Course Agenda for Ethical Hacking/Penetration Testing

1. Introduction	Terminology What is penetration testing? What is an ethical hacker? Types of attacks Lifecycle of a hack Standards Compliance Certification Programs
2. Rules of Engagement	Obtaining Permission Defining the Plan Internal vs. External attacks Acquiring the Tools Performing the Tests Reporting Ethics and Legal Issues
3.Information Gathering	Places to get information Network Enumeration Scanning Packet Sniffing OS Fingerprinting Researching Vulnerabilities
4. Vulnerabilities to attack	Kernel Flaws Buffer Overflows Symbolic Links File Descriptor Attacks Race Conditions File and Directory Permissions Trojans Social Engineering and Physical Security Password Cracking
5. Client-Side Penetration Testing	War dialing Viruses, Worms, Trojans Keystroke Logging Rootkits Information theft Tunneling Buffer Overflows Windows-specific attacks Linux-specific attacks
6. Server-Side Penetration Testing	Spoofing Email Denial of Service Unauthorized Disclosure Data Alterations Attacking a Wireless LAN
7. Internet-based Application Hacking	Form Manipulation URL Manipulation Cross-site Scripting Session Hijacking Session Replay Password Theft Man in the Middle Attacks SQL Injection Buffer Overflow XML Bombs Parameter Fuzzing
8. Detection and Evasion	Intrusion Detection Systems (IDSs) Firewalls Honeypots Methods for evasion