Security Workshop: Difference between revisions
From Gridkaschool
Jump to navigationJump to search
m (→Abstract) |
|||
(8 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
== |
=== Abstract === |
||
We will change ends and take the role of computer hackers. We attack a fictitious company, abuse their web servers, sniff passwords, and try to get full administrative access to their network. |
|||
⚫ | |||
== Requirements == |
|||
⚫ | |||
* An SSH client (OpenSSH, [http://the.earth.li/~sgtatham/putty/latest/x86/putty.exe PuTTY]) is necessary. |
* An SSH client (OpenSSH, [http://the.earth.li/~sgtatham/putty/latest/x86/putty.exe PuTTY]) is necessary. |
||
== |
== Agenda == |
||
* ''Part I'' - '''Introduction''' |
* ''Part I'' - '''Introduction''' |
||
Line 22: | Line 26: | ||
** Exploits |
** Exploits |
||
** Payloads |
** Payloads |
||
** Post-Exploitation scripts |
|||
** |
|||
⚫ | |||
⚫ | |||
'''Slides:'''<br> |
|||
... |
|||
'''Handout:'''<br> |
'''Handout:'''<br> |
||
Whatever your notes will be ;-) (we can provide written handouts, but only in German) |
Latest revision as of 13:22, 20 August 2014
Abstract
We will change ends and take the role of computer hackers. We attack a fictitious company, abuse their web servers, sniff passwords, and try to get full administrative access to their network.
Requirements
- You need to bring your own notebook (BYOD), Unix-based preferred.
- An SSH client (OpenSSH, PuTTY) is necessary.
Agenda
- Part I - Introduction
- What is "hacking"?
- How do hackers (and white hat pentesters) break into computers?
- Our lab environment
- Part II - Webhacking
- Injection Attacks (SQL, OS commands, ...)
- Cross-site Scripting (XSS)
- Inclusion Attacks
- Attacks on browsers
- Part III - Man in the Middle-Attacks
- ARP Spoofing
- DNS Spoofing
- MitM in IPv6 networks
- Part IV - Metasploit Framework
- Exploits
- Payloads
- Post-Exploitation scripts
Course Material
Handout:
Whatever your notes will be ;-) (we can provide written handouts, but only in German)