Hands-On Hacking

Justin Peltier

This course is designed for security professionals who are involved with the technical aspects of computer security. Hands- On Hacking builds on the concepts of traditional network vulnerability assessment, teaching the methodology and tools used by network attackers to gain access to systems.

Designed to arm security administrators with proactive security skills, this course is a show-and-tell about the holes in network and security systems, providing hands-on practice in order to prepare students to think and operate like a system attacker.

Each student will use a client machine loaded with the latest tools to attack example hosts and experience the real world of attacks from the other side.

Prerequisites
Students in this class should possess the following knowledge:

• Working knowledge of basic network security plus a solid grasp of TCP/IP and fundamental networking concepts
• Familiarity with Unix, Linux and Windows Operating System is required, since the focus of this class will be on Unix, NT and Linux systems.
• Basic knowledge of networking devices
• An understanding of network vulnerability assessment is a plus

We'll begin with a discussion of targeting Internet systems, and techniques for selecting the target host for attack. We'll discuss how to scan the target hosts for vulnerabilities and learn appropriate steps to minimize lost time during the vulnerability scanning. Alternating labs and lecture throughout the two days, we will follow a seven-phase model for security penetration.

PHASE 1 — NETWORK RECONNAISSANCE. Employing public information sources such as the Internet, DNS servers, News servers, and IRC channels, we'll look for background information about our target network that may be useful in later phases.

PHASE 2 — TARGET NETWORK SCANNING. We'll scan the network range looking for available hosts to compromise, continue scanning to determine the operating system and applications on the available hosts, and finish by probing the application for vulnerabilities. We'll examine how to minimize the likelihood that an intrusion detection or intrusion prevention system will stop our scanning.

PHASE 3 — GAIN ACCESS VIA APPLICATION VULNERABILITIES. We'll dissect and perform several popular attacks such as buffer overflows, weak password compromises, and web server attacks.

PHASE 4 — GAIN ACCESS VIA NETWORK VULNERABILITIES. We'll look at network sniffers in depth, perform session hi-jacking, and look at source routing and spoofing as other means of fooling network devices.

PHASE 5 — DENY ACCESS. We'll look at performing Denial-Of-Service attacks against our target network, using attacks such as syn floods, Smurf, Land, ping of death, land, and bonk. We'll also look at the distributed denial-of-service attacks such as TFN2k, Trinoo, and Stacheldraght.

PHASE 6 - MAINTAIN ACCESS TO COMPROMISED SYSTEMS. We'll explore popular Trojans, how to leave backdoors, and the installation of rootkits.

PHASE 7 - HIDE ACCESS AND COVER TRACKS. We'll look at logfiles or log entries to remove, and other ways to disguise the unauthorized access we've achieved.

Note: This course is designed to help security administrators learn the holes in their own networks and security systems. The skills, techniques and tools taught in this course should not be used against any other system without authorized permission.