[ :: mainpage :: register :: conference :: training :: venue map :: agenda :: press/media ]
[ :: capture the flag (CTF) :: zone-h hacking challenge :: open-hack :: forum :: sponsors ]
[ :: contact :: past conferences :: open source security project showcase ]

Conference presentation materials have been released.
You can download them from Packet Storm


Filed under: Training — Administrator @ 8:31 pm

April 21, 2005

Title: Exploiting & Defending Networks
Trainer: Nish Bhalla VP Consulting Solutions, Security Compass
Capacity: 30 pax
Seats left: 15
Duration : 2 days
Cost: (per pax) RM1800 (early bird) / RM2200 (non early-bird)



The purpose of this course is to provide tech leads, testers, administrators, network administrators, help desk support and all other participants detailed security techniques and knowledge as applied to UNIX, Windows and Network security. It goes from the very basic concepts of understanding of Operating Systems (UNIX & Windows), learning the concepts of attacking and protecting Operating Systems, Networks & Network Devices. Participants would also learn how to take advantages of vulnerabilities that might exists in an environment. The training will not only show the latest techniques for exploiting the environment, but also how to defend the organization infrastructure against those weaknesses. Hands-on lab exercises reinforce the course material in a real world environment.

Understanding TCP/IP, Windows, and Unix
o Understanding the 3-way handshake
o Understanding UDP
o Understanding ICMP

• Windows
o Understanding Domains and Workgroups
o Domain Trust relationships
o Enumeration
o Understanding SIDs and RIDs
o Registry and sam files
o Common Services (Netbios, Web servers, IIS)
o DIG / nslookup
o Users and Groups (Understanding Unix file Permissions, User, Group)
o Common services (FTP, Telnet, SSH, TFTP, RPC, NFS)

Introduction Attack & Penetration

• A&P Methodology
o Foot-printing
o Scanning
o Enumeration
o Exploiting Vulnerabilities
o Installing Rootkits and Backdoors
o Cleaning up

• Foot-printing
o whois
o Search engines
o Google hacking
o News-groups
o Corporate Websites

• Scanning
o Finding Live Hosts
o Port scanning (Connect, SYN, FIN)
o Passive network monitoring

• Enumeration
o OS Fingerprinting
o Detailing network service information (Banner Grabbing, DNS information)
o Obtaining list of valid users and resources
o Passive network monitoring
o OS Specific Enumeration

o Unix
• User enumeration via Apache
• User enumeration via Finger
• User enumeration via r-services
• Obtaining user info using NIS

o Windows
• Enumerating windows users and shares (net, nete, enum, local, global, nltest, dumpsec, getmac, epdump, ldp)

• Source sifting web portals
o Mirroring web sites (wget, Black Widow, Offline explorer)

• Brute forcing authentication
o Brutus
o Hydra
o Extending Hydra to Brute Force Custom Protocols
o MS-SQL Brute forcing (sqldict, shell script)
o Mysql / Oracle
o TS-Grind

• Mis-configurations
o NFS (nfsshell)
o X Vulnerabilities (xscan)

• Buffer Overflows (metasploit)

• Obtaining and Cracking password files
o Windows (sam, pwdump3, LSA Secrets)
o Unix ( /etc/shadow, NIS (ypcat))
o Cracking passwords ( l0phtcrack, john)

Exploiting Network Specific Vulnerabilities
• Sniffing (Promiscous mode)
• ARP Spoofing
• Hijacking TCP connections
• 802.11
o Quick Overview
o Kismet
o Aircrack

• Owning Network Devices
o Cisco router password cracking
o Attacking services (Telnet, SNMP, HTTP, Obtaining config files)

• Firewalls
o Fingerprinting Firewalls.

• Windows cleanup
o disabling audit logs (Evenviewer)
o Web Server Logs

• UNIX Cleanup
o Xinet revisited & /etc/syslog.conf
o utmp and wtmp
o xferlog
o maillog
o lastlog
o shell histories

Installing Backdoors and Rootkits
• Port redirection techniques

• Windows backdoors and rootkits
o Fake Gina
o Winvnc
o Hiding files in windows
o Keyloggers

• Back-dooring Unix
o Installing a Remote Shell Service using xinted
o Setting SETUID and SETGID on executable files
o .rhosts
o Loki2
o Trojanized commonly used commands

• Linux Rootkits
o LKM based
• Covert Channels
o Reverse shell
o Msn-shell
o XML-shell

About Nish:

Nishchal Bhalla is a specialist in product testing, code reviews, web application testing, host and network reviews and IDS architecture design and deployments. He is the VP of Consulting Services at Security Compass providing consulting services for major software companies & Fortune 500 companies. He is writing the section on writing exploits for an upcoming title “Buffer Overflow Attacks: Detect, Exploit & Prevent” and is a contributing author for “Windows XP Professional Security” and “HackNotes: Network Security”, he was also the tech editor for “Exploiting Software: How to Break Code”.

Nish has also been involved in the open source projects such as OWASP and YASSP. He has also written for security focus.

Prior to joining Security Compass, Nish was a Principal Consultant at Foundstone, where he not only helped develop the “Secure Coding” class but also taught the Ulimate Hacking, Ultimate Web Hacking and Ultimate Hacking Expert classes. Apart from working for Foundstone, some of the other companies Nish has worked for include TD Waterhouse, The Axa Group and Lucent. Nish holds his Masters in Parallel Processing from Sheffield University, is a post graduate in Finance from Strathclyde University and a Bachelor in Commerce from Bangalore University.

Comments are closed.

Event Organizer

Hack In The Box (M) Sdn. Bhd.

Supported & Endorsed By

Malaysian Communications and Multimedia Commission (MCMC)

Malaysian Administrative Modernisation & Management Planning Unit

Main Sponsor

Microsoft Corporation

Official Airline Partner

Malaysia Airlines

Open-Hack Sponsor

VIA Technologies Inc.

CTF Sponsor

Scan Associates

CTF Prize Sponsor


Media Partners:

The Virus Bulletin Conference takes place at The Burlington, Dublin, Ireland, 5 to 7 October 2005. Register here.

Phrack Magazine

Our Speakers Are Supported By:

Bellua Asia Pacific

F-Secure Corporation

Supporting Organizations


Chaos Computer Club (Germany)

X-Focus China

Zone-H Defacement Mirror

Xatrix Security


Special Interest Group in Security & Information InteGrity Singapore