Hacking, Penetration Testing and Defensive Countermeasures

Overview

Hacking, Penetration Testing and Defensive Countermeasures is a hands-on, intensive, five-day workshop immersing students in the methodologies and application of hacking concepts, techniques, and tools. The hacking methodology used in this class includes: footprinting, scanning, enumeration, exploitation, and post-exploitation. Countermeasures to mitigate the various hacking techniques are emphasized. When students complete the class they will have hands-on experience applying the best of breed security tools in the context of a hacking methodology, using various ethical hacking concepts and techniques.

Audience

This course will significantly benefit systems administrators, network administrators, auditors, security professionals, site administrators, and anyone who is concerned about the integrity and security of their systems and network infrastructure, as well as those interested in systems and application security.

Prerequisites

  • Familiarity with the core TCP/IP protocols (e.g., TCP, HTTP)
  • Windows and Linux command-line interfaces
  • Familiarity with virtualization software (e.g., VMware)
Course duration

5 days

Certification

While not attached or designed around any specific certification this workshop is an excellent preparation course for professional certifications like the EC-Council Certified Ethical Hacker (CEH) and SANS Global Information Assurance Certification (GIAC) Penetration Tester (GPEN)

Course outline

Each topic listed below includes a brief theoretical discussion, lab exercises, and common mitigation techniques/countermeasures. Both Windows-based and Linux-based attack tools will be used.

DAY 1:
    1.Introduction:
        a. Course goals and objectives
        b. Additional resources (both online and print)
        c. Penetration testing certification programs
        d. Various penetration testing lab environments and system configurations
        e. Introduction to ethical hacking
        f. Ethical hacking methodologies<
        g. Penetration testing models
        h. Penetration testing preparation
        i. Penetration testing reports<
    2. Footprinting: Discuss and illustrate various footprinting concepts, techniques, tools, and countermeasures:
        a. Introduction to footprinting
        b. Footprinting objectives
        c. Footprinting analysis:
          i. Gather publicly available information:
            1. Search engines:
              a. Lab: Google Hacking
            2. Company Web pages:
              a. Lab: Website Mirroring Using wget
            3. Related organizations:
              a. Lab: Target Organization Information
            4. Location details:
              a. Lab: Target Organization Location Details
            5. Phone numbers, contact names, E-mail addresses, job titles, organizational charts:
              a. Lab: Target Organization Phone Number(s)
              b. Lab: Target Organization Contact Names and Emails
            6. Current events (mergers, acquisitions, layoffs, rapid growth):
              a. Lab: Target Organization Current Events
            7. Social networking sites:
              a. Lab: Target Organization Social Networking Site(s)
            8. Privacy or security policies
            9. Technical details indicating the types of security mechanisms in place
            10.Archived information
            11.Disgruntled employees
            12.Discussion groups
            13.Resumes
          ii. Query WHOIS servers:
            1. Lab: Gathering WHOIS Information
          iii. Perform DNS enumeration:
            1. Lab: Manual DNS Zone Transfers
DAY 2:
    3. Scanning: Discuss and illustrate various scanning concepts, techniques, tools, and countermeasures:
        a. Introduction to scanning
        b. Scanning objectives
        c. Scanning techniques:
          i. Ping sweeps:
            1. Lab: Network Ping Sweeps Using nmap
          ii. Port scans:
            1. Lab: UDP Scan Using nmap
            2. Lab: TCP SYN Scan Using nmap
            3. Lab: TCP SYN Scan Using hping
        d. Banner grabbing/application mapping/OS fingerprinting:
          i. Lab: Active Stack Fingerprinting Using nmap
        e. Vulnerability scans:
          i. Lab: Vulnerability Scanning Using Nessus
DAY 3:
    4. Enumeration: Discuss and illustrate various enumeration concepts, techniques, tools, and countermeasures:
        a. Introduction to enumeration
        b. Enumeration objectives
        c. Enumeration techniques:
        d. File Transfer Protocol (FTP):
          i. Lab: FTP Enumeration Using Hydra
        e. Secure Shell (SSH):
          i. Lab: SSH Enumeration Using BruteSSH
        f. Hypertext Transfer Protocol (HTTP):
          i. Lab: HTTP Enumeration Using Nikto
        g. Common Internet Filesystem (CIFS):
          i. Lab: Null Session Connection
          ii. Lab: CIFS Enumeration Using WinScanX
        h. Simple Network Management Protocol (SNMP):
          i. Lab: SNMP Enumeration Using snmpcheck
        i. Database Enumeration:
          i. Lab: MySQL Enumeration
          ii. Lab SQL Injection Using WebGoat
        j. Password Enumeration:
          i. Lab: Determining the Password Policy
          ii. Lab: Automated Password Guessing
    5. Exploitation: Discuss and illustrate various exploitation concepts, techniques, tools, and countermeasures:
        a. Introduction to exploitation
        b. Exploitation objectives
        c. Exploitation techniques:
          i. Privilege escalation:
            1. Lab: Poor Man’s Privilege Escalation
            2. Lab: Linux Privilege Escalation Exploit Using Metasploit
          ii. Buffer overflows:
            1. Lab: Windows Stack-Based Buffer Overflow Using Metasploit
          iii. Client-side exploits:
            1. Lab: Client-Side Exploit Using Metasploit
DAY 4:
    6. Post-Exploitation: Discuss and illustrate various post-exploitation concepts, techniques, tools, and countermeasures:
        a. Maintaining access:
          i. Lab: Determining the Auditing Policy
          ii. Lab: Using Netcat to Setup a Reverse Shell
          iii. Lab: Surviving a System Restart
          iv. Lab: GUI Remote Control Using Remote Desktop Protocol (RDP)
          v. Lab: Creating Rogue User Accounts
        b. Expanding influence:
          i. Lab: Dumping Windows Password Hashes Using Metasploit
          ii. Lab: Cracking Windows Password Hashes Using Cain
          iii. Lab: Cracking Windows Password Hashes Using John the Ripper
          iv. Lab: Keystroke Logging Using Metasploit
          v. Lab: Taking Screenshots Using Metasploit
          vi. Demonstration: ARP Poison Routing Using Cain
        c. Covering your tracks:
          i. Lab: Erasing Windows Logs Using elsave
          ii. Lab: Hiding Your Files Using Alternate Data Streams (ADS)
DAY 5:
    7. Penetration Test:
        a. Students will be given 4-5 hours to apply the concepts, techniques, and tools discussed/used the preceding four days against various targets
Other Topics Discussed Throughout Class:
      1. Cryptography
      2. Hacking laws
      3. Intrusion Detection/Prevention Systems, firewalls, honeypots/honeynets
      4. Malware
      5. Physical security
      6. Policies and Procedures
      7. Social Engineering
      8. Wireless


Wintrac Inc.
16523 SW McGwire Ct.
Beaverton OR 97007
© Wintrac, Inc. All rights reserved.                                                                               Site Map   |   Terms of Use   |   Privacy Policy