| 1. |
The hacker methodology |
|
2 hours |
|
Before we get to the actual attacks, we lay down the foundations by describing the methodology and modus operandi. We define the terminology and nomenclature of information security, and illustrate the three stages of a successful hack
- Reconnaissance: Gathering infromation on remote targets
- Infiltration: The attack
- Propagation: Strengthening hold and infiltrating related systems
|
| 2. |
Network (in)security |
|
2 hours |
|
Starting with network layer insecurities, we discuss issues in Layers II, III and IV: Ethernet, IP, and TCP/UDP weaknesses that are inherent in the protocol design. Topics include:
- Scanning - Using ICMP, TCP and UDP to gather data on remote targets, including fingerprinting the operating system versions
- Sniffing - Intercepting network traffic in both wired and wireless environments. Focus on Wi-Fi environments and WEP encryption cracking
- Spoofing - Masquerading network traffic for purposes of impersonation
- Tunneling - Establishing covert channels over "normal" network traffic.
- Denial of Service - malforming traffic itself for attack purposes.
- Tools:
- NMap
- Nessus
- WinFingerPrint
|
| 3. |
All your secrets are ours |
|
2 hours |
|
A primer on encryption, explaining the ideas behind symmetricm asymmetric cryptography and hash functions.
- Fundamentals of cryptography
- Storing passwords
- Traditional UNIX hashes (DES)
- UNIX ECF passwords (MD5, AES...)
- Windows Passwords
- Tools
- Jack the ripper
- L0phtCrack
|
| 4. |
Application
Security |
|
2 hours |
|
The basic principles of application security. Explaining how and what can go wrong in seemingly innocuous applications. Possible outcomes of vulnerabilities in user applications, including:
- Information Leakage - disclosure of private and/or sensitive information under incorrect circumstances
- Denial of Service - application/system crashes intentionally induced by a hacker attack
- Logic Subversion - overriding application decision making capabilities and tricking unintended, and insecure functionality
- Injection - Introduction of foreign files/scripts/SQL/code into an application, thereby overriding its logic and wresting control
|
| 5. |
Interlude: Web
Applications |
|
2 hours |
|
Basic concepts in web applications. The world wide web is the most common platform for attacks. In order to understand specific vulnerabilities, we need to first elaborate on the aspects in which web application are similar to or different from traditional programs.
- HTTP - The Hyper Text Transfer Protocol
- Input in HTML forms. Important tags, GETs vs. POSTs
- Javascript
- OWASP - Top 10 vulnerabilities
- Cross Site Scripting (XSS) and Javascript injection
- Cross Site Request Forgery (XSRF)
- Tools
- OWASP WebScarab
- Acunetix vulnerability scanner
|
| 6. |
Application Security
faults |
|
4 hours |
|
Common faults in applications, including:
- Directory Traversals - breaking out of the application's intended directory
- Escaping attacks - providing malformed input that intentionally bypasses security checks
- Poison Null Bytes
- Command Injection - Supplying foreign operating system commands
- SQL Injection - Breaking into databases by providing corrupt input with intentional malformation of database logic
|
| 7. |
Code Injection
Attacks |
|
4 hours |
|
Techniques for injecting code into legacy
(C/C++) applications
- Buffer Overflows
- Format string Attacks
- Integer Overflows
- Return Oriented Programming Attacks
- Tools
|