TRUNG TÂM ĐÀO TẠO QUẢN TRỊ & AN NIN H MẠNG

CS 1: 02 Bis Dinh Tien Hoang Street, Dakao Ward, District 1, HCMC – Tel: (848) 824 4041 – Fax: (848) 824 4041
CS2 :Kios 8-14 , Tô Hiến Thành, Đại Học Bách Khoa , Q10, Tp HCM . Tel : 2103801
E-mail: training@athenavn.com – URL: WWW.ATHENA.EDU.VN

CHƯƠNG TRÌNH ĐÀO TẠO CEH

Buổi Giờ Dạy Nội Dung

Module 1: Introduction to Ethical Hacking

 Why Security?
 Essential Terminologies
 Elements of Security
 The Security, Functionality, and Ease of Use Triangle
 What Does a Malicious Hacker Do?
 Types of Hacker Attacks
 Operating System attacks
 Application-level attacks
 Shrink Wrap code attacks
 Misconfiguration attacks
 Hacktivism
 Hacker Classes
 Hacker Classes and Ethical Hacking
KG Lý Thuyết  What Do Ethical Hackers Do?
 Can Hacking be Ethical?
 How to Become an Ethical Hacker?
 Skill Profile of an Ethical Hacker
 What is Vulnerability Research?
 Why Hackers Need Vulnerability Research?
 Vulnerability Research Tools
 Vulnerability Research Websites
 How to Conduct Ethical Hacking?
 Approaches to Ethical Hacking
 Ethical Hacking Testing
 Ethical Hacking Deliverables
 Computer Crimes and Implications
 Legal Perspective

Module 2: Footprinting.

 Revisiting Reconnaissance
 Defining of Footprinting
 Information Gathering Methodology
 Unearthing Initial Information
Lý Thuyết  Finding a Company’s URL
1
3h  Internal URL
 Extracting Archive 0f a Website
 Google Search for Company’s Info.
 People Search
 Footprinting Through Job Sites
 Passive Information Gathering
 Competitive Intelligence Gathering

Chương trình đào tạo CEH tại trung tâm an ninh mạng ATHENA
 TRUNG TÂM ĐÀO TẠO QUẢN TRỊ & AN NIN H MẠNG
CS 1: 02 Bis Dinh Tien Hoang Street, Dakao Ward, District 1, HCMC – Tel: (848) 824 4041 – Fax: (848) 824 4041
CS2 :Kios 8-14 , Tô Hiến Thành, Đại Học Bách Khoa , Q10, Tp HCM . Tel : 2103801
E-mail: training@athenavn.com – URL: WWW.ATHENA.EDU.VN
 Why Do You Need Competitive Intelligence?
 Companies Providing Competitive Intelligence Services
 Competitive Intelligence
 Public and Private Websites
 Tools
 Steps to Perform Footprinting

Module 3: Scanning

 Definition of Scanning
 Types of Scanning
 Objectives of Scanning
 CEH Scanning Methodology

Module 2: FOOTPRINTING
1. Google Search
2. Thu thap thong tin về athenavn.com tại http://whois.domaintools.com/ .
3. Tìm hiểu về www.athenavn.com tại www.netcraft.com
4. Google Earth
5. Netstumble : Wireless detection tool

Module 3: SCANNING
Thực Hành 1. Port,Services and OS Scanning :
2 3h a) Nmap : ICMP Scan, UDP Scan,TCP Scan, Full Scan, Haft Scan, Stealth Scan , Xmas
Scan, Ack Scan.
b) Hping : (Unix,Windows platform) TCP/IP packet analyzer : Idle scan.
c) Scanline : Firewall scanning tool .
d) Look@LAN : simple scanning tool
2. Vulnerability Scanning :
a) GFI LAN Guard : Vulnerability scan.
b) Vulnerabilityscanner5 : web scanning tool.
c) Nessus : Vulnerability scan.

Module 4: Enumeration

 Overview of System Hacking Cycle

 What is Enumeration?
 Techniques for Enumeration
 Netbios Null Sessions
 Null Session Countermeasures
 PSTools
Lý Thuyết  SNMP Enumeration
3
3h  Management Information Base
 UNIX Enumeration
 SNMP UNIX Enumeration

Module 5: System Hacking

 Cracking Passwords
 Escalating Privileges
 Hiding Files

Chương trình đào tạo CEH tại trung tâm an ninh mạng ATHENA
 TRUNG TÂM ĐÀO TẠO QUẢN TRỊ & AN NIN H MẠNG
CS 1: 02 Bis Dinh Tien Hoang Street, Dakao Ward, District 1, HCMC – Tel: (848) 824 4041 – Fax: (848) 824 4041
CS2 :Kios 8-14 , Tô Hiến Thành, Đại Học Bách Khoa , Q10, Tp HCM . Tel : 2103801
E-mail: training@athenavn.com – URL: WWW.ATHENA.EDU.VN
 Covering tracks

CHAPTER 4 : ENUMERATION
1. Thiết lập Null connection trên windows :
2. Xác định thông tin về Domain abc .com với nbt_enum
3. Tìm username của Administrator bằng SID 2User và USER2SID

CHAPTER 5 : SYSTEM HACKING

1. Sử dụng Net Use và For command để tạo script thực hiện quá trình Active Password
Cracking.
2. TsCrack: dùng crack Terminal Services dùng cùng cơ ch ế bruce force terminal services .
3. Lophtcrack: LC5 là tool crack password với nhiều option như bruce force ,dictionary
Thực Hành
attack,có thể sniffer được LMHash và crack .
4 3h
4. Ophcrack: Đây là 1 tool rất hay đại diện cho kiểu Pre -computed Hash
5. Tạo bảng hash với Winrtgen trong Cain
6. ScoopLM và BeatLM: chương trình sniff và break password được gửi trong mạng LAN
theo kiểu CHAP authentication .
7. Ps tool để gọi cmd.exe từ xa
8. Keyloggers
9. Hiding file trên NTFS system
10. Rootkit
11. Steganography
12. xoá log bằng elsave.exe

Module 6: Trojans and Backdoors

 Effect on Business
 What is a Trojan?
 Overt and Covert Channels
 Working of Trojans
 Different Types of Trojans
 What Do Trojan Creators Look For?
 Different Ways a Trojan Can Get into a System
 Indications of a Trojan Attack
 Ports Used by Trojans
 How to Determine which Ports are “Listening”
Lý Thuyết
5  ScreenSaver Password Hack Tool – Dummylock
3h

Module 7: Sniffers

 Definition of Sniffing
 Protocols Vulnerable to Sniffing
 Types of Sniffing
 ARP - What is Address Resolution Protocol?
 ARP Spoofing Attack
 Tools for ARP Spoofing
 MAC Flooding
 Tools for MAC Flooding

Chương trình đào tạo CEH tại trung tâm an ninh mạng ATHENA
 TRUNG TÂM ĐÀO TẠO QUẢN TRỊ & AN NIN H MẠNG
CS 1: 02 Bis Dinh Tien Hoang Street, Dakao Ward, District 1, HCMC – Tel: (848) 824 4041 – Fax: (848) 824 4041
CS2 :Kios 8-14 , Tô Hiến Thành, Đại Học Bách Khoa , Q10, Tp HCM . Tel : 2103801
E-mail: training@athenavn.com – URL: WWW.ATHENA.EDU.VN
 Threats of ARP Poisoning

Module 6: TROJAN AND BACKDOOR

1. Netcat.
2. Netbus
3. Analyze quá trình truyền data trên Ethereal
4. Trojan Creator Kit:
Thực Hành 5. Wrapper file
6 3h
Module 7: SNIFFER
1. Wireshark: Analyzer protocol tool
2. HTTP sniffer: Sniffer và rebuild HTTP connection
3. ARPspoof và DNSspoof
4. Etherflood: flood switched network tool
5. DHCP poisoning

Module 8: Denial of Service

 What are Denial of Service Attacks?

 Goal of DoS
 Impact and the Modes of Attack
 Types of Attacks
 DoS Attack Classification
 Botnets
 Uses of botnets
 Types of Bots
Lý Thuyết  Tool: Nuclear Bot
7
3h
 What is DDoS Attack?
 Characteristics of DDoS Attacks

Module 9: Session Hijacking

 What is Session Hijacking?

 Spoofing vs. Hijacking
 Steps in Session Hijacking
 Types of Session Hijacking

Module 8: DENIAL 0F SERVICES(DoS)

1. Ping of Dead
2. Syn Flood Attack : Engaged Packet builder cho
Thực Hành 3. UDP flood Attack: Tương tự ta có thể dùng DoS bằng gói tin UDP
8 3h 4. Wireless De-authentication Attack
Module 9: SESSION HIJACKING
1. Hunt
2. Side Jacking : hijack http connection bằng cookie

Module 10: Hacking Web Servers

Lý Thuyết  How Web Servers Work

9
3h  How are Web Servers Compromised?
 How are Web Servers Defaced?
 Apache Vulnerability

Chương trình đào tạo CEH tại trung tâm an ninh mạng ATHENA
 TRUNG TÂM ĐÀO TẠO QUẢN TRỊ & AN NIN H MẠNG
CS 1: 02 Bis Dinh Tien Hoang Street, Dakao Ward, District 1, HCMC – Tel: (848) 824 4041 – Fax: (848) 824 4041
CS2 :Kios 8-14 , Tô Hiến Thành, Đại Học Bách Khoa , Q10, Tp HCM . Tel : 2103801
E-mail: training@athenavn.com – URL: WWW.ATHENA.EDU.VN
 Attacks Against IIS
 IIS Components
 IIS Directory Traversal (Unicode) Attack
 ASN Exploits
 ASP Trojan (cmd.asp)
 IIS Logs
 Network Tool: Log Analyzer
 Hacking Tool: CleanIISLog
 Unspecified Executable Path Vulnerability
 Metasploit Framework

Module 11: Web Application Vulnerabilities

 Web Application Setup

 Web Application Hacking
 Anatomy of an Attack
 Web Application Threats

Thực Hành Module 10:

10 3h Module 11:

Module 12: Web-based Password Cracking Techniques

 Definition of Authentication
 Authentication Mechanisms

Module 13: SQL Injection

 Introducing SQL injection

 Exploiting Web Applications
 SQL Injection Steps
Lý Thuyết
11
3h  What Should You Look For?
 What If It Doesn’t Take Input?
 OLE DB Errors
 Input Validation Attack
 SQL Injection Techniques
 How to Test for SQL Injection Vulnerability?
 How does it Work?
 Executing Operating System Commands
 Getting Output of SQL Query

Module 12: WEB-BASE PASSWORD CRACKING TECHNIQUES

Thực Hành
12 3h 1. Dùng Brutus để crack password modem ADSL và web server authentication .
Module 13: SQL Injection

Module 14: Hacking Wireless Networks

Lý Thuyết
13
3h  Introduction to Wireless Networking
 Wired Network vs. Wireless Network
 Effects of Wireless Attacks on Business

Chương trình đào tạo CEH tại trung tâm an ninh mạng ATHENA
 TRUNG TÂM ĐÀO TẠO QUẢN TRỊ & AN NIN H MẠNG
CS 1: 02 Bis Dinh Tien Hoang Street, Dakao Ward, District 1, HCMC – Tel: (848) 824 4041 – Fax: (848) 824 4041
CS2 :Kios 8-14 , Tô Hiến Thành, Đại Học Bách Khoa , Q10, Tp HCM . Tel : 2103801
E-mail: training@athenavn.com – URL: WWW.ATHENA.EDU.VN
 Types of Wireless Networks
 Advantages and Disadvantages of a Wireless Network
 Related Technology and Carrier Networks
 Antennas
 Cantenna
 Wireless Access Points

Module 15: Virus and Worms

 Introduction to Virus
 Virus History
 Characteristics of a Virus
 Working of Virus
 Why People create computer viruses?
 Symptoms of Virus-Like Attack
 Virus Hoaxes
 Chain Letters
 How is a Worm different from a Virus?

Module 14– HACKING WIRELESS NETWORK

1. Wardriving: Net Stumbler,Kismet.
Thực Hành 2. Eavesdropping attack: Comview for Wifi – Windows base commercial tool.
14 3h 3. DoS Attack: Aicrack - Windows,Linux base free tool.
4. Authentication Attack: Wep key breaking
5. Authentication Attack: WPA key breaking
Module 15: Virus and Worms

Module 16: Physical Security

 Security Statistics
 Physical Security Breach Incidents
 Understanding Physical Security
 What Is the Need for Physical Security?
 Who Is Accountable for Physical Secur ity?
 Factors Affecting Physical Security

Module 17: Linux Hacking

Lý Thuyết
15
3h  Why Linux?
 Linux Distributions
 Linux – Basics
 Linux Live CD-ROMs
 Basic Commands of Linux
 Linux File Structure
 Linux Networking Commands
 Directories in Linux
 Compiling the Linux Ke rnel
 How to Install a Kernel Patch?

Module 18: Social Engineering

Chương trình đào tạo CEH tại trung tâm an ninh mạng ATHENA
 TRUNG TÂM ĐÀO TẠO QUẢN TRỊ & AN NIN H MẠNG
CS 1: 02 Bis Dinh Tien Hoang Street, Dakao Ward, District 1, HCMC – Tel: (848) 824 4041 – Fax: (848) 824 4041
CS2 :Kios 8-14 , Tô Hiến Thành, Đại Học Bách Khoa , Q10, Tp HCM . Tel : 2103801
E-mail: training@athenavn.com – URL: WWW.ATHENA.EDU.VN

 What is Social Engineering?

 Human Weakness
 “Rebecca” and “Jessica”
 Office Workers
 Types of Social Engineering
 Human-based
 Computer-based
 Preventing Insider Threat
 Common Targets of Social Engineering
 Factors that make Companies Vulnerable to Attacks
 Why is Social Engineering Effective?

Module 16: PHYSICAL SECURITY

1. Crack password admin với L’ophcrack Live CD
2. usb hack để lấy password
3. Cách crack PC với kiểu p assword Windows NTLM kể cả các password lớn hơn 15 ký tự
Thực Hành
16 3h Module 18: SOCIAL ENGINEERING

1. Dùng cơ chế login @

2. Kết hợp với web phishing.

Module 19: Evading IDS, Firewalls, and Honeypots

 Introduction to Intrusion Detection System s

 Terminologies
 Intrusion Detection System (IDS)
 Firewall

Module 20: Buffer Overflows

Lý Thuyết
17
3h
 Why are Programs/Applications Vulnerable?
 Buffer Overflows
 Reasons for Buffer Overflow Attacks
 Knowledge Required to Program Buffer Overflow Exploits
 Types of Buffer Overflows
 How to Detect Buffer Overflows in a Program
 Attacking a Real Program
 NOPS

Module 19 : EVADING IDS,FIREWALL,HOTNEYPOTS

1. Airsnare: dạng NIDS đơn giản phát hiện các host kết nối đối với wireless ,wired
Thực Hành 2. Phát hiện promicous NICs với PromisScan
18 3h 3. Hotneypot với KFSensor
4. Detect Hotneypots với Nessus
5. Wireless IDS với NSspyglass: detect NetStumbler scanning

Module 20 : BUFFER OVERFLOWS

Chương trình đào tạo CEH tại trung tâm an ninh mạng ATHENA
 TRUNG TÂM ĐÀO TẠO QUẢN TRỊ & AN NIN H MẠNG
CS 1: 02 Bis Dinh Tien Hoang Street, Dakao Ward, District 1, HCMC – Tel: (848) 824 4041 – Fax: (848) 824 4041
CS2 :Kios 8-14 , Tô Hiến Thành, Đại Học Bách Khoa , Q10, Tp HCM . Tel : 2103801
E-mail: training@athenavn.com – URL: WWW.ATHENA.EDU.VN
1. MS03-026 Vulneratiblity: khai thác lỗi để tạo user hacker với quyền Administrat or trên
Windows 2003 sử dụng Metasploit 3.1

Module 21: Cryptography

 Public-key Cryptography
 Working of Encryption
 Digital Signature
 RSA (Rivest Shamir Adleman)
 RC4, RC5, RC6, Blowfish
 Algorithms and Security
 Brute-Force Attack
 RSA Attacks
 Message Digest Functions
 One-way Bash Functions
 MD5

Lý Thuyết Module 22: Penetration Testing

19
3h
 Introduction to Penetration Testing
 Categories of Security Assessments
 Vulnerability Assessment
 Limitations of Vulnerability Assessment
 Types of Penetration Testing
 Risk Management
 Do-it-Yourself Testing
 Outsourcing Penetration Testing Services
 Terms of Engagement
 Project Scope
 Pentest Service Level Agreements
 Testing Points

Module 21 : CRYPTOLOGY

1. Analyst DES(Data Encryption Standard) quá trình encrypt

Thực Hành
2. dùng các thuật toán phân tích các bit ,pixel để đưa data vào trong 1 file toàn vẹn
20 3h
3. Crack password Admin với Cain dùng Rainbow Table

Module 22: Penetration Testing

Chương trình đào tạo CEH tại trung tâm an ninh mạng ATHENA