CNIT 123
Ethical Hacking and Network Defense

Fall 2016 Sam Bowne

Schedule · Slides · Projects · Links · Home Page

Scores

Open Lab Hours for Sci 214


72250 Thu 6:10 - 9:00 pm SCIE 200

Catalog Description

ADVISE: CNIT 106 or 120 or 201C
Learn how hackers attack computers and networks, and how to protect Windows and Linux systems. Legal restrictions and ethical guidelines will be taught and enforced. Students will perform many hands-on labs, both attacking and defending, using port scans, footprinting, buffer overflow exploits, SQL injection, privilege escalation, Trojans, and backdoors.
CSU
Learn about attacks and how to defend Windows and Linux systems. After successful completion of this course, students will be able to:
Outcome 1: Determine what an ethical hacker can and cannot do legally, and evaluate credentials and roles of penetration testers.
Outcome 2: Perform reconnaissance on a target network using a variety of scanning and probing techniques.
Outcome 3: Enumerate and classify Microsoft and Linux Operating Systems vulnerabilities.
Outcome 4: Take control of Web Servers and wireless networks, and protect them.
Outcome 5: Evaluate and select cryptography and hashing methods, and perform attacks against them.
Outcome 6: Select and implement security devices, including routers, firewalls, Intrusion Detection Systems, and honeypots.

Textbook
Hands-On Ethical Hacking and Network Defense, Second Edition by Michael T. Simpson, Kent Backman, and James Corley -- ISBN: 1133935613 Buy from Amazon ($29)

Schedule
Date	Quiz	Topic

Thu 8-18		Ch 1: Ethical Hacking Overview


Thu 8-25		Ch 2: TCP/IP Concepts Review


Thu 9-1		Ch 3: Network and Computer Attacks
*Fri 9-2*	*Last Day to Add Classes*

Thu 9-8	Quiz on Ch 1-3	Ch 4: Footprinting and Social Engineering


Thu 9-15	Quiz on Ch 4 Proj 1 & 2 due	Ch 5: Port Scanning


Thu 9-22	Quiz on Ch 5 Proj 3-5 due	Ch 6: Enumeration


Thu 9-29	Quiz on Ch 6 Proj 6 & 7 due	Ch 7: Programming for Security Professionals


Thu 10-6	Quiz on Ch 7 Proj 8 & 9	Ch 8: Desktop and Server OS Vulnerabilites


Thu 10-13	Quiz on Ch 8 Proj 10 due	Ch 9: Embedded Operating Systems: The Hidden Threat


Thu 10-20	Quiz on Ch 9 Proj 11 & 12 & 13 Due	Ch 10: Hacking Web Servers


*Mon 10-24*	*Mid-Term Grades Due*

Thu 10-27	Quiz on Ch 10 Proj 14 & 15 due	Ch 11: Hacking Wireless Networks


Thu 11-3	Quiz on Ch 11 Proj 16 & 17 due	Ch 12: Cryptography


Thu 11-10	Quiz on Ch 12 Proj 18 & 19 due	Ch 13: Network Protection Systems


Thu 11-17	No Quiz Proj 20 & due	Open Lab

*Thu 11-24*	*Holiday: No Class*

Thu 12-1	No Quiz No Proj due	Guest speaker cancelled; I'll demonstrate Try-CybSI More extra credit projects

Thu 12-8	All Extra Credit Proj due Proj 21 & 22 due, No Quiz	Last Class: Guest Speakers from The Gap Cybersecurity Division David Hua - Systems Engineer III, Security Engineering Santa Ram Susarapu - Senior Manager, Security Engineering

Thu 12-15	*Final Exam*

Slides
Policy
Student Agreement
Code of Ethics
Security Training at CCSF · KEY · PDF
Ch 1: Ethical Hacking Overview · KEY · PDF
Ch 2: TCP/IP Concepts Review Powerpoint
Ch 3: Network and Computer Attacks · KEY · PDF
Ch 4: Footprinting and Social Engineering · KEY · PDF
Ch 5: Port Scanning HTML KEY
Ch 6: Enumeration · KEY · PDF
Ch 7: Programming for Security Professionals · KEY · PDF
Ch 8: Desktop and Server OS Vulnerabilites · KEY · PDF
Ch 9: Embedded Operating Systems: The Hidden Threat · KEY · PDF
Ch 10: Hacking Web Servers HTML KEY
Ch 11: Hacking Wireless Networks HTML KEY
Ch 12: Cryptography HTML KEY
Ch 13: Network Protection Systems · KEY · PDF
Click a lecture name to see it on SlideShare. If you want to use other formats, you may find this useful: Cloud Convert.

Back to Top

Projects
Downloading the Virtual Machines Download VMware Player Project 1: Using Virtual Machines (revised 1-28-16) (15 pts.) · Tips for Kali 2 How to Fix Kali 2 Repositories Project 2: Using Armitage to Take Over a Windows 2008 Server (revised 8-25-15) (15 pts.) Project 3: HTTP Basic Authentication (10 pts.) (rev. 9-7-16) Project 4: Creating Infectious Media with the Social Engineering Toolkit (15 pts.) (rev 9-23-16) Project 5: Port Scans and Firewalls (20 pts.) (revised 9-7-16) Project 6: Analyzing Types of Port Scans (20 pts.) (revised 9-12-13) Project 7: Windows DoS with IPv6 Router Advertisement Packets (10 pts.) (rev. 9-22-15) Project 8: Programming in C on Linux (Ch 7, 15 pts.) (revised 8-29-13) Project 9: Introduction to Scapy (15 pts.) (rev. 10-3-13) Project 10: TCP Handshake with Scapy (15 pts.) (revised 9-27-13) Project 11: Cookie Replay (15 pts.) (rev 10-13-16) Project 12: Cracking Linux Password Hashes with Hashcat (15 pts.) (updated 10-14-16) Project 13: Using the Ultimate Boot CD to Create Administrator Accounts (15 pts.) (Rev. 13-16-16) Project 14: Security Shepherd (20 pts.) (Updated 2-22-16) Project 15:PicoCTF (20 pts.) (new 1-9-16) Project 16: Attacking Apache with the OWASP HTTP DoS Tool (15 pts.) (rev. 10-27-16) Download HttpDosTool3.6.zip Download HttpDosTool4.0.zip Project 17: yesman Honeypot with scapy (15 pts.) (rev. 9-16-11) Project 18: Cracking Windows Passwords with Cain and Abel (15 pts.) (revised 4-6-16) Alternate download location for Cain (7-zip archive, password sam) Project 19: SQL Injection with SQLol (20 pts) (rev. 11-1-16) Project 20: Exploiting SQLi with Havij and Input Filtering (20 pts) (rev. 5-11-16) Project 21: Hijacking HTTPS Sessions with SSLstrip (15 pts.) (revised 11-30-16) Project 22: WPA Decryption (10 pts. + 10 extra) (rev. 5-13-16) Note: New Project! Project X0: Essential Linux (15 pts. extra credit) Project X1: Subnet Exercises (10 pts. extra credit) Project X2: HackThisSite (15 pts. extra credit) Project X3: Using a Hardware Keylogger (10 pts., now extra credit) Project X4: Social Engineering DNS Registration (points vary) Project X5: Encrypted Email (15 pts. extra credit) (Rev. 11-10-16) Project X6: Reverse-Engineering an Authentication Cookie (15 pts. extra credit) Project X7: Bypassing Windows Logins with UBCD (2014) (15 pts. extra credit) Project X8: Password Guessing Games (up to 30 pts.) (URL fixed 4-22-13) Project X9: Password Brute Force Challenges (up to 30 pts.) Project X11: Detecting Promiscuous NICs with scapy (10 pts.) (rev. 11-10-16) Project X12: Slow Loris Attack with scapy (20 pts.) Project X13: ARP Spoofing with scapy (10 pts.) (Updated 11-1-16) Project X14: Security Shepherd Challenges (Up to 20 pts.) Project X15: PicoCTF (Up to 20 pts. extra credit) (new 1-9-16) Project X16: Cracking Windows Password Hashes with Hashcat (15 pts.) (rev 12-8-16) Project X17: CodeCademy (up to 40 pts.) Project X18: Lockpicking (up to 40 pts.) Proj 22x: Student Presentation (Usually 15 pts.) SQL Injection Projects Proj SQL-X3: Exploiting a SQL Injection with sqlmap (10 pts) N Proj SQL-X4: Fixing a SQL Injection Vulnerability with Parameterized Queries (15 pts.) N

Projects

Downloading the Virtual Machines

Download VMware Player

Project 1: Using Virtual Machines (revised 1-28-16) (15 pts.) · Tips for Kali 2

How to Fix Kali 2 Repositories

Project 2: Using Armitage to Take Over a Windows 2008 Server (revised 8-25-15) (15 pts.)
Project 3: HTTP Basic Authentication (10 pts.) (rev. 9-7-16)
Project 4: Creating Infectious Media with the Social Engineering Toolkit (15 pts.) (rev 9-23-16)
Project 5: Port Scans and Firewalls (20 pts.) (revised 9-7-16)
Project 6: Analyzing Types of Port Scans (20 pts.) (revised 9-12-13)
Project 7: Windows DoS with IPv6 Router Advertisement Packets (10 pts.) (rev. 9-22-15)
Project 8: Programming in C on Linux (Ch 7, 15 pts.) (revised 8-29-13)
Project 9: Introduction to Scapy (15 pts.) (rev. 10-3-13)
Project 10: TCP Handshake with Scapy (15 pts.) (revised 9-27-13)
Project 11: Cookie Replay (15 pts.) (rev 10-13-16)
Project 12: Cracking Linux Password Hashes with Hashcat (15 pts.) (updated 10-14-16)
Project 13: Using the Ultimate Boot CD to Create Administrator Accounts (15 pts.) (Rev. 13-16-16)
Project 14: Security Shepherd (20 pts.) (Updated 2-22-16)
Project 15:PicoCTF (20 pts.) (new 1-9-16)
Project 16: Attacking Apache with the OWASP HTTP DoS Tool (15 pts.) (rev. 10-27-16)
       Download HttpDosTool3.6.zip
       Download HttpDosTool4.0.zip
Project 17: yesman Honeypot with scapy (15 pts.) (rev. 9-16-11)
Project 18: Cracking Windows Passwords with Cain and Abel (15 pts.) (revised 4-6-16)
       Alternate download location for Cain (7-zip archive, password sam)
Project 19: SQL Injection with SQLol (20 pts) (rev. 11-1-16)
Project 20: Exploiting SQLi with Havij and Input Filtering (20 pts) (rev. 5-11-16)
Project 21: Hijacking HTTPS Sessions with SSLstrip (15 pts.) (revised 11-30-16)
Project 22: WPA Decryption (10 pts. + 10 extra) (rev. 5-13-16)

Note: New Project!
Project X0: Essential Linux (15 pts. extra credit)

Project X1: Subnet Exercises (10 pts. extra credit)
Project X2: HackThisSite (15 pts. extra credit)
Project X3: Using a Hardware Keylogger (10 pts., now extra credit)
Project X4: Social Engineering DNS Registration (points vary)
Project X5: Encrypted Email (15 pts. extra credit) (Rev. 11-10-16)
Project X6: Reverse-Engineering an Authentication Cookie (15 pts. extra credit)
Project X7: Bypassing Windows Logins with UBCD (2014) (15 pts. extra credit)
Project X8: Password Guessing Games (up to 30 pts.) (URL fixed 4-22-13)
Project X9: Password Brute Force Challenges (up to 30 pts.)

Project X11: Detecting Promiscuous NICs with scapy (10 pts.) (rev. 11-10-16)
Project X12: Slow Loris Attack with scapy (20 pts.)
Project X13: ARP Spoofing with scapy (10 pts.) (Updated 11-1-16)
Project X14: Security Shepherd Challenges (Up to 20 pts.)
Project X15: PicoCTF (Up to 20 pts. extra credit) (new 1-9-16)
Project X16: Cracking Windows Password Hashes with Hashcat (15 pts.) (rev 12-8-16)
Project X17: CodeCademy (up to 40 pts.)
Project X18: Lockpicking (up to 40 pts.)

Proj 22x: Student Presentation (Usually 15 pts.)

SQL Injection Projects

Proj SQL-X3: Exploiting a SQL Injection with sqlmap (10 pts) N
Proj SQL-X4: Fixing a SQL Injection Vulnerability with Parameterized Queries (15 pts.) N

Back to Top

Links
Links From Lectures Ch 1a: Robert Bruen's review of the textbook Ch 1b: Wired News: Ethical Hacking Is No Oxymoron Ch 1c: EC-Council \| Certified Ethical Hacker Certification Ch 1d: EC-Council \| Code of Ethics Ch 1e: Run Away From The CEH Certification Ch 1f: ISECOM - OPST Accredited Certification Ch 1g: Rate My Network Diagram Ch 1h: RE: OPST and CEH Certifications Ch 1i: SANS Institute - Network and Computer Security Training Ch 1j: SANS Top-20 Internet Security Attack Targets (2006 Annual Update) Ch 1k: CCSF COMPUTER USAGE POLICY Ch 1l1: Lycos starts anti-spam screensaver plan: Dec 2, 2004 Ch 1l2: Lycos Pulls Anti-Spam 'Vigilante' Campaign -- Dec 3, 2004 Ch 1l3: Lycos's Spam Attack Network Dismantled -- Spammers sent the DOS packets back to Lycos -- Dec 6, 2004 Ch 1m: Blue Frog begins its "vigilante approach" to fight spam -- July, 2005 Ch 1n: Russian spammer fights back, claims to have stolen Blue Frog's database, sends threating email -- DOS attack in progress -- May 2, 2006 Ch 1o: Blue Frog compromised and destroyed by attacks, urgent instructions to uninstall it, the owners have lost control -- May 17, 2006 Ch 1p: Call for help creating distributed, open-source Blue Frog replacement -- May 17, 2006 Ch 1q: Linux update becomes terminal pain Ch 1r: Permission Memo for Penentration Testing Ch 1s: Freed LulzSec hacker banned from contacting Anons, wiping data Ch 1t: The Secret Anarchy of Science sales rocket after Jake Davis seen clutching a copy Ch 1u: Leading Member of LulzSec Hacker Squad Arrested in London (from 2011) Ch 1v: Ryan Cleary: 'Hacker' accused of bringing down 'British FBI' site Ch 1v: How I Out-Hacked a LulzSec Member Ch 1w: Stay Out of Anonymous Ch 2a: Header Format Ch 2b: List of assigned /8 IP address blocks Ch 2c: A Binary Primer Ch 2d: Classful network Ch 2e: How to Obscure Any URL Ch 2f: Obscuring a URL (demonstration for lecture) Ch 2g: Warriors of the Net - The Story Ch 2h: Statistical Weaknesses in TCP/IP Initial Sequence Numbers Ch 2i: The Sorceror\'s Apprentice Syndrome in TFTP Ch 3 Lecture Demo: Companion Trojan 1 Ch 3 Lecture Demo: Companion Trojan 2 Ch 3 Lecture Demo: Hacker Defender Rootkit Part 1 Ch 3 Lecture Demo: Hacker Defender Rootkit Part 2 Ch 3a: Base64 Encoding Explained Ch 3b: Base64 Online - base64 decode and encode Ch 3c: Melissa Worm and I Love You Worm Source Codes Ch 3d: Computer Virus Generator Kits Ch 3e: Animated GIF of Code Red Spreading (4 MB) Ch 3f: CAIDA : analysis : security : code-red Ch 3g: Worm infects ATM machines of two US financial institutions (Nov. 26, 2003) Ch 3h: Trend brings out ATM Antivirus Product Ch 3i: ATM Machine and Windows XP Images Ch 3j: Worm hits Windows-based ATMs Ch 3k: Shortcut Trojan Ch 3l: Microsoft takes down barrier in Vista firewall Ch 3m: Zonelabs ZoneAlarm vs Windows Vista Firewall vs XP SP2 Ch 3n: Ping of death - Wikipedia Ch 3o: Bump Keys Ch 3p: IC Card Locks Ch 3q: How to unlock a car with a tennis ball Ch 3q: Windows Trojan Vulnerability: MS00-052: Registry-Invoked Programs Use Standard Search Path Ch 3r: Base64 Explained Ch 3s: Windows DLL-loading security flaw puts Microsoft in a bind (2010) Ch 3t: How to use MIcrosoft\'s workaround for the DLL Hijacking vulnerability Ch 3u: Code Red Animations from CAIDA Ch 3v: Viruses stole City College of S.F. data for years --FUD Ch 3w: Microsoft DLL Hijacking Exploit in Action Ch 3x: The Ping of Death returns, IPv6-style (2013) Ch 3y: Los Angeles college pays $28,000 in ransomware (1-10-17) Ch 3z: The Ultimate Guide to Angler Exploit Kit for Non-Technical People Ch 4a1: Download Java SE Development Kit 6 Update 4 Ch 4a: Parosproxy.org - Web Application Security Ch 4b: Bugnosis Web Bug Detector Ch 4c: RFC 2616 (rfc2616) - Hypertext Transfer Protocol -- HTTP/1.1 Ch 4d: Specification of HTTP/1.1 OPTIONS messages Ch 4e: Lock IT Down: Block DNS zone transfers to protect your servers Ch 4f: Web Bugs: Nearly undetectable tracking device raises concern Ch 4g: The Web Bug FAQ Ch 4h: Demonstration Page with a Web Bug Ch 4i: WebGoat Project - OWASP Ch 4j: Ghostery :: Add-ons for Firefox -- Detects Web Bugs Ch 4k: Only 5 (all women) of 135 pass Defcon social engineering test Ch 4l: Ghost in the Wires: My Adventures as the Worldquots Most Wanted Hacker: Kevin Mitnick Ch 4m: Mitnick fakes way into LA Telco Central Office - YouTube Ch 4n: Anonymous speaks: the inside story of the HBGary hack Ch 4o: Two thirds of San Franciscans gave up password for coffee (from 2005) Ch 5a: Port scans legal, judge says (12/18/2000) Ch 5b: Port Scanning and its Legal Implications (2004) Ch 5c: Nmap Tutorial Ch 5d: A Simple Guide to Nmap Usage Ch 5e: YouTube - Trinity Nmap Hack - Matrix Reloaded Ch 5f: Unicornscan CH 5g: NetScanTools Ch 5h: Nessus Vulnerability Scanner Ch 5i: Nessus Technical Guide Ch 5j2: A very simple nessus installation [Archive] - Ubuntu Forums Ch 5j: How to install the vulnerability scanner Nessus \| Ubuntu Linux Ch 5k: fping - a program to ping hosts in parallel Ch 5m: Hping - Wikipedia, the free encyclopedia Ch 5n: Tutorial: Hping2 Basics Ch 5o: Smurf attack - Wikipedia, the free encyclopedia Ch 5p: Preventing Smurf Attacks Ch 5q: Advanced Bash-Scripting Guide Ch 5r: Kon-Boot -- Reset Windows & Linux Passwords Ch 6a: NetBios Howto Ch 6b: NetBIOS NULL Sessions: The Good, The Bad, and The Ugly Ch 6c: Null session attacks: Who's still vulnerable? Ch 6d: NULL sessions restrictions of server and workstation RPC operations Ch 6e: Null session in Windows XP Ch 6f: Listing usernames via a null session on Windows XP Ch 6g: Download Winfo -- NetBIOS Null Session Enumeration Tool Ch 6h: NetBIOS Suffixes (16th Character of the NetBIOS Name) Ch 6i: NetScanTools.com Ch 6j: SystemTools.com - DumpSec and Hyena Ch 6k: Description of the Windows File Protection feature Ch 6l: OpenVAS emerges as free alternative to Nessus Ch 6m: OpenVAS - OpenVAS - Open Vulnerability Assessment System Community Site Ch 6n: Bill Gates: Trustworthy Computing (from 2002) Ch 7a: Where are the C libraries? [Archive] - Ubuntu Forums Ch 7b: Why Windows is less secure then Linux -- system call diagrams (updated link, works in March 2011) Ch 7c: The Linux Kernel Map Ch 7d: Cprogramming.com - Programming Tutorials: C++ Made Easy and C Made Easy Ch 7e: We Are Morons: a quick look at the Win2k source \|\| kuro5hin.org Ch 7f: Linux: Fewer Bugs Than Rivals Ch 7g: An IDA Primer--Disassembler Ch 7h: Ubuntu Software - GHexedit \| Hexeditor Ch 7i: The GNU C Programming Tutorial -- scanf and avoiding buffer overflows Ch 7j: Robert's Perl Tutorial Ch 7k: Free Online Web Tutorials - CGI Perl Tutorial - How to use HTML with Perl for Web Data Collection and Processing Ch 7l: Python On XP: 7 Minutes To 'Hello World!' Ch 7m: ActiveState - ActivePython free Python open source language distribution Ch 7n: Python Babysteps Tutorial Ch 7o: The GNU Netcat -- Official homepage Ch 7p: Opening TCP Sockets in ActivePython 2.4 Ch 7q: Writing Buffer Overflow Exploits - a Tutorial for Beginners Ch 7r: Simple Package management with Synaptic Package Manager in Ubuntu -- Debian Admin Ch 7s: PEBrowse Professional Windows Disassembler Ch 7t: codepad - Online interpreter for C, Perl, Ruby, and many other languages Ch 7u: Ruby example--source code for adobe cooltype exploit Ch 7v: Buffer overflow - Wikipedia Ch 7w: 5000 Bugs caught in Pentium IV Ch 7x: LOLCODE - Wikipedia Ch 7y: Code School - CAN HAS LOLCODE Ch 7z: Brainfuck - Wikipedia Ch 8a: Microsoft Baseline Security Analyzer (MBSA) Ch 8b: Winfingerprint.com Ch 8c: CVE - Common Vulnerabilities and Exposures Ch 8d: NetBIOS protocol, netbeui over TCP, server message blocks Ch 8e: NetBIOS - Wikipedia Ch 8f: NetBios NetBEUI NBF Networking Introduction Ch 8g: How To Configure TCP/IP Networking While NetBIOS Is Disabled in Windows 2000 Server Ch 8h: samba without netbios Ch 8i: The SMB Man-In-the-Middle Attack -- Example hashes here Ch 8j: SmbRelay captures NTLM hashes Ch 8k: L0phtCrack - It's over Ch 8l: ettercap - man in the middle attacks on LAN Ch 8l: Irongeek's Wall of Social Science Majors (inspired by the Wall of Shame/Wall of Sheep) Ch 8m: Ettercap tips and tricks Ch 8n: CIFS: A Common Internet File System Ch 8o: CIFS: Common Insecurities Fail Scrutiny Ch 8o: Winsock - Wikipedia Ch 8p: Microsoft Security: IIS Lockdown Tool Ch 8q: Top 10 Vulnerability Scanners Ch 8r: Wall of Sheep - I see stupid people Ch 8s: Wall of Sheep at DEFCON illustrates what not to do Ch 8w: Tripwire Tutorial -- Signature-based intrusion detection Ch 8x:Null session in Windows XP Ch 8y: Null session attacks: Who's still vulnerable? Ch 8z: Server Message Block - Wikipedia, the free encyclopedia Ch 8za: Full Disclosure: Windows Vista/7 : SMB2.0 NEGOTIATE PROTOCOL REQUEST Remote B.S.O.D. Ch 8zb: Laurent Gaffié blog: More explication on CVE-2009-3103 Ch 8zc: Laurent Gaffié blog: Windows 7 / Server 2008R2 Remote Kernel Crash Ch 8zd: Microsoft Security Intelligence Report Volume 8 Ch 8ze: This is how Windows get infected with malware Ch 8zf: Browser share results (10-3-2011) Ch 8zg: Windows 8.1 stops pass-the-hash attacks (10-3-13) Ch 8zh: Pass the Hash Mitigation Slides Ch 8zj: Selecting all PUPs Ch 8zk: CVE List Master Copy Ch 9a: Windows Embedded - Wikipedia Ch 9b: Windows Embedded Server Products Evaluation Registration Site Ch 9c: Windows Embedded Server Ch 9d: Microsoft® Server with Embedded Licensing Product Guide Ch 9e: Psyb0t - Infected Routers Ch 9f: Nasty New Worm Targets Home Routers, Cable Modems Ch 9g: Excuse me while I turn off your pacemaker Ch 9h: The Router Hacking Contest Results Ch 9i: Hacking into HP LaserJet Printers Ch 9j: AURORA test validated fears of Dept. of Homeland Security Ch 9k: Schneier on Security: Stuxnet Ch 9l: Was Stuxnet built to attack Iran\\\'s Nuclear Program? Ch 9m: Iran confirms massive Stuxnet infection of industrial systems Ch 9m: Iran may have executed nuclear staffers over Stuxnet Ch 9n: Malicious Software Turns Your Cell Phone Against You Ch 9o: Protecting the pre-OS environment with UEFI - Building Windows 8 Ch 9o: How the TPM Prevents Rootkits Ch 9q: Remotely Administer a Server with DRAC - YouTube Ch 9r: SHODAN finding Dell DRAC systems Ch 9s: Reverse Engineering a D-Link Backdoor Ch 9t: OpenWrt in VMware Fusion Ch 9u: openwrt Ch_10a: Sam's Feedback Form (HTML) Ch_10b: Sam's CGI Script in Perl Ch_10c: Netcraft: Web Server Survey Archives Ch_10d: ASP Examples Ch_10e: ASP Basic Example -- Source code for clock Ch_10f: ASP Clock Running (source code is not visible) Ch_10g: Apache HTTP Server - Wikipedia, the free encyclopedia Ch_10h: The Apache Software Foundation Ch_10i: PHP - Wikipedia, the free encyclopedia Ch_10j: Recursive acronym Ch_10k: Hello World in PHP (source code not visible) Ch_10l: Source Code for Hello World in PHP Ch_10m: M-049: Multiple PHP Vulnerabilities Ch_10n: Hardened-PHP Project - PhP Security - Advisory 01/2004 Ch_10o: ColdFusion - Wikipedia Ch_10p: Macromedia ColdFusion Vulnerabilities Ch_10q: ColdFusion Error Page Cross-Site Scripting Vulnerability Ch_10r: VBScript Example -- works in IE, not in Firefox Ch_10s: Firefox FAQ -- no support for VBScript Ch_10t: Microsoft Security Bulletin MS02-009 -- Incorrect VBScript Handling in IE can Allow Web Pages to Read Local Files Ch_10u: Stack overflow vulnerability in Internet Explorer exploitable trough VBScript and JScript scripting engines. Ch_10v: JavaScript Example -- Works in IE and Firefox Ch_10w: JavaScript vulnerabilities surface in multiple browsers Ch_10x: ODBC, OLE DB, and ADO Explained by a Microsoft Developer Ch_10y: Form Demonstration -- maxlength property and GET method Ch_10za: Cross-site scripting - Wikipedia Ch_10zb: How to install Java on Ubuntu Linux Ch_10zc: Installing Sun Java(TM) JRE 1.6.0 (Mustang) in Ubuntu Edgy and Dapper ï¿½ Tuxicity%u2019s source Ch_10zd: Install tomcat 5.5 - Ubuntu Document Storage Facility Ch_10ze: WebGoat Installation - OWASP Ch_10zf: Space Program Blog: Installing Java 5 JDK and Tomcat on Ubuntu (using VMWare) Ch_10zg: Radarhack -- Getting Started with WebGoat Ch_10zh: IIS Unicode Vulnerability Explained Ch_10zi: Download cgiscan.c here Ch_10zj: phfscan.c source code Ch_10zk: Explanation of the PHF bug Ch_10zl: HOW TO: Use Wfetch.exe to Troubleshoot HTTP Connections Ch_10zm: An example of an overly informative error message on SourceForge Ch_10 zm2: An overly informative error message I saw on 1-22-08 Ch_10zn: Introduction to Input Validation with Perl Ch_10zo: The Unexpected SQL Injection Ch_10zp: Hello PHP page - running PHP code Ch_10zq: Hello PHP Page - Source Code Ch 10 zr: Wapiti - Web application security auditor Ch 10 zr: A Profile of Chicago Hacker Jeremy Hammond, and the Police Work That Captured Him Ch 10zq: Dissecting the SQL Injection Tools Used By Hackers Ch_11a: Wlan defaults - Rexploit (archived from 2005) Ch_11b: 3Com OfficeConnect ADSL Wireless 11g Firewall Router Authentication Bypass Vulnerability Ch_11c: Channel Deployment Issues for 2.4-GHz 802.11 WLANs - Cisco Systems Ch_11d1: Direct-sequence spread spectrum - Wikipedia Ch_11d: Spread spectrum - Wikipedia Ch_11e: Cheating CHAP Authentication -- works like session hijacking Ch_11f: Point-to-Point Protocol - Wikipedia Ch_11g: ASLEAP -- Cracks Cisco's LEAP Authentication Ch_11h: Extensible Authentication Protocol - Wikipedia Ch_11i: Wireless LAN Security Site -- 802.11 Vulnerabilities Ch_11j: X.509 - Wikipedia Ch_11k: IEEE 802.1X - Wikipedia Ch_11l: Cracking WEP with Windows XP Ch_11m: How to crack a WEP key using Ubuntu Ch_11n: New attack cracks WEP in record time Ch_11o: NetStumbler.com Ch_11p: AirSnort Homepage Ch_11q: SourceForge.net: AirSnort Ch_11r: AirSnort and WEPCrack compared Ch_11s: fakeAP Ch_11t: Installing Wireless Cards in Ubuntu Ch_11u: Orinoco Drivers With Monitor Mode In 6.10 (Edgy Eft) - Ubuntu Forums Ch_11v: How To Crack WEP - Part 1: Setup & Network Recon Ch_11w: Remote-Exploit.org - Supplying offensive security products to the world Ch_11x: Aircrack-2.3 Windows (Wireless WEP crack) Ch_11y: Orinoco Monitor Mode Patch Page -- Shmoo Group Ch_11z: Red Hat 8.0 Kismet - HOWTO - Includes Orinoco Cards in Monitor Mode Ch_11za: BackTrack 2 Final : how to make Fake Access Points with fakeap.pl Ch_11zb: Debunking the Myth of SSID Hiding Ch_11zc: IEEE 802.11 - Wikipedia Ch_11zd: Aerohive 802.11n Access Point Fastest--264 Mbps Ch_11ze: Download VistaStumbler 1.10 - A powerful network discovery tool optimized for Windows Vista Ch_11zf: Changing Your MAC Address In Window XP/Vista, Linux And Mac OS X (Sometimes known as MAC spoofing) Ch_11zg: Bluetooth - Wikipedia Ch 11zh: IEEE 802.11n-2009 - Wikipedia Ch 11zi: CLEAR \| High-Speed Mobile 4G Wireless Internet Service with WiMAX Ch 11zj: Wi-Fi Protected Access - Wikipedia Ch 11zk: FHSS and DSSS explained: 79 channels v 11 channels Ch 11zl: Verizon dubs sec researchers \"Narcissistic Vlnerability Pimps\" Ch 11zm: Reaver cracks WPS in 19 hoursr Ch 11zn: Sprint raising $2 billion, may throw some dough Clearwire's way -- Moving to LTE Ch 11 zp: List of NICs that can crack WEP Ch 11zq: WiGig is great, but it won't replace your Wi-Fi network (2013) Ch 11zr: Dell D5000 Wireless Dock with WiGig - YouTube Ch 11zs: 4G me not: WiMax isn\'t LTE and is going away at Sprint resellers (2014) Ch 11zt: CCSF Wardriving Results Ch_12a: Enigma machine - Wikipedia Ch_12b: Enigma Simulator Ch_12c: First Steganographic Image in the Wild Ch_12d: A Brute Force Search of DES Keyspace Ch_12e: DeCSS - Wikipedia Ch_12f: Why the DVD Hack Was a Cinch - Ch_12g: Illegal prime - Wikipedia Ch_12h: EFF: DES Cracker Project Ch_12i: Triple DES - Wikipedia Ch_12j: Advanced Encryption Standard - Wikipedia Ch_12j: Oracle Weblogic Server - Wikipedia Ch_12k: International Data Encryption Algorithm - Wikipedia Ch_12l: RC5 - Wikipedia Ch_12m: distributed.net--Cracking RC5-72 Ch_12n: Diffie-Hellman key exchange - Wikipedia Ch_12o: Digital signature - Wikipedia Ch_12p: SHA hash functions - Wikipedia Ch_12q: Cryptographic hash functions Compared Ch_12r: Birthday attack - Wikipedia Ch_12s: oxid.it - Home of Cain & Abel Windows Password Cracker Ch_12za: LM hash - Wikipedia - Excellent explanation of how Ophcrack works Ch_12zb: How to prevent Windows from storing a LAN manager hash of your password in Active Directory and local SAM databases Ch_12zc: Ophcrack--Windows password cracker Ch_12zd: Recover A Password in Linux \| Ubuntology Ch_12ze: 109-bit Elliptic Curve Cryptography knocked over with brute force Ch_12zf: Pretty animated demonstration of the Rindjael encryption algorithm Ch_12zg: The Hash Function Lounge Ch12zh: Explanation of key sizes: 1024 bit RSA is like 80-bit symmetric Ch 12zi: Moore's Law - Wikipedia Ch 12zj: SSLSTRIP attack documents (From Sam Bowne's Defcon Presentation 2009) Ch 12zk: Null Character Hack Allows SSL Spoofing Ch 12zl: Good explanation of the renegotiation SSL/TLS Vulnerability Ch 12zm: Apache2 Basic Authentication Ch 12zn: Basic Authentication Ch 12zo: Hoping to avert "collision" with disaster, Microsoft retires SHA1 Ch 12zp: TLS / SSL - Google Chrome SHA-1 Deprecation Explained Ch 12zq: Transition from SHA-1 to SHA-2 Certificates \| Symantec Ch 12zr: SHA-2 Certificate Solutions \| DigiCert.com Ch 12zq: SSL Server Test (Powered by Qualys SSL Labs) Ch 12zs: College SSl Certificates Tested in 2014 Ch 12zt: SSL Certificates at Banks Ch 12zu: NSA Suite B Cryptography (Aug., 2015) Ch 12zv: Why Algebraic Eraser may be the riskiest cryptosystem you\'ve never heard of (Nov., 2015) Ch 12zw: Stop using NSA-influenced code in our products, RSA tells customers (2013) Ch 12zx: NOBUS - Wikipedia Ch 12zy: CNSA Suite and Quantum Computing FAQ (2016) Ch 12zz: Silent Circle ditches NIST cryptographic standards to thwart NSA spying (2013) Ch 12zz1: RC4 crypto: Get RID of it already, say boffins (2015) Ch 12zz2: SHA1 algorithm securing e-commerce and software could break by year\'s end (Oct, 2015) Ch 12zz3: How the NSA can break trillions of encrypted Web and VPN connections (Oct, 2015) Ch_13a: Router - Wikipedia Ch_13b: Cisco 2600 Series Multiservice Platforms Ch_13c: Cisco 2600 Series Security Advisories Ch_13d: Michael Lynn - Wikipedia Ch_13e: Michael Lynn's controversial Cisco security presentation Ch_13f: Schneier on Security: Cisco Harasses Security Researcher Ch_13g: Michael Lynn's PDF file is linked near the bottom of this page Ch_13h: Juniper hires Cisco hacker -- fixes flaws in IOS Ch_13i: Firewall Debate: Hardware vs. Software Ch_13j: Firewall Access Control List Rules Ch_13k: Cisco PIX Firewall and VPN Configuration Guide Ch_13l: Teardrop Attack - Wikipedia Ch_13m: Microsoft ISA Server: Product Overview Ch_13n: Application Filters Provided with ISA Server 2006 Ch_13o: Intrusion Detection FAQ: How do you implement IDS (network based) in a heavily switched environment? Ch_13p: Project Honey Pot Ch_13q: Capture - The High Interaction Client Honeypot/ Honeyclient Ch_13r: Open Source Honeypots: Learning with Honeyd Ch_13s: ISA Server and Forefront Threat Management Gateway Public Beta Available Here (as of 12-4-08) Ch 13t: Web Application Firewall - OWASP Ch 13u: Web Application Firewall - The Market Leading Web Application Firewall Ch 13v: A Chinese ISP momentarily hijacks the Internet (again) Ch 13w: Cisco ASA 5500 Series Adaptive Security Appliances Ch 13x: The Center for Internet Security Ch 13y: RedSeal Systems - Redseal Network Advisor Ch 13z1: Aurora Attack--Resistance Is Futile, Pretty Much Ch 13z2: Can Aurora attacks be prevented? Ch 13z3: Google attack part of widespread spying effort Ch 13z4: Network Hijackers Exploit Technical Loophole -- IP Hijacking via BGP Ch 13z5: How Hacking Team Helped Italian Special Operations Group with BGP Routing Hijack (2015) Ch 13z6: DDoS Mitigation Firm Has History of Hijacks (Sept., 2016) l_14a: compatible_cards [Aircrack-ng] l_14b: Cant get orinoco into monitor mode with NG l_14c: Wi-Foo: The Secrets of Wireless Hacking: Books: Andrew Vladimirov,Konstantin V. Gavrilenko,Andrei A. Mikhailovsky l_14d: PRISM GT Technical Information l_14e: Injection Test Results: WUSB54Gv4, WT111v2, Edimax EW-7318USG, and Intel IPW2200 l_14f: Question regarding usb adapter and linux l_14g: Driver found for PrismGT Chipset l_14h: Host AP Linux driver for Intersil Prism2/2.5/3 wireless LAN cards and WPA Supplicant l_14i: How to get the TEW424ubv2 Wi-Fi Dongle working in Linux with NDISwrapper l_14j: Wireless Card Modes Explained: Master, Manager, Ad-hoc, Monitor l_14l: Orinoco Monitor Mode Patch Page l_14m: MadWifi - Drivers for many wireless NICs l_14n: BackTrack from Remote-Exploit.org - Supplying offensive security products to the world l_14n: Linuxant - DriverLoader for Wireless LAN devices l_14o: NDISwrapper - Use Windows Drivers in Linux l_14p: How To Crack WEP with Linux and Packet Injection l_14q: Aircrack-ng -- WEP cracker for Windows or Linux l_14r: Tutorial - Cracking WEP with Windows XP pro. l_14s: How to crack WEP with BackTrack 2 l_14t: WLAN Adapter Chipset Directory l_14u: Yet Another Easier Workaround for Packet Injection with Aireplay in Windows l_14v: Re: Legality of WEP Cracking l_14w: E-Mail Privacy in the Workplace l_15a: About SSL/TLS l_15b: Huge Collection Of Hack Tutorial Videos l_15c: dsniff -- Linux Package for Man-in-the-Middle Attacks l_15d: Old SSL Vulnerability in Internet Explorer - Certificate Chain l_15e: Circumventing SSL with Ettercap Video Miscellaneous Links Robtex - great DNS analysis tool YouTube - Reset Passwords on Windows XP and Vista using Backtrack 4 - Captions and Voice Included WebGoat Notes--Learn Web App Security Ubuntu 10.0.4, VMware and No Keyboard : Solo Technology Warning about VMWare Player and new Ubuntu 10.04 How to reset domain admin password on Windows Server 2008--Utilman Exploiting the LNK Vulnerability with Metasploit Decrypting SSL traffic with Wireshark, and ways to prevent it EVIL-PDF-ATTACK-FILE-for-classroom-demo Port Scanner Challenge: Nmap, Unicornscan, PortBunny -- UnicornScan is 5x faster than Nmap Proj 10: ActivePython Downloads - old versions here Old Version of Adobe Acrobat Reader Download - OldApps.com Metasploit Unleashed - Mastering the Framework--awesome course Metasploit Class Videos from Irongeek Smashing the stack in 2010 (improved) Great video taking over a domain with Metasploit--Good Pentesting Techniques Old versions of Adobe Acrobat Reader straight from Adobe Death of an ftp client / Birth of Metasploit modules; Excellent tutorial about fuzzing & metasploit Penetration Testing and Vulnerability Analysis - WIndows Exploitation 101 How to Break Into a Mac (And Prevent It from Happening to You) Wardriving FAQ -- Wardriving is not illegal A SANS article on the legality of wardriving New Snort rules to stop Rockwell & other SCADA attacks (10-5-110 HUGE list of vulnerable Web apps to use for training 2011-12-26: STRATFOR leaked accounts (10257 passwords recovered) - Pastebin.com Free Online Computer Security Class from Berkeley & Stanford How to bypass an antivirus --INTERESTING PROJECT IDEA Download Ez7z for Mac - Easy-to-use p7zip archiver. MacUpdate.com List of online hacking games Nessus 5.0 is Here Tenable Network Security Enter Bios Settings and Boot from CDROM with VMware Fusion Windows Credentials Editor (WCE) FAQ Mapping Defenses Using the Cyber Kill Chain -- COMPARE TO CNIT 123 TEXTBOOK How to setup Dark Comet RAT (with download and pictures) : hacking Free CEH Study Guide (v8, from 2014) Shark 3 RAT -- POSSIBLE PROJECT DarkComet RAT Flames Out airdecap-ng Aircrack-ng -Decrypts WEP and WPA packets -- ADD TO PROJECT Warriors of the Net HD - YouTube - good version as of Jan 2015 How to rekey a lock 101 - YouTube -- IT WORKS! 2012-05-02: Linux Memory Images KBeast -- New Linux Rootkit (from 12-31-11) Learn to code Codecademy Penetration Testing with BackTrack Training - $700 online classes with certification Scapy cheat sheet Reset a Windows 8 Password without using any third party software Cheat Sheet for Pen Testing Reset Admin Password on Mac OS X 2013-01-27: Cookie Cadger Slides VulnHub - Vulnerable By Design--VMs to exploit! The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy (Syngress Basics Series) (9781597496551) -- Another instructor recommends this book VulnHub - Vulnerable By Design -- Excellent projects here! illSecure -- Very Easy Hacking Games BackBox Linux -- Italian security distro Resources for Aspiring Penetration Testers HiJetter -- Printer Exploitation Tool Live BGP Updates The Bro Network Security Monitor Teardrop Attack in Scapy Cracking Linux, Windows, Wordpress, and Drupal Password Hashes with Hashcat and John Pentest training games--vulnerable systems and Web apps Scapy explained by its author -- EXCELLENT LDAP INJECTION DEMO FOR CLASS Hash Identifier python script 24 Great E-Books On Ethical Hacking Codebashing SQLi Tutorial Five-way TCP Handshake defeats firewalls HacmeBank & HacmeCasino in the Cloud Learn Python the Hard Way HTPasswd Tutorial Notifying Owners of Infected Wordpress Servers -- POTENTIAL PROJECT The Difference between CIFS and SMB The story of a pentester recruitment -- SHOW TO CLASS Download Metasploitable - Intentionally Vulnerable Machine \| Rapid7 Cracking WEP with Cain on Windows and an AirPCap Card Password Cracking Slides by IronGeek Linux DHCP Configuration--use Debian instructions for Kali 2015-07-10: HttpDosTool 4.01 -- WORKS ON WINDOWS 8.1 OverTheWire: Wargames and Linux Lessons How Yahoo was forced to give data secretly to the NSA Prism project (from 2014) -- IMPORTANT PRECEDENT Live BGP Updates over Telnet How to rekey a lock 101 - HOW TO PREPARE LOCKPICKING TRAINING LOCKS The Tricky Encryption That Could Stump Quantum Computers (from Sept., 2015) Warriors of the Net - TeacherTube CA Lockpick Law -- Demonstrates that TOOOL is correct RECOMMENDED LOCKPICK KIT: Ehdching 24pcs Single Hook Locksmith Tools 1pcs Professional Cutaway Practice Padlock - - Amazon.com Recommended Locks from Deviant Ollam Lockpicking Legal issues - Lockwiki Legality of lock picks, possessing burglary tools, lock picks legality Manual for Kwikset Powerlock in S214 L0phtCrack Password Auditor - Download md5cracker.org -- WORKED BETTER THAN JOHN Lynis - Security auditing tool for Unix/Linux systems Amazon.com: Universal TV Stand / Base Mount for 32" - 60" Flat-Screen Televisions -- May be needed for display case Edit or remove cookies from Firefox's Developer Toolbar RTL-SDR Tutorial: Analyzing GSM with Airprobe/GR-GSM and Wireshark Web Application Pen-testing Tutorials With Mutillidae (Hacking Illustrated Series InfoSec Tutorial Videos) Lockpicking Plastic Handcuffs -- ADD TO LOCKPICKING PROJECT New Unsorted Links Apache .htaccess file - Examples and Common Uses \| DigitalOcean -- VERY USEFUL A tcpdump Tutorial and Primer with Examples Best tcpdump Tutorial and Primer with Examples Add/Drop Procedure virtual machine - Guest OS resolution (text too small) in vmware workstation 12 player 2017-09-27: DHS planning to collect social media info on all immigrants Ch 8zl: Windows 10's "Controlled Folder Access" Anti-Ransomware Feature Is Now Live Ch 9v: Mirai botnet -- Krebs on Security Ch 9w: The Mirai Botnet Isn't Easy to Defeat Ch 10zs: TIOBE Index -- popularity of programming languages Ch 10zt: Serialization and Deserialization in Java Ch 12-2017-1: 'First ever' SHA-1 hash collision calculated. All it took were five clever brains... and 6,610 years of processor time Ch 12-2017-2: Google Online Security Blog: Announcing the first SHA1 collision Ch 12-2017-3: SHAttered USB LAN7500 Driver for Mac Adapter in S214 Metasploit: Not connecting to database Ch 3za: NullArray/AutoSploit: Automated Mass Exploiter Ch 3zb: Threat or menace? "Autosploit" tool sparks fears of empowered "script kiddies" Fixing a Error in Kali Rolling Repository AWS Educate -- Free AWS Credit for Students How to install Kali Linux on Google Cloud How to install Kali Linux on Google Cloud -- Penetration Testing Using the gsutil Tool -- Google Cloud GitHub - Wh1t3Rh1n0/deb2kali: A Script to Convert Debian Linux into Kali Linux LionSec/katoolin: Automatically install all Kali linux tools How to Install WAMP Other Links

Links

Links From Lectures
Ch 1a: Robert Bruen's review of the textbook
Ch 1b: Wired News: Ethical Hacking Is No Oxymoron
Ch 1c: EC-Council | Certified Ethical Hacker Certification
Ch 1d: EC-Council | Code of Ethics
Ch 1e: Run Away From The CEH Certification
Ch 1f: ISECOM - OPST Accredited Certification
Ch 1g: Rate My Network Diagram
Ch 1h: RE: OPST and CEH Certifications
Ch 1i: SANS Institute - Network and Computer Security Training
Ch 1j: SANS Top-20 Internet Security Attack Targets (2006 Annual Update)
Ch 1k: CCSF COMPUTER USAGE POLICY
Ch 1l1: Lycos starts anti-spam screensaver plan: Dec 2, 2004
Ch 1l2: Lycos Pulls Anti-Spam 'Vigilante' Campaign -- Dec 3, 2004
Ch 1l3: Lycos's Spam Attack Network Dismantled -- Spammers sent the DOS packets back to Lycos -- Dec 6, 2004
Ch 1m: Blue Frog begins its "vigilante approach" to fight spam -- July, 2005
Ch 1n: Russian spammer fights back, claims to have stolen Blue Frog's database, sends threating email -- DOS attack in progress -- May 2, 2006
Ch 1o: Blue Frog compromised and destroyed by attacks, urgent instructions to uninstall it, the owners have lost control -- May 17, 2006
Ch 1p: Call for help creating distributed, open-source Blue Frog replacement -- May 17, 2006
Ch 1q: Linux update becomes terminal pain
Ch 1r: Permission Memo for Penentration Testing
Ch 1s: Freed LulzSec hacker banned from contacting Anons, wiping data
Ch 1t: The Secret Anarchy of Science sales rocket after Jake Davis seen clutching a copy
Ch 1u: Leading Member of LulzSec Hacker Squad Arrested in London (from 2011)
Ch 1v: Ryan Cleary: 'Hacker' accused of bringing down 'British FBI' site
Ch 1v: How I Out-Hacked a LulzSec Member
Ch 1w: Stay Out of Anonymous

Ch 2a: Header Format
Ch 2b: List of assigned /8 IP address blocks
Ch 2c: A Binary Primer
Ch 2d: Classful network
Ch 2e: How to Obscure Any URL
Ch 2f: Obscuring a URL (demonstration for lecture)
Ch 2g: Warriors of the Net - The Story
Ch 2h: Statistical Weaknesses in TCP/IP Initial Sequence Numbers
Ch 2i: The Sorceror\'s Apprentice Syndrome in TFTP

Ch 3 Lecture Demo: Companion Trojan 1
Ch 3 Lecture Demo: Companion Trojan 2
Ch 3 Lecture Demo: Hacker Defender Rootkit Part 1
Ch 3 Lecture Demo: Hacker Defender Rootkit Part 2
Ch 3a: Base64 Encoding Explained
Ch 3b: Base64 Online - base64 decode and encode
Ch 3c: Melissa Worm and I Love You Worm Source Codes
Ch 3d: Computer Virus Generator Kits
Ch 3e: Animated GIF of Code Red Spreading (4 MB)
Ch 3f: CAIDA : analysis : security : code-red
Ch 3g: Worm infects ATM machines of two US financial institutions (Nov. 26, 2003)
Ch 3h: Trend brings out ATM Antivirus Product
Ch 3i: ATM Machine and Windows XP Images
Ch 3j: Worm hits Windows-based ATMs
Ch 3k: Shortcut Trojan
Ch 3l: Microsoft takes down barrier in Vista firewall
Ch 3m: Zonelabs ZoneAlarm vs Windows Vista Firewall vs XP SP2
Ch 3n: Ping of death - Wikipedia
Ch 3o: Bump Keys
Ch 3p: IC Card Locks
Ch 3q: How to unlock a car with a tennis ball
Ch 3q: Windows Trojan Vulnerability: MS00-052: Registry-Invoked Programs Use Standard Search Path
Ch 3r: Base64 Explained
Ch 3s: Windows DLL-loading security flaw puts Microsoft in a bind (2010)
Ch 3t: How to use MIcrosoft\'s workaround for the DLL Hijacking vulnerability
Ch 3u: Code Red Animations from CAIDA
Ch 3v: Viruses stole City College of S.F. data for years --FUD
Ch 3w: Microsoft DLL Hijacking Exploit in Action
Ch 3x: The Ping of Death returns, IPv6-style (2013)
Ch 3y: Los Angeles college pays $28,000 in ransomware (1-10-17)
Ch 3z: The Ultimate Guide to Angler Exploit Kit for Non-Technical People

Ch 4a1: Download Java SE Development Kit 6 Update 4
Ch 4a: Parosproxy.org - Web Application Security
Ch 4b: Bugnosis Web Bug Detector
Ch 4c: RFC 2616 (rfc2616) - Hypertext Transfer Protocol -- HTTP/1.1
Ch 4d: Specification of HTTP/1.1 OPTIONS messages
Ch 4e: Lock IT Down: Block DNS zone transfers to protect your servers
Ch 4f: Web Bugs: Nearly undetectable tracking device raises concern
Ch 4g: The Web Bug FAQ
Ch 4h: Demonstration Page with a Web Bug
Ch 4i: WebGoat Project - OWASP
Ch 4j: Ghostery :: Add-ons for Firefox -- Detects Web Bugs
Ch 4k: Only 5 (all women) of 135 pass Defcon social engineering test
Ch 4l: Ghost in the Wires: My Adventures as the World*quot*s Most Wanted Hacker: Kevin Mitnick
Ch 4m: Mitnick fakes way into LA Telco Central Office - YouTube
Ch 4n: Anonymous speaks: the inside story of the HBGary hack
Ch 4o: Two thirds of San Franciscans gave up password for coffee (from 2005)

Ch 5a: Port scans legal, judge says (12/18/2000)
Ch 5b: Port Scanning and its Legal Implications (2004)
Ch 5c: Nmap Tutorial
Ch 5d: A Simple Guide to Nmap Usage
Ch 5e: YouTube - Trinity Nmap Hack - Matrix Reloaded
Ch 5f: Unicornscan
CH 5g: NetScanTools
Ch 5h: Nessus Vulnerability Scanner
Ch 5i: Nessus Technical Guide
Ch 5j2: A very simple nessus installation [Archive] - Ubuntu Forums
Ch 5j: How to install the vulnerability scanner Nessus | Ubuntu Linux
Ch 5k: fping - a program to ping hosts in parallel
Ch 5m: Hping - Wikipedia, the free encyclopedia
Ch 5n: Tutorial: Hping2 Basics
Ch 5o: Smurf attack - Wikipedia, the free encyclopedia
Ch 5p: Preventing Smurf Attacks
Ch 5q: Advanced Bash-Scripting Guide
Ch 5r: Kon-Boot -- Reset Windows & Linux Passwords

Ch 6a: NetBios Howto
Ch 6b: NetBIOS NULL Sessions: The Good, The Bad, and The Ugly
Ch 6c: Null session attacks: Who's still vulnerable?
Ch 6d: NULL sessions restrictions of server and workstation RPC operations
Ch 6e: Null session in Windows XP
Ch 6f: Listing usernames via a null session on Windows XP
Ch 6g: Download Winfo -- NetBIOS Null Session Enumeration Tool
Ch 6h: NetBIOS Suffixes (16th Character of the NetBIOS Name)
Ch 6i: NetScanTools.com
Ch 6j: SystemTools.com - DumpSec and Hyena
Ch 6k: Description of the Windows File Protection feature
Ch 6l: OpenVAS emerges as free alternative to Nessus
Ch 6m: OpenVAS - OpenVAS - Open Vulnerability Assessment System Community Site
Ch 6n: Bill Gates: Trustworthy Computing (from 2002)

Ch 7a: Where are the C libraries? [Archive] - Ubuntu Forums
Ch 7b: Why Windows is less secure then Linux -- system call diagrams (updated link, works in March 2011)
Ch 7c: The Linux Kernel Map
Ch 7d: Cprogramming.com - Programming Tutorials: C++ Made Easy and C Made Easy
Ch 7e: We Are Morons: a quick look at the Win2k source || kuro5hin.org
Ch 7f: Linux: Fewer Bugs Than Rivals
Ch 7g: An IDA Primer--Disassembler
Ch 7h: Ubuntu Software - GHexedit | Hexeditor
Ch 7i: The GNU C Programming Tutorial -- scanf and avoiding buffer overflows
Ch 7j: Robert's Perl Tutorial
Ch 7k: Free Online Web Tutorials - CGI Perl Tutorial - How to use HTML with Perl for Web Data Collection and Processing
Ch 7l: Python On XP: 7 Minutes To 'Hello World!'
Ch 7m: ActiveState - ActivePython free Python open source language distribution
Ch 7n: Python Babysteps Tutorial
Ch 7o: The GNU Netcat -- Official homepage
Ch 7p: Opening TCP Sockets in ActivePython 2.4
Ch 7q: Writing Buffer Overflow Exploits - a Tutorial for Beginners
Ch 7r: Simple Package management with Synaptic Package Manager in Ubuntu -- Debian Admin
Ch 7s: PEBrowse Professional Windows Disassembler
Ch 7t: codepad - Online interpreter for C, Perl, Ruby, and many other languages
Ch 7u: Ruby example--source code for adobe cooltype exploit
Ch 7v: Buffer overflow - Wikipedia
Ch 7w: 5000 Bugs caught in Pentium IV
Ch 7x: LOLCODE - Wikipedia
Ch 7y: Code School - CAN HAS LOLCODE
Ch 7z: Brainfuck - Wikipedia

Ch 8a: Microsoft Baseline Security Analyzer (MBSA)
Ch 8b: Winfingerprint.com
Ch 8c: CVE - Common Vulnerabilities and Exposures
Ch 8d: NetBIOS protocol, netbeui over TCP, server message blocks
Ch 8e: NetBIOS - Wikipedia
Ch 8f: NetBios NetBEUI NBF Networking Introduction
Ch 8g: How To Configure TCP/IP Networking While NetBIOS Is Disabled in Windows 2000 Server
Ch 8h: samba without netbios
Ch 8i: The SMB Man-In-the-Middle Attack -- Example hashes here
Ch 8j: SmbRelay captures NTLM hashes
Ch 8k: L0phtCrack - It's over
Ch 8l: ettercap - man in the middle attacks on LAN
Ch 8l: Irongeek's Wall of Social Science Majors (inspired by the Wall of Shame/Wall of Sheep)
Ch 8m: Ettercap tips and tricks
Ch 8n: CIFS: A Common Internet File System
Ch 8o: CIFS: Common Insecurities Fail Scrutiny
Ch 8o: Winsock - Wikipedia
Ch 8p: Microsoft Security: IIS Lockdown Tool
Ch 8q: Top 10 Vulnerability Scanners
Ch 8r: Wall of Sheep - I see stupid people
Ch 8s: Wall of Sheep at DEFCON illustrates what not to do
Ch 8w: Tripwire Tutorial -- Signature-based intrusion detection
Ch 8x:Null session in Windows XP
Ch 8y: Null session attacks: Who's still vulnerable?
Ch 8z: Server Message Block - Wikipedia, the free encyclopedia
Ch 8za: Full Disclosure: Windows Vista/7 : SMB2.0 NEGOTIATE PROTOCOL REQUEST Remote B.S.O.D.
Ch 8zb: Laurent Gaffié blog: More explication on CVE-2009-3103
Ch 8zc: Laurent Gaffié blog: Windows 7 / Server 2008R2 Remote Kernel Crash
Ch 8zd: Microsoft Security Intelligence Report Volume 8
Ch 8ze: This is how Windows get infected with malware
Ch 8zf: Browser share results (10-3-2011)
Ch 8zg: Windows 8.1 stops pass-the-hash attacks (10-3-13)
Ch 8zh: Pass the Hash Mitigation Slides
Ch 8zj: Selecting all PUPs
Ch 8zk: CVE List Master Copy

Ch 9a: Windows Embedded - Wikipedia
Ch 9b: Windows Embedded Server Products Evaluation Registration Site
Ch 9c: Windows Embedded Server
Ch 9d: Microsoft® Server with Embedded Licensing Product Guide
Ch 9e: Psyb0t - Infected Routers
Ch 9f: Nasty New Worm Targets Home Routers, Cable Modems
Ch 9g: Excuse me while I turn off your pacemaker
Ch 9h: The Router Hacking Contest Results
Ch 9i: Hacking into HP LaserJet Printers
Ch 9j: AURORA test validated fears of Dept. of Homeland Security
Ch 9k: Schneier on Security: Stuxnet
Ch 9l: Was Stuxnet built to attack Iran\\\'s Nuclear Program?
Ch 9m: Iran confirms massive Stuxnet infection of industrial systems
Ch 9m: Iran may have executed nuclear staffers over Stuxnet
Ch 9n: Malicious Software Turns Your Cell Phone Against You
Ch 9o: Protecting the pre-OS environment with UEFI - Building Windows 8
Ch 9o: How the TPM Prevents Rootkits
Ch 9q: Remotely Administer a Server with DRAC - YouTube
Ch 9r: SHODAN finding Dell DRAC systems
Ch 9s: Reverse Engineering a D-Link Backdoor
Ch 9t: OpenWrt in VMware Fusion
Ch 9u: openwrt

Ch_10a: Sam's Feedback Form (HTML)
Ch_10b: Sam's CGI Script in Perl
Ch_10c: Netcraft: Web Server Survey Archives
Ch_10d: ASP Examples
Ch_10e: ASP Basic Example -- Source code for clock
Ch_10f: ASP Clock Running (source code is not visible)
Ch_10g: Apache HTTP Server - Wikipedia, the free encyclopedia
Ch_10h: The Apache Software Foundation
Ch_10i: PHP - Wikipedia, the free encyclopedia
Ch_10j: Recursive acronym
Ch_10k: Hello World in PHP (source code not visible)
Ch_10l: Source Code for Hello World in PHP
Ch_10m: M-049: Multiple PHP Vulnerabilities
Ch_10n: Hardened-PHP Project - PhP Security - Advisory 01/2004
Ch_10o: ColdFusion - Wikipedia
Ch_10p: Macromedia ColdFusion Vulnerabilities
Ch_10q: ColdFusion Error Page Cross-Site Scripting Vulnerability
Ch_10r: VBScript Example -- works in IE, not in Firefox
Ch_10s: Firefox FAQ -- no support for VBScript
Ch_10t: Microsoft Security Bulletin MS02-009 -- Incorrect VBScript Handling in IE can Allow Web Pages to Read Local Files
Ch_10u: Stack overflow vulnerability in Internet Explorer exploitable trough VBScript and JScript scripting engines.
Ch_10v: JavaScript Example -- Works in IE and Firefox
Ch_10w: JavaScript vulnerabilities surface in multiple browsers
Ch_10x: ODBC, OLE DB, and ADO Explained by a Microsoft Developer
Ch_10y: Form Demonstration -- maxlength property and GET method
Ch_10za: Cross-site scripting - Wikipedia
Ch_10zb: How to install Java on Ubuntu Linux
Ch_10zc: Installing Sun Java(TM) JRE 1.6.0 (Mustang) in Ubuntu Edgy and Dapper ï¿½ Tuxicity%u2019s source
Ch_10zd: Install tomcat 5.5 - Ubuntu Document Storage Facility
Ch_10ze: WebGoat Installation - OWASP
Ch_10zf: Space Program Blog: Installing Java 5 JDK and Tomcat on Ubuntu (using VMWare)
Ch_10zg: Radarhack -- Getting Started with WebGoat
Ch_10zh: IIS Unicode Vulnerability Explained
Ch_10zi: Download cgiscan.c here
Ch_10zj: phfscan.c source code
Ch_10zk: Explanation of the PHF bug
Ch_10zl: HOW TO: Use Wfetch.exe to Troubleshoot HTTP Connections
Ch_10zm: An example of an overly informative error message on SourceForge
Ch_10 zm2: An overly informative error message I saw on 1-22-08
Ch_10zn: Introduction to Input Validation with Perl
Ch_10zo: The Unexpected SQL Injection
Ch_10zp: Hello PHP page - running PHP code
Ch_10zq: Hello PHP Page - Source Code
Ch 10 zr: Wapiti - Web application security auditor
Ch 10 zr: A Profile of Chicago Hacker Jeremy Hammond, and the Police Work That Captured Him
Ch 10zq: Dissecting the SQL Injection Tools Used By Hackers

Ch_11a: Wlan defaults - Rexploit (archived from 2005)
Ch_11b: 3Com OfficeConnect ADSL Wireless 11g Firewall Router Authentication Bypass Vulnerability
Ch_11c: Channel Deployment Issues for 2.4-GHz 802.11 WLANs - Cisco Systems
Ch_11d1: Direct-sequence spread spectrum - Wikipedia
Ch_11d: Spread spectrum - Wikipedia
Ch_11e: Cheating CHAP Authentication -- works like session hijacking
Ch_11f: Point-to-Point Protocol - Wikipedia
Ch_11g: ASLEAP -- Cracks Cisco's LEAP Authentication
Ch_11h: Extensible Authentication Protocol - Wikipedia
Ch_11i: Wireless LAN Security Site -- 802.11 Vulnerabilities
Ch_11j: X.509 - Wikipedia
Ch_11k: IEEE 802.1X - Wikipedia
Ch_11l: Cracking WEP with Windows XP
Ch_11m: How to crack a WEP key using Ubuntu
Ch_11n: New attack cracks WEP in record time
Ch_11o: NetStumbler.com
Ch_11p: AirSnort Homepage
Ch_11q: SourceForge.net: AirSnort
Ch_11r: AirSnort and WEPCrack compared
Ch_11s: fakeAP
Ch_11t: Installing Wireless Cards in Ubuntu
Ch_11u: Orinoco Drivers With Monitor Mode In 6.10 (Edgy Eft) - Ubuntu Forums
Ch_11v: How To Crack WEP - Part 1: Setup & Network Recon
Ch_11w: Remote-Exploit.org - Supplying offensive security products to the world
Ch_11x: Aircrack-2.3 Windows (Wireless WEP crack)
Ch_11y: Orinoco Monitor Mode Patch Page -- Shmoo Group
Ch_11z: Red Hat 8.0 Kismet - HOWTO - Includes Orinoco Cards in Monitor Mode
Ch_11za: BackTrack 2 Final : how to make Fake Access Points with fakeap.pl
Ch_11zb: Debunking the Myth of SSID Hiding
Ch_11zc: IEEE 802.11 - Wikipedia
Ch_11zd: Aerohive 802.11n Access Point Fastest--264 Mbps
Ch_11ze: Download VistaStumbler 1.10 - A powerful network discovery tool optimized for Windows Vista
Ch_11zf: Changing Your MAC Address In Window XP/Vista, Linux And Mac OS X (Sometimes known as MAC spoofing)
Ch_11zg: Bluetooth - Wikipedia
Ch 11zh: IEEE 802.11n-2009 - Wikipedia
Ch 11zi: CLEAR | High-Speed Mobile 4G Wireless Internet Service with WiMAX
Ch 11zj: Wi-Fi Protected Access - Wikipedia
Ch 11zk: FHSS and DSSS explained: 79 channels v 11 channels
Ch 11zl: Verizon dubs sec researchers \"Narcissistic Vlnerability Pimps\"
Ch 11zm: Reaver cracks WPS in 19 hoursr
Ch 11zn: Sprint raising $2 billion, may throw some dough Clearwire's way -- Moving to LTE
Ch 11 zp: List of NICs that can crack WEP
Ch 11zq: WiGig is great, but it won't replace your Wi-Fi network (2013)
Ch 11zr: Dell D5000 Wireless Dock with WiGig - YouTube
Ch 11zs: 4G me not: WiMax isn\'t LTE and is going away at Sprint resellers (2014)
Ch 11zt: CCSF Wardriving Results

Ch_12a: Enigma machine - Wikipedia
Ch_12b: Enigma Simulator
Ch_12c: First Steganographic Image in the Wild
Ch_12d: A Brute Force Search of DES Keyspace
Ch_12e: DeCSS - Wikipedia
Ch_12f: Why the DVD Hack Was a Cinch -
Ch_12g: Illegal prime - Wikipedia
Ch_12h: EFF: DES Cracker Project
Ch_12i: Triple DES - Wikipedia
Ch_12j: Advanced Encryption Standard - Wikipedia
Ch_12j: Oracle Weblogic Server - Wikipedia
Ch_12k: International Data Encryption Algorithm - Wikipedia
Ch_12l: RC5 - Wikipedia
Ch_12m: distributed.net--Cracking RC5-72
Ch_12n: Diffie-Hellman key exchange - Wikipedia
Ch_12o: Digital signature - Wikipedia
Ch_12p: SHA hash functions - Wikipedia
Ch_12q: Cryptographic hash functions Compared
Ch_12r: Birthday attack - Wikipedia
Ch_12s: oxid.it - Home of Cain & Abel Windows Password Cracker
Ch_12za: LM hash - Wikipedia - Excellent explanation of how Ophcrack works
Ch_12zb: How to prevent Windows from storing a LAN manager hash of your password in Active Directory and local SAM databases
Ch_12zc: Ophcrack--Windows password cracker
Ch_12zd: Recover A Password in Linux | Ubuntology
Ch_12ze: 109-bit Elliptic Curve Cryptography knocked over with brute force
Ch_12zf: Pretty animated demonstration of the Rindjael encryption algorithm
Ch_12zg: The Hash Function Lounge
Ch12zh: Explanation of key sizes: 1024 bit RSA is like 80-bit symmetric
Ch 12zi: Moore's Law - Wikipedia
Ch 12zj: SSLSTRIP attack documents (From Sam Bowne's Defcon Presentation 2009)
Ch 12zk: Null Character Hack Allows SSL Spoofing
Ch 12zl: Good explanation of the renegotiation SSL/TLS Vulnerability
Ch 12zm: Apache2 Basic Authentication
Ch 12zn: Basic Authentication
Ch 12zo: Hoping to avert "collision" with disaster, Microsoft retires SHA1
Ch 12zp: TLS / SSL - Google Chrome SHA-1 Deprecation Explained
Ch 12zq: Transition from SHA-1 to SHA-2 Certificates | Symantec
Ch 12zr: SHA-2 Certificate Solutions | DigiCert.com
Ch 12zq: SSL Server Test (Powered by Qualys SSL Labs)
Ch 12zs: College SSl Certificates Tested in 2014
Ch 12zt: SSL Certificates at Banks
Ch 12zu: NSA Suite B Cryptography (Aug., 2015)
Ch 12zv: Why Algebraic Eraser may be the riskiest cryptosystem you\'ve never heard of (Nov., 2015)
Ch 12zw: Stop using NSA-influenced code in our products, RSA tells customers (2013)
Ch 12zx: NOBUS - Wikipedia
Ch 12zy: CNSA Suite and Quantum Computing FAQ (2016)
Ch 12zz: Silent Circle ditches NIST cryptographic standards to thwart NSA spying (2013)
Ch 12zz1: RC4 crypto: Get RID of it already, say boffins (2015)
Ch 12zz2: SHA1 algorithm securing e-commerce and software could break by year\'s end (Oct, 2015)
Ch 12zz3: How the NSA can break trillions of encrypted Web and VPN connections (Oct, 2015)

Ch_13a: Router - Wikipedia
Ch_13b: Cisco 2600 Series Multiservice Platforms
Ch_13c: Cisco 2600 Series Security Advisories
Ch_13d: Michael Lynn - Wikipedia
Ch_13e: Michael Lynn's controversial Cisco security presentation
Ch_13f: Schneier on Security: Cisco Harasses Security Researcher
Ch_13g: Michael Lynn's PDF file is linked near the bottom of this page
Ch_13h: Juniper hires Cisco hacker -- fixes flaws in IOS
Ch_13i: Firewall Debate: Hardware vs. Software
Ch_13j: Firewall Access Control List Rules
Ch_13k: Cisco PIX Firewall and VPN Configuration Guide
Ch_13l: Teardrop Attack - Wikipedia
Ch_13m: Microsoft ISA Server: Product Overview
Ch_13n: Application Filters Provided with ISA Server 2006
Ch_13o: Intrusion Detection FAQ: How do you implement IDS (network based) in a heavily switched environment?
Ch_13p: Project Honey Pot
Ch_13q: Capture - The High Interaction Client Honeypot/ Honeyclient
Ch_13r: Open Source Honeypots: Learning with Honeyd
Ch_13s: ISA Server and Forefront Threat Management Gateway Public Beta Available Here (as of 12-4-08)
Ch 13t: Web Application Firewall - OWASP
Ch 13u: Web Application Firewall - The Market Leading Web Application Firewall
Ch 13v: A Chinese ISP momentarily hijacks the Internet (again)
Ch 13w: Cisco ASA 5500 Series Adaptive Security Appliances
Ch 13x: The Center for Internet Security
Ch 13y: RedSeal Systems - Redseal Network Advisor
Ch 13z1: Aurora Attack--Resistance Is Futile, Pretty Much
Ch 13z2: Can Aurora attacks be prevented?
Ch 13z3: Google attack part of widespread spying effort
Ch 13z4: Network Hijackers Exploit Technical Loophole -- IP Hijacking via BGP
Ch 13z5: How Hacking Team Helped Italian Special Operations Group with BGP Routing Hijack (2015)
Ch 13z6: DDoS Mitigation Firm Has History of Hijacks (Sept., 2016)

l_14a: compatible_cards [Aircrack-ng]
l_14b: Cant get orinoco into monitor mode with NG
l_14c: Wi-Foo: The Secrets of Wireless Hacking: Books: Andrew Vladimirov,Konstantin V. Gavrilenko,Andrei A. Mikhailovsky
l_14d: PRISM GT Technical Information
l_14e: Injection Test Results: WUSB54Gv4, WT111v2, Edimax EW-7318USG, and Intel IPW2200
l_14f: Question regarding usb adapter and linux
l_14g: Driver found for PrismGT Chipset
l_14h: Host AP Linux driver for Intersil Prism2/2.5/3 wireless LAN cards and WPA Supplicant
l_14i: How to get the TEW424ubv2 Wi-Fi Dongle working in Linux with NDISwrapper
l_14j: Wireless Card Modes Explained: Master, Manager, Ad-hoc, Monitor
l_14l: Orinoco Monitor Mode Patch Page
l_14m: MadWifi - Drivers for many wireless NICs
l_14n: BackTrack from Remote-Exploit.org - Supplying offensive security products to the world
l_14n: Linuxant - DriverLoader for Wireless LAN devices
l_14o: NDISwrapper - Use Windows Drivers in Linux
l_14p: How To Crack WEP with Linux and Packet Injection
l_14q: Aircrack-ng -- WEP cracker for Windows or Linux
l_14r: Tutorial - Cracking WEP with Windows XP pro.
l_14s: How to crack WEP with BackTrack 2
l_14t: WLAN Adapter Chipset Directory
l_14u: Yet Another Easier Workaround for Packet Injection with Aireplay in Windows
l_14v: Re: Legality of WEP Cracking
l_14w: E-Mail Privacy in the Workplace
l_15a: About SSL/TLS
l_15b: Huge Collection Of Hack Tutorial Videos
l_15c: dsniff -- Linux Package for Man-in-the-Middle Attacks
l_15d: Old SSL Vulnerability in Internet Explorer - Certificate Chain
l_15e: Circumventing SSL with Ettercap Video

Miscellaneous Links
Robtex - great DNS analysis tool
YouTube - Reset Passwords on Windows XP and Vista using Backtrack 4 - Captions and Voice Included
WebGoat Notes--Learn Web App Security
Ubuntu 10.0.4, VMware and No Keyboard : Solo Technology
Warning about VMWare Player and new Ubuntu 10.04
How to reset domain admin password on Windows Server 2008--Utilman
Exploiting the LNK Vulnerability with Metasploit
Decrypting SSL traffic with Wireshark, and ways to prevent it
EVIL-PDF-ATTACK-FILE-for-classroom-demo
Port Scanner Challenge: Nmap, Unicornscan, PortBunny -- UnicornScan is 5x faster than Nmap
Proj 10: ActivePython Downloads - old versions here
Old Version of Adobe Acrobat Reader Download - OldApps.com
Metasploit Unleashed - Mastering the Framework--awesome course
Metasploit Class Videos from Irongeek
Smashing the stack in 2010 (improved)
Great video taking over a domain with Metasploit--Good Pentesting Techniques
Old versions of Adobe Acrobat Reader straight from Adobe
Death of an ftp client / Birth of Metasploit modules; Excellent tutorial about fuzzing & metasploit
Penetration Testing and Vulnerability Analysis - WIndows Exploitation 101
How to Break Into a Mac (And Prevent It from Happening to You)
Wardriving FAQ -- Wardriving is not illegal
A SANS article on the legality of wardriving
New Snort rules to stop Rockwell & other SCADA attacks (10-5-110

HUGE list of vulnerable Web apps to use for training
2011-12-26: STRATFOR leaked accounts (10257 passwords recovered) - Pastebin.com
Free Online Computer Security Class from Berkeley & Stanford
How to bypass an antivirus --INTERESTING PROJECT IDEA
Download Ez7z for Mac - Easy-to-use p7zip archiver. MacUpdate.com
List of online hacking games
Nessus 5.0 is Here Tenable Network Security
Enter Bios Settings and Boot from CDROM with VMware Fusion

Windows Credentials Editor (WCE) FAQ
Mapping Defenses Using the Cyber Kill Chain -- COMPARE TO CNIT 123 TEXTBOOK
How to setup Dark Comet RAT (with download and pictures) : hacking
Free CEH Study Guide (v8, from 2014)
Shark 3 RAT -- POSSIBLE PROJECT
DarkComet RAT Flames Out
airdecap-ng Aircrack-ng -Decrypts WEP and WPA packets -- ADD TO PROJECT

Warriors of the Net HD - YouTube - good version as of Jan 2015
How to rekey a lock 101 - YouTube -- IT WORKS!
2012-05-02: Linux Memory Images
KBeast -- New Linux Rootkit (from 12-31-11)
Learn to code Codecademy
Penetration Testing with BackTrack Training - $700 online classes with certification
Scapy cheat sheet
Reset a Windows 8 Password without using any third party software
Cheat Sheet for Pen Testing
Reset Admin Password on Mac OS X
2013-01-27: Cookie Cadger Slides
VulnHub - Vulnerable By Design--VMs to exploit!
The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy (Syngress Basics Series) (9781597496551) -- Another instructor recommends this book
VulnHub - Vulnerable By Design -- Excellent projects here!
illSecure -- Very Easy Hacking Games
BackBox Linux -- Italian security distro
Resources for Aspiring Penetration Testers
HiJetter -- Printer Exploitation Tool
Live BGP Updates
The Bro Network Security Monitor
Teardrop Attack in Scapy
Cracking Linux, Windows, Wordpress, and Drupal Password Hashes with Hashcat and John
Pentest training games--vulnerable systems and Web apps
Scapy explained by its author -- EXCELLENT
LDAP INJECTION DEMO FOR CLASS
Hash Identifier python script
24 Great E-Books On Ethical Hacking
Codebashing SQLi Tutorial
Five-way TCP Handshake defeats firewalls
HacmeBank & HacmeCasino in the Cloud
Learn Python the Hard Way
HTPasswd Tutorial
Notifying Owners of Infected Wordpress Servers -- POTENTIAL PROJECT
The Difference between CIFS and SMB
The story of a pentester recruitment -- SHOW TO CLASS
Download Metasploitable - Intentionally Vulnerable Machine | Rapid7
Cracking WEP with Cain on Windows and an AirPCap Card
Password Cracking Slides by IronGeek
Linux DHCP Configuration--use Debian instructions for Kali
2015-07-10: HttpDosTool 4.01 -- WORKS ON WINDOWS 8.1
OverTheWire: Wargames and Linux Lessons
How Yahoo was forced to give data secretly to the NSA Prism project (from 2014) -- IMPORTANT PRECEDENT
Live BGP Updates over Telnet
How to rekey a lock 101 - HOW TO PREPARE LOCKPICKING TRAINING LOCKS
The Tricky Encryption That Could Stump Quantum Computers (from Sept., 2015)
Warriors of the Net - TeacherTube
CA Lockpick Law -- Demonstrates that TOOOL is correct
RECOMMENDED LOCKPICK KIT: Ehdching 24pcs Single Hook Locksmith Tools 1pcs Professional Cutaway Practice Padlock - - Amazon.com
Recommended Locks from Deviant Ollam
Lockpicking Legal issues - Lockwiki
Legality of lock picks, possessing burglary tools, lock picks legality
Manual for Kwikset Powerlock in S214
L0phtCrack Password Auditor - Download
md5cracker.org -- WORKED BETTER THAN JOHN
Lynis - Security auditing tool for Unix/Linux systems
Amazon.com: Universal TV Stand / Base Mount for 32" - 60" Flat-Screen Televisions -- May be needed for display case
Edit or remove cookies from Firefox's Developer Toolbar
RTL-SDR Tutorial: Analyzing GSM with Airprobe/GR-GSM and Wireshark
Web Application Pen-testing Tutorials With Mutillidae (Hacking Illustrated Series InfoSec Tutorial Videos)
Lockpicking Plastic Handcuffs -- ADD TO LOCKPICKING PROJECT

New Unsorted Links
Apache .htaccess file - Examples and Common Uses | DigitalOcean -- VERY USEFUL
A tcpdump Tutorial and Primer with Examples
Best tcpdump Tutorial and Primer with Examples
Add/Drop Procedure
virtual machine - Guest OS resolution (text too small) in vmware workstation 12 player
2017-09-27: DHS planning to collect social media info on all immigrants
Ch 8zl: Windows 10's "Controlled Folder Access" Anti-Ransomware Feature Is Now Live
Ch 9v: Mirai botnet -- Krebs on Security
Ch 9w: The Mirai Botnet Isn't Easy to Defeat
Ch 10zs: TIOBE Index -- popularity of programming languages
Ch 10zt: Serialization and Deserialization in Java
Ch 12-2017-1: 'First ever' SHA-1 hash collision calculated. All it took were five clever brains... and 6,610 years of processor time
Ch 12-2017-2: Google Online Security Blog: Announcing the first SHA1 collision
Ch 12-2017-3: SHAttered
USB LAN7500 Driver for Mac Adapter in S214
Metasploit: Not connecting to database
Ch 3za: NullArray/AutoSploit: Automated Mass Exploiter
Ch 3zb: Threat or menace? "Autosploit" tool sparks fears of empowered "script kiddies"
Fixing a Error in Kali Rolling Repository
AWS Educate -- Free AWS Credit for Students
How to install Kali Linux on Google Cloud
How to install Kali Linux on Google Cloud -- Penetration Testing
Using the gsutil Tool -- Google Cloud
GitHub - Wh1t3Rh1n0/deb2kali: A Script to Convert Debian Linux into Kali Linux
LionSec/katoolin: Automatically install all Kali linux tools
How to Install WAMP

CNIT 123Ethical Hacking and Network Defense

Fall 2016 Sam Bowne

Schedule · Slides · Projects · Links · Home Page

Scores

Open Lab Hours for Sci 214

Catalog Description

Textbook

Schedule

Slides

Projects

SQL Injection Projects

Links

Links From Lectures

Miscellaneous Links

New Unsorted Links

CNIT 123
Ethical Hacking and Network Defense