Overview

Our five-day ethical hacking training course is a hands-on journey into the hacking mind-set, examining and practically applying the tools and techniques that an external threat may use to launch “infrastructure” attacks on your organisation. The various stages of that attack, or equally a penetration test, are explored from initial information gathering, target scanning and enumeration through to gaining access, exploitation, privilege escalation and retaining access. Practical in-depth hands-on exercises using various tools reinforce the theory as you experiment with a Windows 2012 domain (server and workstation) plus a Linux server. The course demonstrates cyber-attack techniques but this is always done with defence in mind and countermeasures are discussed throughout, enabling delegates to identify the threats and understand the strategies, techniques and policies required to defend their critical information.

Prerequisites

Basic understanding of TCP/IP networking

  • Are you familiar with the OSI model?
  • Can you name a layer 2 and layer 3 protocol?
  • What function does ARP perform?
  • Can you describe at a high-level how a request reaches a web server through Ethernet, IP and TCP?
  • How does a system know whether or not a gateway is required?
  • What is a TCP port?

Be comfortable with Windows and Linux command line. As a guideline, you should be able to tick off the following (without heavy recourse to Google):

  • Understand how switches change the way commands work
  • How does adding > affect a command?
  • Understand the difference between cd /folder/file and cd folder/file (i.e. what does / at the front of the path do?)
  • Understand the difference between ../file and ./file
  • Understand how to pull up built-in help for a command

Who Should Attend?

The course is ideally suited to anyone looking to improve their career prospects or transitioning into a cyber security role, including: (PTO)

  • Network engineers
  • Systems administrators
  • Systems architects or developers
  • IT security officers
  • Information security professionals
  • Budding penetration testers

Delegates will learn how to

  • You will learn a series of attack methodologies and gain practical experience using a range of tools to undertake an infrastructure penetration test across a multi-OS environment
  • Once you are able to identify and exploit vulnerabilities in a safe manner, you will be introduced to a range of defensive countermeasures, allowing you to protect your network and respond to cyber threats

KEY BENEFITS

  • This course will provide you with the following:
  • An understanding of the risks and how to mitigate them
  • Learn a number of methodologies for undertaking an infrastructure penetration test
  • Acquire effective techniques to identify exploits and vulnerabilities
  • Improve your ability to respond effectively to cyber threats
  • Valuable preparation and hands-on practice in preparation for the CREST Registered Penetration Tester (CRT) examination

Outline

Introduction

  • Motivations behind hacking
  • The hacking scene c
  • Methodology

Networking Refresher

  • Sniffing Traffic – Wireshark, Ettercap

Information Discovery

  • Information Gathering – wget, metadata, pdfinfo and extract
  • DNS – dig, zone transfers, DNSenum and Fierce

Target Scanning

  • Host Discovery – Nmap and Netdiscover
  • Port Scanning with Nmap – Connect, SYN and UDP scans, OS detection
  • Banner Grabbing – Amap, Netcat, Nmap, Nmap scripts (NSE)

Vulnerability Assessment

  • Nikto
  • Nessus

Attacking Windows

  • Windows Enumeration – (SNMP, IPC$)
  • Enum4linux
  • RID Cycling – Enum4linux, Cain
  • Metasploit
  • Client-side Exploits – Internet Explorer, Metasploit Auxiliary modules

Privilege Escalation – Windows

  • Information Gathering with Meterpreter – Stuxnet exploit, Meterpreter scripts
  • Privilege Escalation – Keylogging, Service Configuration
  • Password Cracking – John The Ripper, Cain, Rainbow tables
  • Brute-Force Password Attacks
  • Attacks on Cached Domain Credentials
  • Token Stealing – PsExec, Incognito, local admin to domain admin
  • Pass the Hash

Attacking Linux

  • Linux User Enumeration
  • Linux Exploitation without Metasploit
  • Online Password Cracking – Medusa
  • User Defined Functions
  • ARP Poisoning Man in the Middle – clear-text protocols, secured protocols

Privilege Escalation – Linux

  • Exploiting sudo through File Permissions
  • Exploiting SUID and Flawed Scripts – logic errors
  • Further Shell Script Flaws – command injection, path exploits
  • Privilege Escalation via NFS
  • Cracking Linux Passwords

Pivoting the Connection

  • Pivoting with Meterpreter
  • Port Forwarding

Retaining Access

  • Netcat as a Backdoor
  • Dark Comet RAT – Metasploit Handlers, a full end-to-end attack

Covering Tracks

  • Alternative Data Streams
  • Dark Comet