Difference between revisions of "Security Workshop"
From Gridkaschool
m (→Content) |
m (→Abstract) |
||
(9 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
− | == |
+ | === Abstract === |
+ | We will change ends and take the role of computer hackers. We attack a fictitious company, abuse their web servers, sniff passwords, and try to get full administrative access to their network. |
||
− | * You need to bring your own notebook (BYOD)! |
||
− | * An SSH client (OpenSSH, PuTTY) is necessary. |
||
+ | == Requirements == |
||
+ | * You need to bring your own notebook (BYOD), Unix-based preferred. |
||
− | == Content == |
||
+ | * An SSH client (OpenSSH, [http://the.earth.li/~sgtatham/putty/latest/x86/putty.exe PuTTY]) is necessary. |
||
+ | |||
+ | == Agenda == |
||
* ''Part I'' - '''Introduction''' |
* ''Part I'' - '''Introduction''' |
||
Line 23: | Line 26: | ||
** Exploits |
** Exploits |
||
** Payloads |
** Payloads |
||
+ | ** Post-Exploitation scripts |
||
− | ** |
||
− | |||
− | == Material == |
||
+ | == Course Material == |
||
− | '''Slides:'''<br> |
||
− | ... |
||
'''Handout:'''<br> |
'''Handout:'''<br> |
||
− | + | Whatever your notes will be ;-) (we can provide written handouts, but only in German) |
Latest revision as of 13:22, 20 August 2014
Abstract
We will change ends and take the role of computer hackers. We attack a fictitious company, abuse their web servers, sniff passwords, and try to get full administrative access to their network.
Requirements
- You need to bring your own notebook (BYOD), Unix-based preferred.
- An SSH client (OpenSSH, PuTTY) is necessary.
Agenda
- Part I - Introduction
- What is "hacking"?
- How do hackers (and white hat pentesters) break into computers?
- Our lab environment
- Part II - Webhacking
- Injection Attacks (SQL, OS commands, ...)
- Cross-site Scripting (XSS)
- Inclusion Attacks
- Attacks on browsers
- Part III - Man in the Middle-Attacks
- ARP Spoofing
- DNS Spoofing
- MitM in IPv6 networks
- Part IV - Metasploit Framework
- Exploits
- Payloads
- Post-Exploitation scripts
Course Material
Handout:
Whatever your notes will be ;-) (we can provide written handouts, but only in German)