Syllabus Hacker 10
Please note: You will not be able to get files from the server unless you are a paid student and have been issued an account. So some links on this page will not work if you are a guest.
The steps below, the files, and links within, are numbered in order of what you will need to read and do. If this set of steps is unclear, please attend orientation for a walk-through.
00- Reading -
Buffer overflows – SPT 23
Cryptography – PPT 14
Two other source documents are here:
OSSTMM (16MB) SP800-115 (.6MB)
01-Mind map review for Note Cards, Terms and Process. For every term in the concepts section of the mindmap you should find a definition first from the book and second from your research. For every tool in the book you should make a notecard based upon Reconn Layer, Exploit Category, and Process.
02-Tool review
You must have the VBox structure in place to start the labs. Every week and every class you will be assigned one or two base tools. We will discuss that tool in the Lab part of class. Your assignment is to work the tool, collect artifacts and send via email or post them. Artifacts are ALWAYS packet captures and sometimes a screenshot. Do not send large raw packet captures- you must cut the capture down to the attack/response data. You should be able to discuss this tool’s function, place in the process, and comparison to other tools.
The list of tools discussed this week:
20. Buffer Overflows
- METASPLOIT
21. Cryptography
- cryptool.exe
03-Reports
As a professional you will be required to report your findings to management in a meaningful, actionable way. For each tool you must know how it fits with your original plan, the outcomes from its use, and what should be done to protect the environment from its use in the future.
04-Recording links are listed for your review of presentations. These are updated one week after the new class.
[No Lab for CEH21; covered in class]
You can find these links and the class schedule here:http://www.expandingsecurity.com/about/events/
All content is copyright protected. Downloading or reviewing any material means you consent to the copyright restrictions placed on all works by the author. You are forbidden from using any of this material in the teaching of any class. You are only permitted to use this as a current student of Expanding Security. You are not permitted to copy or distribute these materials in any way.
CEH v7 Buffer Overflows Study guideIphone users - use the copy feature for URLs below and paste to browser - if it is a PDF try goodreader app for better viewing
Here is a list of resources and books to help with your study.20 Buffer Overflows (17)
-
20 Reading
20 Tools
CEH v7 Cryptography Study guide
Iphone users - use the copy feature for URLs below and paste to browser - if it is a PDF try goodreader app for better viewing
Here is a list of resources and books to help with your study.21 Cryptography (18)
-
21 Reading
- CrypTool - Educational Tool for Cryptography and Cryptanalysis
- SecuriTeam - Cracking S/MIME encryption using idle CPU time
- Introduction to Encryption - Developer.com
- http://www.ietf.org/rfc/rfc2617.txt
- IPSec Authentication and Authorization Models > Digital Certificates for IPSec VPNs
- The TLS Protocol Version 1.0
- RSA Laboratories - 2.1.6 What is a hash function?
- RSA Laboratories - 3.6.4 What are RC5 and RC6?
- >A Taxonomy for Key Escrow Encryption Systems
- RSA Laboratories - 2.1.1 What is public-key cryptography?
- Q3: What is Public-Key Cryptography
-
21 Tools
- File Encryption Software
- CryptoForge Encryption Software
- Peter Selinger: ccrypt
- TrueCrypt - Free Open-Source On-The-Fly Disk Encryption Software for Windows 7/Vista/XP, Mac OS X and Linux
- DVD/CD/USB Flash Drive Encryption & Password Protection Software
- CrypTool - Educational Tool for Cryptography and Cryptanalysis - Download
- Crank - CRyptANalysis toolKit
- MD5 Calculator
- SlavaSoft HashCalc - Hash, CRC, and HMAC Calculator
- MD5 Decrypter.com, MD5 Decryption, Free MD5 Decrypter, Security, MD5 Hash, MD5 Security.