IDC IT Security Workshop

IDC IT Security Workshop

Workshop I (days 1 – 2):

* Passive gathering of information on the internet

* Active probing for information

* Preparing and executing attacks over the network

• Buffer overflows
• One shot exploits
• Working with an exploit framework
• Basic resources for exploits

* Gathering information on the LAN:

• Various sniffing methods
• How to sniff signals instead of noise

* Bugging on the LAN: the system is hacked, now what?

• Step-by-step installation of a typical Trojan horse
• Taking a close look: what does it really do?
• Identifying the Trojan

* Practical local password security:

• Attacks on different password schemes
• Highly efficient password cracking
• Real life examples: which guideline stands up against which attack?

* Practical network password security

* Final exercise covering more than one topic

 
Workshop II (days 3 – 4):

In part two of the course we will discuss and practise the more sophisticated hacking techniques. The central topics are man-in-the-middle attacks and advanced Trojans/rootkits.
* Preparing for man-in-the-middle-attacks
* Redirecting traffic
* Sniffing in a switched LAN (and defending against it)
* Conducting man-in-the-middle attacks against SSL (with Linux and Windows tools):
* step-by-step analyses
* Advanced port scanning techniques: scanning without being detected
* Traffic-based attacks
* Security scanners:

• How they work? (example: Nikto)
• Where they work? (Nessus)
• Where they fail?

* Tunneling
* Advanced Trojans
* How to hide from detection on the network?
* How to hide from local detection?