Course Length: 4 days
Target Audience
The course is ideally suited to anyone with responsibility for, or with an interest in, the security of IT systems, such as: system administrators, auditors, IT security officers, information security professionals and budding penetration testers.
Prerequisites
Persons attending this course should have a working knowledge of networking concepts, Windows Server and/or UNIX, and experience with TCP/IP and the Internet.
Course Overview:
In this course, practical exercises reinforce theory with each delegate having access to a Windows 2008 domain (server and workstation) along with a Linux server. Although the course demonstrates current hacking techniques, this is always done with defense in mind and countermeasures are discussed throughout. The CSTA exam (theory based) is included at the end of the course.
Course Outline:
Introduction
- Motivations behind hacking
- The hacking scene
- Methodology
Networking Refresher
Information Discovery
- Useful information
- Sources – websites, metadata, search engines, DNS, social engineering
Target Scanning
- Host discovery
- Port scanning techniques
- Banner grabbing
Vulnerability Assessment
- Causes of vulnerabilities
- The classic buffer overflow
- Vulnerability tracking
- Scanning
- Client-side vulnerabilities
Attacking Windows
- Windows enumeration
- Metasploit
- Client-side exploits
Privilege Escalation – Windows
- Local information gathering
- Metasploit’s Meterpreter
- Keyloggers
- Password storage
- Password extraction
- Password cracking techniques
- Cached Domain Credentials
- Windows network authentication
- Access tokens
- Pass the hash
Attacking Linux
- Exploitation
- Web shells
- Pivoting the attack
- Online password cracking
- ARP Poisoning Man in the Middle
- Privilege Escalation – Linux
- Standard streams
- Privilege escalation by exploit
- Commercial penetration testing tools
- Password storage
- Password cracking
- Permission errors
- Sudo
- SUID
- Flawed shell scripts
Retaining Access
- Backdoors
- Trojan Horses
- Delivery mechanisms
- Botnets
- Bypassing client-side security
Covering Tracks
- Hiding backdoors
- Simple obfuscation
- Rootkits
- Anti-forensics
- Log manipulation
- Connection laundering
Conclusions