This is a practical 4,5 day introductory course considering the methods and tools used by the attackers to gain access to IT systems and the potential countermeasures to cope with those attacks.
The course is built upon hands-on exercises and the tasks are much focused on the offensive side of IT security. The participants can try out several most common types of attacks on lab systems. During the missions the participants can take part in so called Capture the Flag competition – the winner is the person who is able to firstly capture the specific token from vulnerable system. For completing the missions the students will be provided virtual machines based on Kali Linux. The majority of the tools used in the class are open-source or at least non-commercial. The vulnerable web applications are built using mostly PHP and MySQL. Our purpose is not to focus on details of specific technologies, but to explain the most common attack classes using popular and simple to understand solutions.
The course has been designed for network and system administrators, and security specialists. In general the expected audience should consist of persons who have good background in information technology gained whether from studies in university or by practical experiences or both. On the other hand we expect these individuals do not have knowledge and good practical know-how about security problems of computer networks and applications. Professional security practitioners or penetration testers with years of experience are not the target audience this course.
The presentation and demo sessions of the course cover the following topics:
- Introduction of the lab environment. The basics of Kali Linux and Metasploit.
- Reconnaissance: sources and tools for gathering information about target networks.
- Network scanning: host discovery, TCP and UDP port scanning, operating system detection, vulnerability scanning, scanning in IPv6 networks, honeypots and tarpits.
- Enumeration: using DNS, SNMP and other protocols to identify potential vulnerabilities.
- Password attacks: password guessing and cracking, how passwords are stored in Linux and Windows, hashing functions and identified vulnerabilities in them, Rainbow Tables, Pass-the Hash.
- Network infrastructure attacks and defence: MAC flooding, ARP spoofing, ICMP redirection, IP spoofing and fragmentation, VLAN hopping, leaking data over CDP, BGP hijacking; port security, DHCP snooping and dynamic ARP inspection, private VLANs, 802.1x.
- DNS security: DNS overview, DNS tunnelling, DNS rebinding, DNS snooping, cache poisoning attacks, DNSSec.
- Memory corruption vulnerabilities: introductory overview of memory management and stack based buffer overflows, memory protection techniques.
- Web Application Security: Main building blocks of web applications, session management and authentication attacks, injection attacks (SQL injection, OS command injection, File inclusion, Insecure file upload functionality), cross-site scripting, cross-site request forgery
Theoretical lectures are supported by set of practical exercises. These expect the students to conduct different tasks such as:
- Using social engineering tools such as The Harvester or Maltego for information gathering.
- Scanning small networks to finding alive hosts or machines with specific vulnerabilities.
- Using DNS enumeration to find interesting hosts, exploiting unprotected SNMP service for enumeration of information.
- Tunnelling arbitrary IP traffic over DNS protocol in restrictive environment
- Guessing and cracking passwords.
- Stealing credentials from Windows systems and using them to conduct Pass-the-Hash attacks.
- Conducting man-in-the-middle attacks (e.g. dissecting and sniffing SSL encrypted traffic) by using ARP spoofing in IPv4 networks and falsified Neighbour Advertisements in IPv6 networks.
- Using Metasploit Framework and existing exploit code against different targets. This includes client-side attacks.
- Exploiting vulnerabilities in custom-built web applications.
- Administrating Windows and Linux based systems
- Understand the main networking protocols (e.g. ARP, IP, ICMP, TCP, UDP, DNS, HTTP, SNMP, SMTP)
- Student’s workstation will be based on Kali Linux, therefore at least user-level knowledge of working with Linux systems is expected.
- English language skill comparable to STANAG 6001, 22.214.171.124
To sign up for the course, please complete the registration form before the deadline.