Hacking Inside Out

	Home > Products & Services

Training & Awareness

Security Awareness

Mission Possible

Standard Courses

Capability-Based Business Continuity Planning

Hacking Inside Out

Windows 2000
Security, Audit & Control

Network Security Overview

Hacking Inside-Out

Objective

This course gives an in-depth explanation of the methodology used by hackers for gathering information about a network, then attacking.

The principal objective of the training is to gain the knowledge and experience needed to secure your network against attacks from hackers and crackers.

Target Audience

- System / Network Administrators
- Security Personnel (Technical)

Course Pre-requisites

- Knowledge of TCP/IP
- Knowledge of network topologies and technologies
- Experience with Unix and Windows NT based networks

NOTE:
A copy of the relevant pages from the delegates passport or identity card as well as a letter of reference from their employer will be required as additional proof of identity and that they hold an appropriate position within a recognised organisation.

This precaution is taken to ensure us that no hackers will participate in this course.

Course Outline

Day 1

1. Introduction

The purpose of this course is to show network / system administrators and security personnel how they can secure their system / network. By explaining what vulnerabilities can be exploited, demonstrating how it is done and what the outcome is, it should be easier to see what the weaknesses are in a network / system and what countermeasures can be taken to improve overall security.

2. Reconnaissance

The very first phase of an attack is to retrieve all possible information that is available on the target organisation. The primary source for this information is the target organisation itself, i.e. the website. Most of the time a lot of useful info can be found here, e.g. organisational diagrams, addresses, phone numbers, e-mail addresses, branches, partners etc.

A variety of search engines can be consulted with custom queries built to retrieve more information about the organisation itself (news posts), the partners of the organisation (links to the website). We can also retrieve the domain(s) and IP net blocks a certain organisation 'owns' by using Whois.

Tools & Techniques that are used:

- Whois
- DNS
- Corporate Website
- Search Engines

3. Network mapping

Armed with all the information gathered, the second phase of an attack starts. This phase, comprises the determination of the characteristics of the target network such as the network topology, host OS type, and available applications such as Web servers and FTP servers.

The availability of a host and the services it has to offer, can be detected by sending various types of crafted ICMP/TCP/UDP packets.

The network topology can be mapped using TTL modulation and 'record route'.

The operating system of a host can be determined by 'fingerprinting' the IP stack and by banner grabbing.

Firewalls can be detected with a combination of the previous techniques; they tend to respond in a certain way to a certain type of packets, they listen on certain ports, and banners can be grabbed.

The following tools & techniques are used:

- Variations on ping and traceroute
- Portscan
- OS Detection
- Firewall detection
- Application Detection
- War dialling

Day 2

4. Exploiting

Once the target organisation's network is mapped, the quest for vulnerable services begins. A variety of specialised search engines and web sites can be consulted to retrieve instructions and code to exploit the found services. The main goal is to gain access to the network. Access can also be gained by attacking an application that doesn't provide proper input validation.

Once unprivileged access has been acquired the next goal is to escalate the acquired privileges to root / administrator / supervisor level. All information that can be used to compromise other systems / networks will be collected (e.g. .rhosts files, password files, password hashes, etc.).

If access cannot be obtained or traces of the intrusion need to be covered, a denial of service can be performed. This can be done by formatting a disk, by sending lots of bogus information to a service which results in the shutdown of this service or by means of several other techniques.

The following techniques are used:

- Gaining Access
- Escalating privilege
- Pilfering
- Denial of Service
- Application Level Attacks

Day 3

5. Keeping access

Once access has been 'granted' hackers have to make sure they can always come back. The most used techniques are to plant Trojans and to install backdoors. Firewalls can be by- passed by implementing back channels. These 'utilities' allow a connection to originate at the destination and can use standard ports that are not filtered by the firewall.

The following tools & techniques are used:

- Trojan Horses
- Backdoors

6. Covering tracks

All traces of the intrusion have to be hidden, this way the system remains 'owned'. All tools need to be stored but the network / system administrator should not discover them. This can be accomplished by using 'special' versions of standard tools.

The following tools & techniques are used:

- Clear logs
- Hide tools

Conclusion

To conclude we look at the appropriate laws to consider the legal requirements for networks / systems. The procedure for reporting incidents is illustrated. The penalties for 'trespassing' are discussed.

A Toad Interactive Site