FNS-003 Foundstone Ultimate Hacking by pengtt


									           FNS-003 Foundstone Ultimate Hacking
                              Duration: 5 days (9:00 am to 5:00 pm)

Course Description
Attended by thousands, Foundstone Ultimate Hacking: Hands On course is specifically designed to
equip you with the same knowledge, techniques and methodology used by security consultants and
hackers alike. By understanding the "hacker methodology", you will be empowered with proactive
strategies that keep you ahead of future threats. You will also learn to audit, assess and secure net
works, hosts and applications. In our course, you will be exposed to dozens of attacks, exploits and
other hacker techniques and learn effective countermeasures to these threats in a structured lab
environment that emulates real world scenarios in a hands on fashion. If you're in charge of your
network's security, you must understand how hackers' minds work and what tools they're using for
their attacks. It's not enough to apply the latest patches to your servers and workstations or
otherwise defend yourself reactively. If you learn what hackers know, you will have a better
chance of identifying and eliminating vulnerabilities before any damage is done. One of the best
ways to get educated is to take a crash course on the methodology hackers use to test systems for
weaknesses and gain access.

Target Audience
System and network administrators, security personnel, auditors, and/or consultants concerned with
network and system security. Basic UNIX and Windows competency is required for the course to
be fully beneficial.

Course Objectives
Because security is an ever-changing battlefield, Ultimate Hacking exposes you to the latest in
network vulnerabilities and defenses. From Windows and UNIX hosts to routers and firewalls,
instructors will illustrate each technology's default security posture, installation weaknesses,
methods hackers use to circumvent "secure" settings, and countermeasures for each vulnerability.
More than just theory, you will gain critical security skills by practicing with your classmates and
instructors in a full-featured computer lab. Instructors will walk you through foot-printing an
organization's Internet presence to show you how to identify, exploit, and secure popular and little-
known vulnerabilities in Windows, and Unix systems. You will also explore common weaknesses
in router and firewall installations, learning ways to circumvent both traditional and "hardened"
security filters or firewalls. Finally, in a review exercise, you will attempt to exploit a simulated
"secure" network with multiple operating systems and security mechanisms.

                TO REGISTER                                                               Page 1 of 7
                Email: mtc_register@mtechpro.com
                Tel: (65) 6822 8708
                Fax: (65) 6822 8709
Course Outline

Day 1: Setting the Foundation

Day one sets the foundation in which penetration tests are performed. Emphasis is placed on the
importance of performing the work in a methodical and thorough manner.

Information Gathering
       ♦ Obtain all system and user information to understand the environment
       ♦ Utilize information gathered to execute local and remote attacks
       ♦ Reduce risk of being discovered
       ♦ Determine countermeasures to minimize Consequences of information gathering

Internet Footprinting
         ♦ Reviewing publicly available information
         ♦ Network and domain enumeration
         ♦ "whois" lookups
         ♦ ARIN lookups
         ♦ DNS Interrogation
         ♦ Zone transfers
         ♦ Network reconnaissance

Scanning / Landscape Discovery
       ♦ Ping sweeps
       ♦ Port scanning
       ♦ Banner grabbing
       ♦ OS guessing

Footprinting Lab (Hands-on)
Use the tools and techniques taught on day one to footprint and scan Foundstone's Footprinting
Network in Irvine, California. The Footprinting Network consists of a wide variety of machines on
the Internet (Windows, Red Hat, Solaris, HP-UP, AIX, etc.). These machines are specifically made
available to the class for the purpose of running live scans. The appropriate entries in ARIN and
Network Solutions have also been made so that students can perform actual lookups against those
databases. This lab gives students the opportunity to run the tools in a realistic manner against live
machines on the Internet.

                TO REGISTER                                                                Page 2 of 7
                Email: mtc_register@mtechpro.com
                Tel: (65) 6822 8708
                Fax: (65) 6822 8709
Day 2: Windows

The material taught on day two focuses on Windows, and begins with a basic overview of
Windows security, followed by Foundstone's methodology for hacking and securing these systems.
During the lecture portion of the day, there will also be test machines for student experimentation.

Hacking Windows
       ♦ Windows security overview
             SIDs and RIDs
       ♦ Domain and network relationships
             Footprint / scan
             Identify OSs
             Identify services
       ♦ Enumerate
             Computer roles
             Users and groups
             Discovering Network Topology
             Services and pipes
       ♦ Penetrate
             Windows passwords
             Password guessing
             Password sniffing
             Password cracking
       ♦ Escalate
             Windows attacks
             Named Pipes prediction attack

               TO REGISTER                                                               Page 3 of 7
               Email: mtc_register@mtechpro.com
               Tel: (65) 6822 8708
               Fax: (65) 6822 8709
        ♦   Pillage
                 Log cleaning
                 Grabbing the SAM
                 Windows password cracking
                 Important registry keys
                 Finding "hidden" plaintext passwords
        ♦   Get interactive
                 netcat shells
                 PSExec command shell
                 PushVNC graphical desktop
        ♦   Expand influence
                 Keystroke Loggers
                 Remote Control Packages

Windows Lab
The day ends with a hands-on lab involving four target machines. Students will follow the
methodology and employ the tools taught during the day in order to compromise the final machine.
This "capture the flag" style exercise is best performed in teams and will take a couple of hours to

               TO REGISTER                                                               Page 4 of 7
               Email: mtc_register@mtechpro.com
               Tel: (65) 6822 8708
               Fax: (65) 6822 8709
Day 3: UNIX

Day three focuses on UNIX. Once again, methodology is emphasized throughout the day. Linux
and Solaris machines are available during the day to experiment and test the newly taught

Hacking UNIX
       ♦ UNIX landscape discovery
       ♦ UNIX host enumeration
       ♦ Remote attacks
             Brute force attacks
             Remote buffer overflows
             Input validation attacks
             Creating back channels
             Common remote attacks
       ♦ Local attacks
             UNIX passwords
             UNIX password cracking
             Race condition attacks
             Local buffer overflows
             File and directory permission attacks
       ♦ Beyond root
             Network mapping
             Loadable kernel modules

This hands-on lab involves four UNIX target machines (Linux and Solaris). Students will be
required to use the methodology, tools, and techniques taught earlier during the day in order to
successfully complete this multi-hour lab.

               TO REGISTER                                                            Page 5 of 7
               Email: mtc_register@mtechpro.com
               Tel: (65) 6822 8708
               Fax: (65) 6822 8709
Day 4: Network Hacking

The material taught on day four is not operating system-specific. Router and firewall vulnerabilities
and weaknesses are covered in the network hacking module. Port redirection to bypass firewalls
and other filtering mechanisms is also covered in detail with a hands-on exercise.

Network Hacking
       ♦ Router issues
       ♦ Routing issues
              Path integrity
              IP spoofing
              Denial of service
       ♦ Firewall architectures
       ♦ Firewall attack scenarios
              Vulnerable services
       ♦ Firewall identification and enumeration
              Banner grabbing
              ACL enumeration
       ♦ Port identification
       ♦ Liberal ACLs
       ♦ Port redirection

                TO REGISTER                                                               Page 6 of 7
                Email: mtc_register@mtechpro.com
                Tel: (65) 6822 8708
                Fax: (65) 6822 8709
Day 5: Web Hacking

The material taught on day the last will be Hacking web-based applications and a discussion of
Foundstone's eCommerce application review methodology are covered in the web hacking module.

Web Hacking
      ♦ E-commerce primer
      ♦ Information gathering
            Port scanning
            Web reconnaissance
            Vulnerability checking
            Site duplication
            Source sifting
            Key field enumeration
      ♦ Viewing source
            Active server pages
            Common gateway interface
            Cold fusion
      ♦ File system traversal
            The infamous ".." or "dot dot" bugs
      ♦ Input validation
            Field overflows
            Application buffer overflows
            Server side includes
            Hidden tags
            IIS unicode
            Local command execution

Ultimate Lab
The course concludes with a lab involving routers, NT/2000, UNIX, and web hacking. It is a multi-
OS lab that will require using tools and techniques from all four days. Teamwork is essential in
order to complete the lab. This lab typically takes several hours to complete.

               TO REGISTER                                                            Page 7 of 7
               Email: mtc_register@mtechpro.com
               Tel: (65) 6822 8708
               Fax: (65) 6822 8709

To top