Security Workshop
From Gridkaschool
Jump to navigationJump to search
Abstract
We will change ends and take the role of computer hackers. We attack a fictitious company, abuse their web servers, sniff passwords, and try to get full administrative access to their network.
Requirements
- You need to bring your own notebook (BYOD), Unix-based preferred.
- An SSH client (OpenSSH, PuTTY) is necessary.
Agenda
- Part I - Introduction
- What is "hacking"?
- How do hackers (and white hat pentesters) break into computers?
- Our lab environment
- Part II - Webhacking
- Injection Attacks (SQL, OS commands, ...)
- Cross-site Scripting (XSS)
- Inclusion Attacks
- Attacks on browsers
- Part III - Man in the Middle-Attacks
- ARP Spoofing
- DNS Spoofing
- MitM in IPv6 networks
- Part IV - Metasploit Framework
- Exploits
- Payloads
- Post-Exploitation scripts
Course Material
Handout:
Whatever your notes will be ;-) (we can provide written handouts, but only in German)