
|
Introduction to Certified Ethical Hacking
Introduction to Ethical Hacking. This video aligns many of the topics of Module 01 of the CEH exam objectives. Here, you will understand the issues plaguing the information security world. Examples include hacked power grids, infiltration of US government agencies such as Department of Defense, Department of State, Department of Commerce, Department of Energy, NASA, Centcom, and others. Hacked bank ATMs, white plastic, and holding confidential information hostage are described. Lulzsec and Anonymous hacking groups are discussed. You will also gain knowledge on various hacking terminologies, understand the different types and implications of hacker attacks, understand hactivism and understand the classification of hackers. Understand who is an ethical hacker, learn the profile of a typical ethical hacker, and understand scope and limitations of ethical hacking. Many of the other Module 01 objectives are addressed in various ways throughout the rest of this series. Laws related to hacking include the Computer Misuse Act, Can Spam Act, 18 U.S.C. 1030 Fraud and Related Activity in Connection with Computers, 1029 Fraud in Access Devices. Terms covered include cyber-terrorism, hacking, hacker, black box test, white box test, gray box test, opaque box test, vulnerability, exploit, proof of concept, 0day, vulnerability scan, penetration test, black hat, cracker, malicious hacker, white hat, ethical hacker, penetration tester, grey hat, hacktivism, suicide hacker, script kiddie, phreak, red team, insider threats, pure insider, insider associate, insider affiliate.
|
00:45:52 |
|
|
|
VMWare and Linux
In this video, we address two more Module 01 exam objectives: Understand the security, functionality, and ease of use triangle; and Know the 5 stages of ethical hacking. VMware is a critical tool to use in the IT world and especially in hacking. I'll show you the basics of how it works and its advantages. Linux is the primary hacking OS platform. It is not specifically identified in the exam objectives, but it's a given that any hacker will be competent with Linux. In this video, I'll show you how to get around in Linux. Topics include: Starting Linux, using startx for a GUI, file system management, case sensitivity, the ls, cp, mv, rm commands. You will also see that you can edit text using vi or gedit, and view text using he more command. You will learn how to change network properties both from the command line and the UI. You will also learn how to tar, compress, and extract files and programs. Finally, I'll show you how to install packages by compiling code yourself (using ./configure, make, make install), using Redhat package manager (RPM), Debian package manager, and apt-get.
|
00:45:52 |
|
|
|
Footprinting and Reconnaissance Part 1
This video is part one of Footprinting and Reconnaissance, which maps to Module 02 of the exam objectives. You will learn the difference between active and passive intelligence gathering. In passive recon, you’ll leverage public tools such as: Google search, public company web pages, message boards, social media such as Facebook or Twitter. For active recon will largely be addressed in future Nuggets, but include network scans, vulnerability scans, ping sweep, social engineering, and spear phishing. Learn the purpose of reconnaissance, narrow down to specific targets and technologies. Identify how to leverage default passwords. Use other public resources such as the Securities and Exchange Commision (SEC) EDGAR database. Learn about ICANN and all the regional internet registries (RIR) such as ARIN, APNIC, RIPE, LACNIC, and AfriNIC. Leverage whois information, use Netcraft to identify operating systems, servers, recent changes, and IP addresses. Learn how to download webpages to local file system for offline exploitation using tools such as httrack, wget, sam spade, archive.org. Use Windows tracert and Linux traceroute. Explore robots.txt and find out how it can reveal sensitive information of a web site. Use Telnet to perform banner grabbing and identify an operating system.
|
00:58:27 |
|
|
|
Footprinting and Reconnaissance Part 2
This is the second part of Footprinting and Reconnaissance, which maps to Module 02 of the exam objectives. Here, you will learn more specifics about the common DNS record types and get an overview of where they are found in Windows Systems. We’ll explore the Nessus vulnerability scanner and the Nikto web scanner. E-mail tracking is very important in identifying where an e-mail actually came from, and we’ll look at how you can do this. Google hacking is a big trend in hacking and is extremely useful. Finally we’ll look at footprinting countermeasures so that you can protect yourself as well as your clients.
|
00:27:36 |
|
|
|
Scanning Part 1
This Nugget introduces the topic of scanning addressed in Module 3 of the exam objectives. Here, it's important to understand the CEH Scanning Methodology, because it saves lots of time avoiding futile scan attempts. We will also look at several scanning terms such as network scanning, port scanning, and vulnerability scanning. We will use the traceroute and hping, hping2, or hping3 tool to perform firewalking. There is also the Firewalk utility that is still useful but is no longer updated. Before you start an actual scan, it's important to understand the 3-way handshake and also how TCP closes sessions. Basic firewall types and states are discussed such as open, closed, filtered, port blocking firewalls, and stateful packet inspection firewalls.
|
00:33:19 |
|
|
|
Scanning Part 2
This Nugget continues the previous Nugget topic of scanning, and addresses Module 3 and 4 of the exam objectives. We look at a few different tools to perform scanning and reconnaissance including Netcat, Nikto, Hping2, Hping3, Bidiblah, Yeti, netdiscover, and Rapid 7 Expose. The nmap scanning tool is the primary scanning tool that we consider. This very flexible and powerful tool performs SYN, Stealth, XMAS, NULL, FIN, ICMP Echo, List, TCP Connect, and UDP scans. In addition, we look at performing stealthy scanning, using several of the above types of scans as well as using side-channel (idle-scan) scans using a spoofed IP address.
|
00:44:17 |
|
|
|
Enumeration
This Nugget addresses Module 4 of the exam objectives. We look what enumeration is, learn the system hacking cycle, understand enumeration and its techniques, understand null sessions and its countermeasures, understand SNMP enumeration and its countermeasures, and describe the steps involved in performing enumeration. These are implemented using a variety of tools, particularly SolarWinds Engineer’s Toolset, which has several windows tools to derive SNMP information from a target. We also use several Linux tools, such as snmpget, snmpwalk, and onesixtyone. We also enumerate the Administrator account using whoami, user2sid, and sid2user.
|
00:40:49 |
|
|
|
Passwords Part 1: Windows
This Nugget addresses Module 5: System Hacking. Here you will learn about the following objectives: Identifying the different types of password attacks; identifying password cracking techniques; understanding Microsoft Authentication mechanism; describe password sniffing; and identifying various password cracking tools. You will learn how Microsoft divides Windows passwords into hashes and how to successfully exploit these hashes. You will learn about LAN Manager authentication, NTLM, NTLMv2, and the process of Kerberos authentication including the Ticket Granting Ticket (TGT) and Ticket Granting Service (TGS) obtained from a Domain Controller acting as a Key Distribution Center (KDC). This session can be sniffed and exploited, and you will learn how to do this using Kerbsniff and Kerbcrack as well as the multipurpose tool Cain and Abel.
|
00:31:00 |
|
|
|
Passwords Part 2: Linux
This Nugget addresses Module 5: System Hacking. Here you will learn about the following objectives: Identifying the different types of password attacks; identifying password cracking techniques; understanding Microsoft Authentication mechanism; describing password sniffing; identifying various password cracking tools; and identifying various password cracking countermeasures. You will also see a side-jacking tool called Hamster Ferret that hijacks open logon sessions. This could be very useful for any website that does not use SSL cookies (for example, Facebook or Twitter!) You will also learn various cracking techniques such as finding passwords in plain sight, sniffing for plain text passwords, and using the following types of password cracking attacks: dictionary, brute-force, hybrid, rainbow table. You will see John the Ripper, the gold standard of password cracking tools for Linux.
|
00:31:16 |
|
|
|
System Hacking
This Nugget continues additional Module 5 topics including: Understanding privilege escalation; gaining insights on key loggers and other spyware technologies; learning how to defend against spyware; identifying different ways to hide files; understanding rootkits; learning how to identify rootkits and steps involved; understanding Alternate Data Streams; and understanding Steganography technologies and tools used. Specifically, we work with alternate data streams in the NTFS file system and learn how to conceal one file inside of another. A similar method of file and data concealment is steganography, and you will see some easy-to-use yet very effective tools for this including ImageHide and OpenStego. You will also learn more about Spyware and how to defend against it. You will see information on both software and hardware keyloggers. Finally, you will see Metasploit in action and an actual exploit of a Windows system where system privileges are gained.
|
00:47:33 |
|
|
|
Malware
In this video, we address Module 05, 06, and 07. Understanding rootkits, Learn how to identify rootkits and steps involved, Define a Trojan, Identify overt and covert channels, Understand working of Trojans, Identify the different types of Trojans, Identify the different ways a Trojan can infect a system, How to indicate a Trojan attack, Identify the ports used by Trojan, Learn Trojan detection techniques, Learn Trojan evading techniques, Learn how to avoid a Trojan infection, Characteristics of a virus, Understand the motive behind writing a virus, understand how does a computer get infected by viruses, gain insights on virus hoax, understand the difference between a virus and a worm, understand the life cycle of virus, understand how a virus spreads and infects the system, understand antivirus evasion techniques, understand virus detection methods and countermeasures. You will see additional information such as various types of Trojans and the common trojan ports, rootkits such as Application-level, Kernel-level, and library-level. You will also learn about the Bankerfox trojan that steals banking information and how rogue security software can be a trojan. Trojan wrappers bind a trojan to an otherwise legitimate file, and you will see this in the next video. The “Run” registry locations help Trojans to persistently run. You will learn about Remote Access Trojan (RAT), DVDLauncher.exe, Poison Ivy Botnet Command and Control Center, Trojans posing as *.sys driver files in C:\Windows\System32\drivers. Identify rootkit defensive tools such as tripwire, chrootkit, rootkit hunter.
|
00:40:48 |
|
|
|
Hack-O-Rama
This Nugget demonstrates many of the topics we looked at in the previous Nugget – I’m calling this Nugget “Hack-O-Rama” for a good reason – it’s a bunch of really fun hacking demos! You’ll learn how to use Hacker Defender to hide rootkits, use Nuclear RAT to take total control of a system, and Senna Spy One EXE Maker to create a Trojan! In addition, this Nugget will prepare you with additional knowledge of Module XX: Understand “wrapping," Understand Reverse Shell Trojan, Understand the Trojan horse constructing kit, and Learn Trojan evading techniques.
|
00:31:11 |
|
|
|
Sniffing
This Nugget addresses Module 8, Sniffing. This includes: Understand sniffing and protocols vulnerable to it, Identify types of sniffing, Understand Address Resolution Protocol (ARP), Understanding the process of ARP Spoofing, Understand active and passive sniffing, Understand ARP poisoning, Understand MAC duplicating, Learn ethereal capture and display filters, Understand MAC flooding, Understand DNS spoofing techniques, Identify sniffing countermeasures, Know various sniffing tools, Identify sniffing detection and defensive techniques. You will also learn more about how to use Wireshark including capture and display filters, and how to craft filters for your own requirements and also how to promiscuously sniff wireless networks. You will learn how to use specific tools such as macof, dsniff, arpspoof, driftnet. You will also learn how to prevent arp spoofing using tools such as switch port security, arpwatch, and arpon.
|
00:40:57 |
|
|
|
Social Engineering
This Nugget addresses Module 9: Social Engineering. We start by defining social engineering. Then we discuss several effective social engineering methods: Infiltrate by a competitor passing job interview & getting hired, Pretend to be admin and ask for password, Phishing that points to a URL that looks legit but is actually URL obfuscation pointing to fake web site, Spear phishing, Tailgating, disgruntled employees, Reverse social engineering, using social media such as Facebook or Twitter, using fake surveys to elicit information, using a company tour, pose as an outside worker, dumpster diving, Impersonation, tailgating. We also look at several psychological factors such as: Reciprocation, Likeability, Fear, intimidation, Sympathy, Good Samaritan, Revenge, Flattery. Finally, we address important social engineering countermeasures.
|
00:50:47 |
|
|
|
Denial of Service
This Nugget addresses Module 10: Denial of Service. Here, you will learn to Understand a Denial of Service Attack, Gain insights on Distributed Denial of Service Attacks, Examine the working of Distributed Denial of Service Attacks, Analyze Symptoms of a DoS Attack, Understand Internet Chat Query (ICQ), Understand Internet Relay Chat (IRC), Assess DoS Attack Techniques, Understand Botnets, Assess DoS/DDoS Attack Tools, Describe Detection Techniques, Identify DoS/DDoS Countermeasure Strategies, Analyze Post-Attack Forensics, Identify DoS/DDoS Protection Tools, Understand DoS/DDoS Penetration Testing. We will identify tools such as SlowLoris, Low-Orbit-Ion-Cannon, LOIC, tribe, trinity, R-U-Dead-Yet, RUDY, and various types of attack such as SYN attack, SYN flood, ICMP flood, Smurf, Fraggle, and Ping of Death.
|
00:28:21 |
|
|
|
Session Hijacking
This Nugget addresses Module 11, Session Hijacking. In this Nugget, we cover many exam objectives including: Understand what is Session Hijacking, Identify Key Session Hijacking Techniques, Understand Brute Forcing Attack, Understand Session Hijacking Process, Identify types of Session Hijacking, Analyze Session Hijacking in OSI Model, Understand Application Level Session Hijacking, Discuss Session Sniffing, Describe Man-in-the-Middle Attack, Understand Client-side Attacks, Understand Session Fixation Attack, Describe Network Level Session Hijacking, Understand TCP/IP Hijacking, Identify Session Hijacking Tools, Understand Session Hijacking Pen Testing. We also look at the following tools: Hamester Ferret, Firesheep, Ettercap, Juggernaut, Hunt, T-Sight, Metasploit (especially using the Meterpreter to perform a DLL hijack), and SSLStrip in a browser-in-the middle attack.
|
00:39:52 |
|
|
|
Web and SQL Hacking
This Nugget addresses Module 12, 13, and 14: Hacking Webservers, hacking web applications, and SQL injection. We cover very many exam objectives including but not limited to: Understand Open Source Webserver Architecture, Examine IIS Webserver Architecture, Understand Website Defacement, Understand why Web Servers are compromised, Analyze Impact of Webserver Attacks, Understand Directory Traversal Attacks, Understand HTTP Response Hijacking, Discuss SSH Bruteforce Attack, Examine Man-in-the-Middle Attack, Learn Webserver Password Cracking Techniques, Identify Web Application Attacks, Understand Webserver Attack Methodology, Identify Webserver Attack Tools, Identify Counter-measures against Webserver Attacks, Understand Patch Management, Assess Webserver Security Tools, Understand Webserver Pen Testing, Assess Parameter/Form Tampering, Understand Injection Flaws, Discuss Hidden Field Manipulation Attack, Describe Cross-Site Scripting (XSS) Attacks, Understand Web Services Attack, Understand Web Application Hacking Methodology, identify Web Application Hacking Tools, Understand SQL Injection, Examine SQL Injection Attacks, Discuss SQL Injection Black Box Pen Testing, Types of SQL Injection, Understand Blind SQL Injection, Learn SQL Injection Methodology, Understanding SQL Query, Examine Advanced Enumeration, Describe Password Grabbing, Discuss Grabbing SQL Server Hashes, Identify SQL Injection Tools.
|
00:43:08 |
|
|
|
Cryptography
This module addresses Module 18: Cryptography. Here you will learn the following exam objectives: Understand Cryptography, Learn various types of Cryptography, Understand Ciphers, Gain insights on Advanced Encryption Standard (AES), Understand RC4, RC5, RC6 Algorithms, Examine RSA (Rivest Shamir Adleman), Explain Message Digest Function: MD5, Understand Secure Hashing Algorithm (SHA), Identify Cryptography Tools, Understand Public Key Infrastructure (PKI), Understand Email Encryption, Identify Digital Signature, Describe SSL (Secure Sockets Layer), Examine Disk Encryption, Identify Disk Encryption Tools, Understand Cryptography Attacks, Identify Cryptanalysis Tools. You will see tools such as TrueCrypt, BitLocker, and the Encrypting File System (EFS) as well as specific certificates and how they are used.
|
00:39:06 |
|
|
|
Intrusion Detection Systems
This Nugget addresses parts of Module 16: Evading IDS, Firewalls, and Honeypots. Here you will learn about the following exam objectives: Understand Intrusion Detection Systems (IDS), Learn Ways to Detect an Intrusion, Acquire knowledge on various types of Intrusion Detection Systems, Understand Honeypot, Assess various types of Honeypot, Understand how to Set up a Honeypot, Understand IDS, Firewall and Honeypot System, Examine Evading IDS, Learn detecting Honeypots. We’ll look specifically at Snort, and HoneyBot as our tools. Note that Firewalls and much of IDS has already been addressed throughout this series in other Nuggets, especially in the sixth video, Scanning Part 1.
|
00:21:08 |
|
|
|
Hacking Wireless Networks
This Nugget addresses Module 15: Hacking Wireless Networks. Understand Wireless Networks, Gain Insights on Wireless Networks, Understand various types of Wireless Networks, Understand Wi-Fi Authentication Modes, Identify types of Wireless Encryption, Understand WEP Encryption, Understand WPA/WPA2, Discuss Wireless Threats, Understand Wireless Hacking Methodology, Assess Wireless Hacking Tools, Understand Bluetooth Hacking, Understand how to Defend Against Bluetooth Hacking, Understand how to Defend against Wireless Attacks, Identify Wi-Fi Security Tools, Examine Wireless Penetration Testing Framework. We use tools such as aircrack-ng, airmon-ng, aireplay-ng.
|
00:38:48 |
