Took the basic class earlier this year, now back for the expert class.. I am in downtown D.C. staying in a swank hotel about 4 blocks from the whitehouse. Today's class (day 1) was pretty cool, but nothing really new except the man-in-the-middle attacks against ssh (had never seen that yet)
Here is the course layout
Day 1 - Network and Web Hacking
Day one sets the foundation for penetration tests by establishing a strong basis in network monitoring, scanning, and attacks. Emphasis is placed on the tools and techniques to monitor for malicious activity and understand how to methodically test security at a network level. Then, we move on to discuss Web-related vulnerabilities that affect any platform.
IDS and Sniffing
* How and why to perform detection/sniffing
* Common sniffers like tcpdump/windump/ethereal
* Implementing SNORT IDS
* Using tools to analyze session and event data
Advanced Scanning Techniques
* Source port scans
* Advanced OS identification
* Service enumeration against non-standard ports
* Automated scanning and vulnerability tools (nessus)
* Analyze tool signatures
Advanced Network Attacks
* Port redirection
* UDP channels
* SSL tunneling
* Sniffing in a switched environment
* Session hijacking
Cross Site Scripting (XSS)
* Basics of input validation attacks
* Usefulness of social engineering
* Using XSS to steal usernames, passwords, and cookies
* Countermeasures
Throughout the day, students participate in labs that reinforce the topics presented. These labs include setting up snort IDS, sniffing in a switched environment, remote service identification using binary nudge strings, and creating cross-site scripting payloads.
Day 2 - Buffer Overflows Fundamentals and Wireless Network Security
Analyze buffer overflow attacks and learn how to audit a program for potential vulnerabilities. The rest of the day presents 802.11 networks and gives students a chance to identify and break weak WEP keys, compromise Access Points, and perform protocol-based attacks unique to the wireless environment.
Buffer Overflows
* Inside memory, the stack, and the heap
* Using compilers and debuggers
* Inserting malicious code
Wireless Networks
* 802.11 protocols
* Client and access point authentication and encryption
* Using kismet
* Cracking WEP-protected networks
* Attacking the Access Point
* Spoof attacks against wireless clients
The buffer overflow section culminates with students going through the steps of identifying a vulnerability and crafting a valid attack. The wireless network security has several labs which give the students a chance to use the latest tools, crack WEP packets, and spoof MAC addresses to bypass authorization controls.
Day 3 - Windows Attacks and Defenses
Focus on Windows-based technologies and their vulnerabilities. The day begins with an overview of Windows 2003 and how its capabilities can be used to create more secure applications and hosts. Then, the day progresses into a detailed presentation of the Windows 2000 and XP platforms. Students use sniffers to capture and crack passwords, even when Kerberos is implemented. The day ends with a review of the latest database attacks and how to protect this commonly vulnerable service from exploits.
Windows 2003 Fundamentals
* Framework Security
* Code-based Security
* Cryptography
Windows 2000/XP Hardening
* System enumeration
* Local system password capture and cracking
o Pwdump
o lsadump
* Network-based password capture and cracking
o WinPCAP-based sniffers
o Driverless sniffers
* Compromising Kerberos
* Tools to audit the registry, file settings, and user accounts
* Expanding influence on a compromised server
o Back doors
o Targeted sniffers
Database Attacks
* Enumerate database service information
* Default accounts
* Buffer overflows
* SQL injection
Students are given the chance to perform labs during each of the sections. These labs give students a chance to test out the latest exploits against SQL server and use the best tools for auditing a Windows-based server.
Day 4 - Unix Attacks and Defenses
The Unix day presents advanced configuration techniques, including chroot environments. Students compile and test malicious Linux Kernel Modules, then implement a security-hardened kernel. Finally, the day ends with an interactive session on using covert channels over ICMP, UDP, TCP, and HTTP.
Unix Hardening
* System enumeration
* Remote attacks
o Insecure CGI scripts (input validation attacks)
o Telnet exploits
* Local attacks
o Subverting file system controls and SUID/SGID programs
* Expanding influence
o Sniffers
o Trojans
o Console command injection
Loadable Kernel Modules (LKM) and Trojans
* Installing and using a malicious LKM
* Detect an LKM
Unix Kernel Hardening
* Rebuild a security-hardened kernel
* Determine how patched kernel can protect vulnerable applications
* Test exploits against vulnerable services
o Replay exploits from the Unix Hardening section
Covert Channels
* Using ICMP, TCP, and HTTP to hide traffic
* Techniques to bypass firewalls
* Use network monitoring to identify and analyze covert activity
Each section contains several labs that lead the student through re-compiling a hardened kernel, modifying kernel modules to bypass detection software, and establishing and monitoring covert channels.
Hands on Exercises
Extensive hands-on exercises provide detailed, practical experience in attacking and securing various operating systems. The exercises allow students to immediately experiment with concepts introduced in each portion of the course.
Network and Web Hacking Exercises
* Perform full-content packet capture
* Re-create captured TCP sessions
* Installing and using snort IDS
* Capture traffic in a switched environment
* Advanced port and service identification
* Advanced operating system identification
* Create cross-site scripting payload
Buffer Overflows Fundamentals and Wireless Network Security
* Debug a vulnerable program
* Identify stack insertion points
* Create buffer overflow shellcode
* Enumerate wireless networks
* Enumerate wireless device information
* Sniff wireless networks
* Attack wireless clients
* Attack wireless access points
* Attack wireless client-authentication protocols
Windows Attacks and Defenses
* Enumerate system information
* Password sniffing attacks
* Attack Kerberos-based authentication
* Apply lock-down tools to the OS
* SQL buffer overflow attacks
* Use SQL injection vulnerabilities
Unix Attacks and Defenses
* Enumerate system information
* Securely configure remote services
* Create a jailed execution environment
* Apply lock-down tools to the OS
* Configure and compile a security-hardened kernel
* Modify and compile a malicious kernel module
* Set up covert channels based on ICMP, UDP, and TCP
Foundstone Link
Here is the course layout
Day 1 - Network and Web Hacking
Day one sets the foundation for penetration tests by establishing a strong basis in network monitoring, scanning, and attacks. Emphasis is placed on the tools and techniques to monitor for malicious activity and understand how to methodically test security at a network level. Then, we move on to discuss Web-related vulnerabilities that affect any platform.
IDS and Sniffing
* How and why to perform detection/sniffing
* Common sniffers like tcpdump/windump/ethereal
* Implementing SNORT IDS
* Using tools to analyze session and event data
Advanced Scanning Techniques
* Source port scans
* Advanced OS identification
* Service enumeration against non-standard ports
* Automated scanning and vulnerability tools (nessus)
* Analyze tool signatures
Advanced Network Attacks
* Port redirection
* UDP channels
* SSL tunneling
* Sniffing in a switched environment
* Session hijacking
Cross Site Scripting (XSS)
* Basics of input validation attacks
* Usefulness of social engineering
* Using XSS to steal usernames, passwords, and cookies
* Countermeasures
Throughout the day, students participate in labs that reinforce the topics presented. These labs include setting up snort IDS, sniffing in a switched environment, remote service identification using binary nudge strings, and creating cross-site scripting payloads.
Day 2 - Buffer Overflows Fundamentals and Wireless Network Security
Analyze buffer overflow attacks and learn how to audit a program for potential vulnerabilities. The rest of the day presents 802.11 networks and gives students a chance to identify and break weak WEP keys, compromise Access Points, and perform protocol-based attacks unique to the wireless environment.
Buffer Overflows
* Inside memory, the stack, and the heap
* Using compilers and debuggers
* Inserting malicious code
Wireless Networks
* 802.11 protocols
* Client and access point authentication and encryption
* Using kismet
* Cracking WEP-protected networks
* Attacking the Access Point
* Spoof attacks against wireless clients
The buffer overflow section culminates with students going through the steps of identifying a vulnerability and crafting a valid attack. The wireless network security has several labs which give the students a chance to use the latest tools, crack WEP packets, and spoof MAC addresses to bypass authorization controls.
Day 3 - Windows Attacks and Defenses
Focus on Windows-based technologies and their vulnerabilities. The day begins with an overview of Windows 2003 and how its capabilities can be used to create more secure applications and hosts. Then, the day progresses into a detailed presentation of the Windows 2000 and XP platforms. Students use sniffers to capture and crack passwords, even when Kerberos is implemented. The day ends with a review of the latest database attacks and how to protect this commonly vulnerable service from exploits.
Windows 2003 Fundamentals
* Framework Security
* Code-based Security
* Cryptography
Windows 2000/XP Hardening
* System enumeration
* Local system password capture and cracking
o Pwdump
o lsadump
* Network-based password capture and cracking
o WinPCAP-based sniffers
o Driverless sniffers
* Compromising Kerberos
* Tools to audit the registry, file settings, and user accounts
* Expanding influence on a compromised server
o Back doors
o Targeted sniffers
Database Attacks
* Enumerate database service information
* Default accounts
* Buffer overflows
* SQL injection
Students are given the chance to perform labs during each of the sections. These labs give students a chance to test out the latest exploits against SQL server and use the best tools for auditing a Windows-based server.
Day 4 - Unix Attacks and Defenses
The Unix day presents advanced configuration techniques, including chroot environments. Students compile and test malicious Linux Kernel Modules, then implement a security-hardened kernel. Finally, the day ends with an interactive session on using covert channels over ICMP, UDP, TCP, and HTTP.
Unix Hardening
* System enumeration
* Remote attacks
o Insecure CGI scripts (input validation attacks)
o Telnet exploits
* Local attacks
o Subverting file system controls and SUID/SGID programs
* Expanding influence
o Sniffers
o Trojans
o Console command injection
Loadable Kernel Modules (LKM) and Trojans
* Installing and using a malicious LKM
* Detect an LKM
Unix Kernel Hardening
* Rebuild a security-hardened kernel
* Determine how patched kernel can protect vulnerable applications
* Test exploits against vulnerable services
o Replay exploits from the Unix Hardening section
Covert Channels
* Using ICMP, TCP, and HTTP to hide traffic
* Techniques to bypass firewalls
* Use network monitoring to identify and analyze covert activity
Each section contains several labs that lead the student through re-compiling a hardened kernel, modifying kernel modules to bypass detection software, and establishing and monitoring covert channels.
Hands on Exercises
Extensive hands-on exercises provide detailed, practical experience in attacking and securing various operating systems. The exercises allow students to immediately experiment with concepts introduced in each portion of the course.
Network and Web Hacking Exercises
* Perform full-content packet capture
* Re-create captured TCP sessions
* Installing and using snort IDS
* Capture traffic in a switched environment
* Advanced port and service identification
* Advanced operating system identification
* Create cross-site scripting payload
Buffer Overflows Fundamentals and Wireless Network Security
* Debug a vulnerable program
* Identify stack insertion points
* Create buffer overflow shellcode
* Enumerate wireless networks
* Enumerate wireless device information
* Sniff wireless networks
* Attack wireless clients
* Attack wireless access points
* Attack wireless client-authentication protocols
Windows Attacks and Defenses
* Enumerate system information
* Password sniffing attacks
* Attack Kerberos-based authentication
* Apply lock-down tools to the OS
* SQL buffer overflow attacks
* Use SQL injection vulnerabilities
Unix Attacks and Defenses
* Enumerate system information
* Securely configure remote services
* Create a jailed execution environment
* Apply lock-down tools to the OS
* Configure and compile a security-hardened kernel
* Modify and compile a malicious kernel module
* Set up covert channels based on ICMP, UDP, and TCP
Foundstone Link
Facebook
Twitter