Hands-on Hacking Unlimited

This course is targeted at IT professionals who wish to learn the various hacking and defensive techniques used by hackers to compromise an organisation's IT infrastructure.

The course is designed both for those who have already acquired hacking and security basics, and for those who are approaching the subject for the first time, and wishing to acquire a comprehensive background and solid practical skills.

Who should attend?

• IT managers
• IT security specialists
• Security officers
• Network administrators

What will you learn?

• How to think like a hacker to improve protection of your system
• How to discover and exploit discovered vulnerabilities
• Typical techniques used to gain access into a system
• How to conceal tracks
• How to collect information and profile information systems
• How to find and use hacker toolboxes

Course contents

This intensive, two-day seminar touches on many areas of IT security. Below is the complete programme.

General Introoduction to hacking

Collecting information on our target
Web-based instruments: Google, NetCraft, VisualRoute etc.
Local Instruments: scanners, fingerprinters etc.

Extended Network Mapping
A detailed analysis of the techniques to be used for executing Extended Network Mapping:

• Passive and Active Resources
• DNS brute-forcing
• Zone transferLive session

Collecting Information on old and new vulnerabilities

Protecting anonymity while hacking, theory about shells and proxies

Rootkits

Trojans

Live session on gathering information on various targets

The typical structure of a web site
Enumeration of the components and their inherent possible vulnerabilities

Cross-site scripting

What is an exploit?

Introducing and expoliting most common Linux vulnerabilities:
- SSH, SSL, Apache, others
Live session

Introducing and exploiting most common Windows vulnerabilities:
- FrontPage Extension
- he ever-present Unicode

Internet Explorer
The most devastating vulnerabilities in Internet Explorer. How to gain control of a PC through IE vulnerabilities. Examples on how to use three different vulnerabilities for executing an arbitrary code on a PC are showcased.
Live session

Exploiting database vulnerabilities
- SQL injection
- URL poisoning
Live session

Black box hacking session
- Hacking an unknown Windows system
- Hacking an unknown Linux system
- Hacking an unknown OS system
Live session

The theory behind Buffer Overflows

How to properly follow-up system patching

Social Engineering: techniques and phsychological traps

Future hacking playgrounds
Home automation systems, 3rd Generation Mobile phone platforms ...

Course Style: Live Hacking!
The course is lector led, using hacking simulations to illustrate potential threats. Numerous practical case studies will be provided as working examples.

Duration
1 Day

Prerequisites
Background in Microsoft Windows and Linux is required. Basic programming skilss are also desirable.