Unethical Hacking
A week-long class specializing in advanced penetration techniques. Learning how to write exploits is just the beginning. Most people are helpless when it comes to the basics of what to do when they have an exploit against a particular machine. This class attempts to teach a strategic approach to attack and penetration that goes beyond "penetration testing" to model how a real attacker approaches targeting your company.
This class incorporates the Windows Overflows class (since our methodology is that no one who cannot write an exploit should use an exploit). You will leave this class being able to both write exploits, and use them effectively.
Topics that will be covered in this course include:
Windows Stack Overflows
- Everything about x86 assembly you need to know
- Using Immunity VisualSploit
- Diagnosis of basic stack overflows
- Finding reliable jump-points
- Using Immunity Debugger for exploit development
- Analyzing exploitation problems
- Shellcode Walkthrough and Creation
- SEH Handling for Fun and Profit
- Recognizing other kinds of overflows and other bug classes
- Advanced Immunity Debugger techniques
- Using Immunity CANVAS
- Learn strategies and techniques for penetrating a remote system successfully
- Write attack scripts that move you beyond automated tools
- Learn how to work as part of an attack team
- Test and apply these techniques in a lab environment
- Learn what makes a good trojan and how to evaluate your tool chain
- Labs: Attack script creation, transferring files, host-bouncing, getting caught, using local attacks, doing recon, installing trojans, post-attack analysis
- Develop a skills gap analysis for future study
These topics will be taught to the class in an entirely hands on, lab-oriented, fashion.