FALCON SECURITY

Release

 

Outline of eXtreme H@ckin9

I. Introduce to Security
   I.1  What's security?
        I.1.1  Implementing Anti-virus, Trojan, Worm and more ...
        I.1.2  Security network, information, human
        I.1.3  New technology
   I.2  Security and business
        I.2.1  Security for business
        I.2.2  Method to do
        I.2.3  Standard and ISO
   I.3  Different hacker and admin
        I.3.1  Thinking different
        I.3.2  Doing and Motive


II. What's Penetration Test?
   II.1  Introduction to Penetration Test
        II.1.1  Jobs
        II.1.2  Report
        II.1.3  Laws and License
   II.2  Basic Services and Tools
        II.2.1  Start | Stop Basic Services
             Transferring Files
             Web Services
             Remote Services
             Others..

        II.2.2  Binding and Reverse Shell
        II.2.3  Analyzing Traffic on Network
   II.3  Life-time


III.Motive - Gathering Information
   III.1  Initial Information
       III.1.1  Define Asset Business
             Size of target
             History of target
             Partner
             Others
             Location
             Name of Registrar

       III.1.2  Others
             Location of Server
             Guess OS systems
             Human searching

                   Support
                   Job Search
                   Blog
   III.2  Technical
       III.2.1  Error
       III.2.2  Server OS
       III.2.3  Finding Exploit
   III.3  Non-technical
       III.3.1  Dump Diving
       III.3.2  Social Engineering


IV.Motive - Enumeration
   IV.1  Scanning
        IV.1.1  Scanning Network | Host
             Detect Live | Dead Host
             Port Opening

             Services and Application running
             Detect OS and version
             Security Devices

       IV.1.2  Scanning Application
             Detect Vulnerability
             Detect Weak Coding
             Fix Recommend
             Others

       IV.1.3  Report Scanning
             Admin
                  Fix vulnerability
                  Deploy hot-fix, patch ...
   IV.2  Enumeration
        IV.2.1  DNS
              Enumeration DNS
                  Detect record on DNS
                  Brute Force DNS
                  Draw network with DNS
                  Exploit DNS
        IV.2.2  SMTP
              Enumeration SMTP
                  Weak of SMTP
              Guess Users and Mail Spoofing
        IV.2.3  SNMP
             SNMP Services
                  Monitor
                  Read - information
             Enumeration SNMP
                  Installed Software
                  Using Software
                  Hardware Information
                  Routing & Subnet
                  Users
                  Others
        IV2.4  Others
             Enumeration OS
                  Windows
                  Linux
             Services


V.Motive - Attack Method
   V.1  Getting Username Password
        V.1.1  Key-logger
              Type of Key-logger
              Install & using Key-logger

                  Send e-mail
              Combine into other software
        V.1.2  Sniffer
              ARP Spoofing
                  Get username | password
                  HTTP
                  POP3, POP3s
                  Yahoo!Mail, Gmail ....
        V.1.3  Fake Login
              Web Page Fake Login
              Screen Fake Login (Application)

   V.2  Buffer overflow
        V.2.1  Basic of Buffer
        V.2.2  Buffer Overflow and Shell-code
   V.3  Virus & Trojan & Rootkit
        V.3.1  Virus - Anti-virus
        V.3.2  Trojan -  Backdoor
        V.3.3  Rootkit
        V.3.4  Defending
   V.4  Internal Attack
        V.4.1  Escalating  Privilege
              Change user privilege to Admin
        V.4.2  OS Attack
        V.4.3  Control system
        V.4.4  Defending
   V.5  External Attack
        V.5.1  Application Attack
              Web
              Mail

        V.5.2  Method
              Client-side Attack
              Spoofing
              Fake Login
              DDoS

   V.6  Wireless Attack
        V.6.1  Security Wireless
              WEP | WPA | WPA2
              MAC Address Filtering
              Disable SSID broadcast

        V.6.2  Breaking Wireless Password
              Breaking WEP key
              Next GenerateTechnology

        V.6.3  Defending Wireless


VI. Framework
   VI.1  Framework for Penetration Test
   VI.2  Add-on Module for Framework
   VI.3  Clean up


VII.Others
   VII.1  Access Control
   VII.2  Next Generation Technology

 

 

 
 
 
      Copyright © 2007 FALCON JSC. All rights reserved.