IMMUNITY : Knowing You're Secure

CANVAS Training

A two day class that teaches students how to best use CANVAS for vulnerability exploitation and penetration testing.

CANVAS 2-DAY COURSE SYLLABUS

Day 1:
Introduction to CANVAS and Recon

- become familiar with the CANVAS GUI.
- logs and reporting in CANVAS
- commandline usage.
- host discovery via portsweep, udpsweep and manual methods.
- operating system (OS) detection.
- database detection (Oracle, MSSQL).
- traceroute and portscanning.
- user and network share enumeration.
- definition of CANVAS nodes.

Exploitation and Bouncing
- the three phases of exploitation.
- choosing an exploit.
- executing an exploit.
- handling network address translation (NAT) and setting callbacks.

Post-Exploitation
- spawning a process.
- uploading and downloading files.
- executing commands via the shell.
- uploading a MOSDEF trojan.
- privilege escalation.

Day 2:
Bouncing, Client-Sides and Automation

Bouncing
- how to bounce attacks from compromised hosts.
- choosing effective bouncing points.

Client-Sides
- setup and execution of client-side attacks.

Automation
- running commands on multiple hosts.
- attacking multiple hosts.
- vulnerability scanning and automated attacks.
- customization of post-exploitation commands.
- custom MOSDEF development.

	Overview
	Current Schedule
	Windows Overflows
	Accelerated Windows Overflows
	Unethical Hacking
	Finding 0days
	Understanding and Exploiting Windows Vista Heap Overflows
	CANVAS Training
	Writing Windows Shellcode
	Kernel Stack Overflow and Shellcode Writing