Course Description
To defend against hackers, you must think like a hacker. With attacks
becoming more sophisticated and more widespread, it is critical to secure and
defend your network on a real-time basis. Instead of showing you how to
reactively monitor your network, this advanced course gives participants both
the raw knowledge and the hands-on experience to proactively secure these
systems within their organizations and develop countermeasures for possible
future attacks.
There is no doubt that the tools hackers use to wreak havoc have become more
sophisticated and the destruction left in their wake has created immeasurable
costs for businesses. Even the most perceptive security veterans in these
organizations find themselves struggling to develop countermeasures. In response
to this incredible cat-and-mouse game where the stakes keep getting higher, this
course offers seasoned security veterans an opportunity to test their skills
like never before. Ultimate Hacking: Expert provides the latest knowledge
and weapons to defend against sophisticated attacks while displaying how to
safeguard your company's critical information assets. Taught by a select group
of our industry leading consultants, this course is simply the best security
course available today.
Continuing Education Credit
This course quailifies for up to 32 hours of CPE for CISSP/SSCP and 28 hours
of CE for CISA/CISM holders. For details, go to www.foundstone.com.
Agenda
Day 1 - The Network
Day one sets the foundation for penetration tests by establishing a strong basis
in network monitoring, scanning, and attacks. Emphasis is placed on the tools
and techniques used to monitor for potentially malicious activity, as well as
the processes required to methodically perform network and host reconnaissance.
- Network Monitoring
- The case for monitoring and detection
- Advanced usage of full-content monitoring tools
- Analyzing full-content and session data
- Implementing an Intrusion Detection System (IDS)
- Illicit Monitoring
- Sniffing in a switched environment
- Passive host discovery
- Session hijacking
- Man-in-the-Middle attacks
- Network Reconnaissance
- Source port scans
- Advanced OS identification
- Service enumeration against non-standard ports
- Advanced port scanning techniques
- Analyzing tool signatures
Throughout the day, students participate in labs that build proficiency and
reinforce the topics presented. These labs include setting up a Snort IDS,
sniffing in a switched environment, hijacking encrypted login sessions, and
injecting binary nudge strings to identify remote services.
Day 2 - Attacking and Defending UNIX
The UNIX day presents numerous issues particular to the UNIX environment,
including attacks against common misconfigurations and security mechanisms.
Students compile and test malicious rootkits, and then participate in an
interactive session on using covert channels over many different protocols.
- Attack and Defense Methodology applied to the UNIX Model
- Enumerate system information
- Penetrate remote services
- Penetrate accounts
- Local attacks and countermeasures
- Expand influence
- Lock down the system
- Loadable Kernel Modules (LKM) and Rootkits
- Install and use a malicious LKM
- Detect an LKM
- Beyond LKM rootkits
- Covert Channels
- Using ICMP, UDP, and TCP to hide traffic
- Techniques to bypass firewalls
- Use network monitoring to identify and analyze covert activity
Each section contains several labs that lead the student through the techniques
presented in class. These include using a variety of local and remote exploits,
setting up and breaking out of traditional security mechanisms, and modifying
proof-of-concept covert channel code.
Day 3 - Attacking and Defending Windows
Focus on Windows-based technologies and their vulnerabilities. The day walks
through complete application of an attack and defense methodology as
specifically applied to Windows platforms. Preeminence is given to recent
Windows security features, and ways to defeat them. Students use Windows-based
sniffers to capture and crack passwords, even when Kerberos is implemented. The
day ends with a review of the latest database attacks and how to protect this
commonly vulnerable service from exploits.
- Attack and Defense Methodology applied to the Windows model
- Footprint systems, domains, and trust
- Scan for enabled services
- Enumerate comprehensive system data
- Penetrate accounts
- Escalate privileges
- Pillage accessible data
- Get interactive privileges
- Expand influence
- Clean up evidence
- Apply techniques to Windows Server 2003, .NET, and other current security
considerations
- SQL Server Security
- Enumerate database service information
- Default accounts
- Buffer overflows
- SQL attack methods
- Windows Attack Lab
- An advanced windows attack exercise closes out the final hours of the day
Students are given the opportunity to perform labs during each of the sections.
These labs allow students to test out the latest exploits and techniques against
a variety of Windows platforms and services, including recent XP and 2003
offerings.
Day 4 - Other Advanced Topics
Analyze code-based security vulnerabilities and learn how to audit a program for
potential vulnerabilities. Practice techniques by writing several buffer
overflow exploits. Probe wireless security issues, focusing on 802.11 networks.
The day closes out with a cumulative expert ultimate lab exercise.
- Code-Based Vulnerabilities
- Foundational study of memory, including the stack and the heap
- Use compilers and debuggers to discover potential vulnerabilities
- Write a series of buffer overflow exploits
- Understand other types of code-based vulnerabilities, including format string
attacks, integer overflows, and signed overflows
- Wireless Networks
- Survey of wireless data networks and correlated lack of security
- Review 802.11 protocols
- Examine client and access point authentication and encryption
- Bypass protection mechanisms
- Attack the Access Point
- Spoof attacks against wireless clients
- Expert Ultimate Lab
- A cumulative exercise designed to crystallize the techniques presented
throughout the week
The buffer overflow section culminates with students going through the steps of
identifying vulnerabilities and crafting a valid attack. The wireless network
module has several labs which give the students a chance to use the latest
tools, crack WEP packets, and spoof MAC addresses to bypass authorization
controls.
Audience
For experienced security administrators, security auditors, and/or security consultants. This course is the pinnacle of the Ultimate Hacking series and is a continuation of the Foundstone Ultimate Hacking course.