CNIT 123
Ethical Hacking and Network Defense

Spring 2018 Sam Bowne

36684 501 Lec SAT 10:10 - 1:00 PM SCIE 37

Schedule · Slides · Projects · Links · Home Page

Scores

Textbook

3rd Ed: Rent ($60-80) · Rent ($60-80)
2012 Ed: Buy ($16) Buy ($30)


Catalog Description

ADVISE: CNIT 106 or 120 or 201C

Learn how hackers attack computers and networks, and how to protect Windows and Linux systems. Legal restrictions and ethical guidelines will be taught and enforced. Students will perform many hands-on labs, both attacking and defending, using port scans, footprinting, buffer overflow exploits, SQL injection, privilege escalation, Trojans, and backdoors. CSU

Learn about attacks and how to defend Windows and Linux systems.

Student Learning Outcomes

After successful completion of this course, students will be able to:
  1. Determine what an ethical hacker can and cannot do legally, and evaluate credentials and roles of penetration testers.
  2. Perform reconnaissance on a target network using a variety of scanning and probing techniques.
  3. Enumerate and classify Microsoft and Linux Operating Systems vulnerabilities.
  4. Take control of Web Servers and wireless networks, and protect them.
  5. Evaluate and select cryptography and hashing methods, and perform attacks against them.
  6. Select and implement security devices, including routers, firewalls, Intrusion Detection Systems, and honeypots.

Textbook

Hands-On Ethical Hacking and Network Defense, Third Edition by Michael T. Simpson, Kent Backman, and James Corley -- ISBN: 9781285454610

Quizzes

The quizzes are multiple-choice, online, and open-book. However, you may not ask other people to help you during the quizzes. You will need to study the textbook chapter before the lecture covering it, and take the quiz before that class. Each quiz is available for one week, up till 8:30 am Saturday. Each quiz has 5 questions, you have ten minutes to take it, and you can make two attempts. If you take the quiz twice, the higher score counts.

To take quizzes, first claim your RAM ID and then log in to Canvas here:

https://ccsf.instructure.com

Live Streaming

You can attend class remotely using Zoom.

Join from PC, Mac, Linux, iOS or Android: https://zoom.us/j/4108472927
Meeting ID: 410-847-2927

Classes will also be recorded and published on YouTube for later viewing.

Schedule

DateAssignmentsTopic

Sat 1-20 Bitcoin & Lockpicking


Sat 1-27Ch 2 Quiz* ** Ch 1: Ethical Hacking Overview
Ch 2: TCP/IP Concepts Review

 


Fri 2-2 Last Day to Add Classes

Sat 2-3Ch 3 Quiz*
Proj 1 & 2 due
Ch 3: Network and Computer Attacks

 


Sat 2-10Ch 4 Quiz*
Proj 3 & 4 due
Ch 4: Footprinting and Social Engineering

   


Sat 2-17 Holiday - No Class

Sat 2-24Ch 5 Quiz*
Proj 5 & 6 due
Ch 5: Port Scanning


Sat 3-3Ch 6 Quiz*
Proj 7 & 8 due
Ch 6: Enumeration


Sat 3-10Ch 7 Quiz*
Proj 9 & 10 due
Ch 7: Programming for Security Professionals


Sat 3-17Proj 11 & 12 due Ch 8: Desktop and Server OS Vulnerabilites


Sat 3-24Ch 8 Quiz and Ch 9 Quiz*
Proj 14 due
Ch 9: Embedded Operating Systems: The Hidden Threat


Sat 3-31 Holiday - No Class

Sat 4-7 Class
Cancelled
for TORO.HACK

Sat 4-14Ch 10 Quiz*
Proj 13 & 15 & 16 due
Ch 10: Hacking Web Servers


Sat 4-21Ch 11 Quiz*
Proj 17 & 18 due
Ch 11: Hacking Wireless Networks


Sat 4-28Ch 12 Quiz*
Proj 19 & 20 due
Ch 12: Cryptography (Part 1)


Sat 5-5 No Quiz due
Proj 21 due
Ch 12: Cryptography (Part 2)


Sat 5-12


Class Cancelled for DEF CON China

All extra credit projects due


Wed 5-16 -
Wed 5-23
Final Exam available online throughout the week.
You can only take it once.
* Quizzes due 30 min. before class
** No late penalty until Feb 3

Slides & Handouts

Grading Policy · First Day Handout

Bitcoin and Blockchains · KEY · PDF

Security Training at CCSF · KEY · PDF

Lecture videos from last semester

Ch 1: Ethical Hacking Overview · KEY · PDF
Ch 2: TCP/IP Concepts Review · KEY · PDF
Ch 3: Network and Computer Attacks · KEY · PDF
Ch 4: Footprinting and Social Engineering · KEY · PDF
Ch 5: Port Scanning · KEY · PDF
Ch 6: Enumeration · KEY · PDF (Updated 3-3-18)
Ch 7: Programming for Security Professionals · KEY · PDF
Ch 8: Desktop and Server OS Vulnerabilites · KEY · PDF
Ch 9: Embedded Operating Systems: The Hidden Threat · KEY · PDF
Ch 10: Hacking Web Servers · KEY · PDF
Ch 11: Hacking Wireless Networks · KEY · PDF
Ch 12: Cryptography · KEY · PDF (rev. 11-22-17)
Ch 13: Network Protection Systems · KEY · PDF

Click a lecture name to see it on SlideShare.
If you want to use other formats, you may find this useful:
Cloud Convert.

Projects

Download VMware Player

Kali 2017.3 Fixes

Project 1: Kali Virtual Machine (15 pts.) (rev. 12-24-17)
Project 2: Windows 2016 Server Virtual Machine (20 Points) (rev. 12-24-17)
Project 3: Taking Control of a Server with Armitage (15 points) (rev. 2-21-18)
Project 4: Creating Infectious Media with Metasploit (15 pts.) (rev. 2-3-18)
Project 5: Port Scans and Firewalls (20 pts.) (revised 9-7-16)
Project 6: Analyzing Types of Port Scans (20 pts.) (revised 9-12-13)
Project 7: Essential Linux (15 pts.) (rev. 12-24-17)
Project 8: Programming in C on Linux (15 pts.) (revised 10-18-17)
Project 9: Introduction to Scapy (15 pts.) (rev. 10-3-13)
Project 10: TCP Handshake with Scapy (15 pts.) (revised 7-5-17)
Project 11: Cookie Replay (15 pts.) (rev 3-18-17)
Project 12: Cracking Linux Password Hashes with Hashcat (15 pts.) (rev. 3-25-17)
Project 13: Reset Windows Password with an Install Disk (15 pts.) (rev. 3-22-18)
Project 14: HTTP Basic Authentication (10 pts.) (Updated 12-24-17)
Project 15: PicoCTF (20 pts.) (Updated 3-9-17)

Project 16: Attacking Apache with the
OWASP HTTP DoS Tool (15 pts.)
(rev. 10-27-16)

       Download HttpDosTool3.6.zip
       Download HttpDosTool4.0.zip

Project 17: yesman Honeypot with scapy (15 pts.) (rev. 4-19-17)
Project 18: Cracking Windows Passwords with Cain and Abel (15 pts.) (revised 4-19-17)
       Alternate download location for Cain (7-zip archive, password sam)

Project 19: SQL Injection Challenges
(20 pts + 10 pts. extra) (rev. 4-22-17)

Project 20: Exploiting SQLi with Havij and Input Filtering (15 pts) (rev. 3-29-17)
Project 21: Hijacking HTTPS Sessions with SSLstrip (15 pts.) (revised 10-5-17)

Extra Credit Projects

Binary Games (up to 40 pts. extra credit)
Project X1: Subnet Exercises (10 pts. extra credit)

Project X3: Using a Hardware Keylogger (10 pts. extra credit)
Project X4: Padding Oracle Attack (15 pts. + 20 pts. extra credit)
Project X5: Encrypted Email (15 pts. extra credit) (Rev. 11-10-16)
Project X6: Reverse-Engineering an Authentication Cookie (15 pts. extra credit) (rev. 2-24-18)

Project X8: Password Guessing Games (up to 30 pts.) (URL fixed 4-22-13)
Project X9: Password Brute Force Challenges (up to 40 pts.)
Project X10: Quantum Computing with IBM Q (Up to 25 pts.)
Project X11: Detecting Promiscuous NICs with scapy (10 pts.) (rev. 11-10-16)

Project X13: ARP Spoofing with scapy (10 pts.) (Updated 11-1-16)

Project X15: PicoCTF (Up to 20 pts. extra credit) (Updated 3-9-17)
Project X16: Cracking Windows Password Hashes with Hashcat (15 pts.) (rev 12-8-16)
Project X17: CodeCademy (up to 40 pts.)
Project X18: Lockpicking (up to 40 pts.)

Project 22x: Student Presentation (Usually 15 pts.)

Links

Links From Lectures

Ch 1a: Robert Bruen's review of the textbook
Ch 1b: Wired News: Ethical Hacking Is No Oxymoron
Ch 1c: EC-Council | Certified Ethical Hacker Certification
Ch 1d: EC-Council | Code of Ethics
Ch 1e: Run Away From The CEH Certification
Ch 1f: ISECOM - OPST Accredited Certification
Ch 1g: Rate My Network Diagram
Ch 1h: RE: OPST and CEH Certifications
Ch 1i: SANS Institute - Network and Computer Security Training
Ch 1j: SANS Top-20 Internet Security Attack Targets (2006 Annual Update)
Ch 1k: CCSF COMPUTER USAGE POLICY
Ch 1l1: Lycos starts anti-spam screensaver plan: Dec 2, 2004
Ch 1l2: Lycos Pulls Anti-Spam 'Vigilante' Campaign -- Dec 3, 2004
Ch 1l3: Lycos's Spam Attack Network Dismantled -- Spammers sent the DOS packets back to Lycos -- Dec 6, 2004
Ch 1m: Blue Frog begins its "vigilante approach" to fight spam -- July, 2005
Ch 1n: Russian spammer fights back, claims to have stolen Blue Frog's database, sends threating email -- DOS attack in progress -- May 2, 2006
Ch 1o: Blue Frog compromised and destroyed by attacks, urgent instructions to uninstall it, the owners have lost control -- May 17, 2006
Ch 1p: Call for help creating distributed, open-source Blue Frog replacement -- May 17, 2006
Ch 1q: Linux update becomes terminal pain
Ch 1r: Permission Memo for Penentration Testing
Ch 1s: Freed LulzSec hacker banned from contacting Anons, wiping data
Ch 1t: The Secret Anarchy of Science sales rocket after Jake Davis seen clutching a copy
Ch 1u: Leading Member of LulzSec Hacker Squad Arrested in London (from 2011)
Ch 1v: Ryan Cleary: 'Hacker' accused of bringing down 'British FBI' site
Ch 1v: How I Out-Hacked a LulzSec Member
Ch 1w: Stay Out of Anonymous

Ch 2a: Header Format
Ch 2b: List of assigned /8 IP address blocks
Ch 2c: A Binary Primer
Ch 2d: Classful network
Ch 2e: How to Obscure Any URL
Ch 2f: Obscuring a URL (demonstration for lecture)
Ch 2g: Warriors of the Net - The Story
Ch 2h: Statistical Weaknesses in TCP/IP Initial Sequence Numbers
Ch 2i: The Sorceror\'s Apprentice Syndrome in TFTP

Ch 3 Lecture Demo: Companion Trojan 1
Ch 3 Lecture Demo: Companion Trojan 2
Ch 3 Lecture Demo: Hacker Defender Rootkit Part 1
Ch 3 Lecture Demo: Hacker Defender Rootkit Part 2
Ch 3a: Base64 Encoding Explained
Ch 3b: Base64 Online - base64 decode and encode
Ch 3c: Melissa Worm and I Love You Worm Source Codes
Ch 3d: Computer Virus Generator Kits
Ch 3e: Animated GIF of Code Red Spreading (4 MB)
Ch 3f: CAIDA : analysis : security : code-red
Ch 3g: Worm infects ATM machines of two US financial institutions (Nov. 26, 2003)
Ch 3h: Trend brings out ATM Antivirus Product
Ch 3i: ATM Machine and Windows XP Images
Ch 3j: Worm hits Windows-based ATMs
Ch 3k: Shortcut Trojan
Ch 3l: Microsoft takes down barrier in Vista firewall
Ch 3m: Zonelabs ZoneAlarm vs Windows Vista Firewall vs XP SP2
Ch 3n: Ping of death - Wikipedia
Ch 3o: Bump Keys
Ch 3p: IC Card Locks
Ch 3q: How to unlock a car with a tennis ball
Ch 3q: Windows Trojan Vulnerability: MS00-052: Registry-Invoked Programs Use Standard Search Path
Ch 3r: Base64 Explained
Ch 3s: Windows DLL-loading security flaw puts Microsoft in a bind (2010)
Ch 3t: How to use MIcrosoft\'s workaround for the DLL Hijacking vulnerability
Ch 3u: Code Red Animations from CAIDA
Ch 3v: Viruses stole City College of S.F. data for years --FUD
Ch 3w: Microsoft DLL Hijacking Exploit in Action
Ch 3x: The Ping of Death returns, IPv6-style (2013)
Ch 3y: Los Angeles college pays $28,000 in ransomware (1-10-17)
Ch 3z: The Ultimate Guide to Angler Exploit Kit for Non-Technical People

Ch 4a1: Download Java SE Development Kit 6 Update 4
Ch 4a: Parosproxy.org - Web Application Security
Ch 4b: Bugnosis Web Bug Detector
Ch 4c: RFC 2616 (rfc2616) - Hypertext Transfer Protocol -- HTTP/1.1
Ch 4d: Specification of HTTP/1.1 OPTIONS messages
Ch 4e: Lock IT Down: Block DNS zone transfers to protect your servers
Ch 4f: Web Bugs: Nearly undetectable tracking device raises concern
Ch 4g: The Web Bug FAQ
Ch 4h: Demonstration Page with a Web Bug
Ch 4i: WebGoat Project - OWASP
Ch 4j: Ghostery :: Add-ons for Firefox -- Detects Web Bugs
Ch 4k: Only 5 (all women) of 135 pass Defcon social engineering test
Ch 4l: Ghost in the Wires: My Adventures as the World*quot*s Most Wanted Hacker: Kevin Mitnick
Ch 4m: Mitnick fakes way into LA Telco Central Office - YouTube
Ch 4n: Anonymous speaks: the inside story of the HBGary hack
Ch 4o: Two thirds of San Franciscans gave up password for coffee (from 2005)

Ch 5a: Port scans legal, judge says (12/18/2000)
Ch 5b: Port Scanning and its Legal Implications (2004)
Ch 5c: Nmap Tutorial
Ch 5d: A Simple Guide to Nmap Usage
Ch 5e: YouTube - Trinity Nmap Hack - Matrix Reloaded
Ch 5f: Unicornscan
CH 5g: NetScanTools
Ch 5h: Nessus Vulnerability Scanner
Ch 5i: Nessus Technical Guide
Ch 5j2: A very simple nessus installation [Archive] - Ubuntu Forums
Ch 5j: How to install the vulnerability scanner Nessus | Ubuntu Linux
Ch 5k: fping - a program to ping hosts in parallel
Ch 5m: Hping - Wikipedia, the free encyclopedia
Ch 5n: Tutorial: Hping2 Basics
Ch 5o: Smurf attack - Wikipedia, the free encyclopedia
Ch 5p: Preventing Smurf Attacks
Ch 5q: Advanced Bash-Scripting Guide
Ch 5r: Kon-Boot -- Reset Windows & Linux Passwords

Ch 6a: NetBios Howto
Ch 6b: NetBIOS NULL Sessions: The Good, The Bad, and The Ugly
Ch 6c: Null session attacks: Who's still vulnerable?
Ch 6d: NULL sessions restrictions of server and workstation RPC operations
Ch 6e: Null session in Windows XP
Ch 6f: Listing usernames via a null session on Windows XP
Ch 6g: Download Winfo -- NetBIOS Null Session Enumeration Tool
Ch 6h: NetBIOS Suffixes (16th Character of the NetBIOS Name)
Ch 6i: NetScanTools.com
Ch 6j: SystemTools.com - DumpSec and Hyena
Ch 6k: Description of the Windows File Protection feature
Ch 6l: OpenVAS emerges as free alternative to Nessus
Ch 6m: OpenVAS - OpenVAS - Open Vulnerability Assessment System Community Site
Ch 6n: Bill Gates: Trustworthy Computing (from 2002)

Ch 7a: Where are the C libraries? [Archive] - Ubuntu Forums
Ch 7b: Why Windows is less secure then Linux -- system call diagrams (updated link, works in March 2011)
Ch 7c: The Linux Kernel Map
Ch 7d: Cprogramming.com - Programming Tutorials: C++ Made Easy and C Made Easy
Ch 7e: We Are Morons: a quick look at the Win2k source || kuro5hin.org
Ch 7f: Linux: Fewer Bugs Than Rivals
Ch 7g: An IDA Primer--Disassembler
Ch 7h: Ubuntu Software - GHexedit | Hexeditor
Ch 7i: The GNU C Programming Tutorial -- scanf and avoiding buffer overflows
Ch 7j: Robert's Perl Tutorial
Ch 7k: Free Online Web Tutorials - CGI Perl Tutorial - How to use HTML with Perl for Web Data Collection and Processing
Ch 7l: Python On XP: 7 Minutes To 'Hello World!'
Ch 7m: ActiveState - ActivePython free Python open source language distribution
Ch 7n: Python Babysteps Tutorial
Ch 7o: The GNU Netcat -- Official homepage
Ch 7p: Opening TCP Sockets in ActivePython 2.4
Ch 7q: Writing Buffer Overflow Exploits - a Tutorial for Beginners
Ch 7r: Simple Package management with Synaptic Package Manager in Ubuntu -- Debian Admin
Ch 7s: PEBrowse Professional Windows Disassembler
Ch 7t: codepad - Online interpreter for C, Perl, Ruby, and many other languages
Ch 7u: Ruby example--source code for adobe cooltype exploit
Ch 7v: Buffer overflow - Wikipedia
Ch 7w: 5000 Bugs caught in Pentium IV
Ch 7x: LOLCODE - Wikipedia
Ch 7y: Code School - CAN HAS LOLCODE
Ch 7z: Brainfuck - Wikipedia

Ch 8a: Microsoft Baseline Security Analyzer (MBSA)
Ch 8b: Winfingerprint.com
Ch 8c: CVE - Common Vulnerabilities and Exposures
Ch 8d: NetBIOS protocol, netbeui over TCP, server message blocks
Ch 8e: NetBIOS - Wikipedia
Ch 8f: NetBios NetBEUI NBF Networking Introduction
Ch 8g: How To Configure TCP/IP Networking While NetBIOS Is Disabled in Windows 2000 Server
Ch 8h: samba without netbios
Ch 8i: The SMB Man-In-the-Middle Attack -- Example hashes here
Ch 8j: SmbRelay captures NTLM hashes
Ch 8k: L0phtCrack - It's over
Ch 8l: ettercap - man in the middle attacks on LAN
Ch 8l: Irongeek's Wall of Social Science Majors (inspired by the Wall of Shame/Wall of Sheep)
Ch 8m: Ettercap tips and tricks
Ch 8n: CIFS: A Common Internet File System
Ch 8o: CIFS: Common Insecurities Fail Scrutiny
Ch 8o: Winsock - Wikipedia
Ch 8p: Microsoft Security: IIS Lockdown Tool
Ch 8q: Top 10 Vulnerability Scanners
Ch 8r: Wall of Sheep - I see stupid people
Ch 8s: Wall of Sheep at DEFCON illustrates what not to do
Ch 8w: Tripwire Tutorial -- Signature-based intrusion detection
Ch 8x:Null session in Windows XP
Ch 8y: Null session attacks: Who's still vulnerable?
Ch 8z: Server Message Block - Wikipedia, the free encyclopedia
Ch 8za: Full Disclosure: Windows Vista/7 : SMB2.0 NEGOTIATE PROTOCOL REQUEST Remote B.S.O.D.
Ch 8zb: Laurent Gaffié blog: More explication on CVE-2009-3103
Ch 8zc: Laurent Gaffié blog: Windows 7 / Server 2008R2 Remote Kernel Crash
Ch 8zd: Microsoft Security Intelligence Report Volume 8
Ch 8ze: This is how Windows get infected with malware
Ch 8zf: Browser share results (10-3-2011)
Ch 8zg: Windows 8.1 stops pass-the-hash attacks (10-3-13)
Ch 8zh: Pass the Hash Mitigation Slides
Ch 8zj: Selecting all PUPs
Ch 8zk: CVE List Master Copy

Ch 9a: Windows Embedded - Wikipedia
Ch 9b: Windows Embedded Server Products Evaluation Registration Site
Ch 9c: Windows Embedded Server
Ch 9d: Microsoft® Server with Embedded Licensing Product Guide
Ch 9e: Psyb0t - Infected Routers
Ch 9f: Nasty New Worm Targets Home Routers, Cable Modems
Ch 9g: Excuse me while I turn off your pacemaker
Ch 9h: The Router Hacking Contest Results
Ch 9i: Hacking into HP LaserJet Printers
Ch 9j: AURORA test validated fears of Dept. of Homeland Security
Ch 9k: Schneier on Security: Stuxnet
Ch 9l: Was Stuxnet built to attack Iran\\\'s Nuclear Program?
Ch 9m: Iran confirms massive Stuxnet infection of industrial systems
Ch 9m: Iran may have executed nuclear staffers over Stuxnet
Ch 9n: Malicious Software Turns Your Cell Phone Against You
Ch 9o: Protecting the pre-OS environment with UEFI - Building Windows 8
Ch 9o: How the TPM Prevents Rootkits
Ch 9q: Remotely Administer a Server with DRAC - YouTube
Ch 9r: SHODAN finding Dell DRAC systems
Ch 9s: Reverse Engineering a D-Link Backdoor
Ch 9t: OpenWrt in VMware Fusion
Ch 9u: openwrt

Ch_10a: Sam's Feedback Form (HTML)
Ch_10b: Sam's CGI Script in Perl
Ch_10c: Netcraft: Web Server Survey Archives
Ch_10d: ASP Examples
Ch_10e: ASP Basic Example -- Source code for clock
Ch_10f: ASP Clock Running (source code is not visible)
Ch_10g: Apache HTTP Server - Wikipedia, the free encyclopedia
Ch_10h: The Apache Software Foundation
Ch_10i: PHP - Wikipedia, the free encyclopedia
Ch_10j: Recursive acronym
Ch_10k: Hello World in PHP (source code not visible)
Ch_10l: Source Code for Hello World in PHP
Ch_10m: M-049: Multiple PHP Vulnerabilities
Ch_10n: Hardened-PHP Project - PhP Security - Advisory 01/2004
Ch_10o: ColdFusion - Wikipedia
Ch_10p: Macromedia ColdFusion Vulnerabilities
Ch_10q: ColdFusion Error Page Cross-Site Scripting Vulnerability
Ch_10r: VBScript Example -- works in IE, not in Firefox
Ch_10s: Firefox FAQ -- no support for VBScript
Ch_10t: Microsoft Security Bulletin MS02-009 -- Incorrect VBScript Handling in IE can Allow Web Pages to Read Local Files
Ch_10u: Stack overflow vulnerability in Internet Explorer exploitable trough VBScript and JScript scripting engines.
Ch_10v: JavaScript Example -- Works in IE and Firefox
Ch_10w: JavaScript vulnerabilities surface in multiple browsers
Ch_10x: ODBC, OLE DB, and ADO Explained by a Microsoft Developer
Ch_10y: Form Demonstration -- maxlength property and GET method
Ch_10za: Cross-site scripting - Wikipedia
Ch_10zb: How to install Java on Ubuntu Linux
Ch_10zc: Installing Sun Java(TM) JRE 1.6.0 (Mustang) in Ubuntu Edgy and Dapper � Tuxicity%u2019s source
Ch_10zd: Install tomcat 5.5 - Ubuntu Document Storage Facility
Ch_10ze: WebGoat Installation - OWASP
Ch_10zf: Space Program Blog: Installing Java 5 JDK and Tomcat on Ubuntu (using VMWare)
Ch_10zg: Radarhack -- Getting Started with WebGoat
Ch_10zh: IIS Unicode Vulnerability Explained
Ch_10zi: Download cgiscan.c here
Ch_10zj: phfscan.c source code
Ch_10zk: Explanation of the PHF bug
Ch_10zl: HOW TO: Use Wfetch.exe to Troubleshoot HTTP Connections
Ch_10zm: An example of an overly informative error message on SourceForge
Ch_10 zm2: An overly informative error message I saw on 1-22-08
Ch_10zn: Introduction to Input Validation with Perl
Ch_10zo: The Unexpected SQL Injection
Ch_10zp: Hello PHP page - running PHP code
Ch_10zq: Hello PHP Page - Source Code
Ch 10 zr: Wapiti - Web application security auditor
Ch 10 zr: A Profile of Chicago Hacker Jeremy Hammond, and the Police Work That Captured Him
Ch 10zq: Dissecting the SQL Injection Tools Used By Hackers

Ch_11a: Wlan defaults - Rexploit (archived from 2005)
Ch_11b: 3Com OfficeConnect ADSL Wireless 11g Firewall Router Authentication Bypass Vulnerability
Ch_11c: Channel Deployment Issues for 2.4-GHz 802.11 WLANs - Cisco Systems
Ch_11d1: Direct-sequence spread spectrum - Wikipedia
Ch_11d: Spread spectrum - Wikipedia
Ch_11e: Cheating CHAP Authentication -- works like session hijacking
Ch_11f: Point-to-Point Protocol - Wikipedia
Ch_11g: ASLEAP -- Cracks Cisco's LEAP Authentication
Ch_11h: Extensible Authentication Protocol - Wikipedia
Ch_11i: Wireless LAN Security Site -- 802.11 Vulnerabilities
Ch_11j: X.509 - Wikipedia
Ch_11k: IEEE 802.1X - Wikipedia
Ch_11l: Cracking WEP with Windows XP
Ch_11m: How to crack a WEP key using Ubuntu
Ch_11n: New attack cracks WEP in record time
Ch_11o: NetStumbler.com
Ch_11p: AirSnort Homepage
Ch_11q: SourceForge.net: AirSnort
Ch_11r: AirSnort and WEPCrack compared
Ch_11s: fakeAP
Ch_11t: Installing Wireless Cards in Ubuntu
Ch_11u: Orinoco Drivers With Monitor Mode In 6.10 (Edgy Eft) - Ubuntu Forums
Ch_11v: How To Crack WEP - Part 1: Setup & Network Recon
Ch_11w: Remote-Exploit.org - Supplying offensive security products to the world
Ch_11x: Aircrack-2.3 Windows (Wireless WEP crack)
Ch_11y: Orinoco Monitor Mode Patch Page -- Shmoo Group
Ch_11z: Red Hat 8.0 Kismet - HOWTO - Includes Orinoco Cards in Monitor Mode
Ch_11za: BackTrack 2 Final : how to make Fake Access Points with fakeap.pl
Ch_11zb: Debunking the Myth of SSID Hiding
Ch_11zc: IEEE 802.11 - Wikipedia
Ch_11zd: Aerohive 802.11n Access Point Fastest--264 Mbps
Ch_11ze: Download VistaStumbler 1.10 - A powerful network discovery tool optimized for Windows Vista
Ch_11zf: Changing Your MAC Address In Window XP/Vista, Linux And Mac OS X (Sometimes known as MAC spoofing)
Ch_11zg: Bluetooth - Wikipedia
Ch 11zh: IEEE 802.11n-2009 - Wikipedia
Ch 11zi: CLEAR | High-Speed Mobile 4G Wireless Internet Service with WiMAX
Ch 11zj: Wi-Fi Protected Access - Wikipedia
Ch 11zk: FHSS and DSSS explained: 79 channels v 11 channels
Ch 11zl: Verizon dubs sec researchers \"Narcissistic Vlnerability Pimps\"
Ch 11zm: Reaver cracks WPS in 19 hoursr
Ch 11zn: Sprint raising $2 billion, may throw some dough Clearwire's way -- Moving to LTE
Ch 11 zp: List of NICs that can crack WEP
Ch 11zq: WiGig is great, but it won't replace your Wi-Fi network (2013)
Ch 11zr: Dell D5000 Wireless Dock with WiGig - YouTube
Ch 11zs: 4G me not: WiMax isn\'t LTE and is going away at Sprint resellers (2014)
Ch 11zt: CCSF Wardriving Results

Ch_12a: Enigma machine - Wikipedia
Ch_12b: Enigma Simulator
Ch_12c: First Steganographic Image in the Wild
Ch_12d: A Brute Force Search of DES Keyspace
Ch_12e: DeCSS - Wikipedia
Ch_12f: Why the DVD Hack Was a Cinch -
Ch_12g: Illegal prime - Wikipedia
Ch_12h: EFF: DES Cracker Project
Ch_12i: Triple DES - Wikipedia
Ch_12j: Advanced Encryption Standard - Wikipedia
Ch_12j: Oracle Weblogic Server - Wikipedia
Ch_12k: International Data Encryption Algorithm - Wikipedia
Ch_12l: RC5 - Wikipedia
Ch_12m: distributed.net--Cracking RC5-72
Ch_12n: Diffie-Hellman key exchange - Wikipedia
Ch_12o: Digital signature - Wikipedia
Ch_12p: SHA hash functions - Wikipedia
Ch_12q: Cryptographic hash functions Compared
Ch_12r: Birthday attack - Wikipedia
Ch_12s: oxid.it - Home of Cain & Abel Windows Password Cracker
Ch_12za: LM hash - Wikipedia - Excellent explanation of how Ophcrack works
Ch_12zb: How to prevent Windows from storing a LAN manager hash of your password in Active Directory and local SAM databases
Ch_12zc: Ophcrack--Windows password cracker
Ch_12zd: Recover A Password in Linux | Ubuntology
Ch_12ze: 109-bit Elliptic Curve Cryptography knocked over with brute force
Ch_12zf: Pretty animated demonstration of the Rindjael encryption algorithm
Ch_12zg: The Hash Function Lounge
Ch12zh: Explanation of key sizes: 1024 bit RSA is like 80-bit symmetric
Ch 12zi: Moore's Law - Wikipedia
Ch 12zj: SSLSTRIP attack documents (From Sam Bowne's Defcon Presentation 2009)
Ch 12zk: Null Character Hack Allows SSL Spoofing
Ch 12zl: Good explanation of the renegotiation SSL/TLS Vulnerability
Ch 12zm: Apache2 Basic Authentication
Ch 12zn: Basic Authentication
Ch 12zo: Hoping to avert "collision" with disaster, Microsoft retires SHA1
Ch 12zp: TLS / SSL - Google Chrome SHA-1 Deprecation Explained
Ch 12zq: Transition from SHA-1 to SHA-2 Certificates | Symantec
Ch 12zr: SHA-2 Certificate Solutions | DigiCert.com
Ch 12zq: SSL Server Test (Powered by Qualys SSL Labs)
Ch 12zs: College SSl Certificates Tested in 2014
Ch 12zt: SSL Certificates at Banks
Ch 12zu: NSA Suite B Cryptography (Aug., 2015)
Ch 12zv: Why Algebraic Eraser may be the riskiest cryptosystem you\'ve never heard of (Nov., 2015)
Ch 12zw: Stop using NSA-influenced code in our products, RSA tells customers (2013)
Ch 12zx: NOBUS - Wikipedia
Ch 12zy: CNSA Suite and Quantum Computing FAQ (2016)
Ch 12zz: Silent Circle ditches NIST cryptographic standards to thwart NSA spying (2013)
Ch 12zz1: RC4 crypto: Get RID of it already, say boffins (2015)
Ch 12zz2: SHA1 algorithm securing e-commerce and software could break by year\'s end (Oct, 2015)
Ch 12zz3: How the NSA can break trillions of encrypted Web and VPN connections (Oct, 2015)

Ch_13a: Router - Wikipedia
Ch_13b: Cisco 2600 Series Multiservice Platforms
Ch_13c: Cisco 2600 Series Security Advisories
Ch_13d: Michael Lynn - Wikipedia
Ch_13e: Michael Lynn's controversial Cisco security presentation
Ch_13f: Schneier on Security: Cisco Harasses Security Researcher
Ch_13g: Michael Lynn's PDF file is linked near the bottom of this page
Ch_13h: Juniper hires Cisco hacker -- fixes flaws in IOS
Ch_13i: Firewall Debate: Hardware vs. Software
Ch_13j: Firewall Access Control List Rules
Ch_13k: Cisco PIX Firewall and VPN Configuration Guide
Ch_13l: Teardrop Attack - Wikipedia
Ch_13m: Microsoft ISA Server: Product Overview
Ch_13n: Application Filters Provided with ISA Server 2006
Ch_13o: Intrusion Detection FAQ: How do you implement IDS (network based) in a heavily switched environment?
Ch_13p: Project Honey Pot
Ch_13q: Capture - The High Interaction Client Honeypot/ Honeyclient
Ch_13r: Open Source Honeypots: Learning with Honeyd
Ch_13s: ISA Server and Forefront Threat Management Gateway Public Beta Available Here (as of 12-4-08)
Ch 13t: Web Application Firewall - OWASP
Ch 13u: Web Application Firewall - The Market Leading Web Application Firewall
Ch 13v: A Chinese ISP momentarily hijacks the Internet (again)
Ch 13w: Cisco ASA 5500 Series Adaptive Security Appliances
Ch 13x: The Center for Internet Security
Ch 13y: RedSeal Systems - Redseal Network Advisor
Ch 13z1: Aurora Attack--Resistance Is Futile, Pretty Much
Ch 13z2: Can Aurora attacks be prevented?
Ch 13z3: Google attack part of widespread spying effort
Ch 13z4: Network Hijackers Exploit Technical Loophole -- IP Hijacking via BGP
Ch 13z5: How Hacking Team Helped Italian Special Operations Group with BGP Routing Hijack (2015)
Ch 13z6: DDoS Mitigation Firm Has History of Hijacks (Sept., 2016)

l_14a: compatible_cards [Aircrack-ng]
l_14b: Cant get orinoco into monitor mode with NG
l_14c: Wi-Foo: The Secrets of Wireless Hacking: Books: Andrew Vladimirov,Konstantin V. Gavrilenko,Andrei A. Mikhailovsky
l_14d: PRISM GT Technical Information
l_14e: Injection Test Results: WUSB54Gv4, WT111v2, Edimax EW-7318USG, and Intel IPW2200
l_14f: Question regarding usb adapter and linux
l_14g: Driver found for PrismGT Chipset
l_14h: Host AP Linux driver for Intersil Prism2/2.5/3 wireless LAN cards and WPA Supplicant
l_14i: How to get the TEW424ubv2 Wi-Fi Dongle working in Linux with NDISwrapper
l_14j: Wireless Card Modes Explained: Master, Manager, Ad-hoc, Monitor
l_14l: Orinoco Monitor Mode Patch Page
l_14m: MadWifi - Drivers for many wireless NICs
l_14n: BackTrack from Remote-Exploit.org - Supplying offensive security products to the world
l_14n: Linuxant - DriverLoader for Wireless LAN devices
l_14o: NDISwrapper - Use Windows Drivers in Linux
l_14p: How To Crack WEP with Linux and Packet Injection
l_14q: Aircrack-ng -- WEP cracker for Windows or Linux
l_14r: Tutorial - Cracking WEP with Windows XP pro.
l_14s: How to crack WEP with BackTrack 2
l_14t: WLAN Adapter Chipset Directory
l_14u: Yet Another Easier Workaround for Packet Injection with Aireplay in Windows
l_14v: Re: Legality of WEP Cracking
l_14w: E-Mail Privacy in the Workplace
l_15a: About SSL/TLS
l_15b: Huge Collection Of Hack Tutorial Videos
l_15c: dsniff -- Linux Package for Man-in-the-Middle Attacks
l_15d: Old SSL Vulnerability in Internet Explorer - Certificate Chain
l_15e: Circumventing SSL with Ettercap Video

Miscellaneous Links

Robtex - great DNS analysis tool
YouTube - Reset Passwords on Windows XP and Vista using Backtrack 4 - Captions and Voice Included
WebGoat Notes--Learn Web App Security
Ubuntu 10.0.4, VMware and No Keyboard : Solo Technology
Warning about VMWare Player and new Ubuntu 10.04
How to reset domain admin password on Windows Server 2008--Utilman
Exploiting the LNK Vulnerability with Metasploit
Decrypting SSL traffic with Wireshark, and ways to prevent it
EVIL-PDF-ATTACK-FILE-for-classroom-demo
Port Scanner Challenge: Nmap, Unicornscan, PortBunny -- UnicornScan is 5x faster than Nmap
Proj 10: ActivePython Downloads - old versions here
Old Version of Adobe Acrobat Reader Download - OldApps.com
Metasploit Unleashed - Mastering the Framework--awesome course
Metasploit Class Videos from Irongeek
Smashing the stack in 2010 (improved)
Great video taking over a domain with Metasploit--Good Pentesting Techniques
Old versions of Adobe Acrobat Reader straight from Adobe
Death of an ftp client / Birth of Metasploit modules; Excellent tutorial about fuzzing & metasploit
Penetration Testing and Vulnerability Analysis - WIndows Exploitation 101
How to Break Into a Mac (And Prevent It from Happening to You)
Wardriving FAQ -- Wardriving is not illegal
A SANS article on the legality of wardriving
New Snort rules to stop Rockwell & other SCADA attacks (10-5-110

HUGE list of vulnerable Web apps to use for training
2011-12-26: STRATFOR leaked accounts (10257 passwords recovered) - Pastebin.com
Free Online Computer Security Class from Berkeley & Stanford
How to bypass an antivirus --INTERESTING PROJECT IDEA
Download Ez7z for Mac - Easy-to-use p7zip archiver. MacUpdate.com
List of online hacking games
Nessus 5.0 is Here Tenable Network Security
Enter Bios Settings and Boot from CDROM with VMware Fusion

Windows Credentials Editor (WCE) FAQ
Mapping Defenses Using the Cyber Kill Chain -- COMPARE TO CNIT 123 TEXTBOOK
How to setup Dark Comet RAT (with download and pictures) : hacking
Free CEH Study Guide (v8, from 2014)
Shark 3 RAT -- POSSIBLE PROJECT
DarkComet RAT Flames Out
airdecap-ng Aircrack-ng -Decrypts WEP and WPA packets -- ADD TO PROJECT

Warriors of the Net HD - YouTube - good version as of Jan 2015
How to rekey a lock 101 - YouTube -- IT WORKS!
2012-05-02: Linux Memory Images
KBeast -- New Linux Rootkit (from 12-31-11)
Learn to code Codecademy
Penetration Testing with BackTrack Training - $700 online classes with certification
Scapy cheat sheet
Reset a Windows 8 Password without using any third party software
Cheat Sheet for Pen Testing
Reset Admin Password on Mac OS X
2013-01-27: Cookie Cadger Slides
VulnHub - Vulnerable By Design--VMs to exploit!
The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy (Syngress Basics Series) (9781597496551) -- Another instructor recommends this book
VulnHub - Vulnerable By Design -- Excellent projects here!
illSecure -- Very Easy Hacking Games
BackBox Linux -- Italian security distro
Resources for Aspiring Penetration Testers
HiJetter -- Printer Exploitation Tool
Live BGP Updates
The Bro Network Security Monitor
Teardrop Attack in Scapy
Cracking Linux, Windows, Wordpress, and Drupal Password Hashes with Hashcat and John
Pentest training games--vulnerable systems and Web apps
Scapy explained by its author -- EXCELLENT
LDAP INJECTION DEMO FOR CLASS
Hash Identifier python script
24 Great E-Books On Ethical Hacking
Codebashing SQLi Tutorial
Five-way TCP Handshake defeats firewalls
HacmeBank & HacmeCasino in the Cloud
Learn Python the Hard Way
HTPasswd Tutorial
Notifying Owners of Infected Wordpress Servers -- POTENTIAL PROJECT
The Difference between CIFS and SMB
The story of a pentester recruitment -- SHOW TO CLASS
Download Metasploitable - Intentionally Vulnerable Machine | Rapid7
Cracking WEP with Cain on Windows and an AirPCap Card
Password Cracking Slides by IronGeek
Linux DHCP Configuration--use Debian instructions for Kali
2015-07-10: HttpDosTool 4.01 -- WORKS ON WINDOWS 8.1
OverTheWire: Wargames and Linux Lessons
How Yahoo was forced to give data secretly to the NSA Prism project (from 2014) -- IMPORTANT PRECEDENT
Live BGP Updates over Telnet
How to rekey a lock 101 - HOW TO PREPARE LOCKPICKING TRAINING LOCKS
The Tricky Encryption That Could Stump Quantum Computers (from Sept., 2015)
Warriors of the Net - TeacherTube
CA Lockpick Law -- Demonstrates that TOOOL is correct
RECOMMENDED LOCKPICK KIT: Ehdching 24pcs Single Hook Locksmith Tools 1pcs Professional Cutaway Practice Padlock - - Amazon.com
Recommended Locks from Deviant Ollam
Lockpicking Legal issues - Lockwiki
Legality of lock picks, possessing burglary tools, lock picks legality
Manual for Kwikset Powerlock in S214
L0phtCrack Password Auditor - Download
md5cracker.org -- WORKED BETTER THAN JOHN
Lynis - Security auditing tool for Unix/Linux systems
Amazon.com: Universal TV Stand / Base Mount for 32" - 60" Flat-Screen Televisions -- May be needed for display case
Edit or remove cookies from Firefox's Developer Toolbar
RTL-SDR Tutorial: Analyzing GSM with Airprobe/GR-GSM and Wireshark
Web Application Pen-testing Tutorials With Mutillidae (Hacking Illustrated Series InfoSec Tutorial Videos)
Lockpicking Plastic Handcuffs -- ADD TO LOCKPICKING PROJECT

New Unsorted Links

Apache .htaccess file - Examples and Common Uses | DigitalOcean -- VERY USEFUL
A tcpdump Tutorial and Primer with Examples
Best tcpdump Tutorial and Primer with Examples
Add/Drop Procedure
virtual machine - Guest OS resolution (text too small) in vmware workstation 12 player
2017-09-27: DHS planning to collect social media info on all immigrants
Ch 8zl: Windows 10's "Controlled Folder Access" Anti-Ransomware Feature Is Now Live
Ch 9v: Mirai botnet -- Krebs on Security
Ch 9w: The Mirai Botnet Isn't Easy to Defeat
Ch 10zs: TIOBE Index -- popularity of programming languages
Ch 10zt: Serialization and Deserialization in Java
Ch 12-2017-1: 'First ever' SHA-1 hash collision calculated. All it took were five clever brains... and 6,610 years of processor time
Ch 12-2017-2: Google Online Security Blog: Announcing the first SHA1 collision
Ch 12-2017-3: SHAttered
USB LAN7500 Driver for Mac Adapter in S214
Metasploit: Not connecting to database
Ch 3za: NullArray/AutoSploit: Automated Mass Exploiter
Ch 3zb: Threat or menace? "Autosploit" tool sparks fears of empowered "script kiddies"
Fixing a Error in Kali Rolling Repository
AWS Educate -- Free AWS Credit for Students
How to install Kali Linux on Google Cloud
How to install Kali Linux on Google Cloud -- Penetration Testing
Using the gsutil Tool -- Google Cloud
GitHub - Wh1t3Rh1n0/deb2kali: A Script to Convert Debian Linux into Kali Linux
LionSec/katoolin: Automatically install all Kali linux tools
How to Install WAMP

Other Links

Last Updated: 5-7-18 7 am