Unethical Hacking
A week-long class specializing in advanced penetration techniques. Learning how to write exploits is just the beginning. Most people are helpless when it comes to the basics of what to do when they have an exploit against a particular machine. This class attempts to teach a strategic approach to attack and penetration that goes beyond "penetration testing" to model how a real attacker approaches targeting your company.Topics that will be covered in this course include:
Day 1: Windows Stack Overflow Basics
- Diagnosis of basic stack overflows
- Construction of stack overflows
- Finding reliable jump-points
- Using Immunity Debugger for exploit development
- Analyzing exploitation problems
Day 2: Self-driven Windows Stack Overflows
- Shellcode Walkthrough and Creation
- SEH Handling for Fun and Profit
- A brief guide to heap overflows and other bug classes
- Advanced Immunity Debugger techniques
- Learn strategies and techniques for penetrating a remote system successfully
- Test and apply these techiniques in a lab environment
- Learn how to create a good trojan and analyze Helium for suitability
- Develop a skills gap analysis for future study
- Labs: Attack script creation, transfering files, host-bouncing, getting caught, using local attacks, doing recon, installing trojans, post-attack analysis.
These topics will be taught to the class in an entirely hands on, lab-oriented, fashion.