ARP Poisoning Blast Course
ARP Poisoning and the Man-in-the-Middle Attack
In this course, we will conduct an Arp Poisoning/Spoofing attack using Cain and Abel. With this type of attack we can set up a Man-in-the-Middle exploit which allows us to sniff traffic between two or more workstations and capture sensitive information such as credentials.
Ray holds a bachelor’s degree in computer information systems and a master’s degree in organizational leadership. His current certifications are CISSP, CEH, CCNA, N+ and the PMP. Ray freelances as an online IT instructor that includes CISSP, CEH and CCNA courses. He has also taught for various organizations on hacking with the Metasploit framework, scripting with Python and Ruby as well as other tools used for hacking. He occasionally provides IT security consultancy for various organizations. Ray resides in Augusta, Georgia USA. He has over 15 years of military and civilian IT security and project management experience.
Task 1 – Setup VM workstation lab.
Requirements: In this task, we will setup two virtual machines using Virtual Box. By doing so, we are able to replicate an actual Ethernet LAN that we are able to conduct our lab in. We will be using Windows XP and/or Windows 7 for both victim workstation VM's and as the attacker. An unlicensed copy of Windows XP and 7 will work for this exercise in order to demonstrate ARP Poisoning and the Main-in-the-Middle Attack.
Install Virtual Box
Install Operating System (Win XP and/or Windows 7)
Setup LAN configuration.
Task 2 – Install Cain and Abel and conduct ARP Poisoning Attack
Requirements: By using Cain and Abel (CaA), we will conduct an ARP poisoning attack. This allows us to fool the two victim workstations in believing that they are communicating with each other; however, since we have poisoned their ARP cache, we redirect their layer 2 destination address to us as the attacker instead.
Initiate Arp Poisoning between to VM's.
Conduct Man-in-the-Middle attack and capture plaintext credentials
Replay plaintext credentials for authentication.
Task 3 – Replay Credentials
Requirements: In this task, we will replay the credentials that CaA sniffed and recorded for us. We will also crack the hash values of our victims using CaA in order to again authentication to access system resources.
Conduct dictionary attack using CaA.
Conduct brute force attack using CaA.
Capture HTTPS credentials and then conduct replay attack.
Task 1 – Install Wireshark.
Requirements: We will install Wireshark, which is an open application that allows us to analyze network traffic. It can also be used to enhance our MITM attack by sniffing information that we are looking for such as cookies.
Install Wireshark. Go to wireshark.org and download and install on attackers computer.
Select default location and requirements.
Ensure that our interfaces that we using are selected for our VM and not the actual host.
Task 2 – Capturing and analyzing packets.
Requirements: In this portion, we will use certain filters to allow us to look at only the critical information that we require in order to view and capture cookies.
Understand how filters work.
Select our virtual interface and apply filters.
Select data stream to copy and reference later as we conduct an advanced MITM attack.
Task 3 – Log into a victim VM and surf the internet.
Requirements: In order for this exploit to work, we will have to create internet activity in order to generate credentials. This allows us to simulate what an actual victim might do.
Create a bare-bone Facebook or Gmail account.
Ensure your password is simple and not too complex. The more complex your password is, it will take exponentially longer to crack.
Active Wireshark and conduct packet inspection.
Task 1 – Select filter in Wireshark
Requirements: In this portion, we will use our filters in order to segregate the vast amount of data that Wireshark generated. By doing so, we are able to isolate and select the cookie that we need in order to replay a victim’s account.
Select virtual interface on the attackers’ workstation.
Select and input victim’s IP address and destination to sniff cookies from.
Allow Wireshark to conduct packet inspection.
Task 2 – Capture packet inspection.
Requirements: Once traffic has been generated and our filters applied, we will now pull the packet information from Wireshark.
Open Wireshark and select packet.
Retrieve cookie information from the session layer.
Open CaA and crack hashed credentials
Task 3 – Replay credentials that was cracked by CaA
Requirements: After we cracked the credentials using CaA, we should be able to access the account now.
Go to the accounts’ website such as Facebook or Gmail.
Input the cracked credentials.
Verify if you are able to successfully log on.
Advanced Offensive Computer Security Training
This advanced hacking course is designed for the pentester, security professional, or hacker who is looking for an advanced course in system/network penetration. It is designed to be a hands-on, lab-oriented course using Kali Linux as a base operating system, but also using additional tools that we will add as needed. What makes this especially compelling is the section on mobile hacking, rootkits and exploit development, seldom found in basic to mid-level courses.
Offensive Security’s Advanced Hacking Course
Duration: 10 Monthly Parts
Keith DeBus is a former professor of computer science with over 20 years of IT experience. He is now the President of IT Securitas(www.itsecuritas.net), a leading IT security and pentesting firm. He has published numerous articles on cyber security, penetration testing, digital forensics and cyber warfare. DeBus has trained personnel from every branch of the U.S. military (Army, Air Force, Navy) and personnel from the NSA, CIA, FBI and NCIS in cyber warfare tactics. DeBus is a internationally recognized expert on cyber warfare, network “hacking” and network intrusion detection systems (NIDS). Mr. DeBus holds or has held the following IT certifications; Sec+, CEH, CPT, ECSA/LPT, CHFI, CISA, CISM and CISSP
I. Getting Started with Kali
II. Information Gathering Techniques
III. Port Scanning
IV. ARP Spoofing and MitM
V. Buffer Overflow Exploitation
VI. Working with Exploits
VII. Transferring Files
IX. Client Side Attacks
X. Exfiltrating Data
XI. Password Attacks
XII. Web Application Attacks
XIII. Trojan Horses
XV. Wireless Attacks
XVI. Scripting for Vulnerabilities and Exploits
XVII. Exploit Development
XVIII. Mobile Exploit
Participants in the following industries will benefit mostly:
• Information security engineers
• Penetration Testers
• Those engaged in cyber warfare or espionage activities
Students are required to know:
Understanding of Microsoft Windows
Information Security Concepts
WHAT YOU SHOULD BRING
An Open mind
A computer with Kali Linux installed (VM is acceptable)
Enthusiasm for Information Security
Web Application Hacking Live Class
Our websites are under attack on a daily basis and the next security breach is just a matter of time.
This intensive hands-on course will teach you how to find those vulnerabilities in your web applications before the bad guys do. The course will introduce the various methods, tools and techniques used by attackers, in order to know how to test for the major security vulnerabilities and how to identify security bugs on real systems, by using live hacking demonstrations and hands-on labs. The objectives of the course are to teach developers and security professionals about the most dangerous vulnerabilities and how to perform security testing, and by that increasing the amount and quality of test cases that can be performed by the auditor.
This course provides intensive hands-on labs using real world applications.
8 sessions – 4 hours each – learn with instructor in real time!
With this Live Class you have a chance to really feel what it's like to hack an application!
Learn from the pro's all about how to detect and exploit application vulnerabilities:
AppSec Labs is a cutting edge application security company founded in 2010 providing organizations across the globe with high end application security services and R&D
What you will learn about:
1. Information Gathering
Site mapping & web crawling
Server & application fingerprinting
Identifying the entry points
File extensions handling
Page enumeration and brute forcing
Looking for leftovers
Analysis of error code
LAB – Collect information and reveal application's sensitive data
2. Injections and Validations
Log / CRLF injection
Input validation techniques
Blacklist VS. Whitelist input validation bypassing
LAB – Exploit improper input validation
3. Authentication Vulnerabilities
What is authentication?
Supported authentication types - anonymous, basic, digest, forms, Kerberos, client
Guessing passwords - brute force & dictionary attacks
Direct page requests
Password reset flaws
Password change flaws
Bypassing weak CAPTCHA mechanisms
Common implementation mistakes - authentication bypassing using SQL injection, LDAP
injection, XPATH injection
LAB – Bypass authentication forms using multiple method
4. Authorization Vulnerabilities
What is authorization?
Authorization models - DAC/MAC
Canonicalization & path traversal
Rendering based authorization
Client side validation attacks
LAB - Authorization bypassing and impersonatio
5. Business Logic Vulnerabilities
Business flow bypass
Business logic attack vectors
Direct access to web services
LAB – Exploit business logic vulnerabilitie
6. SQL Injection Vulnerabilities
Introduction to SQL command structure
NoSQL injection – Mongo, ORM
Local system access
Discovering vulnerable apps
LAB – Practice SQL injection attacks
7. File Handling Attacks
Uploaded file backdoors
Insecure file extension handling
LAB – Exploit insecure file handling, upload web shells, deface using upload file
8. Cross Site Scripting (XSS) Vulnerabilities
Overview of XSS
Stored / persistent XSS
DOM based XSS
XSS Whitelist VS. Blacklist input validation
Discovery approaches – Manual VS. Automatic VS. Semi-automatic
Different XSS scenarios
XSS input validation evasion
LAB – Perform XSS attacks
9. Browser Manipulation Techniques
CSRF (Cross Site Request Forgery)
HTTP response splitting
LAB – Perform actions on-behalf users by CSRF, Testwebsites for Click jacking
10. Cryptography Pitfalls
PKI / certificate
SSL cipher suite
Insufficient transport layer protection
LAB – Cryptography lab
11. Application Denial Of Service (DoS) Vulnerabilities
Application / OS crash
File system starvation
Triggering high network bandwidth
User level DoS
Exploiting a specific vulnerability
LAB - Application DoS
12. Attacking Client Side Applications
Client side attacks
Analyze client side source code
Lab – Client site application hacking
Training hours 18:00 - 22:00 Poland Time Zone.
Minimum number of students required for Live Class to start is 8.
Why choose us?
Flexitime & Flexplace Studies
Hakin9 comes with yearly unlimited access to all online materials. Hakin9 offers the online IT security courses and provides you the skills needed to learn how to become the Ethical Hacker. All courses are available online and in PDF version. You decide when you will work and where you will work.
Hakin9 Online Course is for ...
Cyber Fraud Investigator, Security Consultant, IT Security Manager, Systems Engineer, Network Engineer, Security Engineer, Security Professional, Security Architecture and Threat and Security Incident Manager, Network Admin, System Admin, System Architect for Gov't systems, CISSP and QEH Professional, Information Assurance/Network Defense Expert, Malware Researcher ... .
Variety of Courses
No matter what age you are and where you are. If you wish to become an IT security expert, you will join our online courses when you are ready and you need to expand your skill set. Hakin9 offers the new online courses every month so that you will have the opportunity to explore areas of hacking by attending various courses designed for this purpose.
Comfortable Learning Environment
All courses and other materials are available online via private, secure account created by you. The materials can be read online or can be downloaded by you in user-friendly PDF versions. There is no need to fight traffic, find parking spaces, leave work early to go to class, or miss important family time.
- August 26,2015 / Blog / 0 Comments
Jimmy Wales confirmed as opening keynote speaker at IP EXPO Europe 2015 Founder of Wikipedia to...
- August 11,2015 / Blog / 0 Comments
Photo by Photo by Rene Sandajan Cybercrime and Cybersecurity – The Legal and Regulatory...
WANTED: Talented Instructors/Trainers
Hakin9 Magazine is constantly seeking for excellent instructors to develop new courses and explore new possibilities. Our courses need to be practical and real-life oriented, we want them challenging, instructive, engaging, and fun.
If you think you've got what it takes, let us know - contact our training coordinator Marta at [email protected] and tell us all about your ideas for a course!
Join Our Newsletter
Thank you! You have successfully subscribed to our newsletter.
Signup for news and special offers!