| Acknowledgments | p. xvii |
| HackNotes: The Series | p. xix |
| Introduction | p. xxiii |
| Reference Center | |
| Common System Commands | p. 2 |
| Windows System and Network Commands | p. 2 |
| Windows Enumeration Commands and Tools | p. 3 |
| Common DOS Commands | p. 5 |
| UNIX System and Network Commands | p. 6 |
| Specific UNIX Enumeration Commands | p. 9 |
| Netcat Remote Shell Commands | p. 10 |
| Router Commands | p. 11 |
| IP Addressing and Subnetting | p. 12 |
| Network Ranges | p. 12 |
| Usable Hosts and Networks | p. 12 |
| Private, Nonroutable IP Ranges | p. 13 |
| Password and Log File Locations | p. 13 |
| Most Useful Ports and Services in the Hacking Process | p. 14 |
| Common Remote-Access Trojans and Ports | p. 16 |
| Common Trojan Ports | p. 17 |
| Dangerous File Attachments "Drop List" | p. 18 |
| Common and Default Passwords | p. 20 |
| Decimal, Hex, Binary, ASCII Conversion Table | p. 21 |
| Windows and UNIX Hacking Steps | p. 24 |
| Must-Have Free (or Low Cost) Tools | p. 29 |
| Network Security Principles and Methodologies | |
| Security Principles and Components | p. 3 |
| Asset and Risk Based INFOSEC Lifecycle Model | p. 4 |
| ARBIL Outer Wheel | p. 4 |
| ARBIL Inner Wheel | p. 6 |
| Confidentiality, Integrity, and Availability--the CIA Model | p. 7 |
| Confidentiality | p. 7 |
| Integrity | p. 8 |
| Availability | p. 8 |
| A Glimpse at the Hacking Process | p. 8 |
| Attack Trees | p. 9 |
| Information Security Threats List | p. 9 |
| INFOSEC Target Model | p. 10 |
| Vulnerability List | p. 10 |
| Network Security Safeguards and Best Practices | p. 12 |
| Network Security Best Practices | p. 13 |
| Summary | p. 16 |
| Infosec Risk Assessment and Management | p. 17 |
| Risk Management Using the SMIRA Process | p. 18 |
| What Is Risk Management? | p. 21 |
| What Is Risk Assessment? | p. 21 |
| Risk Assessment Components | p. 23 |
| Risk Assessment Terminology and Component Definitions | p. 26 |
| Asset | p. 26 |
| Threat | p. 28 |
| Threat Agent/Actor and Threat Act | p. 28 |
| Threat Indicators | p. 29 |
| Vulnerability | p. 29 |
| Threat Consequences | p. 30 |
| Impact | p. 30 |
| Risk | p. 30 |
| Safeguards and Controls | p. 30 |
| Conducting a Risk Assessment | p. 32 |
| Summary | p. 34 |
| Hacking Techniques and Defenses | |
| Hacking Concepts | p. 37 |
| Hacking Model | p. 38 |
| Reconnaissance | p. 38 |
| Compromise | p. 41 |
| Leverage | p. 42 |
| Targeting List | p. 43 |
| Attack Trees | p. 44 |
| Infrastructure | p. 45 |
| Application | p. 46 |
| Summary | p. 47 |
| Reconnaissance | p. 49 |
| Collect and Assess | p. 50 |
| Identification of the Enterprise | p. 50 |
| Identification of Registered Domains | p. 51 |
| Identification of Addresses | p. 51 |
| Scan | p. 52 |
| DNS Discovery | p. 53 |
| ICMP Scan | p. 54 |
| TCP Scan | p. 55 |
| UDP Scan | p. 56 |
| Enumerate | p. 57 |
| Services Enumeration | p. 57 |
| Advanced Stack Enumeration | p. 61 |
| Source Port Scanning | p. 62 |
| Application Enumeration | p. 63 |
| Service Enumeration | p. 63 |
| Banner Nudges | p. 69 |
| Client Connections | p. 70 |
| Summary | p. 71 |
| Attack, Compromise, and Escalate | p. 73 |
| UNIX Exploits | p. 74 |
| Remote UNIX Attacks | p. 75 |
| Remote Attacks on Insecure Services | p. 78 |
| Local UNIX Attacks | p. 84 |
| Windows Exploits | p. 87 |
| Windows 9x/ME | p. 87 |
| Remote Attacks--Windows 9x/ME | p. 87 |
| Local Attacks--Windows 9x/ME | p. 89 |
| Windows NT/2000 | p. 90 |
| Remote Attacks--Windows NT/2000 | p. 91 |
| Local Attacks--Windows | p. 94 |
| Native Application Attacks--Windows NT/2000 | p. 99 |
| Summary | p. 104 |
| Special Topics | |
| Wireless Network Security | p. 107 |
| Wireless Networks | p. 108 |
| Overview of 802.11 Wireless Standards | p. 108 |
| Attacking the Wireless Arena | p. 110 |
| The Future of 802.11 Security | p. 117 |
| Summary | p. 118 |
| Web Application Security | p. 119 |
| A Dangerous Web | p. 120 |
| Beyond Firewalls | p. 120 |
| Overall Web Security | p. 121 |
| Securing the Servers and Their Environments | p. 121 |
| Securing Web Applications | p. 123 |
| Categories of Web Application Security | p. 123 |
| Authentication | p. 124 |
| Authorization | p. 125 |
| Session Management | p. 127 |
| Input Parameters | p. 128 |
| Encryption | p. 131 |
| Miscellaneous | p. 132 |
| General Web Application Assessment/Hacking | p. 134 |
| Methodology | p. 135 |
| Summary | p. 139 |
| Common Intruder Tactics | p. 141 |
| Social Engineering | p. 142 |
| They Seem Legitimate! | p. 144 |
| Final Thoughts on Social Engineering | p. 147 |
| Network Sniffing--What Are Sniffers? | p. 147 |
| Why Will a Hacker Use Them? | p. 148 |
| Commonly Used Sniffers | p. 148 |
| How Do You Detect Sniffers? | p. 153 |
| Exploiting Software Design and Implementation Flaws | p. 157 |
| Buffers--What Are They? | p. 158 |
| Developing the Exploit Code | p. 162 |
| Final Thoughts on Design and Implementation Flaws | p. 163 |
| War Dialing and PBX Hacking | p. 163 |
| Overview of Security Implications | p. 164 |
| Types of Dial-Up Systems to Protect | p. 165 |
| Top Three War Dialing Tools | p. 173 |
| Summary | p. 175 |
| Incident Response | p. 177 |
| Signs of Being Hacked | p. 178 |
| Trojan Horse Programs | p. 178 |
| Rootkits | p. 180 |
| Identifying a Compromise | p. 181 |
| Network | p. 182 |
| User Accounts and User Groups | p. 182 |
| File Systems/Volumes and Processes | p. 184 |
| Logging | p. 186 |
| Incident Recovery Checklist | p. 187 |
| Identify and Disable | p. 187 |
| Notify and Plan | p. 188 |
| Implement Countermeasures and Heighten Awareness | p. 188 |
| Recover and Rebuild | p. 189 |
| Wrap Up and Analyze | p. 190 |
| Summary | p. 191 |
| Security Assessment/Hardening Checklists | p. 193 |
| System Assessment and Hardening Concepts | p. 194 |
| System and Host Hardening Methodology | p. 196 |
| Checklists | p. 196 |
| Microsoft Windows | p. 197 |
| UNIX | p. 199 |
| Web Server | p. 203 |
| FTP Service | p. 205 |
| DNS | p. 206 |
| Mail | p. 206 |
| Router | p. 207 |
| Wired Network | p. 209 |
| Wireless Network | p. 211 |
| Physical Security | p. 212 |
| Summary | p. 215 |
| Web Resources | p. 217 |
| Various Security News and Informational Sites | p. 218 |
| Exploits and Hacking Information | p. 219 |
| Various Word Lists for Brute-Forcing | p. 219 |
| Default Password Lists | p. 219 |
| Lookup Port Numbers | p. 220 |
| Information about Trojan Horses | p. 220 |
| Education/Certification/Organizations | p. 220 |
| Publications | p. 221 |
| Security Mailing Lists | p. 221 |
| Conferences | p. 221 |
| Government Affiliated | p. 221 |
| Miscellaneous Interesting Items | p. 222 |
| Index | p. 223 |
| Table of Contents provided by Ingram. All Rights Reserved. |