sensepost training overview 0711 admin · 3. a review of fingerprinting • advanced portscanning...

Training 08 July 2011

08 July 2011

SensePost Training Overview 2011/2012

of 14 PUBLIC

PUBLIC

About SensePost Information Security ............................................................................................................... 3 Training Overview ....................................................................................................................................................... 3 A. Cadet Edition ............................................................................................................................................................. 4 B. Bootcamp Edition ................................................................................................................................................... 6 C. BlackOps Edition ..................................................................................................................................................... 8 D. Combat Edition ...................................................................................................................................................... 10 E. W^3 Edition ............................................................................................................................................................. 11 F. Unplugged Edition ................................................................................................................................................ 13

08 July 2011


of 14 PUBLIC

PUBLIC

About SensePost Information Security As trusted advisors we deliver insight, information and systems to enable our customers to make informed decisions about Information Security that support their business performance. SensePost is an independent and objective organisation specialising in information security consulting, training, security assessment services and IT Vulnerability Management. SensePost is about security. Specifically - information security. Even more specifically - measuring information security. We've made it our mission to develop a set of competencies and services that deliver our customers with insight into the security posture of their information and information systems.

Training Overview

08 July 2011


of 14 PUBLIC

PUBLIC

A. Cadet Edition Hacking By Numbers Cadet Edition is offered as an introduction to the art and science of computer hacking. Even with no hacking experience whatsoever Cadet Edition will equip students with the basic thinking and technical skills necessary to start exploring this

fascinating world. 'Cadet Edition' is an introductory course for technical people with no previous experience in the world of hacking. The course will present one with background information, technical skills and basic concepts required to get going. This includes some coding and scripting, networking and Internet technologies, basic methodologies, essential thinking skills, tools and current hacking techniques. Cadet Edition is the ideal training ground to prepare one for the HBN Bootcamp, further self-study or other hacking courses.

Content 1. Introduction

• An introduction to hacker thinking and why hackers are different

• An introduction to method-based hacking

• A methodology for hacking into computers over a network

• Understanding Vulnerabilities & Exploits

• Vulnerabilities in Custom Applications

2. Essential Networking Technologies. A Hacker Perspective

3. Essential OS Technologies. A Hacker Perspective

4. More Scripting for Hackers

5. An Introduction to Hacker Tools & Techniques

• Intelligence

o Useful Web Resources

o Web Spiders

o Search Engines and Hacking

• Footprinting

o FDNS Mining

o WHOIS

• Fingerprinting

o Basic Port scanners

o Service and OS Discovery

• Vulnerability Discovery

o Nessus

o Wikto

o Web Proxy

• Exploiting Vulnerabilities

6. Putting it all together

• A real-world capture-the-flag exercise.

08 July 2011


of 14 PUBLIC

PUBLIC

Context This course is the first in the Hacking By Numbers series and is at an introductory level. It's aimed at beginners and serves to prepare students for the Bootcamp Edition. Cadet and Bootcamp Edition can be taken back-to-back. There is a small amount of overlap between the courses.

Prerequisites Cadet Edition is designed for technical people who have no skill or experience in hacking. The course remains technical however, and students are expected to have a solid practical grasp of computer operating systems, networks and databases. In order to complete students will be given pre-configured laptops that will serve all the needs of the environment, along with all other required materials. All you need is a fresh mind and maybe some coffee.

Who should attend Information security officers, system and network administrators, security consultants, government agencies and other nice people will all benefit from the valuable insights provided by this class.

What people say "This class provided a great overview of the thinking & methodology involved in hacking"

08 July 2011


of 14 PUBLIC

PUBLIC

B. Bootcamp Edition This course is the "How did they do that?" of modern hacking attacks. From start to finish we will lead students through the full compromise of a company's IT systems, explaining the tools and technologies, but especially the thinking, strategies and the methodologies for every step along the way. "Hacking By Numbers - Bootcamp Edition" will give students a complete and practical window into the methods and thinking of hackers. 'Bootcamp' is SensePost’s 'introduction to hacking' course. It is strongly method based and emphasizes structure, approach and thinking over tools and tricks. The course is popular with beginners, who gain their first view into the world of hacking, and experts, who appreciate the sound, structured approach.

Content Bootcamp Edition follows a strict method-based approach to teach the fundamental technical and thinking skills used for hacking over the network. The content of this course mirrors the methodology step-by-step:

1. Introduction

• An introduction to method-based hacking

• A quick review of key concepts and technologies

• A method for hacking into computers over the network

2. A Review of Reconnaissance

• Intelligence

• Footprinting

• Verification

• Vitality

3. A Review of FingerPrinting

• Advanced Portscanning

• OS & Service Identification

4. Vulnerability Discovery

• Reviewing basic vulnerability types

• Understanding vulnerability scanners

• Using vulnerability scanners

o Nessus

o Wikto

5. Exploiting Vulnerabilities

• Understanding the link between exploits and vulnerabilities

• Exploiting known vulnerabilities

o The Metasploit Framework

o Exploits without code

• Discovering and Exploiting new vulnerabilities

6. Finding and Exploiting Vulnerabilities in Web Applications

• The issue with web applications

• Tools for attacking web applications

08 July 2011


of 14 PUBLIC

PUBLIC

• The common web application vulnerability categories

• Hacking other custom applications

o Web Services

o Java

o C#

7. Owning the target

• The difference between exploiting and owning a system

• Building a channel

• Privilege Escalation

• Ensuring Repeat Access

• Hiding your tracks

• A strategy for phase 2

All of the areas above are illustrated with real-life technical labs capture-the-flag exercises.

Context This course follows directly on from 'Cadet Edition' and serves as a prerequisite for the 'BlackOps Edition'. As always, the course can also be taken without any of the others. Bootcamp Edition can be taken back-to-back with either Cadet Edition (for beginners) or BlackOps Edition for more advanced students.

Prerequisites SensePost will provide fully configured laptop computers as well as CDs with all the tools and materials used in the course. Students need to ensure they have the necessary level of skill. No hacking experience is required for this course, but a solid technical grounding is an absolute must. Students are expected to be versed in basic programming or scripting, networking and Internet technologies, 'nix and Windows operating systems, basic SQL and database technologies. No advanced skills are required, but students without a good, practical knowledge of these areas will fall behind in this fast-paced class. Students without the requisite technical skills are encouraged to consider 'Cadet Edition'. Cadet and Bootcamp Edition can be taken back-to-back.

Who should attend Information security officers, system and network administrators, security consultants, government agencies and other nice people will all benefit from the valuable insights provided by this class.

What people say “The training from SensePost was one of the best I have ever attended! The SensePost courses are of a high standard and merit the highest recommendation.”

08 July 2011


of 14 PUBLIC

PUBLIC

C. BlackOps Edition Hacking By Numbers "BlackOps Edition" is your final course in the HBN series before being deployed into "Combat". Here, you'll sharpen your skills in real scenarios before being shipped off to battle. Where Bootcamp focuses on methodology and Combat focuses on thinking, BlackOps covers tools and techniques to brush up your skills on data exfiltration, privilege escalation, pivoting, client-side attacks and even a little exploit writing.

You'll also focus on practical elements of attacking commonly found systems. The course is instructor-lead, with slides and structured labs that guide students through numerous scenarios. This is hands-on hacking made fun.

Content 1. Scripting

o Introduction to Python o Basic code patterns o Justification for Python o Python for pentesters

2. Targeting o Yeti/BidiBLAH/Foca o Service discovery o Rapid fingerprinting o Network mapping

3. Compromise o Network layer tricks o Executable dropping o Abusing network trust o Bypassing protections

4. Privilege Escalation o Windows o Linux o *BSD

5. Pivoting o Traffic redirection o Syscall proxying o Trusted links

6. Exfiltration o Direct connection o Alternate channels o Dead drops o Avoid detection

7. Client-Side o Lures o Payloads o Effective exploitation

8. Exploit Writing

Context BlackOps naturally follows directly from Bootcamp Edition, and prepares students for Combat Edition - our ultimate hands-on course. It should not be your first hacking course, but can be taken back-to-back with Bootcamp or with Combat, depending on your existing level of experience. Although prior participation in an HBN course is not a prerequisite, significant exposure to hacking training, tools and techniques is highly recommended.

08 July 2011


of 14 PUBLIC

PUBLIC

Prerequisites SensePost will provide fully configured laptop computers as well as CDs with all the tools and materials used in the course. Students need to ensure they have the necessary level of skill. Some previous hacking experience is required for this course, and a solid technical grounding is an absolute must. Students are expected to be versed in basic programming or scripting, networking and Internet technologies, 'nix and Windows operating systems, basic SQL and database technologies. No advanced skills are required, but students without a good, practical knowledge of these areas will fall behind in this fast-paced class. Students without the requisite technical skills are encouraged to consider ‘Bootcamp Edition'. Bootcamp and BlackOps Edition can be taken back-to-back.

Who should attend Information security officers, system and network administrators, security consultants, government agencies and other nice people with some basic technical experience will all benefit from the valuable insights provided by this class. Professional penetration testers just entering the field will also appreciate the structured, practical approach.

What people say "Great training and great information. Entertaining and well taught via experience"

08 July 2011


of 14 PUBLIC

D. Combat Edition Combat Edition is our premier hacker training course. From the first hour, to the final minutes students are placed in different offensive scenarios as they race the clock to breach systems. Using experienced gained from thousands of assessments over the years, we have created dozens of real-life lab exercises whose solutions lie much more in the technique and an out-of-box thought process than in the use of scripts or tools. Each exercise is designed to teach a specific lesson and will be discussed in detail after completion; however there are no lab sheets or lectures as this course is non-stop hacking. In this way you learn from talented SensePost instructors, your colleagues and your own successes and failures.

Content Combat is very much example and exercise driven and, as the course is constantly kept updated with new and exciting lab exercises, there is no fixed curriculum. Multiple scenario-style attacks aimed at getting students to apply knowledge learned from other courses in real world applications:

• Target discovery and reconnaissance; • Network mapping; • Network traffic analysis; • Discovery and understanding known vulnerabilities; • Exploiting known vulnerabilities • Privilege escalation; • Avoiding detection; • Discovering and exploiting new vulnerabilities; • Reverse engineering; • Web application hacking; • Database hacking; • Tool and exploit writing.

Context BlackOps naturally follows directly from Bootcamp Edition, and prepares students for Combat Edition - our ultimate hands-on course. It should not be your first hacking course, but can be taken back-to-back with Bootcamp or with Combat, depending on your existing level of experience. Although prior participation in an HBN course is not a prerequisite, significant exposure to hacking training, tools and techniques is highly recommended.

Prerequisites SensePost will provide fully configured laptop computers as well as CDs with all the tools and materials used in the course. Students need to ensure they have the necessary level of skill. Some previous hacking experience is required for this course, and a solid technical grounding is an absolute must. Students are expected to be versed in basic programming or scripting, networking and Internet technologies, 'nix and Windows operating systems, basic SQL and database technologies. No advanced skills are required, but students without a good, practical knowledge of these areas will fall behind in this fast-paced class. Students without the requisite technical skills are encouraged to consider ‘Bootcamp Edition'. Bootcamp and BlackOps Edition can be taken back-to-back.

Who should attend Information security officers, system and network administrators, security consultants, government agencies and other nice people with some basic technical experience will all benefit from the valuable insights provided by this class. Professional penetration testers just entering the field will also appreciate the structured, practical approach.

What people say "Nice work! This course wasn't just about tools; it was also theory and that helps. I recommend this training to other engineers."

08 July 2011


of 14 PUBLIC

E. W^3 Edition Hacking by Numbers - W^3 Edition is an intermediate web application hacking course for people with some experience in penetration testing.

The course will provide a refresher of HTTP and associated technologies before commencing with some more advanced level attacks ranging from assessment techniques of traditional web applications to newer technologies - such as AJAX, rich client media and HTML 5.

As with all courses in the Hacking by Numbers range, the W^3 course is a hands-on, highly practical course which intends to enable students to understand the trade and not the trick.

Content • HTTP protocol specification • Automation of HTTP attacks • Session attacks • Command execution vulnerabilities • Traversal vulnerabilities • File inclusion • Basic and advanced SQL Injection • SQL truncation attacks • Cross-Site Scripting • Fragmented cross site scripting • Cross-Site request forgery • Web2.0 HTTP requests and responses (i.e.: JSON etc) • Advanced XSS with CSRF, • XSS and XmlHttpRequest • JSON hijacking • Flash and silverlight • HTML5 • XML Entity attacks • XML injection • LDAP injection • Post exploitation: UDF uploading, establishing tunnels, pivoting • Thick application assessment • Attacking web services

Context This course is the only course in the Hacking By Numbers focussing specifically on web-based technologies. This course is rated as 'intermediate'. It assumes some prior experience with Web Application hacking tools and techniques. It is not mandatory to complete any other SensePost courses before attending this course. However, previous exposure to hacker thinking, tools and techniques is a prerequisite and a basic understanding of web hacking concepts and techniques is assumed.

Prerequisites SensePost will provide fully configured laptop computers as well as CDs with all the tools and materials used in the course. Students need to ensure they have the necessary level of skill. Some previous hacking experience is required for this course, and a solid technical grounding is an absolute must. It is not mandatory to complete any other SensePost courses before attending this course. However, previous exposure to hacker thinking, tools and techniques is a prerequisite and a basic understanding of web hacking concepts and techniques is assumed. Students without the requisite technical skills are encouraged to consider ‘Bootcamp Edition'. Bootcamp and W^3 Edition can be taken back-to-back.

08 July 2011


of 14 PUBLIC

Who should attend Security consultants, government agencies, developers, penetration testers and other nice people will all benefit from the valuable insights provided by this class.

What people say Good job! <script>alert (“;-)”)</script>

08 July 2011


of 14 PUBLIC

F. Unplugged Edition SensePost's Hacking by Numbers Unplugged Edition is an entry-level wireless security training course. It is done in the same style as our other HBN courses; highly practical with a focus on learning how things work, not just the tricks.

The course starts off with some practically focused fundamentals. This includes wireless fundamentals such as antenna selection and radio radiation patterns, network fundamentals such as TCP/IP and wireless protocols. This section is kept intentionally short, with the rest of the fundamentals explained as part of a scenario based course.

Three scenarios are used: The first is how to approach hacking a residential wireless network. Here technologies such as WEP are discussed. The second scenario is how to attack corporate networks, where WPA/2

technologies and attacks are discussed. The final scenario is an open coffee shop network where monitoring and interception attacks are discussed.

By the end of the course, a student should have a much better understanding of wireless networks, and their security failings, and how to exploit these.

Content The Unplugged Edition will follow precisely the ‘scenario based’ approach and content that was developed for AMS for this purpose. Further customizations can be undertaken as required.

1. Background

2. Thinking Like an Attacker

a. Course Prerequisites

b. Method-Based Hacking

3. Wireless Network Overview

a. OSI Stack

b. Networking Fundamentals

c. Wi-Fi Fundamentals

4. Residential Scenario

a. Finding Networks

b. Wired Equivalency Protocol

c. Consumer Routers

5. Corporate Scenario

a. Wireless Protected Access

b. Brute Force Cracking

c. Enterprise Networks

6. Coffee Shop

a. Layer 2 & 3 Attacks

b. Attacking Users

c. Attacking Servers

Context This course is the only course in the Hacking By Numbers focussing specifically on Wi-Fi attack scenarios. It assumes no prior experience with Wi-Fi or Wi-Fi hacking, although attendance of Hacking By Numbers Bootcamp Edition would be beneficial.

08 July 2011


of 14 PUBLIC

Prerequisites SensePost will provide fully configured laptop computers as well as CDs with all the tools and materials used in the course. Students need to ensure they have the necessary level of skill. Some previous hacking experience is required for this course, and a solid technical grounding is an absolute must. Students are expected to be versed in basic programming or scripting, networking and Internet technologies and 'nix and Windows operating systems. No advanced skills are required, but students without a good, practical knowledge of these areas will fall behind in this fast-paced class. Students without the requisite technical skills are encouraged to consider ‘Bootcamp Edition'. Bootcamp and Unplugged Edition can be taken back-to-back.

Who should attend Information security officers, system and network administrators, security consultants, government agencies and other nice people will all benefit from the valuable insights provided by this class, as will penetration testers, red team members and analysts wishing to obtain practical Wi-Fi hacking skills.

What people say “Overall it’s been one of the best courses I’ve been to!”

sensepost training overview 0711 admin · 3. a review of fingerprinting • advanced portscanning...

Documents