ultimate hacking datasheet

Document Sample
ultimate hacking datasheet Powered By Docstoc
					training Datasheet

                                        ultimate hacking
                                        taking hacking to a new level

Duration                                Leaving your network vulnerable to exploits can         work. Students learn how to identify, exploit, and
•	 Four (4) Days                        be catastrophic; but learning how hackers and           resolve popular and lesser-known vulnerabilities
                                        malicious intruders analyze and target your assets      in Windows and UNIX systems.
What You’ll learn
•	 Learn how hackers and malicious
                                        can give you a serious advantage in today’s high-
   intruders analyze and develop        tech world. Evolving from the Ultimate Hacking          Course Outline: New Format &
   target vectors aimed at your         education series, this revamped course is taking        Material
   critical assets                      hacking to the next level with new modules, new
                                                                                                Day 1 – Information Gathering &
•	 Understand the strategy behind       exploits and new hacker techniques. The core of
   finding weaknesses before they                                                               Scanning
                                        the course is the Foundstone Professional Services
   become a security risk                                                                       On the first day, students adopt the mind set
                                        proven Penetration Testing Methodology, and
•	 Learn the proven Foundstone                                                                  of an external attacker scoping out the target
                                        as always, the course is taught exclusively by
   Penetration Testing Methodology                                                              corporation and identifying holes in the com-
                                        Foundstone Consultants who bring real-world
•	 Develop the mind set of a                                                                    pany’s Internet accessible systems. Emphasis is
   malicious attacker and identify
                                        penetration testing experience to the classroom.
                                                                                                placed on the proven methodology developed
   the true risk to your organization   You’ll learn step-by-step procedures for executing
                                                                                                by Foundstone Consultants in the field. Follow-
•	 Use the tools and methodologies      attacks; conducting penetration tests; blocking
                                                                                                ing the methodology, the lecture and mini labs
   hackers use efficiently, in a        attacks on Internet and intranet networks and on
                                                                                                concentrate on the initial steps from an external
   controlled and safe environment      host-level systems in our highly acclaimed Hands-
•	 Develop your own security toolkit                                                            perspective of network penetration testing.
                                        On classroom environment. By learning how to
   from tried and tested tools          leverage these security techniques and methodol-
                                        ogies, you can actively defend your critical internal
Course Materials                                                                                •	 Hacker methodology
•	 Student manual                       and external assets against malevolent threats.
                                                                                                •	 Attack platforms & basic tools (XP, BT3,
•	 Class handouts                                                                                  cygwin, etc)
•	 Foundstone authored book             Who Should Take This Class
•	 Free Tools CD with course tools      System and network administrators, security             Module 1– Footprinting
   and scripts                          personnel, auditors, and/or consultants concerned       •	 Publicly available info
•	 BackTrack3 the top rated             with network and system security should take this       •	 whois/ARIN lookups
   bootable Linux distribution          course. Basic UNIX and Windows competency is            •	 Reverse lookups
•	 Foundstone T-shirt                   required for the course to be fully beneficial.         •	 Google hacking
•	 Foundstone tote bag
                                                                                                Module 2 – scanning
suggesteD next Course(s)                Level of Experience                                     •	 Host discovery – nmap, xprobe, superscan/
•	 Ultimate Hacking Expert              1-3 years network security experience
                                                                                                •	 Service discovery – nmap, superscan/scanline,
                                        All topics are supported by hands-on exer-
                                                                                                •	 Service versioning – nmap, httpprint
                                        cises and labs specifically designed to increase
                                                                                                •	 netcat, openssl
                                        knowledge retention. Classroom exercises provide
                                                                                                •	 Vulnerability scanning – Nikto, Nessus
                                        the hands-on experience needed to secure an
                                        organization’s Internet presence and internal net-
scanning lab                                          after an online casino website and contains a vari-
This mini lab requires the student to use the tools   ety of real world vulnerabilities commonly found in
and techniques taught on day one to footprint         today’s application.
and scan Foundstone’s Hacme corporate network.
The mini lab consists of a wide variety of machines
                                                      Day 3 – Penetrating a Windows Envi-
on the Internet (Windows XP, Windows 2003,            ronment
Linux, Solaris, etc.). These machines are specifi-    Day three begins with enumeration of Win-
cally made available to the class for the purpose     dows operating systems and follows the hacker
of running live scans. This lab gives students the    methodology, teaching students how to hack
opportunity to run the tools in a realistic manner    Windows operating systems from start to finish.
against live machines on the student network.         This day will concentrate on a variety of common
                                                      attacks, and students will learn how to penetrate
Day 2 – Penetrating the External                      Windows systems on internal networks. After
Network                                               gaining access to target systems, students will
Day two focuses on hacking from an external           learn how to escalate their privileges in Windows
perspective. After all necessary information gath-    using techniques applicable to common corporate
ering and scanning are complete: the attacker’s       environments. The day wraps up with a major
focus shifts towards hacking available web            hands-on Windows lab.
applications and backend servers. Emphasis is
placed on Foundstone’s Web Application Penetra-       Module 4 – Windows
tion Testing methodology - a proven web hacking       •	 Network enumeration - Resource kits, built in,
methodology used by Foundstone consultants in            etc
the field. Students will find multiple opportuni-     •	 Host enumeration (Cain & Abel, LDAP brows-
ties for hands on experiences interwoven into this       ers, Getmac, Sc, Nbtstat, Nbtenum, Dumpsec,
lecture. After learning professional techniques          etc)
for hacking web applications, the students will       •	 Enumeration countermeasures
try their hands at hacking Foundstone’s Hacme         •	 Null Sessions and authenticated sessions
Casino.                                               •	 Penetration - brute forcing (Hydra, SQL Ping
                                                         3, Brutus, etc.), exploitation (Metasploit and
Module 3 – external Perspective                          other frameworks)
•	 Overview of E-commerce Architectures               •	 Penetration countermeasure
•	 HTTP/HTTPS primer                                  •	 ARP poisoning, sniffing, and Man-in-the-Mid-
•	 Authentication - HTTP basic, form based, com-         dle attacks - Cain & Abel (VNC, RDP, MSSQL,
   mon vulnerabilities                                   HTTP/HTTPS, etc), Wireshark, Berkley Packet
•	 Authentication best practices                         Filter
•	 Authorization - direct browsing, vertical/hori-    •	 Privilege escalation attacks - Shatter attacks,
   zontal privilege escalation                           DLL injection, client side attacks, WMI
•	 Authorization best practices                       •	 Privilege escalation countermeasures
•	 Session handling - cookies                         •	 Pillaging - disabling antivirus, Pwdumpx, LSAd-
•	 Session handling best practices                       ump, Cacchedump, Creddump, etc
•	 Data validation - parameter manipulation, XSS,     •	 Password cracking/recovery - John the Ripper,
   CSRF, SQL Injection, etc                              Cain & Abel, Icp, rainbow tables, etc
•	 Data validation best practices                     •	 Pilllaging countermeasures
•	 OWASP Top Ten
external lab
The days ends with a hands-on lab requiring to
perform a variety of attacks on Hacme Casino.
Students will follow the methodology and employ
the tools taught during the day in order to per-
form SQL Injection, XSS, CSRF, application logic,
and other attacks. This external lab is modeled
  •	 Getting interactive - netcat, psexec, osql, etc               and Man-in-the-Middle attacks - Cain & Abel,
  •	 Getting interactive countermeasures                           Dsniff, Driftnet, Wireshark, Berkley Packet Filter
  •	 Expanding influence - LSA secrets, pass the                   notation, countermeasures
     hash tool (gsecdump, msvctl, pshtoolkit), tro-             •	 Cleanup - covering tracks (log cleaning)
     jans, rootkits (Hacker defender FUtoo, etc), call          •	 Cleanup countermeasures
     hooking, key loggers, port redirection (Fpipe)
                                                                ultimate lab
  •	 Expanding influence countermeasures
                                                                The days ends with a major, challenging lab
  •	 Cleanup - covering tracks (logs, a/v, users)
                                                                requiring the students to use the hacker method-
  •	 Cleanup countermeasures
                                                                ology as they hack their way through all the lab
  •	 gsecdump
                                                                servers. This Ultimate Lab consists of mostly Unix
  Windows lab                                                   based systems (and a few Windows 2003 servers)
  The days ends with a hands-on lab involving                   and is modeled after the common case scenario
  the students hacking their way into the Hacme                 of limited but exploitable default system installa-
  Corporation Windows Environment. Using the                    tion and misconfigurations found in today’s Unix
  Foundstone hacking methodology, the students                  systems and variants. Students will need to attack
  will start off by enumerating the Windows systems             these systems using exploits for vulnerabilities
  and hack their way from one machine to an-                    encountered in real world penetration tests.
  other until ultimately owning the prized backend
  systems. This lab is modeled after real world
  corporate environments and will take several
  hours to complete.
  Day 4 – Penetrating a Unix Environ-
  This day focuses on the hacker methodology as it
  applies to Unix/Linux systems. Students will learn
  how to hack Unix/Linux operating systems from
  start to finish. The lecture and hands on opportu-
  nities will teach students common techniques for
  hacking (and securing) Unix based systems.
  Module 5 – unix
  •	 Overview of Unix/Linux - distributions, differ-
     ences, defaults
  •	 Enumeration - NFS, RPCs
  •	 Enumeration countermeasures
  •	 Penetration - brute forcing (Hydra), remote ex-
     ploits (X server, buffer overflows, RPC exploits,
     etc), physical attacks, etc
  •	 Penetration countermeasures
  •	 Privilege escalation attacks - local exploits (file
     permissions, sudo cron), misconfigurations
  •	 Privilege escalation countermeasures
  •	 Pillaging - password cracking, rainbow tables
  •	 Pillaging countermeasures
  •	 Getting interactive - netcat, eterm, reverse
     telnet, Metasploit Meterpreter, covert channels
  •	 Getting interactive countermeasures
  •	 Expanding influence - trojans (SSHeater), root-
     kits, key loggers, port redirection (Datapipe),
     network mapping ARP poisoning, sniffing, 1.877.91.FOUND © 2008 Foundstone, A Division of McAfee. All Rights Reserved