Ethical Hacking: Hands-On Providing a Comprehensive Grounding in the Methodology, Techniques and Culture of Ethical Hacking

Y T E R I T S T U I N C E G S A

S D S E O I

• •

E T H G IC IN AL HACK

Ethical Hacking: Hands-On Providing a comprehensive grounding in the methodology, techniques and culture of ethical hacking

CSTA takes delegates on a journey through Prerequisites the various stages of a hacking attack, • A basic understanding of TCP/IP networking, e.g. or equally a penetration test, from initial information discovery and target scanning – Are you familiar with the OSI model? Can you name through to exploitation, privilege escalation a layer 2 and layer 3 protocol? and retaining access. – Can you describe at a high-level how a request On this course, practical exercises reinforce theory reaches a web server through Ethernet, IP and with each delegate having access to a Windows 2008 TCP? domain (server and workstation) along with a Linux – What function does ARP perform? server. Although the course demonstrates current – How does a system know whether or not a gateway hacking techniques, this is always done with defence in is required? mind and countermeasures are discussed throughout. – What is a TCP port? The CSTA exam (theory based) is included at the end of the course. • Familiarity with Windows or Linux command line. As a guideline, you should be able to tick off the following The course is ideally suited to anyone with responsibility (without heavy recourse to Google): for, or with an interest in, the security of IT systems, – Understand how switches change the way such as: system administrators, auditors, IT security commands work ofﬁcers, information security professionals and budding penetration testers. – How does adding > affect a command? – Understand the difference between cd /folder/file and cd folder/file (i.e. what does / at the front of the path do?) – Understand the difference between ../file and ./file – Understand how to pull up built-in help for a command To book call: +44 1763 285 285 or email: [email protected]

Duration: 4 days Cost: £1850.00 + VAT 6. Web/Application Server Issues 13. SQL Injection Course a. IIS/Apache/OpenSSLContent exploitationPrivilege Escalation – Linux a. Introduction to SQL Injection A full list ofb. practicalOracle Applicationexercises is available Server exploits• Standard (bypass streams on our website: www.7safe.com/csta b. Impact: Authentication bypass • Privilege escalation by exploit exclusion list etc) • Commercial penetration testing c.tools Impact: Extracting data (Blind SQL Injection, Introduction c. Hacking with Metasploit • Password storage UNION tricks, OOB channels) • Motivations behind hacking d. Insecure HTTP methods • Password cracking • The hacking scene d. OS Code Execution (MS-SQL, MySql, • Permission errors • Methodologye. WebDAV issues • Sudo Oracle) Networking7. Cross Site Refresher Scripting • SUID e. SQL Injection within stored procedures, • Flawed shell scripts • Sniffing a.traffic Types of XSS parameterized statements Information Discovery b. Identifying XSS Retaining Access f. Places where you never thought SQLI could • Useful information • Backdoors occur • Sourcesc. – Exploiting websites, metadata, XSS search • Trojan Horses engines, d.DNS, Advanced social engineering XSS exploitation with• Delivery beef mechanisms and g. Pitfalls in defending SQL Injections Target ScanningXSS-Shell • Botnets h. Fixing SQL Injections • Bypassing client-side security • Host discovere. Secure y cookie, HTTP-only 14. Malicious File Uploads • Por t scanning techniques Covering Tracks 8. Advanced XSS a. File Uploads • Banner grabbing • Hiding backdoors Vulnerability a. Pitfalls Assessment in defending XSS • Simple obfuscation b. IIS zero-day • Rootkits • Causesb. of Fixingvulnerabilities XSS c. Hacking Unprotected Application servers • The classic buffer overflow • Anti-forensics 15. Vulnerable Flash Applications •9. Vulnerability Cross Site tracking Request Forgery • Log manipulation • Connection laundering • Scanninga. Identifying/exploiting CSRF a. Insecure cross-domain requests • Client-side vulnerabilities b. Complicated CSRF with POSTConclusions requests b. Flash XSS Attacking Windows c. CSRF in web services CSTA Exam 16. Business Logic Bypass • Windows enumeration • Metasploitd. Impact Postgraduate a. Authentication bypass • Client-sidee. Fixing exploits CSRF qualifications b. Insecure Coding Privilege10. Session Escalation Fixation – Windows This course is one of the seven c. Other logical flaws • Local information gathering included on our partnered MSc Corporate headquarters programmes with De Montfort • Metasploit’sa. Cookie Meterpreter fixation 17. OS Code Execution123 Buckingham Palace Road University and University of London SW1W 9SR • Keyloggersb. Faulty log-out functionalities Bedfordshire. It can also18. be Remote/Local UnitedFile Kingdominclusion • Password storage used as 30 hours towards the Tel: +44 20 7730 9000 11. CRLF injection • Password extraction 150 hour requirement for the a. File Inclusion Open University Postgraduate 7Safe training centre • Passworda. Proxy cracking poisoning techniques Certificate. b. OS CodeCambridge Execution Technology Centre • Cached Domain Credentials Melbourn b. XSS with CRLF injection 19. Direct ObjectHerts Reference SG8 6DP • Windows network authentication Tel: +44 1763 285 285 •12. Access Clickjacking tokens 20. Capture The Flag Session www.paconsulting.com • Pass the hash

This document has been prepared by Attacking Linux PA. The contents of this document do • Exploitation not constitute any form of commitment • Web shells or recommendation on the part of PA and speak as at the date of their preparation. • Pivoting the attack Professional Training Authored By Experts • Online password cracking © PA Knowledge Limited 2013. • ARP Poisoning Man in the Middle All rights reserved.

Together with CSTP helps No part of this documentation may you prepare for the CREST be reproduced, stored in a retrieval Registered Tester qualiﬁcation system, or transmitted in any form or by any means, electronic, CPECPE Credits:Credits: 3224 mechanical, photocopying or otherwise without the written permission of PA Consulting Group. Professional training authored by experts 01791-24 7Safe Cambridge, South Cambridge Business Park, Sawston, Cambridge, CB22 3JH, United Kingdom London • Cambridge t 0870 600 1667 f 0870 600 1668 www.7safe.com