Outline of eXtreme H@ckin9

I. Introduce to Security
   I.1  What's security?
        I.1.1  Implementing Anti-virus, Trojan, Worm and more ...
        I.1.2  Security network, information, human
        I.1.3  New technology
   I.2  Security and business
        I.2.1  Security for business
        I.2.2  Method to do
        I.2.3  Standard and ISO
   I.3  Different hacker and admin
        I.3.1  Thinking different
        I.3.2  Doing and Motive

II. What's Penetration Test?
   II.1  Introduction to Penetration Test
        II.1.1  Jobs
        II.1.2  Report
        II.1.3  Laws and License
   II.2  Basic Services and Tools
        II.2.1  Start | Stop Basic Services
             Transferring Files
             Web Services
             Remote Services

        II.2.2  Binding and Reverse Shell
        II.2.3  Analyzing Traffic on Network
   II.3  Life-time

III.Motive - Gathering Information
   III.1  Initial Information
       III.1.1  Define Asset Business
             Size of target
             History of target
             Name of Registrar

       III.1.2  Others
             Location of Server
             Guess OS systems
             Human searching

                   Job Search
   III.2  Technical
       III.2.1  Error
       III.2.2  Server OS
       III.2.3  Finding Exploit
   III.3  Non-technical
       III.3.1  Dump Diving
       III.3.2  Social Engineering

IV.Motive - Enumeration
   IV.1  Scanning
        IV.1.1  Scanning Network | Host
             Detect Live | Dead Host
             Port Opening

             Services and Application running
             Detect OS and version
             Security Devices

       IV.1.2  Scanning Application
             Detect Vulnerability
             Detect Weak Coding
             Fix Recommend

       IV.1.3  Report Scanning
                  Fix vulnerability
                  Deploy hot-fix, patch ...
   IV.2  Enumeration
        IV.2.1  DNS
              Enumeration DNS
                  Detect record on DNS
                  Brute Force DNS
                  Draw network with DNS
                  Exploit DNS
        IV.2.2  SMTP
              Enumeration SMTP
                  Weak of SMTP
              Guess Users and Mail Spoofing
        IV.2.3  SNMP
             SNMP Services
                  Read - information
             Enumeration SNMP
                  Installed Software
                  Using Software
                  Hardware Information
                  Routing & Subnet
        IV2.4  Others
             Enumeration OS

V.Motive - Attack Method
   V.1  Getting Username Password
        V.1.1  Key-logger
              Type of Key-logger
              Install & using Key-logger

                  Send e-mail
              Combine into other software
        V.1.2  Sniffer
              ARP Spoofing
                  Get username | password
                  POP3, POP3s
                  Yahoo!Mail, Gmail ....
        V.1.3  Fake Login
              Web Page Fake Login
              Screen Fake Login (Application)

   V.2  Buffer overflow
        V.2.1  Basic of Buffer
        V.2.2  Buffer Overflow and Shell-code
   V.3  Virus & Trojan & Rootkit
        V.3.1  Virus - Anti-virus
        V.3.2  Trojan -  Backdoor
        V.3.3  Rootkit
        V.3.4  Defending
   V.4  Internal Attack
        V.4.1  Escalating  Privilege
              Change user privilege to Admin
        V.4.2  OS Attack
        V.4.3  Control system
        V.4.4  Defending
   V.5  External Attack
        V.5.1  Application Attack

        V.5.2  Method
              Client-side Attack
              Fake Login

   V.6  Wireless Attack
        V.6.1  Security Wireless
              WEP | WPA | WPA2
              MAC Address Filtering
              Disable SSID broadcast

        V.6.2  Breaking Wireless Password
              Breaking WEP key
              Next GenerateTechnology

        V.6.3  Defending Wireless

VI. Framework
   VI.1  Framework for Penetration Test
   VI.2  Add-on Module for Framework
   VI.3  Clean up

   VII.1  Access Control
   VII.2  Next Generation Technology



      Copyright © 2007 FALCON JSC. All rights reserved.