Security Workshop

From Gridkaschool

Abstract

We will change ends and take the role of computer hackers. We attack a fictitious company, abuse their web servers, sniff passwords, and try to get full administrative access to their network.

Requirements

  • You need to bring your own notebook (BYOD), Unix-based preferred.
  • An SSH client (OpenSSH, PuTTY) is necessary.

Agenda

  • Part I - Introduction
    • What is "hacking"?
    • How do hackers (and white hat pentesters) break into computers?
    • Our lab environment
  • Part II - Webhacking
    • Injection Attacks (SQL, OS commands, ...)
    • Cross-site Scripting (XSS)
    • Inclusion Attacks
    • Attacks on browsers
  • Part III - Man in the Middle-Attacks
    • ARP Spoofing
    • DNS Spoofing
    • MitM in IPv6 networks
  • Part IV - Metasploit Framework
    • Exploits
    • Payloads
    • Post-Exploitation scripts

Course Material

Handout:
Whatever your notes will be ;-) (we can provide written handouts, but only in German)