Malicious Code
Shon Harris
The fast, powerful way to prepare for your SSCP exam!
Get all the hands-on training you need to pass (ISC)²’s tough SSCP exam, get certified, and move forward in your IT security career! In this online video, the world’s #1 information security trainer walks you through every skill and concept you’ll need to master. This online video contains over four hours of training adapted from Shon Harris’s legendary …
Malicious Code
Shon Harris
The fast, powerful way to prepare for your SSCP exam!
Get all the hands-on training you need to pass (ISC)²’s tough SSCP exam, get certified, and move forward in your IT security career! In this online video, the world’s #1 information security trainer walks you through every skill and concept you’ll need to master. This online video contains over four hours of training adapted from Shon Harris’s legendary five-day SSCP boot camps–including realistic labs, scenarios, case studies, and animations designed to build and test your knowledge in real-world settings!
Comprehensive coverage of SSCP domains of knowledge:
. Cookies
. Virus
. Passwords
. Home Page Hijacking
. Malicious Code Attacks
. Automatic Patch Management Solutions
About the Shon Harris Security Series
This online video is part of a complete library of books, online services, and videos designed to help security professionals enhance their skills and prepare for their certification exams. Every product in this series reflects Shon Harris’s unsurpassed experience in teaching IT security professionals.
Category: Security
System Requirements
OPERATING SYSTEM: Windows 2000, XP, or Vista; Mac OS X 10.4
(Tiger) or later
MULTIMEDIA: DVD drive; 1024 x 768 or higher display; sound card
with speakers
COMPUTER: 500MHz or higher CPU; 128MB RAM or more
Course Introduction 00:17:17
Domain 7 - Malicious Code 00:01:23
Vulnerabilities at Different Layers 00:00:36
Tiered Network Architectures 00:00:53
Sensitive Data Availability 00:02:00
Cookies 00:02:35
Find Out Where You Have Been 00:00:47
Pulling Data 00:01:03
Web Server Error Pages 00:00:36
Common Web Server Flaws 00:01:53
Improper Data Validation 00:01:22
Directory Traversal 00:02:00
Buffer Overflow 00:01:59
Cross Site Scripting Attack 00:01:31
Common SQL Injection Attack 00:01:38
CGI Information 00:02:38
Logging Activities 00:01:20
Best Practices 00:03:19
Agenda (1) 00:00:36
Are ALL Patches Applied? 00:00:45
Patching Process Chart 00:02:40
Patching Issues 00:01:41
Agenda 2 00:02:11
Boot Sector Invasion 00:00:47
Types of Viruses 00:00:52
More Malware 00:01:47
Blended Malware 00:01:21
Hoaxes 00:01:00
Agenda 3 00:03:51
Attack Characteristics 00:00:57
Disclosing Data in an Unauthorized Manner 00:01:50
Covert Storage Channel 00:01:28
Covert Timing Channel 00:01:35
Circumventing Access Controls 00:01:03
Attacks 00:01:46
Attack Type - Race Condition 00:01:35
Attacking Through Applications 00:02:24
How a Buffer Overflow Works 00:01:00
Watching Network Traffic 00:01:19
Traffic Analysis 00:01:17
Functionally Two Different Types 00:03:20
Double File Extensions 00:01:53
Denial of Service Definition 00:01:37
History of Denial of Service 00:00:49
Denial of Service Attacks 00:01:11
SYN Flood 00:01:21
SYN Attacks 00:01:54
SYN Attacks Defense 00:02:26
DDoS 00:03:31
Distributed DoS 00:00:45
DoS Tools 00:01:43
Other DDoS Variations 00:01:34
DDoS Defenses 00:04:51
DDoS Countermeasures 00:00:56
RPC Null Fragment Attack 00:02:56
Another Danger to Be Aware of…Spyware 00:01:54
New Spyware Is Being Identified Every Week 00:00:55
Passwords 00:05:52
Password Generators 00:01:33
Password Attacks 00:03:09
Rainbow Table 00:02:47
Countermeasures for Password Cracking 00:05:36
Cognitive Passwords 00:01:44
One-Time Password Authentication 00:00:49
Synchronous Token 00:02:13
One Type of Solution 00:01:07
Synchronous Steps 00:01:34
Challenge/Response Authentication 00:03:45
Asynchronous Steps 00:02:14
Cryptographic Keys 00:01:39
Passphrase Authentication 00:01:37
Memory Cards 00:00:49
Smart Card 00:02:06
Characteristics 00:01:39
Card Types 00:01:04
Home Page Hijacking 00:01:53
Webpage Defacement 00:00:45
Precautions 00:00:55
Password Verifier 00:00:36
Online Attack 00:00:52
Offline Attack 00:01:35
Salt 00:02:15
Ping 00:01:35
Ping of Death 00:02:08
Session Hijacking 00:01:06
Attack Steps 00:01:26
Spoofing 00:05:46
Man-in-the-Middle (MiM) Attack 00:05:22
Mobile Code with Active Content 00:02:00
Types of Mobile Code Attacks 00:03:55
Attacks and Exploits 00:02:01
JavaScript and Visual Basic Script 00:01:51
Structure and Focus of Malicious Code Attacks 00:04:20
Phases of an Attack 00:03:28
Reconnaissance 00:02:34
DNS Commands and Tools 00:01:13
Whois Tool Screen Capture 00:01:56
Tools 00:01:01
SNMP Tools 00:01:46
Port Scanning 00:00:55
Security Probes - Nessus 00:01:02
Access and Privilege Escalation 00:02:34
Hackers 00:06:22
Motivations 00:02:33
Internal Risk 00:08:07
Defense In Depth 00:01:26
Application Defenses 00:03:53
Operating System Defenses 00:02:59
Network Defenses 00:02:38
Anti-Virus Software 00:03:32
Patch Management 00:00:50
Issues with Patches 00:01:01
Automatic Patch Management Solutions 00:02:22
Vulnerability Management 00:02:30
Network Monitors and Analyzers 00:00:50
Content/Context Filtering 00:01:32
Honeypot 00:04:35
Honeynet 00:00:58
Attack Prevention Techniques 00:01:03
Safe Recovery Techniques and Practices 00:02:42
File Backup and Restoration Plan 00:01:17
Domain 7 Review 00:01:04
Course Closure 00:19:05