РАЗДЕЛ 1:Solid Introduction to Ethical Hacking and Penetration Testing
1 About the course 03:22
2 Hacking vs Ethical Hacking 03:25
3 Who is a Hacker ? 02:14
4 Types of Hackers 10:28
5 Hacktivism 02:30
6 Computer Crimes 05:11
7 Important Terms 1 06:19
8 Important Terms 2 06:52
9 Why Penetration Testing ? 02:45
10 Penetration Testing Types 04:39
РАЗДЕЛ 2:Real World Information Intelligence Techniques
11 Introduction to Information Intelligence Techniques 03:34
12 organizing information during a penetration test 06:01
13 how to locally copying company websites 05:50
14 newsgroups and list-servers 05:11
15 online job listing 03:26
16 the power of social media websites 03:36
17 harvesting a company emails 09:15
18 how to generate a targeted wordlist for password cracking 03:13
19 information intelligence with Maltego 04:06
20 Google Search Techniques for penetration testers 16:50
21 other search engines for penetration testers 04:12
22 Enumerating Internal Network From Outside 05:51
23 gather information using WhatWeb, HttpRecon and SSL SCAN 09:25
24 Whois Lookups, finding other Web Sites Hosted on a Web Server 04:18
25 IP Address Geolocation 04:08
26 finding subdomains, extracting exif data and finding hidden web dirs 10:15
27 ShodanHQ for fun and profit 06:57
28 Web Application Firewall Detection, HTTP and DNS load balancer detection 15:35
29 DNS Enumerating for penetration testers 26:37
30 Mail Server Enumeration for penetration testers 07:36
31 Intel Gathering Methodology for penetration testers 02:22
References and Sources:
http://www.debianhelp.co.uk/dnsrecords.htmhttp://en.wikipedia.org/wiki/Domain_Name_SystemGoogle Basic Guide to DNS:
http://www.google.com/support/a/bin/answer.py?answer=48090#GZone Transfer Explanation:
http://en.wikipedia.org/wiki/DNS_zone_transferSPF Explanation:
http://en.wikipedia.org/wiki/Sender_Policy_FrameworkDNS Record Type:
http://en.wikipedia.org/wiki/List_of_DNS_record_typesUsing nslookup, dig and host:
http://docsrv.sco.com/NET_tcpip/dnsC.nslook.htmlUsing nslookup in Windows:
http://support.microsoft.com/kb/200525Scanning and vulnerability Assessment
32 packet Crafting and Manipulating with Scapy 13:41
33 port scanning with scapy 06:19
34 Network Enumeration and Mapping Techniques 09:24
References and Sources:
SuperScan:
http://www.mcafee.com/us/downloads/free- tools/superscan3.aspx
Angry IP Scanner:
http://www.angryip.org/w/HomeScanrand:
http://it.toolbox.com/wiki/index.php/ScanrandXprobe2:
http://sourceforge.net/news/?group_id=3098435 Network scanning techniques 47:35
References and Sources:
Online Port Scanners
http://www.t1shopper.com/tools/port-scan/http://nmap-online.comhttp://www.hashemian.com/tools/port-scanner.phpNmap:
http://nmap.org/Scanning Types:
http://nmap.org/book/man-port-scanning- techniques.html
Scanning Performance:
http://nmap.org/book/man- performance.html
Version Scanning:
http://nmap.org/book/vscan-technique.htmlOS Fingerprinting:
http://nmap.org/book/osdetect.html#osdetect-intro36 Vulnerability Identification and Assessment techniques 31:22
References and Sources:
NSE Script Repository:
http://nmap.org/nsedoc/index.htmlNSE Guide:
http://nmap.org/book/nse.htmlNSE Usage:
http://nmap.org/book/nse-usage.html#nse-categoriesNexpose:
http://www.rapid7.com/products/vulnerability-management.jspNessus:
http://www.tenable.com/products/nessusNcircle:
http://www.ncircle.com/index.php?s=products_ip36037 Practical Evasion and avoidance Techniques 19:37
References and Sources:
Nmap Evasion Guide:
http://nmap.org/book/man-bypass- firewalls-ids.html
Loose Source Routing Discussion:
http://www.synacklabs.net/OOB/LSR.htmlLSRTunnel:
http://www.synacklabs.net/projects/lsrtunnel/LSRScan:
http://www.synacklabs.net/projects/lsrscan/РАЗДЕЛ 4:Network Attacking Techniques
38 Password cracking, MITM, Sniffing SSL and RDP Attacks 49:21
References and Sources:
Man in the Middle:
https://www.owasp.org/index.php/Man-in-the-middle_attack•
http://it.toolbox.com/wiki/index.php/Man-in-the-Middle_Attackhttp://www.schneier.com/blog/archives/2008/07/maninthemiddle_1.htmlARP Poisoning Attack:
http://www.watchguard.com/infocenter/editorial/135324.asp •
http://www.osischool.com/protocol/arp/arp-spoofing•
http://news.hitb.org/content/guide-arp-spoofingTools:
Cain & Abel:
http://www.oxid.it/cain.htmlDsniff: http://www.monkey.org/~dugsong/dsniff/Ettercap:
http://ettercap.sourceforge.net/Karmetasploit:https://community.rapid7.com/docs/DOC-1284SSLStrip:
http://www.thoughtcrime.org/software/sslstrip/РАЗДЕЛ 5:Windows and Linux Attacking Techniques
39 Windows Security Overview for Penetration Testers 34:54
Refrences and Sources:
Inside Windows UAC:
http://technet.microsoft.com/en- us/magazine/2007.06.uac.aspx
Windows Wikipedia Entry:
http://en.wikipedia.org/wiki/Microsoft_WindowsWindows NT Wikipedia Entry:
http://en.wikipedia.org/wiki/Windows_NTWindows 2000 Wikipedia Entry:
http://en.wikipedia.org/wiki/Windows_200040 Linux Security Overview for Penetration Testers 20:20
41 Attacking and Hacking Windows 58:32
42 Attacking and Hacking Linux 16:37
РАЗДЕЛ 6:Windows and Linux Post-Exploitation Techniques
43 Windows post exploitation techniques 01:04:51
References and Sources:
http://commandwindows.com http://www.computerhope.com/batch.htm http://www.robvanderwoude.com/http://www.microsoft.com/resources/documentation/windo ws/xp/all/proddocs/en-us/batch.mspx?mfr=true
http://www.room362.com/blog/2011/9/6/post-exploitation- command-lists.html
44 Linux post exploitation techniques 23:51
45 Data mining techniques 03:03
РАЗДЕЛ 7:Web Exploitation Techniques
46 Web Application Primer 28:33
References and Sources:
http://www.w3schools.com/https://www.owasp.org/index.php/Category: OWASP_Top_Ten_Project
47 Web Application Scanning and Mapping 20:34
48 Exploiting SQL Injection to Full System Access (MYSQL) 01:02:02
49 Exploiting SQL Injection to Full System Access (MSSQL) 28:20
50 Exploiting Blind SQL Injection to Full System Access (MYSQL) 13:50
51 Exploiting Blind SQL Injection to Full System Access (MSSQL) 48:58
52 Exploiting RFI, Local File include, File Uploads and RCE 35:06
53 Exploiting XSS ( Reflected and Stored ) and CSRF to Full System Access 01:01:13
РАЗДЕЛ 8:Windows Exploit Development
54 Using Immunity Debugger and Metasploit to develop a windows exploit 02:05:59
Special Thanks to Dino Dai Zovi and Saumil Shah
References and Sources:
http://www.slideshare.net/saumilshah/operat ing-systems-a-primer
http://www.slideshare.net/saumilshah/how- functions-work-7776073
http://www.slideshare.net/saumilshah/introd uction-to-debuggers
http://cryptocity.squarespace.com/files/exploi tation/2011/memory_corruption_101.pdf