ECSA (EC-Council Certified Security Analyst) v9

Module 01: Need for Security Analysis

• Briefs on security concerns due to intrusions and discusses various challenges of security
• Describes various elements of information security measures
• Explains various steps of risk assessment and discusses risk assessment values
• Explains how to harden security and discusses various types of security policies
• Discusses different information security standards
• Discusses various information security acts and laws

Module 02: TCP/IP Packet Analysis

• Discusses various components of TCP/IP model
• Explains TCP/IP source and destination port connections
• Discusses Internet Protocol v6 (IPv6) in details which covers IPv6 header, IPv4/IPv6 transition mechanisms, IPv6 security issues, etc.
• Describes in detail about Internet Control Message Protocol (ICMP) and the process involved in ICMP message delivery
• Describes ICMP address mask
• Explains in detail about TCP/IP concepts in mobile technology
• Discusses various TCP options which improve performance of mobile technology

Module 03: Penetration Testing Methodologies

• Defines penetration testing and its constraints
• llustrates various types of penetration testing and its phases
• Explains about penetration testing strategies
• Discusses penetration testing methodologies
• Gives information about penetration testing consultants and responsibilities of a penetration tester
• Discusses ethics of a penetration tester

Module 04: Customers and Legal Agreements

• Describes why do organizations need a pen testing
• Explains how to create a checklist of the testing requirements
• Discusses penetration testing ‘rules of behavior’ and risks involved in penetration testing
• Discusses various legal issues in penetration testing
• Describes penetration testing contract and the limitations of the contract
• Explains how to calculate the pen testing charges

Module 05: Rules of Engagement

• Defines Statement of Work (SOW)
• Discusses Rules of Engagement (ROE) and its scope in penetration testing
• Explains various steps for framing ROE
• Discusses various clauses in ROE

Module 06: Penetration Testing Planning and Scheduling

• Illustrates test plan and its purpose
• Discusses phases involved in penetration testing
• Explains about the project scope of the penetration testing
• Describes skills and knowledge required for penetration testing
• Discusses penetration testing teams
• Provides an overview of the project plan
• Defines penetration testing schedule
• Discusses various penetration testing project scheduling tools
• Discusses penetration testing hardware/software requirements

Module 07: Pre-penetration Testing Steps

• Discusses listing of client organization’s penetration testing requirements and purpose of the test
• Explains the importance of obtaining penetration testing permission from the company’s stakeholders and local law enforcement agency
• Explains why it is necessary to list the tests that will not be carried out on the client’s network
• Demonstrates the approach in identifying the type of testing to be carried out
• Explains the benefits of hardening the security of an organization by listing the servers, workstations, desktops, and network devices that need to be tested
• Explains Rules of Engagement (ROE)
• Discusses the preparation of penetration testing legal documents and Non-disclosure
• Agreements (NDA)
• Illustrates how to identify core competencies/limitations
• Discusses the selection criteria of penetration testers required for the project
• Describes various methods to gather information about the client’s organization
• Demonstrates the usage of security tools in a penetration testing project
• Explains the importance of obtaining the contact details of the key person at the client’s company for emergency
• Discusses about preparing a list of contractual constraints in the penetration testing agreement
• Explains preparation of the final penetration testing report

Module 08: Information Gathering

• Discusses information gathering and its terminologies
• Demonstrates how to gather target company’s data such as company URL, private and public website, contact numbers, employee list and their email addresses, geographical location, etc.
• Discusses the usage of various online services and information gathering tools to collect information about the target company
• Explains how to identify the link popularity of the company’s website
• Illustrates the process of identifying, gathering, analyzing, verifying, and using information about competitors
• Describes the significance of listing the company’s partners and distributors
• Demonstrates the ways to visit the company as an inquirer and extract privileged information
• Discusses the usage of various web investigation tools to extract sensitive data
• Explains the techniques to discover the registered information using WhoIs database
• Illustrates how to locate a company’s network range
• Provides various methods to track email communications and gather relevant information

Module 09: Vulnerability Analysis

• Explains what is vulnerability assessment and its classification
• Discusses various types of vulnerability assessment and its phases
• Explains how to conduct a vulnerability assessment
• Discusses vulnerability analysis stages
• Illustrates vulnerability assessment reports
• Discusses various types of vulnerability assessment tools
• Describes criteria for choosing a vulnerability assessment tool
• Discusses about the vulnerability analysis chart

Module 10: External Penetration Testing

• Discusses external intrusion test and analysis
• Explains client benefits of external penetration testing
• Defines company’s external infrastructure
• Explains various techniques to identify the IP address of the targets
• Discusses how to locate the ISP servicing the client
• Describes preparation of list of open, closed, suspicious ports
• Discusses various types of scans on the target and checking the response for each scan
• Illustrates analysis of the TCP sequence number prediction, use of standard and non-standard protocols, IPID sequence, system uptime of the target and operating system
• Discusses several means to look for error and custom web pages
• Explains how to probe the service by SMTP mail bouncing
• Demonstrates grabbing the banner of POP3 and FTP servers
• Provides information to check responses for ICMP scan performed
• Illustrates port scans of DNS Servers, TFTP Servers, etc.
• Demonstrates test for various ports such as NTP ports, SNMP ports, etc.
• Offers recommendations to protect the system from external threats

Module 11: Internal Network Penetration Testing

• Discusses mapping of the internal network
• Explains user enumeration
• Discusses various ways to sniff the network and tools used for this purpose
• Discusses various types of attacks to be attempted to perform the test
• Describes attempts to plant hardware and software keyloggers, spyware, Trojan, backdoor account, bypass anti-virus software and rootkits on the target machine
• Explains the usage of various steganography techniques
• Illustrates capturing of numerous traffic such as POP3, SMTP, HTTP, HTTPS, RDP, VoIP, etc.
• Discusses various filters that can be used to run Wireshark
• Explains how spoofing of the MAC address helps in gaining access to VLANs
• Discusses attempts of session hijacking on Telnet, FTP and HTTP traffics
• Illustrates the usage of various types of vulnerability scanning tools to perform internal network penetration tests

Module 12: Firewall Penetration Testing

• Explains how does a firewall work
• Discusses firewall logging functionality, firewall policy and implementation
• Explains in detail about maintenance and management of firewall
• Illustrates various types of firewalls
• Discusses various types of firewall penetration testing tools
• Explains in detail about firewall ruleset mapping
• Discusses best practices for firewall configuration
• Explains various steps for conducting firewall penetration testing

Module 13: IDS Penetration Testing

• Illustrates different types of Intrusion Detection Systems (IDS)
• Discusses how to test the IDS for resource exhaustion
• Discusses various methods to test IDS, e.g. by sending ARP flood, MAC spoofing, IP spoofing,etc.
• Explains testing of IP packet fragmentation
• Discusses test for backscatter, reverse traversal, etc.
• Illustrates how to test the IDS using TCPReplay, TCPopera, Method Matching, and double slashes
• Explains bypassing invalid RST packets through IDS
• Describes various types of intrusion detection tools

Module 14: Password Cracking Penetration Testing

• Defines password terminology and importance of passwords
• Discusses various types of passwords
• Describes different types of password attacks
• Provides detailed information about LM, NTLM and Kerberos authentication
• Discusses how to identify the target person’s personal profile
• Describes various password cracking techniques
• Discusses the usage of several tools to perform wire sniffing, man-in-the-middle attack, replay attack to capture passwords
• Explains in detail about extracting the SAM file in Windows machines, cleartext passwords from an encrypted LM hash, etc/passwd and /etc/shadow files in Linux systems etc.
• Illustrates usage of automated password crackers to break password-protected files
• Explains how to use a Trojan/spyware/keyloggers to capture passwords

Module 15: Social Engineering Penetration Testing

• Explains what is social engineering and its requirements
• Lists the common targets of social engineering and impact of social engineering on the organization
• Discusses how to attempt social engineering using the phone, vishing, email, traditional mail, in-person, dumpster diving, etc.
• Explains social engineering attempts through insider accomplice , shoulder surfing, desktop information, extortion and backmail
• Illustrates the significance of obtaining satellite imagery and building blueprints in social engineering
• Discusses on finding out details of an employee from social networking sites
• Explains the usage of telephone monitoring device to capture conversations
• Describes the usage of various video recording tools to capture images and vehicle/asset tracking system to monitor motor vehicles
• Discusses on identifying the disgruntled employees and engaging them in conversation to extract sensitive information

Module 16: Web Application Penetration Testing

• Explains in detail about fingerprinting web application environment
• Discusses about testing for web server vulnerabilities
• Illustrates testing of configuration management
• Explains in detail about testing for client-side vulnerabilities
• Defines testing for authentication mechanism
• Describes about testing session management mechanism
• Illustrates in detail about the testing authorization controls
• Explains in detail about the testing data validation mechanism
• Discusses testing of web services
• Defines testing for logic flaws

Module 17: SQL Penetration Testing

• Explains how does SQL injection work
• Illustrates various types of SQL injection attacks
• Discusses listing of all input fields and hidden fields of post requests
• Explains in detail to attempt to inject codes into the input fields to generate an error
• Discusses to perform fuzz testing, function testing, static/dynamic testing, black box pen testing to detect SQL injection vulnerabilities
• Explains the extraction of database name, users, columns by blind SQL injection
• Provides detailed explanation on performing various attacks such as code injection attack, function call injection attack, buffer overflow injection attack, etc.
• Explains how to evade IDS using hex encoding, char coding, manipulating white spaces, in-line comments and obfuscated code
• Discusses various SQL penetration testing tools
• Discusses best practices to prevent SQL injection

Module 18: Penetration Testing Reports and Post Testing Actions

• Provides an overview of penetration testing deliverables
• Discusses the goal of the penetration testing report
• Illustrates various types of pen test reports and characteristics of a good pen testing report
• Discusses on identifying a skilled individual to write the final report
• Explains the process and criteria to be followed during report development
• Provides key guidelines to collect information
• Describes pen testing report format that an organization should include
• Discusses scope of the project and provides a summary of evaluation, findings, and recommendation
• Describes various sections such as methodologies, planning, exploitation and reporting
• Discusses the information to be included in the results analyzed
• Explains why should organizations develop an action plan
• Discusses the importance of report retention