Before anyone says anything, I have to have this training for work.. And I am pretty excited about it as well
Here is the Course Description:
Because security is an ever-changing battlefield, Ultimate Hacking exposes you to the latest in network vulnerabilities and defenses. From Windows and UNIX hosts to routers and firewalls, instructors will illustrate each technology's default security posture, installation weaknesses, methods hackers use to circumvent "secure" settings, and countermeasures for each vulnerability.
More than just theory, you will gain critical security skills by practicing with your classmates and instructors in a full-featured computer lab.
Foundstone instructors will walk you through foot-printing an organization's Internet presence to show you how to identify, exploit, and secure popular and little-known vulnerabilities in Windows and Unix systems.
You will also explore common weaknesses in router and firewall installations, learning ways to circumvent both traditional and "hardened" security filters or firewalls. Finally, in a review exercise, you will attempt to exploit a simulated "secure" network with multiple operating systems and security mechanisms requiring you to utilize all of the skills learned throughout the class. This ?capture the flag? exercise ensures that you can immediately use these skills when you return to organization.
Here is my Course Syllabus:
Day one sets the foundation in which penetration tests are performed. Emphasis is placed on the importance of performing the work in a methodical and thorough manner.
Reviewing publicly available information
Network and domain enumeration
"whois" lookups
ARIN lookups
DNS Interrogation
Zone transfers
Network reconnaissance
Scanning / Landscape Discovery
Ping sweeps
Port scanning
Banner grabbing
OS guessing
Footprinting Lab
Use the tools and techniques taught on day one to footprint and scan Foundstone's Footprinting Network in Irvine, California. The Footprinting Network consists of a wide variety of machines on the Internet (Windows, Red Hat, Solaris, HP-UP, AIX, etc.). These machines are specifically made available to the class for the purpose of running live scans. The appropriate entries in ARIN and Network Solutions have also been made so that students can perform actual lookups against those databases. This lab gives students the opportunity to run the tools in a realistic manner against live machines on the Internet.
Day 2 - Windows
The material taught on day two focuses on Windows, and begins with a basic overview of Windows security, followed by Foundstone's methodology for hacking and securing these systems. During the lecture portion of the day, there will also be test machines for student experimentation.
Hacking Windows
Windows security overview
SIDs and RIDs
LSASS
SAM
ACLs
Domain and network relationships
Footprint / scan
Identify OSs
Identify services
Enumerate
Computer roles
Users and groups
Discovering Network Topology
Services and pipes
Hardware
LDAP
Penetrate
Windows passwords
Password guessing
Password sniffing
Password cracking
Escalate
Windows attacks
Named Pipes prediction attack
Pillage
Auditing
Log cleaning
Grabbing the SAM
Windows password cracking
Syskey
Important registry keys
Finding "hidden" plaintext passwords
Get interactive
remote.exe
netcat shells
Expand influence
BO2K
netbus
SubSeven
VNC
The day ends with a hands-on lab involving four target machines. Students will follow the methodology and employ the tools taught during the day in order to compromise the final machine. This "capture the flag" style exercise is best performed in teams and will take a couple of hours to complete.
Day 3 - UNIX
Day three focuses on UNIX. Once again, methodology is emphasized throughout the day. Linux and Solaris machines are available during the day to experiment and test the newly taught techniques.
Hacking UNIX
UNIX landscape discovery
UNIX host enumeration
Remote attacks
Brute force attacks
Remote buffer overflows
Input validation attacks
Creating back channels
Common remote attacks
Local attacks
UNIX passwords
UNIX password cracking
Symlink attacks
Race condition attacks
Local buffer overflows
File and directory permission attacks
Beyond root
Network mapping
Rootkits
Trojans
Backdoors
Sniffers
Loadable kernel modules
This hands-on lab involves four UNIX target machines (Linux and Solaris). Students will be required to use the methodology, tools, and techniques taught earlier during the day in order to successfully complete this multi-hour lab.
Day 4 - Network Hacking & Web Hacking
The material taught on day four is not operating system-specific. Router and firewall vulnerabilities and weaknesses are covered in the network hacking module. Port redirection in also covered in detail with a hands-on exercise. Hacking web-based applications and a discussion of Foundstone's eCommerce application review methodology are covered in the web hacking module.
Network Hacking
Router issues
Vulnerabilities
Services
Passwords
Routing issues
Path integrity
IP spoofing
Denial of service
Firewall architectures
Firewall attack scenarios
Insider
Vulnerable services
Firewall identification and enumeration
Banner grabbing
ACL enumeration
Port identification
Liberal ACLs
Port redirection
datapipe
fpipe
Web Hacking
E-commerce primer
Information gathering
Port scanning
Web reconnaissance
Enumeration
Vulnerability checking
Site duplication
Source sifting
Key field enumeration
Viewing source
Active server pages
Common gateway interface
Cold fusion
File system traversal
Dot dot bugs
Dot listings
Tilde usage
CIM
Input validation
Metacharacters
Field overflows
Application buffer overflows
Server side includes
Hidden tags
IIS unicode
Local command execution
Ultimate Lab
The course concludes with a lab involving routers, Windows, UNIX, and web hacking. It is a multi-OS lab that will require using tools and techniques from all four days. Teamwork is essential in order to complete the lab. This lab typically takes several hours to complete.
Hands On Exercises
Extensive hands-on exercises provide detailed, practical experience in attacking and securing various operating systems. The exercises allow students to immediately experiment with concepts introduced in each portion of the course.
UNIX Exercises
Enumerating UNIX hosts
UNIX brute force attacks
Execution of buffer overflow attack
Execution of input validation attack
Attacking SSL servers
Creating back channels using reverse telnets and X-windows
Execution of remote attacks
Abusing nfs
Exploiting X-windows insecurities
Grabbing keystrokes from another machine
Cracking UNIX password files
Hiding TCP traffic in ICMP packets
Perform network sniffing
Perform session hijacking
Windows Exercises
Enumerating Windows hosts
Enumerate Windows host, group, and hardware information
Determine Windows network topology, architecture, and trust relationship
Automated Windows password guessing
Escalating privilege from user to Administrator
Wiping Windows audit logs
Grabbing Windows password hashes
Sniffing Windows password hashes
Cracking Windows password hashes
Getting remote interactive cmd.exe shells
Hiding tools and files in NTFS (streams)
Using trojans and backdoors (BO2K, netbus, SubSeven, VNC)
Network Hacking Exercises
Router identification and enumeration
SNMP vulnerabilities
Decrypting Cisco passwords
Port identification
Determining firewall filtering rules
Taking advantage of liberal firewall rules
Using port redirection to bypass firewall and router rules
Here is the Course Description:
Because security is an ever-changing battlefield, Ultimate Hacking exposes you to the latest in network vulnerabilities and defenses. From Windows and UNIX hosts to routers and firewalls, instructors will illustrate each technology's default security posture, installation weaknesses, methods hackers use to circumvent "secure" settings, and countermeasures for each vulnerability.
More than just theory, you will gain critical security skills by practicing with your classmates and instructors in a full-featured computer lab.
Foundstone instructors will walk you through foot-printing an organization's Internet presence to show you how to identify, exploit, and secure popular and little-known vulnerabilities in Windows and Unix systems.
You will also explore common weaknesses in router and firewall installations, learning ways to circumvent both traditional and "hardened" security filters or firewalls. Finally, in a review exercise, you will attempt to exploit a simulated "secure" network with multiple operating systems and security mechanisms requiring you to utilize all of the skills learned throughout the class. This ?capture the flag? exercise ensures that you can immediately use these skills when you return to organization.
Here is my Course Syllabus:
Day one sets the foundation in which penetration tests are performed. Emphasis is placed on the importance of performing the work in a methodical and thorough manner.
Reviewing publicly available information
Network and domain enumeration
"whois" lookups
ARIN lookups
DNS Interrogation
Zone transfers
Network reconnaissance
Scanning / Landscape Discovery
Ping sweeps
Port scanning
Banner grabbing
OS guessing
Footprinting Lab
Use the tools and techniques taught on day one to footprint and scan Foundstone's Footprinting Network in Irvine, California. The Footprinting Network consists of a wide variety of machines on the Internet (Windows, Red Hat, Solaris, HP-UP, AIX, etc.). These machines are specifically made available to the class for the purpose of running live scans. The appropriate entries in ARIN and Network Solutions have also been made so that students can perform actual lookups against those databases. This lab gives students the opportunity to run the tools in a realistic manner against live machines on the Internet.
Day 2 - Windows
The material taught on day two focuses on Windows, and begins with a basic overview of Windows security, followed by Foundstone's methodology for hacking and securing these systems. During the lecture portion of the day, there will also be test machines for student experimentation.
Hacking Windows
Windows security overview
SIDs and RIDs
LSASS
SAM
ACLs
Domain and network relationships
Footprint / scan
Identify OSs
Identify services
Enumerate
Computer roles
Users and groups
Discovering Network Topology
Services and pipes
Hardware
LDAP
Penetrate
Windows passwords
Password guessing
Password sniffing
Password cracking
Escalate
Windows attacks
Named Pipes prediction attack
Pillage
Auditing
Log cleaning
Grabbing the SAM
Windows password cracking
Syskey
Important registry keys
Finding "hidden" plaintext passwords
Get interactive
remote.exe
netcat shells
Expand influence
BO2K
netbus
SubSeven
VNC
The day ends with a hands-on lab involving four target machines. Students will follow the methodology and employ the tools taught during the day in order to compromise the final machine. This "capture the flag" style exercise is best performed in teams and will take a couple of hours to complete.
Day 3 - UNIX
Day three focuses on UNIX. Once again, methodology is emphasized throughout the day. Linux and Solaris machines are available during the day to experiment and test the newly taught techniques.
Hacking UNIX
UNIX landscape discovery
UNIX host enumeration
Remote attacks
Brute force attacks
Remote buffer overflows
Input validation attacks
Creating back channels
Common remote attacks
Local attacks
UNIX passwords
UNIX password cracking
Symlink attacks
Race condition attacks
Local buffer overflows
File and directory permission attacks
Beyond root
Network mapping
Rootkits
Trojans
Backdoors
Sniffers
Loadable kernel modules
This hands-on lab involves four UNIX target machines (Linux and Solaris). Students will be required to use the methodology, tools, and techniques taught earlier during the day in order to successfully complete this multi-hour lab.
Day 4 - Network Hacking & Web Hacking
The material taught on day four is not operating system-specific. Router and firewall vulnerabilities and weaknesses are covered in the network hacking module. Port redirection in also covered in detail with a hands-on exercise. Hacking web-based applications and a discussion of Foundstone's eCommerce application review methodology are covered in the web hacking module.
Network Hacking
Router issues
Vulnerabilities
Services
Passwords
Routing issues
Path integrity
IP spoofing
Denial of service
Firewall architectures
Firewall attack scenarios
Insider
Vulnerable services
Firewall identification and enumeration
Banner grabbing
ACL enumeration
Port identification
Liberal ACLs
Port redirection
datapipe
fpipe
Web Hacking
E-commerce primer
Information gathering
Port scanning
Web reconnaissance
Enumeration
Vulnerability checking
Site duplication
Source sifting
Key field enumeration
Viewing source
Active server pages
Common gateway interface
Cold fusion
File system traversal
Dot dot bugs
Dot listings
Tilde usage
CIM
Input validation
Metacharacters
Field overflows
Application buffer overflows
Server side includes
Hidden tags
IIS unicode
Local command execution
Ultimate Lab
The course concludes with a lab involving routers, Windows, UNIX, and web hacking. It is a multi-OS lab that will require using tools and techniques from all four days. Teamwork is essential in order to complete the lab. This lab typically takes several hours to complete.
Hands On Exercises
Extensive hands-on exercises provide detailed, practical experience in attacking and securing various operating systems. The exercises allow students to immediately experiment with concepts introduced in each portion of the course.
UNIX Exercises
Enumerating UNIX hosts
UNIX brute force attacks
Execution of buffer overflow attack
Execution of input validation attack
Attacking SSL servers
Creating back channels using reverse telnets and X-windows
Execution of remote attacks
Abusing nfs
Exploiting X-windows insecurities
Grabbing keystrokes from another machine
Cracking UNIX password files
Hiding TCP traffic in ICMP packets
Perform network sniffing
Perform session hijacking
Windows Exercises
Enumerating Windows hosts
Enumerate Windows host, group, and hardware information
Determine Windows network topology, architecture, and trust relationship
Automated Windows password guessing
Escalating privilege from user to Administrator
Wiping Windows audit logs
Grabbing Windows password hashes
Sniffing Windows password hashes
Cracking Windows password hashes
Getting remote interactive cmd.exe shells
Hiding tools and files in NTFS (streams)
Using trojans and backdoors (BO2K, netbus, SubSeven, VNC)
Network Hacking Exercises
Router identification and enumeration
SNMP vulnerabilities
Decrypting Cisco passwords
Port identification
Determining firewall filtering rules
Taking advantage of liberal firewall rules
Using port redirection to bypass firewall and router rules