Covert Hacking

 Insider attacks
 What is covert channel?
 Security Breach
 Why Do You Want to Use Covert Channel?
 Motivation of a Firewall Bypass
 Covert Channels Scope
 Covert Channel: Attack Techniques
 Simple Covert Attacks
 Advanced Covert Attacks
 Reverse Connecting Agents
 Covert Channel Attack Tools
    o Netcat
    o DNS tunnel
    o DNS Tunneling
        • Covert Channel Using DNS Tunneling
        • DNS Tunnel Client
        • DNS Tunneling Countermeasures
    o SSH reverse tunnel
        • Covert Channel Using SSH
        • Covert Channel using SSH (Advanced)
    o HTTP/S Tunneling Attack
    o Covert Channel Hacking Tool: Active Port Forwarder
    o Covert Channel Hacking Tool: CCTT
    o Covert Channel Hacking Tool: Firepass
    o Covert Channel Hacking Tool: MsnShell
    o Covert Channel Hacking Tool: Web Shell
    o Covert Channel Hacking Tool: NCovert
    o Covert Channel Hacking via Spam E-mail Messages
    o Hydan
    o Covert Channel Hacking Tool: NCOVERT

Writing Virus Codes

 Introduction of Virus
 Types of Viruses
 Symptoms of a Virus Attack
 Prerequisites for Writing Viruses
 Required Tools and Utilities
 Virus Infection Flow Chart
    o Step – I Finding file to infect
        • Directory Traversal Method
        • “dot dot” Method
    o Step – II Check viruses infection criteria
    o Step – III Check  for previous infection
        • Marking a File for Infection
    o Step – IV Infect the file
    o Step – V Covering tracks 
 Components of Viruses
 Functioning of Replicator part
 Diagrammatical representation
 Writing Replicator
 Writing Concealer
 Dispatcher
 Writing Bomb/Payload
 Trigger Mechanism
 Brute Force Logic Bombs
 Testing Virus Codes
 Tips for Better Virus Writing

Assembly Language Tutorial

 Number System
 Base 10 System
 Base 2 System
 Decimal 0 to 15 in Binary
 Binary Addition (C stands for Canary)
 Hexadecimal Number
 Hex Example
 Hex Conversion
 nibble
 Computer memory
 Characters Coding
 ASCII and UNICODE
 CPU
 Machine Language
 Compilers
 Clock Cycle
 Original Registers
 Instruction Pointer
 Pentium Processor
 Interrupts
 Interrupt handler
 External interrupts and Internal interrupts
 Handlers
 Machine Language
 Assembly Language
 Assembler
 Assembly Language Vs High-level Language
 Assembly Language Compilers
 Instruction operands
 MOV instruction
 ADD instruction
 SUB instruction
 INC and DEC instructions
 Directive
 preprocessor
 equ directive
 %define directive
 Data directives
 Labels
 Input and output
 C Interface
 Call
 Creating a Program
 Why should anyone learn assembly at all?
    o First.asm
 Assembling the code
 Compiling the C code
 Linking the object files
 Understanding an assembly listing file
 Big and Little Endian Representation
 Skeleton File
 Working with Integers
 Signed integers
 Signed Magnitude
 Two’s Compliment
 If statements
 Do while loops
 Indirect addressing
 Subprogram
 The Stack
 The SS segment
 ESP
 The Stack Usage
 The CALL and RET Instructions
 General subprogram form
 Local variables on the stack
 General subprogram form with local variables
 Multi-module program
 Saving registers
 Labels of functions
 Calculating addresses of local variables
 
Exploit Writing

 Exploits Overview
 Prerequisites for Writing Exploits and Shellcodes
 Purpose of Exploit Writing
 Types of Exploits
    o Stack Overflow
    o Heap Corruption
    o Format String
    o Integer Bug Exploits
    o Race Condition
    o TCP/IP Attack
 The Proof-of-Concept and Commercial Grade Exploit
 Converting a Proof of Concept Exploit to Commercial Grade Exploit
 Attack Methodologies
 Socket Binding Exploits
 Tools for Exploit Writing
    o LibExploit
    o Metasploit
    o CANVAS
 Steps for Writing an Exploit
 Differences Between Windows and Linux Exploits
 Shellcodes
    o NULL Byte
    o Types of Shellcodes
 Tools Used for Shellcode Development
    o NASM
    o GDB
    o objdump
    o ktrace
    o strace
    o readelf
 Steps for Writing a Shellcode
 Issues Involved With Shellcode Writing
    o Addressing problem
    o Null byte problem
    o System call implementation
 
Smashing the Stack for Fun and Profit

 What is a Buffer?
 Static Vs Dynamic Variables
 Stack Buffers
 Data Region
 Memory Process Regions
 What Is A Stack?
 Why Do We Use A Stack?
 The Stack Region
 Stack frame
 Stack pointer
 Procedure Call (Procedure Prolog)
 Compiling the code to assembly
 Call Statement
 Return Address (RET)
 Word Size
 Stack
 Buffer Overflows
 Error
 Why do we get a segmentation violation?
 Segmentation Error
 Instruction Jump
 Guess Key Parameters
 Calculation
 Shell Code
    o The code to spawn a shell in C
 Lets try to understand what is going on here. We'll start by studying main:
 execve()
    o execve() system call
 exit.c
    o List of steps with exit call
 The code in Assembly
 JMP
 Code using indexed addressing
 Offset calculation
 shellcodeasm.c
 testsc.c
 Compile the code
 NULL byte
 shellcodeasm2.c
 testsc2.c
 Writing an Exploit
 overflow1.c
 Compiling the code
 sp.c
 vulnerable.c
 NOPs
    o Using NOPs
    o Estimating the Location
 
Windows Based Buffer Overflow Exploit Writing

 Buffer Overflow
 Stack overflow
 Writing Windows Based Exploits
 Exploiting stack based buffer overflow
 OpenDataSource Buffer Overflow Vulnerability Details
 Simple Proof of Concept
 Windbg.exe
 Analysis
 EIP Register
    o Location of EIP
    o EIP
 Execution Flow
 But where can we jump to?
 Offset Address
 The Query
 Finding jmp esp
 Debug.exe
 listdlls.exe
 Msvcrt.dll
 Out.sql
 The payload
 ESP
 Limited Space
 Getting Windows API/function absolute address
 Memory Address
 Other Addresses
 Compile the program
 Final Code
 
Reverse Engineering

 Positive Applications of Reverse Engineering
 Ethical Reverse Engineering
 World War Case Study
 DMCA Act
 What is Disassembler?
 Why do you need to decompile?
 Professional Disassembler Tools
 Tool: IDA Pro
 Convert Machine Code to Assembly Code
 Decompilers
 Program Obfuscation
 Convert Assembly Code to C++ code
 Machine Decompilers
 Tool: dcc
 Machine Code of compute.exe Prorgam
 Assembly Code of compute.exe Program
 Code Produced by the dcc Decompiler in C
 Tool: Boomerang
 What Boomerang Can Do?
 Andromeda Decompiler
 Tool: REC Decompiler
 Tool: EXE To C Decompiler
 Delphi Decompilers
 Tools for Decompiling .NET Applications
 Salamander .NET Decompiler
 Tool: LSW DotNet-Reflection-Browser
 Tool: Reflector
 Tool: Spices NET.Decompiler
 Tool: Decompilers.NET
 .NET Obfuscator and .NET Obfuscation
 Java Bytecode Decompilers
 Tool: JODE Java Decompiler
 Tool: JREVERSEPRO
 Tool: SourceAgain
 Tool: ClassCracker
 Python Decompilers
 Reverse Engineering Tutorial
 OllyDbg Debugger
 How Does OllyDbg Work?
 Debugging a Simple Console Application

Source:
http://www.eccouncil.org/EC-Council%20Education/ceh-course-outline.htm

Don

I'm not sure if the self-study modules will be included on the exam as they're not listed in the course objectives. My CEH v5 class is next week so I'll make sure to follow up here and let you know.