Introduction to Ethical Hacking

• Defining a penetration testing methodology
• Creating a security testing plan
• Adhering to PCI standards
• Assembling the hacking tools

Footprinting and Intelligence Gathering

Acquiring target information

• Locating useful and relevant information
• Scavenging published data
• Mining archive sites

Scanning and enumerating resources

• Identifying authentication methods
• Analyzing firewalls
• Harvesting e-mail information
• Interrogating network services
• Scanning from the inside out with HTML

Identifying Vulnerabilities

Correlating weaknesses and exploits

• Researching databases
• Determining target configuration
• Evaluating Vulnerability Assessment tools

Leveraging opportunities for attack

• Discovering exploit resources
• Attacking with Metasploit

Attacking Servers and Devices to Build Better Defenses

Bypassing router access control lists (ACLs)

• Discovering filtered ports
• Manipulating ports to gain access
• Connecting to blocked services

Compromising operating systems

• Examining Windows protection modes
• Analyzing Linux/UNIX processes

Subverting Web applications

• Injecting SQL and HTML code
• Hijacking Web sessions by prediction and fixation
• Bypassing authentication mechanisms

Manipulating Clients to Uncover Internal Threats

Baiting and snaring inside users

• Poisoning DNS
• Executing Cross-Site Scripting (XSS)
• Gaining control of browsers

Creating custom malware

• Harvesting client information
• Enumerating internal data

Exploiting Targets to Increase Security

Initiating remote shells

• Selecting reverse or bind shells
• Leveraging the Metasploit Meterpreter

Pivoting and island hopping

• Deploying portable media attacks
• Routing through compromised clients
• Forwarding and redirecting ports

Pilfering target information

• Stealing password hashes
• Extracting infrastructure routing, DNS and NetBIOS data

Uploading and executing payloads

• Controlling memory processes
• Utilizing the remote file system

Testing Antivirus and IDS Security

Masquerading network traffic

• Obfuscating vectors and payloads
• Sidestepping perimeter defenses

Evading antivirus systems

• Falsifying file headers to inject malware
• Discovering the gaps in antivirus protection

Installing rootkits to hide activity

• Hooking APIs and virtualizing malware
• Controlling memory and execution with Direct Kernel Object Manipulation (DKOM)

Mitigating Risk and Next Steps

• Reporting results and creating an action plan
• Managing patches and configuration
• Recommending defensive countermeasures
• Staying current with tools, trends and technology