Hacking, Penetration Testing and Defensive Countermeasures

Introduction

Hacking, Penetration Testing and Defensive Countermeasures is a hands-on, intensive, workshop immersing students in the methodologies and application of hacking concepts, techniques, and tools.

The hacking methodology used in this class includes: footprinting, scanning, enumeration, exploitation, and post-exploitation.

Countermeasures to mitigate the various hacking techniques are emphasized.

When students complete the class they will have hands-on experience applying the best of breed security tools in the context of a hacking methodology, using various ethical hacking concepts and techniques.

While not attached or designed around any specific certification this workshop is an excellent preparation course for professional certifications like the EC-Council Certified Ethical Hacker (CEH) and SANS Global Information Assurance Certification (GIAC) Penetration Tester (GPEN)

Course Outline

DAY 1:

  1. Introduction:
    • Course goals and objectives
    • Additional resources (both online and print)
    • Penetration testing certification programs
    • Various penetration testing lab environments and system configurations
    • Introduction to ethical hacking
    • Ethical hacking methodologies<
    • Penetration testing models
    • Penetration testing preparation
    • Penetration testing report
  2. Footprinting: Discuss and illustrate various footprinting concepts, techniques, tools, and countermeasures:
    • Introduction to footprinting
    • Footprinting objectives
    • Footprinting analysis:
    • Gather publicly available information:
      1. Search engines:
        • Lab: Google Hacking
      2. Company Web pages:
        • Lab: Website Mirroring Using wget
      3. Related organizations:
        • Lab: Target Organization Information
      4. Location details:
        • Lab: Target Organization Location Details
      5. Phone numbers, contact names, E-mail addresses, job titles, organizational charts:
        • Lab: Target Organization Phone Number(s)
        • Lab: Target Organization Contact Names and Emails
      6. Current events (mergers, acquisitions, layoffs, rapid growth):
        • Lab: Target Organization Current Events
      7. Social networking sites:
        • Lab: Target Organization Social Networking Site(s)
      8. Privacy or security policies
      9. Technical details indicating the types of security mechanisms in place
    • Archived information
    • Disgruntled employees
    • Discussion groups
    • Resumes
  3. Query WHOIS servers:
    • Lab: Gathering WHOIS Information
  4. Perform DNS enumeration
    • Lab: Manual DNS Zone Transfers

DAY 2:

  1. Scanning: Discuss and illustrate various scanning concepts, techniques, tools, and countermeasures:
    • Introduction to scanning
    • Scanning objectives
    • Scanning techniques:
      1. Ping sweeps:
        • Lab: Network Ping Sweeps Using nmap
      2. Port scans:
        • Lab: UDP Scan Using nmap
        • Lab: TCP SYN Scan Using nmap
        • Lab: TCP SYN Scan Using hping
      3. Banner grabbing/application mapping/OS fingerprinting:
        • Lab: Active Stack Fingerprinting Using nmap
      4. Vulnerability scans:
        • Lab: Vulnerability Scanning Using Nessus

DAY 3:

  • Enumeration: Discuss and illustrate various enumeration concepts, techniques, tools, and countermeasures:
    • Introduction to enumeration
    • Enumeration objectives
    • Enumeration techniques:
    • File Transfer Protocol (FTP):
      • Lab: FTP Enumeration Using Hydra
    • Secure Shell (SSH):
      • Lab: SSH Enumeration Using BruteSSH
    • Hypertext Transfer Protocol (HTTP):
      • Lab: HTTP Enumeration Using Nikto
    • Common Internet Filesystem (CIFS):
      • Lab: Null Session Connection
      • Lab: CIFS Enumeration Using WinScanX
    • Simple Network Management Protocol (SNMP):
      • Lab: SNMP Enumeration Using snmpcheck
    • Database Enumeration:
      • Lab: MySQL Enumeration
      • Lab SQL Injection Using WebGoat
    • Password Enumeration:
      • Lab: Determining the Password Policy
      • Lab: Automated Password Guessing
  • Exploitation: Discuss and illustrate various exploitation concepts, techniques, tools, and countermeasures:
    • Introduction to exploitation
    • Exploitation objectives
    • Exploitation techniques:
    • Privilege escalation:
      • Lab: Poor Man’s Privilege Escalation
      • Lab: Linux Privilege Escalation Exploit Using Metasploit
    • Buffer overflows:
      • Lab: Windows Stack-Based Buffer Overflow Using Metasploit
    • Client-side exploits:
      • Lab: Client-Side Exploit Using Metasploit

DAY 4:

  1. Post-Exploitation: Discuss and illustrate various post-exploitation concepts, techniques, tools, and countermeasures:
    1. Maintaining access:
      • Lab: Determining the Auditing Policy
      • Lab: Using Netcat to Setup a Reverse Shell
      • Lab: Surviving a System Restart
      • Lab: GUI Remote Control Using Remote Desktop Protocol (RDP)
      • Lab: Creating Rogue User Accounts
  2. Expanding influence:
    • Lab: Dumping Windows Password Hashes Using Metasploit
    • Lab: Cracking Windows Password Hashes Using Cain
    • Lab: Cracking Windows Password Hashes Using John the Ripper
    • Lab: Keystroke Logging Using Metasploit
    • Lab: Taking Screenshots Using Metasploit
    • Demonstration: ARP Poison Routing Using Cain
  3. Covering your tracks:
    • Lab: Erasing Windows Logs Using elsave
    • Lab: Hiding Your Files Using Alternate Data Streams (ADS)

DAY 5:

  1. Penetration Test:
    • Students will be given 4-5 hours to apply the concepts, techniques, and tools discussed/used the preceding four days against various targets

Other Topics Discussed Throughout Class:

  1. Cryptography
  2. Hacking laws
  3. Intrusion Detection/Prevention Systems, firewalls, honeypots/honeynets
  4. Malware
  5. Physical security
  6. Policies and Procedures
  7. Social Engineering
  8. Wireless