- Describe the principals of least privilege and disclosure
- Describe how attackers use active fingerprinting using port scans, DNS and ICMP
- Describe how attackers use passive fingerprinting using search engines
- Describe how attackers enumerate services by collecting banner messages and protocol information
- Describe how attackers use social engineering methods to gather information about an enterprise
|
|
| Unauthorized System Access |
- Describe how attackers gain unauthorized access through user accounts
- Describe how attackers gain unauthorized access through software flaws
- Explain the attacker methodology for locating vulnerable enterprise services and creating exploits
- Describe a buffer overflow
- Describe privilege escalation
- Describe a Trojan horse as a means to escalate privileges
|
|
- Describe how attackers secure root access through backdoors on a system
- Describe the following back doors: SUID shell, bound shell, and trusted hosts
- Describe a file system root kit
- Demonstrate how a file system root kit hides files, processes, and connections
- Describe a kernel root kit
- Demonstrate how a kernel rootkit captures all system activity
|
|
| Encrypting and Hiding Data on a System |
- Review encryption technology
- Describe how attackers use cryptography to encrypt files
- Demonstrate encryption using GnuPGP and OpenSSL
- Describe digital steganography
- Demonstrate how attackers hide files within files using digital steganography
- Describe how attackers hide data within unexpected parts of the file system
- Demonstrate how attackers hide a file in file system metadata
- Demonstrate how attackers use the loopback file system and extended attributes to hide data
|
|
|
|
- Identify the different types of enterprise services: like DNS, DHCP, SMTP, HTTP, and Firewalls
- Identify available log files for enterprise services
- Describe the relevant intrusion information in each log file
- Examine enterprise log files to locate suspicious activity
- Correlate information from multiple log files to determine an intrusion
|
|
| Unauthorized System Access Intrusion Analysis |
- Identify default system access log files in the /var directory structure
- Identify optional Basic Security Module (BSM) and system accounting log files
- Describe log file formats and tools available to read the formats
- Describe the relevant information in each log file
- Correlate information from multiple log files to determine unauthorized system access
- Demonstrate how attackers modify log files to hide their presence on a system
|
|
| File System Intrusion Analysis |
- Define systems and utility trust
- Locate backdoors on a UNIX System: alternate root accounts, bound shells, SUID shells, trusted host files
- Locate file system root kits on a UNIX System
- Discover hidden directories, replaced system commands, remote command utilities, and network sniffers
- Describe automated file system analysis tools
- Implement the rkhunter, chkrootkit, and Solaris Fingerprint Database to locate root kits
|
|
- Describe the important types of intrusion data that resides in memory
- Describe techniques to capture volatile memory data to a file system
- Introduce memory analysis tools mdb and gdb
- Demonstrate how to recovery data from memory using the mdb and gdb tools
|
|
| Incident Investigation Methodologies |
- Identify different types of intrusion scenarios
- Apply a methodology based on an intrusion scenario
- Collect the appropriate data (log files, file systems, and memory images) based on the intrusion scenario
|
|
|
Interested in any of our courses. Use this form to contact us