Syllabus Hacker 09

Certified Ethical Hacker on June 27th, 2010 No Comments

Please note: You will not be able to get files from the server unless you are a paid student and have been issued an account. So some links on this page will not work if you are a guest.

The steps below, the files, and links within, are numbered in order of what you will need to read and do. If this set of steps is unclear, please attend orientation for a walk-through.

SPECIAL NOTE – THIS week will be wireless- if you want to do the labs, you will need a very particular wireless card-

Search Amazon for Alfa 500mW AWUS036H USB Wireless Adapter 802.11 b/g it should cost $30

and to download the oracle extension pack , installing USB network card into backtrack 4 video, you will need to plug in the USB network card, then run dmesg command if you did everything right it looks like this. Execute /etc/init.d/networking start if you did everything right it looks like this. To confirm working network card – look in internet-wicd and see something that looks like this.

Other configurations are not supported. (you should see the pile of crap that I bought that will not work)

00- Reading -

Wireless Hacking – SPT chap. 8 & part of PPT  chap. 12

Evasion for IDS, Firewalls, and honeypots – SPT. Chap. 13

Two other source documents are here:

OSSTMM (16MB) SP800-115 (.6MB)

01-Mind map review for Note Cards, Terms and Process. For every term in the concepts section of the mindmap you should find a definition first from the book and second from your research. For every tool in the book you should make a notecard based upon Reconn Layer, Exploit Category, and Process.

02-Tool review

You must have the VBox structure in place to start the labs. Every week and every class you will be assigned one or two base tools. We will discuss that tool in the Lab part of class.  Your assignment is to work the tool, collect artifacts and send via email or post them. Artifacts are ALWAYS packet captures and sometimes a screenshot. Do not send large raw packet captures- you must cut the capture down to the attack/response data. You should be able to discuss this tool’s function, place in the process, and comparison to other tools.

The list of tools discussed this week:

18.  Linux Hacking

  1. Cheops
  2. Hunt
  3. Nessus
  4. Linux Rootkit V4 (LR4)
  5. Nina p.
  6. SARA (Security Auditor’s Research Assistant)
  7. Xcrack
  8. John the Ripper
  9. Nmap
  10. HPing2
  11. LSOF
  12. Netcat
  13. Sniffit

19.  Evading IDS   Firewalls and Honeypots

  1. Tcpreplay
  2. Libmet
  3. Rootshell
  4. IPsend
  5. Sun Packet Shell (psh) Protocol Testing Tool
  6. Net::RawIP
  7. CyberCop Scanner’s CASL
  8. AckCmd
  9. 007 Shell
  10. ICMP Shell
  11. ACK Tunneling
  12. Fragrouter
  13. SideStep
  14. Anzen NIDSbench
  15. ADMutate

03-Reports

As a professional you will be required to report your findings to management in a meaningful, actionable way. For each tool you must know how it fits with your original plan, the outcomes from its use, and what should be done to protect the environment from its use in the future.

04-Recording links are listed for your review of presentations. These are updated one week after the new class.

Recording 18

[no separate Lab recordings for 18 and 19]

Recording 19

You can find these links and the class schedule here:http://www.expandingsecurity.com/about/events/

All content is copyright protected. Downloading or reviewing any material means you consent to the copyright restrictions placed on all works by the author. You are forbidden from using any of this material in the teaching of any class. You are only permitted to use this as a current student of Expanding Security. You are not permitted to copy or distribute these materials in any way.

CEH v7 Hacking Wireless Networks Study guide

Iphone users - use the copy feature for URLs below and paste to browser - if it is a PDF try goodreader app for better viewing

Here is a list of resources and books to help with your study.

18 Hacking Wireless Networks (15)

18 Reading

Wi-Fi Tutorials - Wi-Fi Planet
How 802.11 Wireless Works: Wireless
Service set (802.11 network) - Wikipedia, the free encyclopedia
madwifi-project.org - Trac
Trusted Computing Group - Developers - Trusted Network Connect
Different Types of Wireless Network
Identifying Rogue Access Points
Advantages and Disadvantages of WLANs
Antenna Cabling Guide - Gumph
TKIP (Temporal Key Integrity Protocol)
Cracking WPA Network
Cracking WPA / WPA2 - SmallNetBuilder
Cracking WEP Using Backtrack: A Beginner’s Guide
Cracking wep wpa
Hacking Techniques in Wireless Networks
Wireless LAN Security / Wardriving / WiFi Security / 802.11
Wireless Network Security
Wireless.pdf
wireless_hacking.pdf
http://forskningsnett.uninett.no/wlan/download/wlan-mac-spoof.pdf
Warchalking Symbols
WPA2: Second Generation WiFi Security

18 Tools

Top 5 Wireless Tools
Wireless LAN Security Tools, 802.11 Security Software (Wireless LAN Security & Wardriving - 802.11)
Wireless Security Tools
Top Ten Free Wi-Fi Security Test Tools - www.esecurityplanet.com
Free Wireless Security Tools
Cisco - Wireless LAN Security White Paper

18 Wireless DOS

How To Crack WEP and WPA Wireless Networks - 121Space
Cisco Adaptive wIPS Deployment Guide [Cisco Adaptive Wireless IPS Software] - Cisco Systems
Denial of Service a Big WLAN Issue - www.esecurityplanet.com
Wireless Attacks and Penetration Testing (part 1 of 3) | Symantec Connect Community
A List of Internet and Network Attacks
Applying Security Practices to Justice Information Sharing

18 Sniffing

WirelessSniffer - Personal Telco Project
WLAN Analyzer and Protocol Decoder - CommView for WiFi - Packets
Understanding 802.11 Frame Types - www.wi-fiplanet.com

18 Tools

NetStumbler.com
Riverbed Technology
NetworkMiner Network Forensic Analysis Tool (NFAT) and Packet Sniffer
Airscanner Mobile Security
kismacng
Aircrack-ng
NetStumbler.org Forums
WEPCrack - An 802.11 key breaker
WepDecrypt
Kismet
KOrinoco home page
Boingo | The Worldwide Leader in Wi-Fi Software and Services
Enterprise Wireless Network Security - Wireless Network Troubleshooting - AirMagnet
Airview 1.0 - Wireless Packet Analyzer
Innovative Diagnostic WiFi Tools | Nuts About Nets
Berkeley Varitronics Systems WiMAX, 4G LTE, Wi-Fi & CDMA Wireless Test Tools
MetaGeek | Home of Wi-Spy and inSSIDer
Welcome to Benhui
Bluetooth Spy Software, Phone Spy Software | Bluejacking Tools
Motorola AirDefense Solutions – Enterprise Wireless Security & Compliance, Infrastructure Management & Network Assurance
WiFi security, Real Time Location Tracking, (RTLS), Asset Tracking – Newbury Networks
Detect, locate and continuously monitor Wi-Fi and cellular - AIRPATROL Corporation
Nonstop Wireless Availability | Trapeze Networks
Connect802 Corporation
Ekahau - Wi-Fi Tracking Systems, RTLS and WLAN Site Survey
Aruba Labs

18 Wireless card details

CaptureSetup/WLAN - The Wireshark Wiki
faq [Aircrack-ng]
Linux wireless LAN support http://linux-wless.passys.nl
Compatibility/Atheros - madwifi-project.org - Trac
Atheros chipsets based wireless devices
PRISM (chipset) - Wikipedia, the free encyclopedia
Quatech PCD-X/U142-E - CardBus adapter - USB - External

CEH v7 Evading IDS Firewalls and Honeypots Study guide

Iphone users - use the copy feature for URLs below and paste to browser - if it is a PDF try goodreader app for better viewing

Here is a list of resources and books to help with your study.

19 Evading IDS, Firewalls, and Honeypots (16)

19 Reading

Evading NIDS, revisited | Symantec Connect Community
Unblock Blocked Websites like Myspace, Bebo and Orkut
Infosecwriters.com
Honeypots for Windows
http://www.netprotect.ch/downloads/webguide.pdf
Free Intrusion Detection (IDS) and Prevention (IPS) Software
How to Bypass Firewalls Restrictions using Proxy Servers. | Hacking
http://www.terena.org/activities/tf-csirt/meeting9/gowdiak-bypassing-firewalls.pdf
SecurityFocus | Symantec Connect Community
Compupros Unlimited - Computer consultants specialising in the network security, firewall configuration and VPN including SonicWALL systems for SME's in ocean and monmouth counties and New Jersey, New York, Pennsylvania, and Delaware
B.I.S.S. Forums (Powered by Invision Power Board)
Network Security, Cryptography, Firewalls, Anti Virus, BS7799, ISO 17799, Consultancy, and much more!
Enterasys Dragon Host Sensor
http://insecure.org/stf/secnet_ids/secnet_ids.pdf
Hardware Firewalls
Circuit-Level Gateway
Firewall Q&A
statoo.htm: some simple stalking tools
http://www.gray-world.net/papers/covertshells.txt

19 Honeypots

Open Source Honeypots: Learning with Honeyd | Symantec Connect Community
Honeypot Software, Honeypot Products, Deception Software (Honeypots, Intrusion Detection, Incident Response)
Honeypots: Tracking Hackers
LaBrea - Homepage

19 Firewall

Hardware Firewalls
SecuriTeam - ACK Tunneling Trojans
Check Point - Security Appliances, Security Gateways, Firewall, Security Management, Endpoint Security & Software Blades
ntsecurity.nu - ack tunneling
Placing Backdoors Through Firewalls

19 IDS

Framerelay
An Introduction to IDS | Symantec Connect Community
Host-Based IDS vs Network-Based IDS (Part 2 - Comparative Analysis)
Network Intrusion Detection Using Snort - The Community's Center for Security
Running Snort Part 2 | Symantec Connect Community
Keep Out: Host Intrusion Detection - The Community's Center for Security
http://complianceandprivacy.com/WhitePapers/iDefense-IDS-Evasion/iDefense_IDSEvasion_20060510.pdf
http://www.citi.umich.edu/techreports/reports/citi-tr-03-1.pdf
Intrusion Detection
The Evolution of Intrusion Detection Systems | Symantec Connect Community
Network Security Software | Intrusion Detection System
AIDE - Advanced Intrusion Detection Environment

19 Tools for protection

Networking Dynamics
http://www.ossec.net/
netifera
Tripwire, Inc - Take Control of IT Security and Compliance
analogbit.com
Tomahawk Test Tool

No Responses to “Syllabus Hacker 09”

Leave a Reply

You must be logged in to post a comment.