CEH Certification Resources

Chapter Links

Ch 2a: Man page of fping
Ch 2b: Fping download for Windows
Ch 2c: SuperScan - for Windows 2000 and XP Without SP 2
Ch 2d: Network Management Software Products - SolarWinds
Ch 2e: How to enable ICMP echo requests (Ping) in Windows XP (Service Pack 2)
Ch 2f: Can't Ping the Server 2003 SP 1
Ch 2g: What is port 113 used for?
Ch 2h: RPC Scan (- sR)
Ch 2h: THC-AMAP - fast and reliable application fingerprint mapper
Ch 2i: Insecure.Org - Nmap Free Security Scanner, Tools & Hacking resources
Ch 2j: Icmpenum information
Ch 2k: Download Icmpenum 1.0 for Linux - Icmpenum sends ICMP traffic for host enumeration. - Softpedia
Ch 2l: SANS Institute - Intrusion Detection FAQ: How can attacker use ICMP for reconnaissance?
Ch 2m: Phrack Magazine - Loki - ICMP Covert Channel
Ch 2n: ICMPQuery, remote host-type detection
Ch 2v: TCP Header Format
Ch 2w: Window Scan (- sW)
Ch 2x9: SourceForge.net: hping2
Ch 2x: The Window Scan explained very well
Ch 2y: How an RPC Scan Works
Ch 2z1: FTP Bounce Attack
Ch 2z2: IPEye - TCP port scanner (for Windows 2000 / XP Pre SP2)
Ch 2z3: ScanLine from Foundstone - Windows Command-Line Port Scanner
Ch 2z4: PortSentry and LogCheck from SourceForge.net: Sentry Tools
Ch 2z5: The Siphon Project: The Passive Network Mapping Tool
Ch 2z6: the new p0f
Ch 2z7: Cheops- ng - Screenshots
Ch 2z8: Tutorial: Hping2 Basics
Ch 2z9: ICMP Ping Sweep Detection on Windows

Ch 3a: dnsenum - DNSenum is a pentesting cool created to enumerate DNS info about domains
Ch 3b: Backtrack 5- DNSenum Information Gathering Tool
Ch 3c: How to use Fierce -- DNS Analysis perl script
Ch 3d: Restricting DNS Cache Snooping with Bind Configuration
Ch 3e: Grendel Scan Web Application Security Scanner -- in BackTrack
Ch 3f: Microsoft RPC Services
Ch 3f: Microsoft RPC Services
Ch 3g: winfingerprint
Ch 3h: Host Name Resolution in Windows
Ch 3i: nbtscan - NETBIOS nameserver scanner
Ch 3j: DumpSec download
Ch 3k: Project Camelot interviews Gary McKinnon
Ch 3l: Windows Enumeration: USER2SID & SID2USER
Ch 3m: NBTEnum 3.3 Download
Ch 3n: How to restrict access to the registry from a remote computer
Ch 3o: SNMP Tutorial
Ch 3p: DNS Version Scan Results

Ch 4a: 10 Most Common Passwords
Ch 4a1: Comprehensive List of password-guessing software
Ch 4b: IPsec filters in Windows
Ch 4c: IDS finds niche as analytical tools - Network World (2003)
Ch 4d: Setting Up an Intrusion Detection System - Networking Center - Network Computing (2004)
Ch 4e: Top 10 Password Crackers
Ch 4f: Elcomsoft Distributed Password Recovery
Ch 4f1: MITM Attack on Terminal Server (pdf)
Ch 4f2: Top 3 Vulnerability Exploitation Tools
Ch 4g: Microsoft Windows DCOM RPC Interface Buffer Overrun Vulnerability
Ch 4h: Microsoft Security Bulletin MS03-026
Ch 4i: eEye announcement of the LSASS Buffer Overflow
Ch 4j: Microsoft Security Bulletin MS04-011: Security Update for Microsoft Windows (835732)
Ch 4k: How to disable PCT 1.0, SSL 2.0, SSL 3.0, or TLS 1.0 in Internet Information Services
Ch 4l: Denmark builds XML-based Web services commerce network
Ch 4m: OASIS Security Services (SAML) TC - an XML-based framework
Ch 4n: Securing ASP Data Access Credentials Using the IIS Metabase
Ch 4o: ADOConn.Open - Google Code Search
Ch 4q: Security Guidance for IIS
Ch 4r: Gaining Administrator Access on NT with getadmin.exe
Ch 4s: MS03-013 - Buffer Overrun in Windows Kernel Message Handling could Lead to Elevated Privileges
Ch 4t: Service Changes for Windows Vista -- Session 0 Isolation means SYSTEM tasks can't be interactive
Ch 4u: Cracking Windows Vista Beta 2 Local Passwords (SAM and SYSKEY)
Ch 4v: Cracking Syskey and the SAM on Windows XP, 2000 and NT 4 using Open Source Tools
Ch 4w: How to use the SysKey utility to secure the Windows Security Accounts Manager database
Ch 4x: Windows NT/2000/XP/2003/Vista password crackers - recovery, auditing, and PWDUMP tools
Ch 4y: Password Recovery Software, ElcomSoft
Ch 4z-4: CacheDump - Recovering Windows Password Cache Entries
Ch 4z01: Full Disclosure: Windows XP Home LSA secrets stores XP login passphrase in plain text
Ch 4z02: Administrators can display contents of service account passwords in Windows NT
Ch 4z03: Auditing Cached Credentials With Cachedump
Ch 4z04: CacheDump - Recovering Windows Password Cache Entries
Ch 4z05: More information about Cachedump and countermeasures from Arnauld Pilon
Ch 4z06: cachebf - Tool for cracking Cached Logon Hashes
Ch 4z07: PsExec - remote execution tool
Ch 4z08: VNC feature comparison and download selector
Ch 4z09: RatForge.NET R.A.T and Computer Security Community
Ch 4z10: GoToMyPC : Remote Access to Your PC from Anywhere -- Secure PC Remote Access Software
Ch 4z11: LogMeIn Hamachi - Instant VPN Software for your PC
Ch 4z12: Foundstone, Inc.� Fpipe - Port Redirection Tool
Ch 4z13: Tripwire - Configuration Audit & Control Solutions
Ch 4z14: Process Explorer
Ch 4z15: Fport - Shows processes and ports
Ch 4z16: LADS - List Alternate Data Streams
Ch 4z17: BITLOCKER HACKED - Hard disk encryption defeated by recovering the key from RAM
Ch 4z18: Exploiting 802.11 Wireless Driver Vulnerabilities on Windows
Ch 4z19: TeamViewer - Free Remote Access and Remote Desktop Sharing over the Internet
Ch 4z20: NTLM Hash is MD4
Ch 4z21: Different Types of Hashes and Salts -- EXCELLENT RESOURCE
Ch 4z22: Mac OS X 10.8 Mountain Lion password hash algorithm
Ch 4z23: EFS doesn't set a default Data Recovery Agent in Win XP
Ch 4z24: Pass the Hash on Windows 8.1 with Instructions
Ch 4z25: Password Cracking, Hashes Dumping, Brute-Forcing, Auditing and Privileges Escalation Daniela Elmi IT Space
Ch 4z26: KerbCrack --cracks Windows Kerberos password hashes
Ch 4z27: Cracking Kerberos Passwords with KerbCrack -- DEMO
Ch 4z28: Attacking Kerberos Deployments (from 2010) -- GOOD EXPLANATION OF PREAUTHENTICATION
Ch 4z29: Excellent explanation of Pass The Hash, NTLM, and Kerberos from 2012

Ch 5a: Unix Firewalls Forwarding Source-Routed Packets (from 1996)
Ch 500: CORE IMPACT demonstration video - professional penetration testing toolkit
Ch 500a: Unix Firewalls Forwarding Source-Routed Packets (from 1996)
Ch 501: CrackLib-2.8.12
Ch 501a: THC-HYDRA - fast and flexible network login hacker
Ch 502: Secure remote password protocol - Wikipedia
Ch 503: SRP JavaScript Demo
Ch 504: Linux IPCHAINS-HOWTO: Introduction
Ch 505: grsecurity
Ch 506: Solaris 10 Security Features (with historical context, and Trusted Solaris 8)
Ch 507: Heap Overflow Exploits
Ch 508: Saint Jude for Linux - Intrusion Prevention
Ch 509: WWW Security FAQ: CGI Scripts
Ch 510: Ubuntu: Enabling remote X-windows
Ch 511: Finjan uncovers database storing more than 8,700 stolen FTP credentials
Ch 512: nfsshell - NFS auditing tool
Ch 512a: XSECURE.TXT - Crash Course in X Windows Security
Ch 513: Sun Solaris Telnet Remote Authentication Bypass Vulnerability
Ch 514: Dan Kaminsky Reveals DNS Flaw At Black Hat
Ch 515: Caching bugs exposed in djbdns (2-27-09)
Ch 516: Detecting use after free() on windows. (dangling pointers)
Ch 517: Microsoft Security Bulletin MS12-063 - Critical : Cumulative Security Update for Internet Explorer (2744842)
Flaw in Oracle Logon Protocol Leads to Easy Password Cracking -- SECURITY TEST PROJECT
Ch 518: Sendmail--Anti-Spam Configuration Control
Ch 519: Apache Killer

Ch 6a: Robtex
Ch 6b: PhishTank Statistics about phishing activity and PhishTank usage
Ch 6c: MoonSols Windows Memory Toolkit
Ch 6d: CurrPorts: Monitoring TCPIP network connections on Windows
Ch 6e: Process Explorer
Ch 6f: Process Monitor
Ch 6g: VMMap
Ch 6h: Remote Desktop Connection Bitmap Cache Viewer
Ch 6i: New IE zero day exploit circulating, used to install Poison Ivy (From Sept. 2012)
Ch 6j: Poison Ivy - Remote Administration Tool
Ch 6k: How Malware hides and is installed as a Service

Ch 7a: WarVOX
Ch 7b: Phone hacking: timeline of the scandal
Ch 7c: sipvicious - Tools for auditing SIP based VoIP systems
Ch 7d: Uncovering spoken phrases in encrypted VoIP conversations
Ch 7e: Microsoft says don't use PPTP and MS-CHAP
Ch 7f: Microsoft Security Advisory (2743314): Unencapsulated MS-CHAP v2 Authentication Could Allow Information Disclosure

Ch 8a: Wireless chipsets and drivers
Ch 8b: How-To: Build a WiFi biquad dish antenna
Ch 8c: Fortinet manual, Rogue Access Point Suppression on page 53
Ch 8d: Reaver cracking WPS in 19 hours
Ch 8e: HotSpotter
Ch 8f: Divide and Conquer: Cracking MS-CHAPv2 with a 100 success rate
Ch 8g: Microsoft says don't use PPTP and MS-CHAP
Ch 8h: FreeRADIUS-WPE -- RADIUS server impersonation attack on 802.1x
Ch 8i: 'Validate server certificate' option in PEAP properties
Ch 8j: Vistumbler
Ch 8k: Lawsuits Mount Over Google Wi-Fi Sniffing

Ch 920: Lock bumping - Wikipedia
Ch 921: White House High-Security Locks Broken: Bumped and Picked at DefCon
Ch 922: Magnetic stripe card - Wikipedia
Ch 923: Magnetic Stripe Reader/Writer (encoder)
Ch 924: Portable Credit Card Hacking, Portable Credit Card Hacking Software
Ch 925: Passport RFIDs cloned wholesale by $250 eBay auction spree
Ch 926: MIFARE - Wikipedia
Ch 927: Mifare--Little Security, Despite Obscurity
Ch 928: DefCon: Boston Subway Officials Sue to Stop Talk on Fare Card Hacks -- Update: Restraining Order Issued; Talk Cancelled
Ch 929: Parallel ATA - Wikipedia
Ch 930: ATA_Security_Roadblock_to_Computer_Forensics.pdf
Ch 931: Laptop Password Removal : Vogon Password Cracker Pod
Ch 932: Password Cracker Pod: for laptop hard drive passwords
Ch 933: RISE Security - ASUS Eee PC Rooted Out of the Box
Ch 934: Default Password List
Ch 935: Eavesdropping on Bluetooth Headsets -- Video
Ch 936: Two Arrested in First Bust for ATM Reprogramming Scam | Threat Level from Wired.com
Ch 937: Microsoft Pushes Fix to Disable AutoRun (from 2011)
Ch 939: ATM security problem at LayerOne conference (from May 2012)
Ch 940: HowStuffWorks 'What's the difference between RFID and NFC?'
Ch 941: Google Wallet - Wikipedia

Ch_10a: Foundstone White Papers - Including Hacme Bank Solution Guide
Ch_10b: Hacme Travel User Guide (pdf)
Ch_10c: Foundstone Free Tools including Hacme Bank and Hacme Travel
Ch_10d2: Netcat for Windows - Alternate Link
Ch_10d: Netcat for Windows
Ch_10e: Strings v2.40 - reads strings from enecutable files
Ch_10f: Process Explorer
Ch_10g: Wireshark Protocol Analyzer
Ch_10h: Foundstone - Resources - Videos of Hacme Lessons
Ch_10i: xkcd - Little Bobby Tables
Ch_10k: IBM WebSphere - Wikipedia
Ch_10l: Fortune 1000 Research: Top 1000 Web Servers Survey
Ch_10m: Web Server Survey Archives - Netcraft
Ch_10n: Watchfire products including AppShield
Ch_10o: URLScan Security Tool
Ch_10p: Macromedia - Allaire Security Bulletin (ASB99-01) - ColdFusion Expression Evaluator patch
Ch_10q: Microsoft Security Bulletin (MS00-031): IIS HTR File Fragment Reading vulnerability
Ch_10r: IIS ASP::$DATA Vulnerability (Canonicalization attack)
Ch_10s: New in IIS 7 - App Pool Isolation
Ch_10t: Understanding IIS 7.0 URL Authorization: Configuring Security
Ch_10u: Microsoft IIS 5.0 Translate: f Source Disclosure Vulnerability
Ch_10v: Exploit code for the Translate: f bug
Ch_10z01: Nikto Web Server Vulnerability Scanner
Ch_10z02: TRACE vulnerability explained (pdf)
Ch_10z03: Wget - Wikipedia
Ch_10z04: Parosproxy.org - Web Application Security
Ch_10z05: Hijacking a Macbook in 60 Seconds or Less - Jon Elich and David Maynor
Ch_10z06: XSS (Cross Site Scripting) Cheat Sheet
Ch_10z07: URL Encoded Attacks - Double Decoding Attack Examples
Ch_10z08: Damn Vulnerable Linux 1.0 - download here - create an account
Ch_10z09: How main() is executed on Linux
Ch 10z15: Google Search to find Amazon Private Keys on Github
Ch 10z16: GitHub Forced to Disable Search After Exposing Private SSH Keys
Ch 10z17: Prolexic Report on Dr-DOS

Ch 11a: Android 4.1 'Jelly Bean' reaches 1.8 percent market share
Ch 11b: sqlite encryption for android
Link Ch 11c: Using DDMS Android Developers
Ch 11d: shortfuse.org Official Home of SuperOneClick!
Ch 11e: APP z4root - xda-developers
Ch 11f: GingerBreak APK (root for GingerBread) - xda-developers
Ch 11g: BurritoRoot for Kindle Fire
Ch 11h: What is the NDK? Android Developers
Ch 11i: android-apktool - A tool for reverse engineering Android apk files
Ch 11j: DefCon 18 - These Aren't the Permissions You're Looking For on Vimeo
Ch 11k: Eligible devices for use with Google Wallet - Wallet Help
Ch 11l: iBooks Not Working on Jailbroken iPhones: Here's the Fix
Ch 11m: iOS dictionary apps posting false piracy 'confessions' onto users' Twitter accounts
Ch 11n: Just How Much Of A Problem Is Android Malware? (Aug. 2012)
Ch 11o: About the security content of iOS 4.3.4 Software Update
Ch 11p: iKee--the first iPhone worm (2009)
Ch 11q: CVE-2009-1683: iPhone DoS via ICMP
Ch 11r: Android climbed to 79 percent of smartphone market share in 2013, but its growth has slowed
Ch 11s: Gartner ignores Apple's sales numbers, reports Android marketshare doubled iPad in 2013
Ch 11t: Debunking four myths about Android, Google, and open-source ZDNet
Ch 11u: Android Version Popularity
Ch 11v: Number of the week: list of malicious Android apps hits 10 million
Ch 11w: TOOL Rootx 2.2 (Rev 3 )- Root almost all android devices - xda-developers
Ch 11x: CarrierIQ Android Security Test
Ch 11y: Google Wallet Purchase Protection - Wallet Help
Ch 11z: iOS Encryption Is So Good, Not Even the NSA Can Hack It
Ch 11z2: How The NSA Hacks Your iPhone (Presenting DROPOUT JEEP) Zero Hedge
Ch 11z3: The iPhone Has Passed a Key Security Threshold (encryption, 2012)
Ch 11z4: iOS Keychain Weakness FAQ (from 2012)

Links from Previous Textbook Edition Ch 3a: Droop's Box: Simple Pen-test Using Nmap, Nikto, Bugtraq, Nslookup, and Other Tools Ch 3b: CAN numbers and CVE numbers Ch 3c: Vista: Install or Enable the Telnet Client or Server Ch 3d: Netcat for Windows Ch 3d1: Local mirror of netcat for windows Ch 3d2: Local mirror of netcat for windows- encrypted with 7-zip - password sam Ch 3d3: Netcat in windows (another site) Ch 3e: TCP Wrappers (Wikipedia) Ch 3f: TCP Wrappers (more details) Ch 3g: Microsoft Security: IIS Lockdown Tool Ch 3h: URLScan Security Tool Ch 3i: Port knocking - Wikipedia Ch 3j: PORTKNOCKING - A system for stealthy authentication across closed ports. : IMPLEMENTATIONS : implementations Ch 3k: PortKnocking - Community Ubuntu Documentation Ch 3l: IPTables HowTo - Community Ubuntu Documentation Ch 3m: How to change eth1 to eth0 in a VMware Linux Machine Ch 3n: Download epdump scanner Ch 3v: Host Name Resolution in Windows XP and Server 2003 CH 3w: nbtscan - NETBIOS nameserver scanner Ch 3x: Null session attacks: Who's still vulnerable? Ch 3y: Registry Keys to Control Null Sessions in XP and 2003 Ch 3z00: The effects of removing null sessions from the Microsoft Windows 2000 and Microsoft Windows NT environment Ch 3z01: Null Sessions don't apply to Win 95, 98, or Me Ch 3z02: SystemTools.com -DumpSec and Hyena Ch 3z03: Project Camelot interviews Gary McKinnon Ch 3z04: Windows Enumeration: USER2SID & SID2USER Ch 3z05: Download Winfo - Null Session Enumeration Tool - Runs on Vista Ch 3z06: SNMP Enumeration and Hacking Ch 3z07: Understanding MIBs Ch 3z08: Using SNMP for Reconnaissance Ch 3z09: Get SNMPUTIL here and learn how to use it Ch 3z10: Novell NetWare - Wikipedia Ch 3z11: How to make characters visible in Windows Telnet Ch 3z12: How Security Identifiers Work (SIDs) Ch 3z13: RIDs and the RID Master role Ch 3z14: Install and Enable SNMP Service in Windows XP, Vista and 2003 Ch 3z15: NBTEnum 3.3 -- New tool for NetBIOS Enumeration Ch 3z16: How to restrict access to the registry from a remote computer Ch 601: Sandstorm Enterprises - PhoneSweep Ch 602: Symantec pcAnywhere 12.1: Remote Computer Access - PC Remote Control Ch 603: pcAnywhere 12.0 - Reviews by PC Magazine Ch 604: pcAnywhere Password Recovery Service Ch 605: M4PHR1K.COM - WHITE HAT War Dialers, PBX, and Voicemail Box testing Ch 606: Default Password List Ch 607: RSA / RSA SecurID / SecurID Tokens / Two-Factor Authentication | RSAGuard.com Ch 608: PBX (Private branch exchange) - Wikipedia Ch 609: Procomm Plus Discontinued - Symantec Corp. Ch 610: Aspect Scripting Ch 611: Virtual private network - Wikipedia Ch 612: B. Schneier and Mudge's paper breaking Microsoft PPTP Ch 613: The Crumbling Tunnel - aleph1 reveals PPTP flaws Ch 614: Cryptanalysis of Microsoft's PPTP Authentication Extensions (MS-CHAPv2) Ch 615: A Cryptographic Evaluation of IPsec Ch 616: H.323 - Wikipedia Ch 617: Session Initiation Protocol - Wikipedia Ch 618: Abstract Syntax Notation One - Wikipedia Ch 619: Blind Teenage Hacker accused of Swatting - Spoofing Caller ID on VoIP calls to police Ch 620: vomit - voice over misconfigured internet telephones Ch 621: Scapy - powerful interactive packet manipulation program Ch 622: Free VOIP phone software for Windows - free download Ch 623: RTP Tools 1.18 Ch 624: Java SE Desktop Technologies - Java Media Framework API (JMF) Ch 625: Anyone up for Cisco password cracking? Ch 626: IKECrack - Bruteforce crack for IPSec Ch 627: Online Cisco VPN GroupPwd Decryption Ch 628: Cisco VOIP Commands Cheat Sheet from John C. Samuel Ch 629: Advanced Routing Commands Cheat Sheet from John C. Samuel Ch 630: Recovering phrases from encrypted Skype calls by examining the bitrate Ch 701: Internet Routing Insecurity::Pakistan Nukes YouTube with DNS Record Change Ch 702: Pakistan removed from the Internet Ch 703: nslookup / host Dns Client Testing Command Not Found on Debian / Ubuntu Linux Ch 704: Types of DNS records Ch 705: DNS SRV records for SIP and XMPP Ch 706: Port Forwarding in andlinux Ch 707: OSI model - Wikipedia Ch 708: What is an APDU? Ch 709: AT&T Fiber Optic Splitter Used to Spy on Internet Ch 710: Virtual LAN - Wikipedia Ch 711: IEEE 802.1Q - Wikipedia Ch 712: Ethernet - Wikipedia Ch 713: VLAN Tagging Ch 714: VLAN Jumping Attack Ch 715: VoIP Hopper...Jumping from one VLAN to the next! Ch 716: Making unidirectional VLAN and PVLAN jumping bidirectional Ch 717: Bypassing and hacking switches using VLAN Ch 718: IP Spoofing: An Introduction Ch 719: Windows NT Patch Available to Improve TCP Initial Sequence Number Randomness Ch 720: Slashdot | TCP/IP Sequence Number Analysis Ch 721: IPsec - Wikipedia Ch 722: Cisco Support Lists Ch 723: Cisco IOS Password Encryption Facts - Cisco Systems Ch 724: Looking Glass Overview - Web sites that show live routing information Ch 725: ILAN Looking Glass--useful for trace demo with ASN values Ch 726: CERN Looking Glass--also shows ASN values on a trace Ch 727: Big list of looking glass pages sorted by ASN Ch 727: Hacker writes rootkit for Cisco's routers Ch 728: Manpage of TCPDUMP Ch 729:\'arpwatch\' for security and administration Ch 730: How to setup Arpwatch Ch 731: arp-sk -- ARP traffic generators and arpwatch for Windows Ch 732: arp-sk,WinARP Watch - arpwatch tools for Vista/XP/2003/2000 Ch 733: DecaffeinatID: Simple IDS / ARPWatch For Windows--works on Windows 7! Ch 801: WildPackets - OmniPeek Product Family - Free Demo Version Ch 802: WildPackets - Wireless Drivers Ch 803: Orinoco Monitor Mode Patch Page Ch 804: AbsoluteValue Systems, Inc. - linux-wlan Page - Prism2 Card Compatibility Information Here Ch 805: Cisco/Aironet driver for Linux Ch 806: Quad Stacked Omni 2.4 GHz Antenna Ch 807: Non Line-Of-Sight (NLoS) Multi-Polarized Antennas Ch 808: Global Positioning System - Wikipedia Ch 809: Skyhook Wireless - Find Location from Wi-Fi Access Points Ch 810: NetStumbler.com Ch 811: Kismet Ch 812: SMAC MAC Address Spoofer / Changer for Windows VISTA, XP, 2003, 2000 Ch 813: An introduction to LEAP authentication Ch 814: IEEE 802.1X - Wikipedia Ch 815: Mac MakeUp - MAC Address spoofing tool - do not use auto-cycle adapter option Ch 816: Debunking the Myth of SSID Hiding Ch 817: VistaStumbler--Wardriving software optimized for Windows Vista Ch 818: Vistumbler--Better than Vista Stumbler Ch 819: CACE Technologies - AirPcap Wireless Capture Adapter for Windows Ch 820: Apple - iPhone - Features - Maps with GPS Ch 821: Android WiFi Scan & War Driving Ch 822: Google Maps Mashup Showing WiFi Scan Android Wardriving Results Ch 823: Android Wifiscan available here Ch 824: Hotspotter--Like SSLstrip, silently replaces a secure WiFi connection with an insecure one Ch 825: WiGLE - Wireless Geographic Logging Engine - Plotting WiFi on Maps Ch 826: Lawsuits Mount Over Google Wi-Fi Sniffing - PCWorld Ch 901: ippl - IP Protocols Logger - detects port scans Ch 902: Firewalk - Scan behind a firewall Ch 903: Use Firewalk in Linux/UNIX to verify ACLs and check firewall rule sets Ch 904: Fpipe v2.01 Port Redirector Ch 905: Firewall/IDS Evasion and Spoofing with Nmap Ch 906: What is application gateway? - Webopedia Ch 907: WinGate Proxy Server / Firewall / Email server / Gateway Management Solution Ch 908: WinGate - Wikipedia Ch 909: Astaro Internet Security - Astaro Security Gateway Software Appliance Ch_10a: Foundstone, Inc.� UDPFlood Ch_10b: Application-layer DDoS Attacks: Detection and Resiliency (ppt file) Ch_10c: Five percent of Web traffic caused by DDoS attacks Ch_10d: Hacktics Presentation on Application-Layer DOS from OWASP (pdf) Ch_10e: Cisco Guard DDoS Mitigation Appliances Ch_10f: SYN Cookies - a mathematical way to resist SYN Floods Ch_10g: Cisco - Strategies to Protect Against Distributed Denial of Service ( DDoS) Attacks Ch_10h: Bogons - Invalid Source Addresses - Team Cymru Ch_10i: Sinkhole_Tutorial_June03.pdf Ch_10j: RadView - SoftwareTesting Tools. Performance Testing and Load Testing for Web Applications Ch_10k: Web Test Tools Compared Ch_10l: DDoS Attack Protection - Service Provider Network Visibility, Peakflow SP - Arbor Networks, Inc. Ch_10m: Foundstone Network Security - DDOSPing - Free tool to detect DDoS Bots Ch_10n: Creating a Computer Security Incident Response Team: A Process for Getting Started Ch_10o: Akamai: The Leader in Web Application Acceleration and Performance Management, Streaming Media Services and Content Delivery Ch_10p: SAVVIS, Inc - Built to Respond Ch_10q: SYN flood - Wikipedia Ch_11a: Mudge - Wikipedia Ch_11b: How to write Buffer Overflows - Mudge, 1995 Ch_11c: Smashing the Stack for Fun and Profit by Aleph One Ch_11d: Stack (data structure) - Wikipedia Ch_11e: Damn Vulnerable Linux - The most vulnerable and exploitable operating system ever - Your First Damn Vulnerable Linux Lesson Ch_11f: Video Tutorial for DVL Buffer Overflow Exploit Ch_11g: GDB (Gnu Debugger) Tutorial Ch_11h: Debugging with gdb - gdb Commands Ch_11i: Debugging with GDB Ch_11j: Titan Ftp Server Long Command Heap Overflow Ch_11k: w00w00 on Heap Overflows Ch_11l: Format String Attacks Ch_11m: Hijacking a Macbook in 60 Seconds or Less Ch_11n: Address space layout randomization - Wikipedia Ch 11o: Cenzic Hailstorm Enterprise ARC Receives High Marks From Information Security Magazine Ch 11p: Cenzic Hailstorm Professional Ch_13_01: The Exploder Control Frequently Asked Questions (FAQ) Ch_13_02: ActiveX 'Safe for Scripting' vulnerability - scriptlet.typelib and Eyedog Vulnerability (1999) Ch_13_03: Sony Rootkit ActiveX control incorrectly marked "safe for scripting" (2005) Ch_13_04: ActiveX - Active Exploitation | ASTALAVISTA Ch_13_05: SiteLock 1.14 Template for ActiveX Controls Ch_13_06: How to stop an ActiveX control from running in Internet Explorer with the Kill Bit Ch_13_07: Brown Orifice - Java vulnerability from 2000 Ch_13_08: Java Virtual Machine remote compromise through a heap overflow Ch_13_09: Internet Explorer Vulnerabilities Ch_13_10: CERT Advisory CA-2000-05 Netscape Navigator Improperly Validates SSL Sessions Ch_13_10: What's an IFrame attack and why should I care? Ch_13_11: Microsoft Security Bulletin MS01-027 - Flaws in Web Server Certificate Validation Could Enable Spoofing Ch_13_12: IE SSL Vulnerability (2002) Ch_13_13: Homograph attacks Ch_13_14: SANS Institute - SSL Man-in-the-Middle Attacks Ch_13_15: Auto-Start Extensibility Points (ASEPs) Ch_13_16: MyDoom Ch_13_17: The Nimda Worm - automatic execution of MIME attachments Ch_13_18: Instant Messaging Viruses - Avoid IM Viruses - Microsoft Security Ch_13_19: Microsoft GDI Library JPEG Segment Length Integer Underflow Vulnerability Ch_13_20: An Analysis of the 180 Solutions Trojan Ch_13_21: How to strengthen the security settings for the Local Machine zone in Internet Explorer Ch_13_22: Demonstration of an obscured URL trick Ch_13_23: rootkit.com Ch_13_24: bluepillproject.org Ch_13_25: Jamie Butler's PPT file - DKOM (Direct Kernel Object Manipulation) Ch_13_26: ActiveX - Active Exploitation -- Uninformed - vol 9 article 2 Ch_13-27: Firefox Security--Firefox Doesn\'t Properly Check for Revoked certificates! 2009-05-08: Ch 13_28: Imperva Web Application Firewall Demo Ch 13_28: Imperva Web Application Firewall Demo Ch_13_29: Jeremiah Grossman: Let\\\'s talk Web Application Firewalls (WAFs)