Hacking Defined Experts course

Transcription

1 Hacking Defined Experts course Cycle No 39 Academic Advisor: Mr Avi Weissman The course opens in Tel - Aviv: December 11 th, 2012, on Tuesday (evening) and Friday (morning) Cybernetic Attack Techniques course for applicants with Code or IT background Introduction The Cyber attack domain (or information warfare or cyber warfare or penetration testing) is definitely one of the most fascinating technological fields in the world of information security and cyber warfare Of the 5 worlds of InfoSec this field holds an up most importance and is most suitable for those with technical talent and creativity 2003 to 2012: A Decade of Excellence in Cyber Attack Specialists' Training The Hacking Defined Experts program was launched to give a solution for advanced cyber attack information and understanding The emphasis was on learning the techniques and comprehending the methodology rather than basing it on tools alone The advances of information security and technology rendered most tools as obsolete and some even useless when today, a more comprehensive understanding of the technology involved is more important and vital A hacker must use a multi disciplinary approach combining knowledge and creativity Automated tools all have known signatures and techniques nowadays making most of them not only obsolete, but actually damaging to the attack sequence triggering alarm, IDSs and IPSs In a world which hackers were accounted for the 'toolkit' they are using, today knowledge makes the difference The ability to understand a system, research for vulnerabilities and harvesting an arsenal of zero-day vulnerabilities, toolkits such as Back Track and Black Ubuntu became a free-easy-access system which does not make a hacker Hacking Defined Experts is built in way to bring an IT professional to a point where he/she is able o conduct a Penetration test from start to end mastering all required techniques The scenarios, class works and lab time are all built on real world scenarios which our penetration testers have encountered while testing an organization This training course is built, unlike the Certified Ethical Hacker certification, to be non-ethical It covers tools, methods, techniques from the point of reconnaissance, reverse engineering, network penetration, privilege escalation and onto a report writing methodology which is a significant part of a penetration tester's daily routine In the training, we will learn things which are more practice such as building Trojans and backdoors and spoofing mails to use real world attack scenarios on an organization Since the establishment of the Hacking Defined Experts series, hundreds of assault specialists and security experts have been trained If you cannot register to this program Be sure to check the program open to all - Ethical intended for the CEH exams preparation, and

2 Contact your guidance counselor The purpose of the program Train professionals to the world of ethical hacking, in attacking System, Network, Mobile, attacking applications and Web applications, and in the field of Reverse Engineering The professors teaching these courses are among Israel's leading hacker community Target Audience The course is intended for students with practical knowledge in Information Infrastructure (Operating Systems, Communication and basic knowledge in Security tools and basic technologies) Also graduates and post graduates in Computer Sciences, Software/Hardware engineers, software engineering \ hardware, preferably with the ability to develop code This track is not suitable for beginners Are you a beginner? Contact our advisor for guidance for personal development in this area Terms of acceptance 1 The course is designed for those holding a network management background in Windows or Linux or security information or software development Requires knowledge of Windows, Linux, TCP / IP, Web and services such as HTTP, SMTP, FTP, DNS 2 Willingness to put in a large amount of hours from home, learning Independently (about 400 hours of home study) 3 Personal interview Scope of program 20 sessions (Tuesday evening 17:30 to 21:00 and Friday morning 9:00 to 12:30) Classes are held on the See Security campus in Ramat Gan The course is opened about three times a year Cost (for the course opening on December 2012) Total 13,500 Nis Nis registration fee For further information and details contact: Elvira Eliseev, , Elvira@see-securitycom Eligibility All students are required to be present in a minimum of 80% of the meetings, and are required to pass all tests / projects (rated at least 70 and above is considered a passing score on the tests and projects) Meeting these requirements will grant you a "Hacking Defined Expert" certification granted by the See Security collage

3 Additional information The program was built for practical knowledge The program enables the acquirement of a Cyber Warfare level-2 certification The opening of the class depends on the number of registrants Registration fees are not refundable, except in the case of failure to open the program by the College Registration fee and any external tests are not included in the tuition The college brings to the attention of applicants and students that there may be changes in the array program, curriculum and exam dates or any other subject Notices of any change will be given to all participants Course syllabus 1 Chapter A Introduction 11 Hacking History 12 Hacking Today 13 Hacking Terminology 14 Ethical Hacking 15 Characteristics of an Attacker 16 Attackers' Thinking 17 Encryption Chapter B Course Toolkit 21 Python 22 Perl 23 Backtrack 231 Basic Backtrack environment 232 Linux introduction and understanding 233 Configuring Networking manually 234 Backtrack services and features 3 Chapter C Reconnaissance 31 Introduction to Reconnaissance 311 Goals 312 General understanding 32 OSINT 321 Google hacking and dorks 322 Site mapping 323 Maltego work environment 324 General relevant information 325 Whois Interrogation 3251 IP assignments with ARIN 3252 Client 3253 Methodology 326 Other online research methods 33 Organization details 34 Enumeration 341 SMTP enumeration 342 SNTP enumeration 343 NetBIOS enumeration 344 MS Session Management 345 Listing usernames on Windows XP via Null Session 346 VRFY 347 EXPN 348 Banner grabbing 349 tracerouting 3410 whatweb 3411 fierce 3412 DNS interrogation 3413 Reverse DNS interrogation 3414 Nslookup 3415 MX/NS enumeration 3416 Zone transferring 3417 DNS Name Bruteforce 3418 Port scanning Regular scan Decoy Scanning XMAS scan Spoofed scan MAC spoofing Zombie scan SYN scan ACK scan UDP scan 3419 OS fingerprinting 3420 Service fingerprinting 3421 Load Balancer De-multiplexing 3422 Low technology reconnaissance 3423 Path determination 4 Maale' Hshachar St Ramat-Gan 52383, Israel Tel: +(972) , Fax: +(972) avi@see-securitycom

4 3424 IDS / IPS detection 4 Chapter D Network Penetration 41 Traffic analysis 472 Hydra + Hydra-GTK 42 TCPDump 4721 Using Hydra 43 Sniffers 4722 CISCO router/switch bruteforce 44 Wireshark 4723 SMB password bruteforcing 441 Introduction 4724 FTP password bruteforce 442 Following streams 4725 POP3 password bruteforce 443 Analyzing data 4726 HTTP over SSL bruteforce 444 Mining and picking 473 Offline Attacks 445 Packet structures 474 Password Dumping 446 VoIP building 475 Physical Access 45 Traffic Interception and Manipulation 48 NetCat 451 Forging packets 481 Port scanning with NetCat 452 MITM attacks 482 Port forwarding with NetCat 4521 ARP poisoning 483 Backdoor (Bind Shell) 4522 Ettercap manipulation 484 Backdoor (Reverse Shell) 4523 Scripting for ettercap 485 Transferring files with NetCat 486 Using NetCat as a honeypot 46 DOS / DDOS 461 Methods of attack 49 RPC Enumeration 462 Nuke attacks 410 PS Executable 463 Buffer overflow DOS 411 Dameware 464 Flooding 412 VNC 465 SYN floods 466 Smurf Floods 467 Banana attacks 413 Radmin 414 BITS Background intelligent Transfer 415 Vulnerability Scanners 468 Effects of DoS 4151 Shadow Security Scanner 469 Where can it be used in a 'good' way 4152 Accunetix 47 Password Attacks 4153 Nessus 471 Online Brute Forcing Attacks 4154 Core Impact 5 Chapter E Wireless Penetration 51 RFID 511 Understanding RFID 512 Communicaation via RFID 513 Cracking and maintaining 52 Wi-Fi 521 Introduction 522 Understanding 80211x 523 Introduction to Tools 5231 airmon-ng 5232 airodump-ng 5233 aireplay-ng 5234 airebase-ng 5235 kismet 5236 gerix 524 Cracking Encryptions 5241 WEP 5242 WPA 5243 WPA WPS 525 WPS reaver 526 Bypassing MAC filtering 527 Rouge Access Point 528 Netstumbler 53 Bluetooth 531 Enumeration 532 Basic tools 533 Bypassing security codes 534 False associations and connections 6 Chapter F Web and Web Application Penetration 61 Introduction 611 HTML 612 Javascript 613 PHP 614 ASP 615 Web Terminology 6151 User agent 6152 Web Server 616 Web Attack Vectors 617 OWASP Top Tools 621 Firebug 622 Tamper Data 623 Paros 624 WebSCrab 625 Dirbuster 4 Maale' Hshachar St Ramat-Gan 52383, Israel Tel: +(972) , Fax: +(972) avi@see-securitycom

5 626 Fuzzers 627 Webshag 628 W3AF 63 Web Attacks 631 SQL Injection 6311 Introduction 6312 Blind 6313 Error based 6314 Information 632 XSS 6321 CSRF 6322 DOM based 6323 Stored 6324 Dynamic 633 Directory listing 634 Broken Authentication 635 Failure to restrict URLs 636 Insecure storage 637 Mal-configuration of Permissions 638 Changing User-Agent 639 File upload 6310 LFIs 6311 RFIs 6312 PHP shell files 6313 Sessions HiJacking 6314 Sessions SideJacking 6315 HTTP poisoning 6316 Cross-Site Cooking 6317 Session Fixiation 7 Chapter G Vulnerability World 71 Introduction 711 What is a vulnerability 712 Types of vulnerabilities Days 72 Buffer Over Flows 721 Introduction 722 Finding bugs 723 Case Studies 724 Verifying the overflow in the STOR 725 Which bytes overwritten EIP 726 Diving Deeper 727 Shell Code 73 Metasploit Framework 731 MSF Console 732 MSF Web 733 MSF CLI 734 Meterpreter 735 Meterpreter Commands 736 Payloads 737 Auxillary 738 Modules 739 Write an example in Ruby 74 General 741 Client side attacks 742 Internet Explorer remote code execution 743 IE Object type Overflow 744 Windows JPEG GDI 745 IR COM Objects file download exploit 746 WMF Client Side 75 Mobile Exploitation 751 Exploiting Mobile Devices 7511 Analyzing Mobile Oss 7512 Exploiting ios 7513 Exploiting Android 7514 Capabilities 752 Exploiting from Mobile Devices 7521 ANTI 7522 Wiggle 7523 FaceNiff 7524 DroidSheep 7525 Fing 7526 WiFiKill 8 Chapter H Virology and HouseKeeping 81 Thinking Security 811 Principels 812 Log Files 813 Unix 814 Windows 82 The Zoo 821 Trojan horses 822 Native Backdoors 823 Keylogger 8231 Physical Keyloggers 8232 Software Keyloggers 824 Root Kits 8241 Memory based root kit 8242 User Mode Root Kit 8243 Kernel mode root kit 8244 BIOS root kit 8245 Root kit in action: HXDEF 825 Windows Quirks 8251 Registry bugs 8252 NTFS alternate Data stream 826 Antivirus avoidance 9 Chapter I Software Security 91 Software Security Basics 911 Bad software 912 Complexity 913 Program Flaws 92 OS Security 921 What is An Operating System? 922 The Goals of the OS 923 Kernel and Kernel Mode 4 Maale' Hshachar St Ramat-Gan 52383, Israel Tel: +(972) , Fax: +(972) avi@see-securitycom

6 924 The OS Layers 925 Windows Architecture 926 HAL 927 Resource Allocation 928 Processes 929 MultiTasking 9210 Thread 9211 Scheduling 9212 Autoruns 93 Hooking 931 Windows API 932 What is Hooking? 933 Windows API Hooking 934 Windows API Logger 935 Monitoring Windows API 936 Process Monitor 10 Chapter J Reverse Engineering 101 Introduction 1011 What is reverse engineering 1012 Static analysis 1013 Dynamic Analysis 1014 Reverse Engineering Tools IDA ollydebug WinDBG Cheat Engine 1015 IA-32 Instruction Set 1016 File formats 102 The Actual Deal 1021 Integer Over Flows 1022 Stack Buffer Over Flow 1023 Heap overflow 1024 Access Control Systems 1025 Anti-Debugging 4 Maale' Hshachar St Ramat-Gan 52383, Israel Tel: +(972) , Fax: +(972) avi@see-securitycom

7 לכבוד המכללה לאבטחת מידע וללוחמת מידע שיא סקיוריטי טכנולוג'יז בע"מ רמת-גן פקס: נא לרשום אותי לתוכנית הלימודים ברמת גן Hacking Defined Expert פרטים אישיים: שם משפחה כתובת פרטית טל' בבית: קורס שם פרטי טל' נייד תז פקס שנת לידה כתובת E mail מקום עבודה: שם החברה לתשלום (נא סמן בחירתך): טל' תפקיד דמי רישום (חובה בכל מקרה) שכר לימוד בסך מצ"ב שיק מס' ע"ס - מקדמה (בגובה 10% משכר הלימוד) (ניתן לשלם עד תשלומים בהמחאות דחויות) (את ההמחאות יש לרשום לפקודת שיא סקיוריטי בע"מ) מצ"ב מכתב התחייבות המעסיק, אם הינך ממומן על ידו (1) יודפס ע"ג נייר לוגו (2) בציון מספר חפ של החברה, (3) לתשלום שוטף + 30 ממועד הפתיחה לכל היותר) נא לחייב כרטיס אשראי בתוקף עד: בתשלום אחד ב- תשלומים (עד 18 תשלומים בקרדיט) ב- תשלומים ללא ריבית שם בעל הכרטיס תז בעל הכרטיס תא' לידה של בעל הכרטיס כתובת בעל הכרטיס, המעודכנת בחברת האשראי טלפון בעל הכרטיס, המעודכן בחב' כרטיסי האשראי שם בנק+סניף הבנק בו מנוהל חשבון כרטיס האשראי דמי ההרשמה אינם מוחזרים, אלא במקרה של אי פתיחת התכנית על ידי המכון וSecurity See דמי ההרשמה אינם כלולים בשכר הלימוד יש לוודא כי התשלומים יסתיימו עד למועד סיום הקורס תאריך: חתימה: שיא א סקיוריטי טכנולוג'י בע"מ חפ: ספק משהב"ט: 83/168200