Overview
Hacking, Penetration Testing and Defensive Countermeasures is a hands-on, intensive, five-day workshop immersing students in the methodologies and application of hacking concepts, techniques, and tools. The hacking methodology used in this class includes: footprinting, scanning, enumeration, exploitation, and post-exploitation. Countermeasures to mitigate the various hacking techniques are emphasized. When students complete the class they will have hands-on experience applying the best of breed security tools in the context of a hacking methodology, using various ethical hacking concepts and techniques.
Audience
This course will significantly benefit systems administrators, network administrators, auditors, security professionals, site administrators, and anyone who is concerned about the integrity and security of their systems and network infrastructure, as well as those interested in systems and application security.
Prerequisites
Course duration
5 days
Certification
While not attached or designed around any specific certification this workshop is an excellent preparation course for professional certifications like the EC-Council Certified Ethical Hacker (CEH) and SANS Global Information Assurance Certification (GIAC) Penetration Tester (GPEN)
Course outline
Each topic listed below includes a brief theoretical discussion, lab exercises, and common mitigation techniques/countermeasures. Both Windows-based and Linux-based attack tools will be used.
DAY 1:
1.Introduction:
a. Course goals and objectives
b. Additional resources (both online and print)
c. Penetration testing certification programs
d. Various penetration testing lab environments and system configurations
e. Introduction to ethical hacking
f. Ethical hacking methodologies<
g. Penetration testing models
h. Penetration testing preparation
i. Penetration testing reports<
2. Footprinting: Discuss and illustrate various footprinting concepts, techniques, tools, and countermeasures:
a. Introduction to footprinting
b. Footprinting objectives
c. Footprinting analysis:
i. Gather publicly available information:
1. Search engines:
a. Lab: Google Hacking
2. Company Web pages:
a. Lab: Website Mirroring Using wget
3. Related organizations:
a. Lab: Target Organization Information
4. Location details:
a. Lab: Target Organization Location Details
5. Phone numbers, contact names, E-mail addresses, job titles, organizational charts:
a. Lab: Target Organization Phone Number(s)
b. Lab: Target Organization Contact Names and Emails
6. Current events (mergers, acquisitions, layoffs, rapid
growth):
a. Lab: Target Organization Current Events
7. Social networking sites:
a. Lab: Target Organization Social Networking Site(s)
8. Privacy or security policies
9. Technical details indicating the types of security mechanisms in place
10.Archived information
11.Disgruntled employees
12.Discussion groups
13.Resumes
ii. Query WHOIS servers:
1. Lab: Gathering WHOIS Information
iii. Perform DNS enumeration:
DAY 2:
1. Lab: Manual DNS Zone Transfers
3. Scanning: Discuss and illustrate various scanning concepts, techniques, tools, and countermeasures:
a. Introduction to scanning
b. Scanning objectives
c. Scanning techniques:
i. Ping sweeps:
1. Lab: Network Ping Sweeps Using nmap
ii. Port scans:
1. Lab: UDP Scan Using nmap
2. Lab: TCP SYN Scan Using nmap
3. Lab: TCP SYN Scan Using hping
d. Banner grabbing/application mapping/OS fingerprinting:
i. Lab: Active Stack Fingerprinting Using nmap
e. Vulnerability scans:
DAY 3:
i. Lab: Vulnerability Scanning Using Nessus
4. Enumeration: Discuss and illustrate various enumeration concepts, techniques, tools, and countermeasures:
a. Introduction to enumeration
b. Enumeration objectives
c. Enumeration techniques:
d. File Transfer Protocol (FTP):
i. Lab: FTP Enumeration Using Hydra
e. Secure Shell (SSH):
i. Lab: SSH Enumeration Using BruteSSH
f. Hypertext Transfer Protocol (HTTP):
i. Lab: HTTP Enumeration Using Nikto
g. Common Internet Filesystem (CIFS):
i. Lab: Null Session Connection
ii. Lab: CIFS Enumeration Using WinScanX
h. Simple Network Management Protocol (SNMP):
i. Lab: SNMP Enumeration Using snmpcheck
i. Database Enumeration:
i. Lab: MySQL Enumeration
ii. Lab SQL Injection Using WebGoat
j. Password Enumeration:
i. Lab: Determining the Password Policy
ii. Lab: Automated Password Guessing
5. Exploitation: Discuss and illustrate various exploitation concepts, techniques, tools, and countermeasures:
a. Introduction to exploitation
b. Exploitation objectives
c. Exploitation techniques:
i. Privilege escalation:
1. Lab: Poor Man’s Privilege Escalation
2. Lab: Linux Privilege Escalation Exploit Using Metasploit
ii. Buffer overflows:
1. Lab: Windows Stack-Based Buffer Overflow Using Metasploit
iii. Client-side exploits:
DAY 4:
1. Lab: Client-Side Exploit Using Metasploit
6. Post-Exploitation: Discuss and illustrate various post-exploitation concepts, techniques, tools, and countermeasures:
a. Maintaining access:
i. Lab: Determining the Auditing Policy
ii. Lab: Using Netcat to Setup a Reverse Shell
iii. Lab: Surviving a System Restart
iv. Lab: GUI Remote Control Using Remote Desktop Protocol (RDP)
v. Lab: Creating Rogue User Accounts
b. Expanding influence:
i. Lab: Dumping Windows Password Hashes Using Metasploit
ii. Lab: Cracking Windows Password Hashes Using Cain
iii. Lab: Cracking Windows Password Hashes Using John the Ripper
iv. Lab: Keystroke Logging Using Metasploit
v. Lab: Taking Screenshots Using Metasploit
vi. Demonstration: ARP Poison Routing Using Cain
c. Covering your tracks:
i. Lab: Erasing Windows Logs Using elsave
DAY 5:
ii. Lab: Hiding Your Files Using Alternate Data Streams (ADS)
7. Penetration Test:
Other Topics Discussed Throughout Class:
a. Students will be given 4-5 hours to apply the concepts, techniques, and tools discussed/used the preceding four days against various targets
1. Cryptography
2. Hacking laws
3. Intrusion Detection/Prevention Systems, firewalls, honeypots/honeynets
4. Malware
5. Physical security
6. Policies and Procedures
7. Social Engineering
8. Wireless