CEH v7 Buffer Overflows Study guide

Iphone users – use the copy feature for URLs below and paste to browser – if it is a PDF try goodreader app for better viewing

Here is a list of resources and books to help with your study.

20 Buffer Overflows (17)

CEH v7 Evading IDS Firewalls and Honeypots Study guide

Iphone users – use the copy feature for URLs below and paste to browser – if it is a PDF try goodreader app for better viewing

Here is a list of resources and books to help with your study.

19 Evading IDS, Firewalls, and Honeypots (16)

19 Reading

Evading NIDS, revisited | Symantec Connect Community
Unblock Blocked Websites like Myspace, Bebo and Orkut
Infosecwriters.com
Honeypots for Windows
http://www.netprotect.ch/downloads/webguide.pdf
Free Intrusion Detection (IDS) and Prevention (IPS) Software
How to Bypass Firewalls Restrictions using Proxy Servers. | Hacking
http://www.terena.org/activities/tf-csirt/meeting9/gowdiak-bypassing-firewalls.pdf
SecurityFocus | Symantec Connect Community
Compupros Unlimited – Computer consultants specialising in the network security, firewall configuration and VPN including SonicWALL systems for SME’s in ocean and monmouth counties and New Jersey, New York, Pennsylvania, and Delaware
B.I.S.S. Forums (Powered by Invision Power Board)
Network Security, Cryptography, Firewalls, Anti Virus, BS7799, ISO 17799, Consultancy, and much more!
Enterasys Dragon Host Sensor
http://insecure.org/stf/secnet_ids/secnet_ids.pdf
Hardware Firewalls
Circuit-Level Gateway
Firewall Q&A
statoo.htm: some simple stalking tools
http://www.gray-world.net/papers/covertshells.txt

19 Honeypots

Open Source Honeypots: Learning with Honeyd | Symantec Connect Community
Honeypot Software, Honeypot Products, Deception Software (Honeypots, Intrusion Detection, Incident Response)
Honeypots: Tracking Hackers
LaBrea – Homepage

19 Firewall

Hardware Firewalls
SecuriTeam – ACK Tunneling Trojans
Check Point – Security Appliances, Security Gateways, Firewall, Security Management, Endpoint Security & Software Blades
ntsecurity.nu – ack tunneling
Placing Backdoors Through Firewalls

19 IDS

Framerelay
An Introduction to IDS | Symantec Connect Community
Host-Based IDS vs Network-Based IDS (Part 2 – Comparative Analysis)
Network Intrusion Detection Using Snort – The Community’s Center for Security
Running Snort Part 2 | Symantec Connect Community
Keep Out: Host Intrusion Detection – The Community’s Center for Security
http://complianceandprivacy.com/WhitePapers/iDefense-IDS-Evasion/iDefense_IDSEvasion_20060510.pdf
http://www.citi.umich.edu/techreports/reports/citi-tr-03-1.pdf
Intrusion Detection
The Evolution of Intrusion Detection Systems | Symantec Connect Community
Network Security Software | Intrusion Detection System
AIDE – Advanced Intrusion Detection Environment

19 Tools for protection

Networking Dynamics
http://www.ossec.net/
netifera
Tripwire, Inc – Take Control of IT Security and Compliance
analogbit.com
Tomahawk Test Tool

CEH v7 Linux Hacking Study guide

Iphone users – use the copy feature for URLs below and paste to browser – if it is a PDF try goodreader app for better viewing

Here is a list of resources and books to help with your study.

comp.os.linux.security FAQ
Linux Online – Linux Courses
linux from scratch
ftp.osuosl.org :: Oregon State University Open Source Lab
Discussion Forum Active Users
How to Start Networking in Backtrack
Steve Friedl’s Tech Tips
http://www.tldp.org/REF/ls_quickref/QuickRefCard.pdf

CEH v7 Layer 2 and 3 Study guide

Iphone users – use the copy feature for URLs below and paste to browser – if it is a PDF try goodreader app for better viewing

Here is a list of resources and books to help with your study.

02 Layer 2 and 3

02 Reading

DOMAIN NAMES – CONCEPTS AND FACILITIES [RFC-Ref]
Regional Internet registry – Wikipedia, the free encyclopedia
http://www.packetwatch.net/documents/papers/osdetection.pdf
Information Gathering Tools
http://simson.net/clips/academic/2009.BL.InternetFootprint.pdf
http://www.ecqurity.com/wp/footprinting-encored.pdf
http://www.ietf.org/rfc/rfc1034.txt
http://web.textfiles.com/hacking/footprinting.txt
NEOHAPSIS – Peace of Mind Through Integrity and Insight
SecuriTeam – Analysis of Remote Active Operating System Fingerprinting Tools
Remote OS Detection via TCP/IP Fingerprinting
Remote OS detection via TCP
Chapter 8. Remote OS Detection
Fingerprinting Merit Badge
http://freeworld.thc.org/thc-ffp/
CJ625 Student Paper
Footprinting: The Basics of Hacking :: Hack In The Box :: Keeping Knowledge Free
Readings the hacker’s choice – THC
What is competitive intelligence?
Know Your Enemy: Passive Fingerprinting | The Honeynet Project
IMS General Web Services glossary

02 IP and telephone networks

American Registry for Internet Numbers (ARIN)
IP Trace, IP Tracing tools – by TialSoft software
APNIC – About network abuse and spamming
Port monitor – CallerIP – IP connection monitor, port monitoring, spyware monitoring, adware monitoring, whois and network reports

02 DNS

DNS-Digger – Trying to digg deeper into the information behind the net
Dig web interface
Domain Recon
host – Linux man page
DNS tools
DNS Tools | Ajax DNS
DNS RIPE.NET
DNS APNIC
DNS LACNIC

02 Whois

The Prefix WhoIs Project – Greetings
Free online network tools – traceroute, nslookup, dig, whois lookup, ping – IPv6
DomainTools | Whois Lookup, DNS Lookup, Reverse Whois Lookup
Whois 2010 PRO
Freeware Programs: NetInspector
Whois By IP Address
Better Whois: The WHOIS domain search that works with all registrars.
Whois
Domain Research Tool – Typein domains, Pagerank domain, Link Popularity domains, Bulk whois
Domain Name Management Software – Internet Business Asset Management : DomainPunch.Com

02 Tracerout

3d Traceroute
Path Analyzer Pro – Graphical Traceroute, WhoIs, Charts, Maps, Performance Testing, ip location, tracert, trace route
Traceroute – VisualRoute Live Demo – Diagnosing your connection problems.
Visual IP Trace – IP, website and doamin location trace tool
Roadkil.Net – Roadkil’s Trace Route Program Download
vTrace
Ping Plotter Download
Ping-Probe (Essential Network Toolkit Suite)
Traceroute Tool
Traceroute, Ping, Domain Name Server (DNS) Lookup, WHOIS

CEH v7 Viruses Study guide

Here is a list of resources and books to help with your study.

07 Viruses and Worms

07 Reading

Wired 11.07: Slammed!
http://download.norman.no/manuals/eng/BOOKON.PDF
http://www.symantec.com/avcenter/reference/striker.pdf
The Spread of the Sapphire/Slammer Worm
Random Scanning Worms and Sapphire/Slammer’s PRNG…
Optus myZOO Learning Centre
http://www.mpl.org.eg/doc/eBOOKs/vtutor.pdf
Virus History Summary
Cybercrime : Piercing the darkness
Technical Briefs – Information on Computer Viruses

07 Tools for examination

Honeypots, Intrusion Detection, Incident Response
Packet Storm ≈ Full Disclosure Information Security
Foundstone – A division of McAfee
UPX
Process Monitor
Wired and Wireless Network Analysis Software by TamoSoft
OllyDbg v1.10
IDA Pro Disassembler – multi-processor, windows hosted disassembler and debugger
Malware Analysis, Virus Sandbox – GFI Sandbox an Automated Malware Analysis Tool

07 Tools for protection

Anubis: Analyzing Unknown Binaries
VirusTotal – Free Online Virus, Malware and URL Scanner
OPSWAT Metascan
Submit a sample – Microsoft Malware Protection Center
Free Virus Scan – Kaspersky Lab
Antivirus Software | Antispyware | Norton AntiVirus
BitDefender Antivirus Pro 2011
F-Secure Anti-Virus 2011 – Real-Time Antivirus Protection
Kaspersky Anti-Virus Software | Kaspersky Lab United States
Trend Micor Internet Security Pro – Trend Micro APAC
Virus Protection, Viruses, Anti virus Software | Antivirus Plus 2011 | McAfee

CEH v7 Hacking Wireless Networks Study guide

Iphone users – use the copy feature for URLs below and paste to browser – if it is a PDF try goodreader app for better viewing

Here is a list of resources and books to help with your study.

18 Hacking Wireless Networks (15)

18 Reading

Wi-Fi Tutorials – Wi-Fi Planet
How 802.11 Wireless Works: Wireless
Service set (802.11 network) – Wikipedia, the free encyclopedia
madwifi-project.org – Trac
Trusted Computing Group – Developers – Trusted Network Connect
Different Types of Wireless Network
Identifying Rogue Access Points
Advantages and Disadvantages of WLANs
Antenna Cabling Guide – Gumph
TKIP (Temporal Key Integrity Protocol)
Cracking WPA Network
Cracking WPA / WPA2 – SmallNetBuilder
Cracking WEP Using Backtrack: A Beginner’s Guide
Cracking wep wpa
Hacking Techniques in Wireless Networks
Wireless LAN Security / Wardriving / WiFi Security / 802.11
Wireless Network Security
Wireless.pdf
wireless_hacking.pdf
http://forskningsnett.uninett.no/wlan/download/wlan-mac-spoof.pdf
Warchalking Symbols
WPA2: Second Generation WiFi Security

18 Tools

Top 5 Wireless Tools
Wireless LAN Security Tools, 802.11 Security Software (Wireless LAN Security & Wardriving – 802.11)
Wireless Security Tools
Top Ten Free Wi-Fi Security Test Tools – www.esecurityplanet.com
Free Wireless Security Tools
Cisco – Wireless LAN Security White Paper

18 Wireless DOS

How To Crack WEP and WPA Wireless Networks – 121Space
Cisco Adaptive wIPS Deployment Guide [Cisco Adaptive Wireless IPS Software] – Cisco Systems
Denial of Service a Big WLAN Issue – www.esecurityplanet.com
Wireless Attacks and Penetration Testing (part 1 of 3) | Symantec Connect Community
A List of Internet and Network Attacks
Applying Security Practices to Justice Information Sharing

18 Sniffing

WirelessSniffer – Personal Telco Project
WLAN Analyzer and Protocol Decoder – CommView for WiFi – Packets
Understanding 802.11 Frame Types – www.wi-fiplanet.com

18 Tools

NetStumbler.com
Riverbed Technology
NetworkMiner Network Forensic Analysis Tool (NFAT) and Packet Sniffer
Airscanner Mobile Security
kismacng
Aircrack-ng
NetStumbler.org Forums
WEPCrack – An 802.11 key breaker
WepDecrypt
Kismet
KOrinoco home page
Boingo | The Worldwide Leader in Wi-Fi Software and Services
Enterprise Wireless Network Security – Wireless Network Troubleshooting – AirMagnet
Airview 1.0 – Wireless Packet Analyzer
Innovative Diagnostic WiFi Tools | Nuts About Nets
Berkeley Varitronics Systems WiMAX, 4G LTE, Wi-Fi & CDMA Wireless Test Tools
MetaGeek | Home of Wi-Spy and inSSIDer
Welcome to Benhui
Bluetooth Spy Software, Phone Spy Software | Bluejacking Tools
Motorola AirDefense Solutions – Enterprise Wireless Security & Compliance, Infrastructure Management & Network Assurance
WiFi security, Real Time Location Tracking, (RTLS), Asset Tracking – Newbury Networks
Detect, locate and continuously monitor Wi-Fi and cellular – AIRPATROL Corporation
Nonstop Wireless Availability | Trapeze Networks
Connect802 Corporation
Ekahau – Wi-Fi Tracking Systems, RTLS and WLAN Site Survey
Aruba Labs

18 Wireless card details

CaptureSetup/WLAN – The Wireshark Wiki
faq [Aircrack-ng]
Linux wireless LAN support http://linux-wless.passys.nl
Compatibility/Atheros – madwifi-project.org – Trac
Atheros chipsets based wireless devices
PRISM (chipset) – Wikipedia, the free encyclopedia
Quatech PCD-X/U142-E – CardBus adapter – USB – External

CEH v7 SQL Injection Study guide

Iphone users – use the copy feature for URLs below and paste to browser – if it is a PDF try goodreader app for better viewing

Here is a list of resources and books to help with your study.

13 SQL Injection (14)

13 Reading

SQL Injetion by LANG NAVORIGIN
EvilSQL
SQL Injection Attacks by Example
SQL Hacking Truths: Top 10 Tricks to exploit SQL Server Systems
Blind SQLInjection.pdf
SQL classification of atacks
SQL Injection
SQL Injection Cheat Sheet
SQL Injection – Hakipedia
http://www.ijcaonline.org/journal/number25/pxc387766.pdf
https://www.owasp.org/images/8/8e/One_Click_Ownage-Ferruh_Mavituna.pdf
Oracle_sql_crashcourse_for_developers.pdf
Code Injection – OWASP
Reviewing Code for SQL Injection – OWASP
Cross Site Scripting Flaw – OWASP
Injection Flaws – OWASP
http://www.toorcon.org/tcx/16_Alonso.pdf
Data Security and Compliance Terms | Glossary
‘SQL injection’ attacks on the rise in Atlanta | Atlanta Business Chronicle

13 Tools

BSQL Hacker – Portcullis Labs
Marathon Tool
SQL Power Injector Product Information
ITSecTeam, IT Security Research & Penetration Testing Team
Bobcat SQL Injection Tool
sqlninja – a SQL Server injection & takeover tool
[ISR] Infobyte Security Research
0x90.org // [Absinthe :: Automated Blind SQL Injection] // ver1.3.1
sqlmap: automatic SQL injection and database takeover tool
SQID – SQL Injection digger
cqure.net » SQLPAT
sqlsus : (My)SQL injection tool
BCable.net – SQLIer
Database Management Tools | SQL Block Monitor | Overview
Web application security – Acunetix Web Vulnerability Scanner
GreenSQL | Open Source SQL Database Security, SQL Injection Prevention
ntsecurity.nu – toolbox
SQL Injection tools – databasesecurity.com
SQL Power Injector Product Information
sqlmap: automatic SQL injection and database takeover tool

CEH v7 Web Application Vulnerabilities Study guide

Iphone users – use the copy feature for URLs below and paste to browser – if it is a PDF try goodreader app for better viewing

Here is a list of resources and books to help with your study.

12 Hacking Web Applications (13)

12 Reading

Basic HTML Examples
PDF of Hacking Exposed chapter 1
OWASP Top 10 2010 Web Application Vulnerabilities
WebGoat Web Hacking Simulation Series
w3af – Web Application Attack and Audit Framework
Components and Web Application Architecture
A New Threat To Web Applications: Connection String Parameter Pollution (CSPP) | ORA600
WGET 1.11.4 for Windows (win32)
Bugtraq: Re: Bad news on RPC DCOM vulnerability

12 Tools

Web Application Penetration Testing – OWASP
Burp Suite
Nikto2 | CIRT.net
Web application security – Acunetix Web Vulnerability Scanner
Wget for Windows
Sleuth 1.4 Overview
HooBieNet – Home
soapUI – The Home of Functional Testing
XML Editor, Data Management, UML, and Web Services Tools from Altova
Products » Enterprise | N-Stalker The Web Security Specialists
SecuBat Vulnerability Scanner
skipfish – web application security scanner – Google Project Hosting
Websecurify | Web Application Security Scanner and Manual Penetration Testing Tool
website monitoring KeepNI
Wapiti – Web application security auditor
Web Application Firewall, Affordable Industry Leading Web Security
Imperva ThreatRadar – Reputation-Based Security for Automated Attacks
Radware AppWall: Web Application Security and Compliance Solution
Intrusion Detection and Prevention, Security Data Analytics, Personal Firewall – Privacyware
Web Application Security, Web Application Firewall

12 XSS

What is Cross Site Scripting (XSS) | Cross-Site Scripting Examples and Information
XSS (Cross Site Scripting) Prevention Cheat Sheet – OWASP
[DOM Based Cross Site Scripting or XSS of the Third Kind] Web Security Articles – Web Application Security Consortium
Common Security Mistakes in Web Applications – Smashing Magazine
The Cross-Site Scripting (XSS) FAQ

12 Attacks

The Web Application Security Consortium / Threat Classification
The Web Application Security Consortium / Web-Hacking-Incident-Database
Top 10 attacks – OWASP
OWASP Testing
Secure Coding Guide: Validating Input
InformIT: Security Reference Guide > Code Injection Explained
The Web Application Security Consortium / LDAP Injection
Preventing HTML form tampering
CSRF Attacks and Web Forms
The Cross-Site Request Forgery (CSRF/XSRF) FAQ
Cookie Poisoning (Definition, Examples, Videos, and Prevention)
Cookie Poisoning how to.
The Web Application Security Consortium / Buffer Overflow
Anatomy of a Web Services Attack | SYS-CON NEWS DESK
SensePost – J-Baah – Generic HTTP Fuzzer
The Web Application Security Consortium / XPath Injection

12 Defense

Samoa: Formal Tools for Securing Web Services – Microsoft Research
Microsoft’s Anti-Cross Site Scripting Security Runtime Engine Sample – AntiXSS 3.1
The Simplest Security: A Guide To Better Password Practices | Symantec Connect Community
Port80 Software » Products » PCI Compliant Web App Firewall for IIS Servers

CEH v7 Web Based Password Cracking Techniques Study guide

Iphone users – use the copy feature for URLs below and paste to browser – if it is a PDF try goodreader app for better viewing

Here is a list of resources and books to help with your study.

12 Authentication

Maximum Security – Chapter 10 – Password Crackers
How to Choose a BAD Password
Password Checker: Using Strong Passwords | Microsoft Security
What is an ISAPI Extension? – CodeProject
Introduction to password cracking – Xatrix Security
http://www.cs.jhu.edu/%7Erubin/courses/sp03/papers/passport.pdf
ASP.NET Forms Authentication – Part 1 – O’Reilly Media
The Simplest Security: A Guide To Better Password Practices | Symantec Connect Community
IPSec Authentication Extended Authentication (XAUTH)
Public Key Certificates, Digi Cert, Digicert, Certificates
http://www.ietf.org/rfc/rfc2617.txt
Documentation: Apache HTTP Server – The Apache HTTP Server Project
Hacking techniques

12 Tools

Web Application Penetration Testing – OWASP
Burp Suite
Nikto2 | CIRT.net
Web application security – Acunetix Web Vulnerability Scanner
Wget for Windows
Sleuth 1.4 Overview
HooBieNet – Home
soapUI – The Home of Functional Testing
XML Editor, Data Management, UML, and Web Services Tools from Altova
Products » Enterprise | N-Stalker The Web Security Specialists
SecuBat Vulnerability Scanner
skipfish – web application security scanner – Google Project Hosting
Websecurify | Web Application Security Scanner and Manual Penetration Testing Tool
website monitoring KeepNI
Wapiti – Web application security auditor
Web Application Firewall, Affordable Industry Leading Web Security
Imperva ThreatRadar – Reputation-Based Security for Automated Attacks
Radware AppWall: Web Application Security and Compliance Solution
Intrusion Detection and Prevention, Security Data Analytics, Personal Firewall – Privacyware
Web Application Security, Web Application Firewall

CEH v7 Hacking Web Servers Study guide

Iphone users – use the copy feature for URLs below and paste to browser – if it is a PDF try goodreader app for better viewing

Here is a list of resources and books to help with your study.

11 Hacking Webservers (12)

11 Reading

Website basics W3Schools Online Web Tutorials
An Overview of a Web Server | Bodvoc’s Blog
IIS Security Monster 440 Page Jason Coombs ( dated but great)
Techno Freak: IIS 7.0 Architecture
Chapter 5 – Managing Web Server Security
Firewall Penetration Testing.pdf
SSL 3.0 Specification
ATTRITION Defacement Mirror
Insecure Configuration Management – OWASP

11 Attacks

Web-Server-Hacking | Darknet – The Darkside
HTTP Response Splitting – OWASP
Tunneling protocol – Wikipedia, the free encyclopedia

11 Tools

Brutus – Download
Category:OWASP WebGoat Project – OWASP
YouTube – Learn how to use METASPLOIT
Netcraft Anti-Phishing Toolbar
HTTrack Website Copier – Offline Browser
Burp free and pro
HooBieNet – Home
Tenable Nessus | Tenable Network Security
Metasploit Framework Penetration Testing Software | Metasploit Project
Baseline Security Analyzer 2.2 – Download FAQ Resources | TechNet

11 Tools for Protection

Baseline Security Analyzer 2.2 – Download FAQ Resources | TechNet
Network Management Software, Application Server Management-ManageEngine
Web Application Security Tools – Syhunt | Sandcat » Sandcat – Web Application Security Scanner | browse
SensePost – SensePost Information Security
Static Source Code Analysis and Web Application Security – Armorize Technologies Inc.
System Management | NetIQ
N-Stalker The Web Security Specialists
Infiltration Systems – Network Security Scanning, Vulnerability Detection, and Auditing