• Footprinting and Reconnaissance
• Scanning Networks
• Enumeration
• System Hacking
• Malware Threats
• Sniffing
• Social Engineering
• Denial-of-Service
• Session Hacking
• Hacking Webservers
• Hacking Web Applications
• SQL Injection
• Hacking Wireless Networks
• Hacking Mobile Platforms
• Evading IDS, Firewalls and Honeypots
• Forensics and Incident Response
• Reverse Engineering
• Cloud Computing
• Cryptography
• Cybersecurity Standarts and Documents

Footprinting and Reconnaissance

• Footprinting, PTES
• Objectives:
  • Collect Network Information
  • Collect System Information
  • Collect Organisation's Information
• Methods:
  • Footprinting through Search Engines
    • Search for Public and Restricted Wesites
  • Operating System Identification
    • Tools: Netcraft, SHODAN
  • Get Location Information:
    • Tools: Google Maps, Yandex Panorama
  • Social Networking Sites (SNS) and People Search Services
    • Tools: Linkedin, Facebook, Twitter, Vkontakte, Odnoklassniki
  • Collect Financial Information and Financial Intelligence
  • Searching through Job Sites
    • Tools: Linkedin, Monster.com, HH.ru, zarplata.ru
  • Footprinting using Google Dorks
    • Resources: Powersearching, Google Hacking Database
  • Footprinting using Social Media
  • Competitive intelligence
  • Website footprinting
    • Tools: OWASP Zaproxy, Burp Suite, Firebug, HTTrack, GNU Wget
  • Email footprinting (RFC 5322 Internet Message Format)
  • WHOIS footprinting
    • Resources: RU-CENTER
  • DNS footprinting
    • Tools: DNSstuff
  • Network footprinting: TCP/IP stack fingerprinting
    • Tools: Qualys SSL LAB, traceroute, Nmap, p0f, SHODAN, Censys, ZoomEye
  • Footprinting using Social Engineering
• Tools: Maltego, recon-ng, FOCA, Metagoofil
• Resources: Awesome-OSINT

Scanning Networks

• Objectives:
  • Discover IP address and open ports
    • Tools: Nmap, Hping, nping, scapy, SolarWinds Engineers Toolset
  • Discover operating system
  • Discover services \ daemons running
  • Discover vulnerabilities:
    • Tools: Nessus, OpenVAS, Microsoft Baseline Security Analyzer
  • Analysis of probable threats
  • Drawing network diagrams of vulnerable hosts
  • Getting ready proxies and anonymizers
    • Tools: ProxySwitcher, CyberGhost
• Methods:
  • ICMP Scanning, Ping Sweep, RFC5927 ICMP Attacks against TCP
  • SSDP Scanning
  • TCP Connect/Full Open Scan
  • Stealth Scan (Half-open Scan)
  • Inverse TCP Flag Scan
  • Xmas Scan
  • ACK Flag Probe Scan
  • IDLE Scan
  • UDP Scanning
• Resources: Qualys FreeScan, High-Tech Bridge Free SSL Test, IVRE

Enumeration

Method:

• Network Enumeration
• NetBIOS Enumeration
  • Tools: ShareEnum
• SNMP Enumeration
  • Tools: SNMPCHECK, SNMP-Brute
• LDAP Enumeration
  • Tools: ADExplorer
• NTP Enumeration

System Hacking

• Objectives:
  • Gain Access to System: Password cracking, Preimage attack, cracking Windows SAM datbase
  • Authentication
  • Time-based One-time Password Algorithm, RFC6238
  • HMAC-based One-time Password Algorithm, RFC4226
  • Biometrics
    • Resources:
      • NIST SP 800-76-2 Biometric Specifications for Personal Identity Verification
  • Authorization
  • Access control
    • Password policy
  • Multi-factor authentication
    • Resources: PCI Multi-Factor Authentication Guidance
  • Computer access control
  • Access control list
  • File system permissions
    • Tools: chntpw, HashCat, KON-BOOT
  • Priveledge Escalation
  • Maintain Remote Access
    • Tools: njRAT, SwayzCryptor, DarkComet
  • Keyloggers
  • Spyware
  • Rootkit
  • Exploit and Exploit kit
    • Tools: Metasploit
  • Backdoor
    • Tools: Backdoor factory
  • Steganography
    • Tools: OpenStego, SNOW Steganography, darkjpeg
  • NTFS Streams
    • Tools: Streams
  • Hide the Evidence of Compromise, covering tracks and clearing logs
    • Tools: Wevtutil, clearev
• Tools: L0phtCrack, Cain & Abel

Malware Threats, Trojans and Viruses

• Methods:
  • Malware Analysys
    • Tools: Cuckoo Sandbox, Sandboxie, Buster Sandbox Analyzer
• Macro virus
• Ransomware
• Cryptovirology
  • Kleptography
• Advanced Persistent Threat (APT)
• Fileless Malware
• Zero-day
• Point-of-Sale Malware
  • Casestudy: Backoff Point-of-Sale Malware
• Antivirus Software
  • Tools: DrWeb CureIt, Dr.Web LiveDisk, ESET SysRescue Live Malwarebytes AntiMalware, Kaspersky Free, Kaspersky Rescue Disk, ClamAV
• Resources:
  • Awesome-Malware-Analysis
  • Awesome-Threat-Intelligence
  • APT Notes (archived)
  • APT notes
  • Malware Analysis - CSCI 4976
  • Awesome Windows Exploitation
  • NIST SP 800-83 Rev 1 Guide to Malware Incident Prevention and Handling for Desktops and Laptops

Sniffing

• Promiscuous mode
• Pcap
• Traffic analysis
• MAC Flooding
  • Tools: dSniff
• ARP Spoofing
  • Tools: XArp
• Tools: Packet Analyzer, Wireshark, Capsa Network Analyzer, OmniPeek, Yersinia, Intercepter-NG
• Resources:

Social Engineering

• Security Awareness
• Information diving
• Phishing
• Tools: Social Engineering Toolkit, Simple Phishing Toolkit
• Resources:

Denial-of-Service

• SYN flood
• Botnet
• Zombie
• Command and Control
• Tools: Low Orbit Ion Cannon, High Orbit Ion Cannon
• Casestudy: BASHLITE, Shellshock
• Resources:
  • RFC4732 Internet DoS Considerations
  • RFC4987 TCP SYN Flooding Attacks
  • US-CERT DDoS Quick Guide

Session Hacking

• Spoofing
• Application Level Session hijacking:
  • Session fixation
  • Cross-site scripting (XSS)
  • Cross-site Request Forgery
  • Browser hijacking
  • Session poisoning
  • Man-in-the-browser
  • Man-in-the-middle
  • Session Replay
• Network-level Session Hijacking:
  • IP Spoofing
  • Packet Sniffing
  • TCP/IP Hijacking
  • UDP Hijacking
  • Blind Hijacking
• ARP Spoofing
• IPSec,RFC7296
• Tools: OWASP Zaproxy, Burp Suite, Firebug, Cain and Abel, Ettercap, sslstrip,Websploit, DroidSheep, DroidSniff

Hacking Webservers

• Apache, IIS,Nginx

• DNS Hijacking

• DNS Spoofing

• Phishing

  • Tools: Simple Phishing Toolkit

• Website Defacement

  • Web server Misconfiguration:
    • Verbose debug\error messages
    • Anonymous\default credentials
    • Sample configuration
    • Remote Access functions
    • Unnecessary Services installed
    • Misconfigured\Default SSL Certificates

• Web Cache Poisoning

• SSH Bruteforce Attack

• Webserver Password Cracking

  • Tool: Brutus, THC Hydra

• Webserver Information Gathering from robots.txt file

• Mirroring a Website: wget -r -k -l 10 -p -E -nc http://site.com/

• Tools: skipfish, httprecon, Burp Suite, Firesheep, Arachni, Immunity CANVAS, CORE Impact Pro

• Resources: OWASP Top Ten Project, PunkSPIDER, IVRE

Hacking Web Applications

• Web Application Security
• Web application security scanner
  • Resources: NIST SP 500-269 Web Application Security Scanner Functional Specification
• Bug bounty
• XSS
  • Tools: XSSer
• CSRF
• Tools: Acunetix WVS, Netsparker, W3AF, WPScan, Joomscan,BeEF, N-Stalker
• Resources:
  • Awesome-Web-Hacking
  • WASC Threat Classification
  • Bug Hunters Methodology
  • Hacksplaining

SQL Injection

• Resources: Understanding SQL Injection
• Tools: SQLmap, WebCruiser,IBM Security AppScan

Hacking Wireless Networks

Wireless Terminologies

• OFDM
• MIMO-OFDM
• DSSS
• FHSS
• SSID
• TKIP
• LEAP
• EAP
• Wireless Networks
• Wireless Standard
• Wireless Topologies
• Ad-hoc Standalone Network Architecture (IBSS - Independent Basic Service Set) Infrastructure Network Topology (Centrally Coordinated Architecture/ BSS - Basic Service Set)
• Typical Use of Wireless Networks
• Extension to a Wired Network
• Multiple Access Points
• LAN-to-LAN Wireless Network
• 3G
• Hotspot

Components of Wireless Network

• Wireless Access Point
• Wireless Cards (NIC)
• Wireless Modem
• Wireless Bridge
• Wireless Repeater
• Wireless Router
• Wireless Gateway
• Wireless USB Adapter
• Antenna
• Directional Antenna
• Parabolic Grid Antenna
• Dipole Antenna
• Omnidirectional Antenna
• Yagi Antenna
• Reflector Antenna
• WEP (Wired Equivalent Privacy) Encryption
• WPA (Wi-Fi Protected Access) Encryption
• WPA2 Encryption Wi-Fi Authentication Method Open System Authentication Shared Key Authentication Wi-Fi Authentication Process Using a Centralized Authentication Server Wireless Network Threats
• Wardriving
• Warchalking
• Client Mis-association
• Unauthorized Association
• HoneySpot Access Point (Evil Twin) Attack
• Rogue Access Point Attack
• Misconfigured Access Point Attack
• Ad Hoc Connection Attack
• AP MAC Spoofing
• Denial-of-Service Attack
• WPA-PSK Cracking
• RADIUS Replay
• ARP Poisoning Attack
• WEP Cracking
• Man-in-the-Middle Attack
• Fragmentation Attack
• Jamming Signal Attack

Bluetooth Threats

• Leaking Calendars and Address Books
• Bugging Devices
• Sending SMS Messages
• Causing Financial Losses
• Remote Control
• Social Engineering
• Malicious Code
• Protocol Vulnerabilities

Wireless Network Security

Creating Inventory of Wireless Devices Placement of Wireless AP Placement of Wireless Antenna Disable SSID Broadcasting Selecting Stronger Wireless Encryption Mode Implementing MAC Address Filtering Monitoring Wireless Network Traffic Defending Against WPA Cracking Passphrases Client Settings Passphrase Complexity Additional Controls Detecting Rogue Access Points Wireless Scanning: Wired-side Network Scanning SNMP Polling

Wi-Fi Discovery Tools

• inSSIDer and NetSurveyor
• Vistumbler and NetStumbler
• Locating Rogue Access points
• Protecting from Denial-of-Service Attacks: Interference
• Assessing Wireless Network Security
• Wi-Fi Security Auditing Tool: AirMagnet WiFi Analyzer

WPA Security Assessment Tool

• Elcomsoft Wireless Security Auditor
• Cain & Abel
• Wi-Fi Vulnerability Scanning Tools
• Deploying Wireless IDS (WIDS) and Wireless IPS (WIPS)
• Typical Wireless IDS/IPS Deployment

WIPS Tool

Adaptive Wireless IPS

• AirDefense

• Configuring Security on Wireless Routers

• Additional Wireless Network Security Guidelines

• Wireless Network

• Service Set

• Wired Equivalent Privacy

• WIFi Protected Access

• Temporal Key Integrity Protocol

• CCMP

• Monitor mode

• Rogue Access Point

• Cracking of wireless networks

• Tools: aircrack-ng, CommView for Wifi, Kismet

• Resources:

  • WiFi Arsenal
  • SP 800-153 Guidelines for Securing Wireless Local Area Networks (WLANs)

Hacking Mobile Platforms

• Mobile OS
• Mobile Security
• Rooting, Jailbreaking
• Tools: RemixOS player
• Resources:
  • Android-Security-Awesome
  • NIST SP 1800-4 Mobile Device Security
  • Mobile Threat Catalogue
  • OWASP Mobile Security Project
  • OWASP Mobile Security Testing Guide
  • US-CERT Cyber Threats to Mobile Devices
  • NIST SP 800-101 Rev 1 Guidelines on Mobile Device Forensics

Evading IDS, Firewall and Honeypots

• Network-based Intrusion Detection System
• Host-based Intrusion Detection System
• System Integrity Verifier (SIV)
• Demilitarized zone (DMZ)
• Intrusion detection system evasion techniques
• Stateful firewall
• Application firewall
• Web application firewall
• Tools: Snort, KFSensor, HoneyBot, Security Onion, HoneyDrive
• Resources:
  • Intrusion Detection Message Exchange Format
  • Awesome-Honeypots
  • NIST SP 800 94 Guide to Intrusion Detection and Prevention Systems

Forensics and Incident Response

• Digital forensics process
• Computer forensics
• Mobile device forensics
• Anti-computer forensics
• Windows Forensics
• Objectives:
  • Garthering Volatile System Information
  • Network and Process Information
  • Parsing Registry
  • User Activity
  • Cache, Cookie and Browser History Analysis
  • Checking Integrity
  • Searching with Event Viewer
• Tools: FireEye Memoryze, AutoPsy,Sysinternals, ESET SysInspector, PowerForensics, bitscout, get-winevent
• Resources:
  • Awesome-Forensics
  • Awesome-Incident-Response
  • ForensicsWiki
  • DFIR
  • NIST SP 800 86 Guide to Integrating Forensic Techniques into Incident Response
  • NIST SP 800 61 Computer Security Incident Handling Guide
  • NIST Computer Forensics Tool Testing Project
  • ENISA training material
  • CERT Societe Generale Incident Response Methodologies
  • OWASP Incident Response Project

Reverse Engineering

• Software cracking
• Portable Executable
• Executable and Linkable Format
• Debugging
  • Debugger
    • Tools: x64_dbg, Immunity Debugger, GNU Debugger, WDK\Windbg, OllyDBG
• Disassembler
  • Tools: IDA Pro, IDA Free
• Decompiler
• Obfuscation
• Sandbox
• Anti-tamper software
• Tools: Radare2, dnSpy,
• Resources: Awesome-Reversing, Reverse Engineering Malware 101

Cloud Computing

• Resources: OWASP Cloud

Cryptography and Anonimity

• Objectives: Confidentiality, Integrity, Authenication, Non-repudiation
• Types: Asymmetric, Symmetric
• Data Encryption Standart (DES)
• Triple DES
  • Resources: NIST SP 800 67 r2 Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher
• Advanced Encryption Standart (AES)
  • Resources: FIPS 197 Advanced Encryption Standard
  • Tools: ccrypt, WinAES
• RC4, RC5, RC6 Algorithms
• Digital Signature Algorithm (DSA)
  • Resources: FIPS 186-4 Digital Signature Standard (DSS), NIST SP 800 63 Digital Identity Guidelines
• Rivest Shamir Adleman (RSA)
• Diffie-Hellman
  • Resources: NIST SP 800 56A r2 Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography, RFC 2631 Diffie-Hellman Key Agreement Method
• Message Digest Function (MD5)
• GOST (cifer)
  • Tools: MD5 calculator, CrypTool, HahsCalc, HashDroid
• Secure Hashing Algorithm (SHA)
  • Resources: FIPS 180-4 Secure Hash Standard (SHS)
• Secure Shell (SSH),RFC4251
  • Tools: OpenSSH, PuTTY, SecureCRT, WinSCP
• Pretty Good Privacy (PGP)
  • Tools: GNU Privacy Guard
• Public Key Infrastructure (PKI), Public Key Cryptography Standarts, PKCS #12
• Digital certificate
• Certificate Authority (CA)
• Validation Authority
• Self-signed certificate
• Secure Sockets Layer (SSL)
  • Resources:
    • RFC6101
    • RFC7525
    • NIST SP 800-52 Guidelines for the Selection, Configuration, and Use of TLS Implementations
  • Tools: OpenSSL, GnuTLS, LibreSSL, stunnel, Keyczar
• Disk Encryption
  • Tools: VeraCrypt,
• Case study: Heartbleed, Poodle
  • Resources:
    • Awesome-Cryptography
    • Cryptanalysis
    • Crypto 101
    • Cryptography Research and Evaluation Committee
    • New European Schemes for Signatures, Integrity and Encryption

Anonimity

• Anonymous blogging
• Anonymous peer-to-peer
• Anonymous web browsing
  • Tools: TorBrowser, OperaVPN
• Intrernet privacy
• Personally Identifiable Information
• Secure communications
  • Virtual Private Network (VPN)
    • Tools: OpenVPN, SoftEtherVPN
  • Onion routing
    • TOR
  • Overlay network
    • I2P
    • Darknet
• Secure messaging
  • Off-the-record Messaging

Standarts and Documents

• Penetration Testing Execution Standart
  • PTES Technical Guidelines
  • Penetration Testing Execution Standard Documentation unoficial fork
• Open Web Application Security Project (OWASP)
  • OWASP Testing Project
• Open Source Security Testing Methodology Manual (OSSTMM)
• ISO/IEC 27001:2013 Information security management systems - Requirements
• ISO/IEC 27033-1:2015 Security techniques - Network security
• Penetration Testing Framework
• NIST SP 800-115 Technical Guide to Information Security Testing and Assessment
• ISO/IEC 15408-1:2009 Evaluation criteria for IT security -- Part 1: Introduction and general model
• ISO/IEC 15408-2:2008 Evaluation criteria for IT security -- Part 2: Security functional components
• ISO/IEC 15408-3:2008 Evaluation criteria for IT security -- Part 3: Security assurance components
• RFC 2196 Site Security Handbook
• Payment Card Industry Data Security Standard
  • Penetration Testing Guidance 1.1
  • PIN Security Requirements
• NIST Cybersecurity Framework
• Information Systems Security Assessment Framework (ISSAF)
• Israel Cyber Defense Methodology for an organization
• Australian Government Information Security Manual
• French National Digital Security Strategy
• European Union NIS Directive