|
Overview
Hacking, Penetration Testing and Defensive Countermeasures is a hands-on, intensive, five-day workshop immersing students in the methodologies and application of hacking concepts, techniques, and tools. The hacking methodology used in this class includes: footprinting, scanning, enumeration, exploitation, and post-exploitation. Countermeasures to mitigate the various hacking techniques are emphasized. When students complete the class they will have hands-on experience applying the best of breed security tools in the context of a hacking methodology, using various ethical hacking concepts and techniques.
Audience
This course will significantly benefit systems administrators, network administrators, auditors, security professionals, site administrators, and anyone who is concerned about the integrity and security of their systems and network infrastructure, as well as those interested in systems and application security.
Prerequisites
- Familiarity with the core TCP/IP protocols (e.g., TCP, HTTP)
- Windows and Linux command-line interfaces
- Familiarity with virtualization software (e.g., VMware)
Course duration
5 days
Certification
While not attached or designed around any specific certification this workshop is an excellent preparation course for professional certifications like the EC-Council Certified Ethical Hacker (CEH) and SANS Global Information Assurance Certification (GIAC) Penetration Tester (GPEN)
Course outline
Each topic listed below includes a brief theoretical discussion, lab exercises, and common mitigation techniques/countermeasures. Both Windows-based and Linux-based attack tools will be used.
DAY 1:
a. Course goals and objectives
b. Additional resources (both online and print)
c. Penetration testing certification programs
d. Various penetration testing lab environments and system configurations
e. Introduction to ethical hacking
f. Ethical hacking methodologies<
g. Penetration testing models
h. Penetration testing preparation
i. Penetration testing reports<
2. Footprinting: Discuss and illustrate various footprinting concepts, techniques, tools, and countermeasures:
a. Introduction to footprinting
b. Footprinting objectives
c. Footprinting analysis:
i. Gather publicly available information:
a. Lab: Website Mirroring Using wget
3. Related organizations:
a. Lab: Target Organization Information
a. Lab: Target Organization Location Details
5. Phone numbers, contact names, E-mail addresses, job titles, organizational charts:
a. Lab: Target Organization Phone Number(s)
b. Lab: Target Organization Contact Names and Emails
6. Current events (mergers, acquisitions, layoffs, rapid
growth):
a. Lab: Target Organization Current Events
7. Social networking sites:
a. Lab: Target Organization Social Networking Site(s)
8. Privacy or security policies
9. Technical details indicating the types of security mechanisms in place
1. Lab: Gathering WHOIS Information
iii. Perform DNS enumeration:
1. Lab: Manual DNS Zone Transfers
DAY 2:
3. Scanning: Discuss and illustrate various scanning concepts, techniques, tools, and countermeasures:
a. Introduction to scanning
1. Lab: Network Ping Sweeps Using nmap
1. Lab: UDP Scan Using nmap
2. Lab: TCP SYN Scan Using nmap
3. Lab: TCP SYN Scan Using hping
d. Banner grabbing/application mapping/OS fingerprinting:
i. Lab: Active Stack Fingerprinting Using nmap
i. Lab: Vulnerability Scanning Using Nessus
DAY 3:
4. Enumeration: Discuss and illustrate various enumeration concepts, techniques, tools, and countermeasures:
a. Introduction to enumeration
b. Enumeration objectives
c. Enumeration techniques:
d. File Transfer Protocol (FTP):
i. Lab: FTP Enumeration Using Hydra
i. Lab: SSH Enumeration Using BruteSSH
f. Hypertext Transfer Protocol (HTTP):
i. Lab: HTTP Enumeration Using Nikto
g. Common Internet Filesystem (CIFS):
i. Lab: Null Session Connection
ii. Lab: CIFS Enumeration Using WinScanX
h. Simple Network Management Protocol (SNMP):
i. Lab: SNMP Enumeration Using snmpcheck
i. Lab: MySQL Enumeration
ii. Lab SQL Injection Using WebGoat
i. Lab: Determining the Password Policy
ii. Lab: Automated Password Guessing
5. Exploitation: Discuss and illustrate various exploitation concepts, techniques, tools, and countermeasures:
a. Introduction to exploitation
b. Exploitation objectives
c. Exploitation techniques:
1. Lab: Poor Man’s Privilege Escalation
2. Lab: Linux Privilege Escalation Exploit Using Metasploit
1. Lab: Windows Stack-Based Buffer Overflow Using Metasploit
iii. Client-side exploits:
1. Lab: Client-Side Exploit Using Metasploit
DAY 4:
6. Post-Exploitation: Discuss and illustrate various post-exploitation concepts, techniques, tools, and countermeasures:
i. Lab: Determining the Auditing Policy
ii. Lab: Using Netcat to Setup a Reverse Shell
iii. Lab: Surviving a System Restart
iv. Lab: GUI Remote Control Using Remote Desktop Protocol (RDP)
v. Lab: Creating Rogue User Accounts
i. Lab: Dumping Windows Password Hashes Using Metasploit
ii. Lab: Cracking Windows Password Hashes Using Cain
iii. Lab: Cracking Windows Password Hashes Using John the Ripper
iv. Lab: Keystroke Logging Using Metasploit
v. Lab: Taking Screenshots Using Metasploit
vi. Demonstration: ARP Poison Routing Using Cain
i. Lab: Erasing Windows Logs Using elsave
ii. Lab: Hiding Your Files Using Alternate Data Streams (ADS)
DAY 5:
a. Students will be given 4-5 hours to apply the concepts, techniques, and tools discussed/used the preceding four days against various targets
Other Topics Discussed Throughout Class:
3. Intrusion Detection/Prevention Systems, firewalls, honeypots/honeynets
6. Policies and Procedures
|
