Course Code: 683

EC-Council - CNDA - Certified Network Defense Architect (CNDA)

Class Dates:
6/8/2020
Length:
5 Days
Cost:
$2899.00
Class Time:
Technology:
Security
Delivery:

Overview

  • Course Overview
  • This class will immerse the student into an interactive environment where they will be shown how to scan, test, hack and secure their own systems. The lab intensive environment gives each student in-depth knowledge and practical experience with the current essential security systems. Students will begin by understanding how perimeter defenses work and then be lead into scanning and attacking their own networks, no real network is harmed. Students then learn how intruders escalate privileges and what steps can be taken to secure a system. Students will also learn about Intrusion Detection, Policy Creation, Social Engineering, DDoS Attacks, Buffer Overflows and Virus Creation. When a student leaves this intensive 5 day class they will have hands on understanding and experience in Ethical Hacking.


    This course prepares you for Certified Network Defense Architect exam 312-99
  • Audience
  • This course will significantly benefit security officers, auditors, security professionals, site administrators, and anyone who is concerned about the integrity of the network infrastructure. This course was specially designed for Government Agencies

Prerequisites

  • The CNDA certification is awarded to Government Employees. You will need to work for any Government Agency as full-time employee or as a contractor to apply for the CNDA certification.

    Requirements: 1. You must have completed the CEH certification
    2. You must work for any Government Agency

Course Details

  • INTRODUCTION TO ETHICAL HACKING
  • Why Security?
  • The Security, functionality and ease of
  • Can Hacking be Ethical?
  • Essential Terminology, Elements of Security
  • What does a Malicious Hacker do?
  • Difference between Penetration Testing
  • Hacker Classes. What do Ethical Hackers do?
  • Skill Profile of an Ethical Hacker.
  • Modes of Ethical Hacking.
  • Security Testing., Deliverables.
  • Computer Crimes and Implications.
  • Legal Perspective (US Federal Laws).
  • FOOTPRINTING
  • Defining Footprinting.
  • Information Gathering Methodology.
  • Locate the Network Range.
  • Hacking Tools: Whois, Nslookup, ARIN, Traceroute, NeoTrace, VisualRoute Trace SmartWhois, Visual Lookout, VisualRoute Mail Tracker, eMailTrackerPro
  • SCANNING
  • Definition of Scanning.
  • Types of scanning
  • Objectives of Scanning
  • Scanning Methodology
  • Classification of Scanning
  • Hacking Tools; Nmap, XMAS Scan, FIN Scan, Null Scan, Windows Scan, Idle Scan, Nessus, Retina, Saint
  • HPing2, Firewalk, NIKTO, GFI Languard, ISS Security Scanner,
  • Netcraft, IPsec Scan, NetScan Tools pro 2003, Super Scan, Floppyscan
  • War Dialer
  • Hacking Tools: THC Scan, Friendly Pinger, Cheops, Security Administrator’s Tool for, Analyzing Network (SATAN), SAFEsuite Internet Scanner, IdentTCPScan, PortScan Plus, Strobe, Blaster Scan
  • OS Fingerprinting
  • Active Stack fingerprinting
  • .
  • Tool for Active Stack fingerprinting: XPROBE2
  • Passive Fingerprinting
  • Proxy Servers
  • Hacking Tools: Socks Chain, Anonymizers, HTTP Tunnel, HTTPort
  • Countermeasures
  • ENUMERATION
  • What is Enumeration?
  • NetBios Null Sessions
  • Hacking Tools: DumpSec, Winfo, NetBIOS Auditing Tool (NAT)
  • Null Session Countermeasures
  • NetBIOS Enumeration
  • Hacking Tool :NBTScan
  • Simple Network Management: Protocol (SNMP) Enumeration
  • Hacking Tools: Solarwinds, Enum
  • SNScan
  • SNMP Enumeration Countermeasures
  • Management Information Base (MIB
  • Windows 2000 DNS Zone Transfer
  • .
  • Blocking Win 2k DNS Zone Transfer
  • Enumerating User Accounts
  • Hacking Tools: User2sid and Sid2user, UserInfo, GetAcct, DumpReg, Trout, Winfingerprint, PsTools, (PSFile,PSLoggedOn,PSGetSid,PS, Info, ,PSService,P SList,PSKill, PSSuspend, PSLogList, PSExec, PS
  • Active Directory Enumeration and Countermeasures
  • SYSTEM HACKING
  • Administrator Password Guessing
  • Manual Password Cracking Algorithm
  • Automated Password Cracking
  • Password Types
  • Types of Password Attacks
  • Performing Automated Password Guessing
  • Password Sniffing
  • Password Cracking Countermeasures
  • Syskey Utility
  • Cracking NT/2000 Passwords
  • SMBRelay Man-in-the-Middle Scenario
  • SMBRelay Weaknesses and Countermeasures
  • .
  • Keystroke Loggers
  • Hiding Files
  • Creating Alternate Data Streams
  • ADS creation and detection
  • LADS (List Alternate Data Streams)
  • NTFS Streams Countermeasures
  • Stealing Files Using Word Documents
  • Field Code Countermeasures
  • Steganography
  • Steganography Detection
  • Covering Tracks
  • Disabling Auditing and clearing Event Logs
  • .
  • Dump Event Log
  • RootKit
  • Planting the NT/2000 RootKit
  • Rootkit Countermeasures
  • TROJANS AND BACKDOORS
  • Effect on Business
  • What is a Trojan?
  • Overt and Covert Channels
  • Working of Trojans
  • Different Types of Trojans
  • What Trojan Creators look for?
  • Different ways a Trojan can get into a system
  • Indications of a Trojan Attack
  • Some famous Trojans and ports used by them
  • How to determine which ports are “Listening”?
  • Different Trojans found in the Wild
  • Wrappers
  • .
  • Packaging Tool : Wordpad
  • ICMP Tunneling
  • Loki Countermeasures
  • Reverse WWW Shell – Covert Channels using HTTP
  • Process Viewer
  • System File Verification
  • Anti-Trojan
  • Reverse Engineering Trojans
  • Backdoor Countermeasures
  • SNIFFERS
  • Definition of sniffing
  • How a Sniffer works?
  • Passive Sniffing
  • Active Sniffing
  • Man-in-the-Midle Attacks
  • Spoofing and Sniffing Attacks
  • ARP Poisoning and countermeasures
  • Network Probe
  • Sniffing Countermeasures
  • DENIAL OF SERVICE
  • What is Denial of Service?
  • Goal of DoS(Denial of Service)
  • Impact and Modes of Attack
  • DoS Attack Classification
  • Buffer Overflow Attacks
  • Distributed DOS Attacks and Characteristics
  • Agent Handler Model
  • IRC-Based DDoS Attack Model
  • DDoS Attack taxonomy
  • DDoS Tools
  • Reflected DOS Attacks
  • Reflection of the Exploit
  • .
  • Countermeasures for Reflected DoS
  • DDoS Countermeasures
  • Defensive Tool: Zombie Zapper
  • Worms: Slammer and MyDoom.B
  • SOCIAL ENGINEERING
  • What is Social Engineering?
  • Art of Manipulation
  • Human Weakness
  • Common Types of Social Engineering
  • Human Based Impersonation
  • Example of social engineering
  • Computer Based Social Engineering
  • Reverse Social Engineering
  • Policies and procedures
  • Security Policies-checklist
  • SESSION HIJACKING
  • Understanding Session Hijacking
  • Spoofing vs Hijacking
  • Steps in Session Hijacking
  • Types of Session Hijacking
  • TCP Concepts 3 Way Handshake
  • Sequence numbers
  • Remote TCP Session Reset Utility
  • Dangers Posed by Session Hijacking
  • Protection against Session Hijacking
  • Countermeasures: IP Security
  • HACKING WEB SERVERS
  • How Web Servers Work?
  • How are Web Servers Compromised?
  • Popular Web Servers and Common Security Threats
  • Apache Vulnerability
  • Attack against IIS
  • IIS Components
  • Sample Buffer Overflow Vulnerabilities
  • ISAPI.DLL Exploit, Code Red and ISAPI.DLL Exploit, Unicode, Unicode Directory Traversal Vulnerability
  • Msw 3prt IPP Vulnerability, IPP Buffer Overflow Countermeasures
  • Unspecified Executed Path Vulnerability
  • File System Traversal Countermeasures, WebDAV/ ntdll.dll Vulnerability
  • RPCDCOM Vulnerability, ASN Exploits, IIS Logs
  • .
  • Network Tool: Log Analyzer, Hacking Tool: Clean IISLog,
  • Escalating Privileges on IIS, Microsoft IIS 5.0 - 5.1 remote denial of service Exploit Tool
  • Microsoft Frontpage Server Extensions fp30reg.dll Exploit Tool
  • GDI+ JPEG Remote Exploit Tool
  • Windows Task Scheduler Exploit Tool
  • Microsoft Windows POSIX Subsystem Local Privilege Escalation Exploit Tool
  • Hot Fixes and Patches
  • Vulnerability Scanners
  • Network Tools
  • Countermeasures
  • Increasing Web Server Security
  • WEB APPLICATION VULNERABILITIES
  • Web Application Set-up, Web Application Hacking, Anatomy of an Attack
  • Web Application Threats, Cross Site Scripting/XSS Flaws, Countermeasures, SQL Injection, Command Injection Flaws, Countermeasures
  • Cookie/Session Poisoning, Countermeasures, Parameter/Form Tampering, Buffer Overflow, Countermeasures
  • Directory Traversal/Forceful Browsing, Countermeasures, Cryptographic Interception, Authentication Hijacking, Countermeasures
  • Log Tampering, Error Message Interception, Attack Obfuscation, Platform Exploits
  • Internet Explorer Exploits, DMZ Protocol Attacks, DMZ, Countermeasures
  • Security Management Exploits, Web Services Attacks, Zero Day Attacks,
  • Network Access Attacks, TCP Fragmentation, Hacking Tools:, Burp: Positioning Payloads
  • Burp: Configuring Payloads and Content Enumeration, Burp, Burp Proxy: Intercepting HTTP/S Traffic
  • Burp Proxy: Hex-editing of Intercepted Traffic,
  • Burp Proxy: Browser Access to Request History, Carnivore, Google Hacking
  • WEB BASED PASSWORD CRACKING TECHNIQUESQ
  • Authentication- Definition, Authentication Mechanisms
  • HTTP Authentication, Basic Authentication
  • Digest Authentication, Integrated Windows (NTLM) Authentication
  • Negotiate Authentication, Certificate-based Authentication,
  • Forms-based Authentication, Microsoft Passport Authentication
  • What is a Password Cracker?
  • Modus Operandi of an Attacker using Password Cracker
  • How does a Password Cracker work?, Attacks- Classification, Password Guessing
  • Query String, Cookies, Dictionary Maker
  • SQL INJECTION
  • Attacking SQL Servers
  • SQL Server Resolution Service (SSRS)
  • Osql-L Probing, Port Scanning
  • Sniffing, Brute Forcing and finding Application Configuration Files
  • Database Scanner, Input Validation Attack
  • Login Guessing & Insertion, Shutting Down SQL Server
  • Extended Stored Procedures
  • SQL Server Talks
  • Preventive Measures
  • HACKING WIRELESS NETWORKS
  • Introduction to Wireless Networking, Business and Wireless Attacks
  • Wireless Basics, Components of Wireless Network, Types of Wireess Network, Setting up WLAN
  • Detecting a Wireless Network, How to access a WLAN,
  • Advantages and Disadvantages of Wireless Network, Antennas, SSIDs, Access Point Positioning
  • Rogue Access Points, What is Wireless Equivalent Privacy (WEP)?
  • WEP Tool:, Related Technology and Carrier Networks, MAC Sniffing and AP Spoofing, Terminology
  • Denial of Service Attacks, Man-in-the-Middle Attack (MITM), Multi Use Tool: THC-RUT,
  • Tool: WinPcap, Auditing Tool: bsd-airtools
  • WIDZ- Wireless Detection Intrusion System
  • Securing Wireless Networks, Out of the box Security,
  • Radius: Used as Additional layer in security
  • Maximum Security: Add VPN to Wireless LAN
  • VIRUS AND WORMS
  • Virus Characteristics, Symptoms of ‘virus-like’ attack,
  • What is a Virus Hoax?, Terminologies, How is a worm different from virus?
  • Indications of a Virus Attack, Virus History, Virus damage
  • Effect of Virus on Business, Access Methods of a Virus, Mode of Virus Infection
  • Life Cycle of a virus, What Virus Infect?, How virus infect?
  • Writing a simple virus program., Writing DDOS Zombie Virus
  • Virus Construction Kits, Virus Creation Scripts
  • Virus Detection Methods, Virus Incident Response, What is Sheep Dip?,
  • Prevention is better than Cure, Anti-Virus Software,
  • Popular Anti-Virus packages,
  • Virus Analyzers
  • PHYSICAL SECURITY
  • Security statistics, Physical Security breach incidents
  • Understanding Physical Security, What is the need of Physical Security?
  • Who is Accountable for Physical Security?, Factors affecting Physical Security
  • Physical Security checklist, Company surroundings,
  • Premises, Reception, Server,
  • Workstation Area, Wireless Access Points,
  • Other Equipments such as fax, removable media etc
  • Access Control, Computer Equipment Maintenance
  • Wiretapping, Remote access, Lock Picking Techniques
  • Spying Technologies
  • MODES
  • LINUX HACKING
  • EVADING FIREWALLS, IDS AND HONEYPOTS
  • BUFFER OVERFLOWS
  • CRYPTOGRAPHY
  • PENETRATION TESTING - PART 1
  • PENETRATION TESTING - PART 2