IMMUNITY : Knowing You're Secure

CANVAS Training

A two day class that teaches students how to best use CANVAS for vulnerability exploitation and penetration testing.

CANVAS 2-DAY COURSE SYLLABUS

Day 1:
  Introduction to CANVAS and Recon

  - become familiar with the CANVAS GUI.
  - logs and reporting in CANVAS
  - commandline usage.
  - host discovery via portsweep, udpsweep and manual methods.
  - operating system (OS) detection.
  - database detection (Oracle, MSSQL).
  - traceroute and portscanning.
  - user and network share enumeration.
  - definition of CANVAS nodes.


  Exploitation and Bouncing
  - the three phases of exploitation.
  - choosing an exploit.
  - executing an exploit.
  - handling network address translation (NAT) and setting callbacks.

  Post-Exploitation
  - spawning a process.
  - uploading and downloading files.
  - executing commands via the shell.
  - uploading a MOSDEF trojan.
  - privilege escalation.

  Day 2 - Bouncing, Client-Sides and Automation

  Bouncing
  - how to bounce attacks from compromised hosts.
  - choosing effective bouncing points.

  Client-Sides
  - setup and execution of client-side attacks.

  Automation
  - running commands on multiple hosts.
  - attacking multiple hosts.
  - vulnerability scanning and automated attacks.
  - customization of post-exploitation commands.
  - custom MOSDEF development.

	Overview
	Current Schedule
	Windows Overflows
	Accelerated Windows Overflows
	Unethical Hacking
	Using Spike & Immunity Debugger to find new Vulnerabilities
	Auditing MSRPC
	Understanding and Exploiting Windows Vista Heap Overflows
	CANVAS Training