Cyber Security Expert Hacking Compact (3 days)

Hackers, ransomware and denial-of-service attacks threaten every IT infrastructure. Many administrators are unsure if the measures implemented are sufficient or if critical security gaps still exist. All administrators should therefore consider information security risks from the attacker's perspective. This different perspective will help you to better protect your servers and your organization against attacks. This course provides you with the technical, methodical and organizational knowledge to understand attacks and to verify the security of your IT systems.

An important focus of the course is providing important technical background details on hacking tools and exploits. In addition to the technics and procedure of current attacks, you will learn how to use common hacking tools in order to verify the security of your systems and improve protective measures.

This course is aimed at

• system administrators
• network administrators
• web administrators
• information security officers
• information security consultants

in organizations that want to look into information security risks from the attacker's perspective to protect their servers and their company against attacks even better.

Our hacking course "Expert Hacking Compact" is currently only offered as an on-site company training. Please contact us for an offer and possible dates.

Your contact: Christian H. Gresser, cgresser[at]nesec.de

Day 1

• Legal assessment of hacking
  • Criminal assessment of hacking
• Attackers and their motives
  • Hacker, cracker and the scene
  • Hacking procedures
  • Hacking Cycle
  • Lab:
    • Evaluation of vulnerabilies with CVE and CVSS
    • Attribution of attacks with MITRE ATT&CK
    • Searching for exploits for existing vulnerabilities
    • Accessing the Darknet with the TOR-Browser
• Information Gathering (Footprinting)
  • Reconnaissance with publicly accessible information
  • Sensitive data in search engines
  • Google dorks
  • Lab:
    • Identification of possible victims through DNS
    • Lookup of IP addresses in the RIPE database
    • Usage of crafted Google and Bing search requests to gather information
    • Usage of online services to gather information (Netcraft, Robtex)
• Port scanning
  • Different scanning techniques
  • Portscanning and fingerprinting
  • Portscanning with Nmap
  • Lab:
    • Sweep scanning with Nmap
    • TCP portscanning with Nmap
    • UDP portscanning with Nmap
    • Using different scanning options (e.g. -O -A -F)
    • Alternatives to Nmap (SuperScan, Unicorn Scanner)
    • Traceroute with Nping

Day 2

• Vulnerability scanning
  • Vulnerability Scanning with Nessus
  • Analysis of the scanner results and service specific vulnerabilties
  • Lab:
    • Installation of Nessus
    • Configuration of Nessus scan profiles
    • Vulnerability scanning with Nessus
    • Analysis of the results
• Exploits and exploit frameworks
  • Web pages with exploits (Exploit DB et. al.)
  • Working with Metasploit
  • Post exploitation with Metasploit
  • Lab:
    • Using the output of Nmap and Nessus to find and prepare exploits
    • Usage of exploits to break into Windows 10
    • Usage of post exploitation modules in Meterpreter
    • SAM extraction with Mimikatz
    • Password cracking with John the Ripper and Cain&Abel
• Viruses, trojans and malware
  • Creating viruses and trojans
  • Vulnerabilities in malware scanners
  • Botnets
  • Randomware
  • Social engineering
  • Lab:
    • Testing suspicious programs with Virustotal.com
    • Ceating and camouflaging malware, based on Netbus
    • Modifying malware to deceive anti-virus scanners
    • Creating trojans from harmless software with msfvenom
    • Embedding malware in PDF
    • Embedding the Meterpreter as macro in a word document
• Wireless LAN hacking
  • WEP cracking
  • WPA/WPA2 cracking
  • Lab:
    • WLAN analysis with Kismet
    • Eavesdropping with airodump-ng
    • WPA cracking with Hashdump

Day 3

• Attacking web applications
  • OWASP Top 10
  • SQL injection
  • Cross site scripting and cross site request forgery
  • Working with OWASP ZAP
  • Lab:
    • Attacks against web applications with the OWASP Zed Attack Proxy (ZAP)
    • Fuzzing of fields in forms with OWASP Zed Attack Proxy (ZAP)
    • Explication of attacks with DVWA
    • Detection and exploitation of cross site scripting (XSS) vulnerabilities
    • Detection and exploitation of SQL injection vulnerabilities
    • Extraction of SQL databases with sqlmap
    • Security analysis of Wordpress with WPscan
    • Brute force attacks against web applications with Hydra
• Attacking Windows
  • Enumeration of Windows users and services
  • Extracting passwords and lateral movement (with Mimikatz)
  • Lateral Movement, Pass-the-hash attacks
  • attacks against Active Directory domain controllers (DSInternals, BloodHound)
  • Lab:
    • Windows enumeration with SuperScan
    • Extracting the LSA cache with Cain&Abel
    • Extracing the SAM and logon passwords with Mimikatz
    • Offline attack against Active Directory with DSInternals
    • Pass-the-hash attack with Metasploit
    • AD security analysis with BloodHound

Each participant receives the course material (~ 750 pages) completely with training presentation and supplementary explanations as well as the lab guide (~ 50 pages), both completely in German language. The training materials are continuously updated and corrected to reflect current topics.

All hacking tools are used in Labs in an environment with different virtual machines. In particular all the attacks discussed can also be actively tested and executed. The lab part of the seminar is approx. 40%.

Each participant will also receive a download link with all hacking tools so that they can try out attacks on their own systems.

All seminars are conducted by experienced penetration testers who contribute their years of experience to this course.