TECH TRAINING 5 – BLACKBELT PENETRATION TESTING

________________

OVERVIEW

Penetration Testing is  considered as a method to simulate how a real attacker/hacker can penetrated into your system.

Various documents and standards can be found on the Net on the way to do it. But over years the penetratin testing industries have dwindled  into a dogma where pentest is equal to (Get IP – Run Scanners – Results). As a result, most companies were under the delusion that whatever results came from those tools must be correct and accept as it is. In this class we will perform what a real attacker might do – hack to the max.

In the beginning of the class, students will be given a task (within a limited time)  to perform Penetration Testing on a few servers (linux based + windows based)  with several objectives. From there there will be a series of discussion between students and trainers on how to complete those objective. Students will also learn how to leverage information obtained from vulnerability scanners and combining it with Exploitation Framework such as Metasploit.  We will also learn how to bypass few access control in order to penetrate into a system such as firewall and antivirus. Password hashes dumping doesn’t work on Win2008 ?no problem!! At the end of the class we will setup a mini CTF (Jeopardy Style) Challenge where students will compete each other and helps them to evaluate their improved skills to help them further on in their career.

WHO SHOULD ATTEND

• Security consultants

• Developers

• QA testers

• System administrators

• IT managers

• System architects

• Scr1pt Kiddies who wish to level up

KEY LEARNING OBJECTIVES

• Organizing a Pentest Project.

• Information Gathering Techniques

• Network Vulnerability Scanning.

• Vulnerability Exploitation Techniques

• Privileged Escalation Techniques

• Advanced Password Hash Dumping Technique and Cracking

• Bypassing Firewall and Antivirus Technique

• Client Side Attack via Malicious Java and PDF.

• Introduction to Network Pivoting (Proxying a vulnerability)

COURSE AGENDA

DAY 1 (MORNING)

Student setup

• Setup Backtrack/Kali(in VMWARE)

• Setup Network Connectivity

Server 0wning session

• Discussion on vulnerabilities found

• Steps on Exploiting those vulnerabilities.

Recaps on Pentest

• Type of Pentest

• Covert

• Non-covert channel

• Surface of Pentest

• System/Internal Level

• Web Application Level

• Trends of Attack

DAY 1 (AFTERNOON)

Information Gathering

• Netcraft – Server uptime/downtime

• Shodan – Network Device hacking / Shodan premium acccess

• Google Hack.

Vulnerability Scanning

• Nmap

• Zenmap

• Nmap Scripting

• Netcat via Ncat

• Create arbitary TCP Connection for persistency.

• Nessus Scanning

• Discussing Nessus Features and Limitation

• Perform Scanning with Nessus

DAY 2 (MORNING)

Metasploit Framework Toolkit (msfconsole)

• Metasploit Philosphy

• Integration of Exploit Framework.

• Metasploit basic control

• Exploits

• Payloads

• Auxiliary

• Post Exploitaion

• Data extilfiltration

• Persistence backdoor connection

• Installing openssh (For Windows Exploit)

• Token Impersonation

• Password Dumping

• Crack with  John the Ripper

• Rainbow Tables

• Windows 2008

• Pivoting (Force routing via exploited machine)

• Introduction to Armitage.

DAY 2 (AFTERNOON)

Exploiting Web Attack using Metasploit

• Common Exploit in Web Attack

• Weak Authenthication (tomcat exploit)

• SQL Injection    (Shell droping + meterpreter)

Client-Side Attacking (a.k.a OneClick attack)

Malicious PDFs

• Java Rhino Driveby Exploit

Advance Antivirus Bypass

• Using the norm shikata/ganai Encoder

• Custom Xor Loader

• Standalone Universal Java exploit.

CTF Challenge

PER-REQUISITES

• Have a working knowledge of operating systems, Win32 and Unix.

• Not afraid of shell scripting – Programming Skills are bonus

• Understand the fundamental concept on Network Based Application.

HARDWARE REQUIREMENTS

• Intel Core 2 Duo x86 hardware (or superior) required

• 4GB RAM required, at a minimum

• Wireless/Wired network card

• 20 GB free Hard disk space

ABOUT THE TRAINERS

Shariman Samsudin (Senior Security Consultant, SCAN Associates Bhd.)

Aalim Rozi (Senior Consultant, BAE System Detica)

Aalim (CEH, CHFI) has more than 5 years network security pentester in Malaysia. He is currently working with a UK-based it security company.His vast experience in doing various kind of penetration test had exposed him to various kinds of potential weaknesses and attack. He is good blending between security needs and business need. Applying his defensive knowledge in his offensive day-to-day job activities also helps him to bring more value in his job. In addition to that, his experience in governance, risks and compliance such as Information Security Management System (ISMS / ISO27001) helps him to deliver an added value of penetration test which is not solely about a system is vulnerable that need to be fixed but also know how to see the impact from the eye of business user.