Hackers about hacking techniques in our IT Security Magazine

ARP Poisoning Blast Course

ARP Poisoning and the Man-in-the-Middle Attack

In this course, we will conduct an Arp Poisoning/Spoofing attack using Cain and Abel. With this type of attack we can set up a Man-in-the-Middle exploit which allows us to sniff traffic between two or more workstations and capture sensitive information such as credentials.

Ray holds a bachelor’s degree in computer information systems and a master’s degree in organizational leadership. His current certifications are CISSP, CEH, CCNA, N+ and the PMP. Ray freelances as an online IT instructor that includes CISSP, CEH and CCNA courses. He has also taught for various organizations on hacking with the Metasploit framework, scripting with Python and Ruby as well as other tools used for hacking. He occasionally provides IT security consultancy for various organizations. Ray resides in Augusta, Georgia USA. He has over 15 years of military and civilian IT security and project management experience.

Task 1 – Setup VM workstation lab.

Requirements: In this task, we will setup two virtual machines using Virtual Box. By doing so, we are able to replicate an actual Ethernet LAN that we are able to conduct our lab in. We will be using Windows XP and/or Windows 7 for both victim workstation VM's and as the attacker. An unlicensed copy of Windows XP and 7 will work for this exercise in order to demonstrate ARP Poisoning and the Main-in-the-Middle Attack.

Install Virtual Box
Install Operating System (Win XP and/or Windows 7)
Setup LAN configuration.

Task 2 – Install Cain and Abel and conduct ARP Poisoning Attack

Requirements: By using Cain and Abel (CaA), we will conduct an ARP poisoning attack. This allows us to fool the two victim workstations in believing that they are communicating with each other; however, since we have poisoned their ARP cache, we redirect their layer 2 destination address to us as the attacker instead.

Initiate Arp Poisoning between to VM's.
Conduct Man-in-the-Middle attack and capture plaintext credentials
Replay plaintext credentials for authentication.

Task 3 – Replay Credentials

Requirements: In this task, we will replay the credentials that CaA sniffed and recorded for us. We will also crack the hash values of our victims using CaA in order to again authentication to access system resources.

Conduct dictionary attack using CaA.
Conduct brute force attack using CaA.
Capture HTTPS credentials and then conduct replay attack.

Task 1 – Install Wireshark.

Requirements: We will install Wireshark, which is an open application that allows us to analyze network traffic. It can also be used to enhance our MITM attack by sniffing information that we are looking for such as cookies.

Install Wireshark. Go to wireshark.org and download and install on attackers computer.
Select default location and requirements.
Ensure that our interfaces that we using are selected for our VM and not the actual host.

Task 2 – Capturing and analyzing packets.

Requirements: In this portion, we will use certain filters to allow us to look at only the critical information that we require in order to view and capture cookies.

Understand how filters work.
Select our virtual interface and apply filters.
Select data stream to copy and reference later as we conduct an advanced MITM attack.

Task 3 – Log into a victim VM and surf the internet.

Requirements: In order for this exploit to work, we will have to create internet activity in order to generate credentials. This allows us to simulate what an actual victim might do.

Create a bare-bone Facebook or Gmail account.
Ensure your password is simple and not too complex. The more complex your password is, it will take exponentially longer to crack.
Active Wireshark and conduct packet inspection.

Task 1 – Select filter in Wireshark

Requirements: In this portion, we will use our filters in order to segregate the vast amount of data that Wireshark generated. By doing so, we are able to isolate and select the cookie that we need in order to replay a victim’s account.

Select virtual interface on the attackers’ workstation.
Select and input victim’s IP address and destination to sniff cookies from.
Allow Wireshark to conduct packet inspection.

Task 2 – Capture packet inspection.

Requirements: Once traffic has been generated and our filters applied, we will now pull the packet information from Wireshark.

Open Wireshark and select packet.
Retrieve cookie information from the session layer.
Open CaA and crack hashed credentials

Task 3 – Replay credentials that was cracked by CaA

Requirements: After we cracked the credentials using CaA, we should be able to access the account now.

Go to the accounts’ website such as Facebook or Gmail.
Input the cracked credentials.
Verify if you are able to successfully log on.

Advanced Offensive Computer Security Training

This advanced hacking course is designed for the pentester, security professional, or hacker who is looking for an advanced course in system/network penetration. It is designed to be a hands-on, lab-oriented course using Kali Linux as a base operating system, but also using additional tools that we will add as needed. What makes this especially compelling is the section on mobile hacking, rootkits and exploit development, seldom found in basic to mid-level courses.

Offensive Security’s Advanced Hacking Course
Duration: 10 Monthly Parts

Keith DeBus is a former professor of computer science with over 20 years of IT experience. He is now the President of IT Securitas(www.itsecuritas.net), a leading IT security and pentesting firm. He has published numerous articles on cyber security, penetration testing, digital forensics and cyber warfare. DeBus has trained personnel from every branch of the U.S. military (Army, Air Force, Navy) and personnel from the NSA, CIA, FBI and NCIS in cyber warfare tactics. DeBus is a internationally recognized expert on cyber warfare, network “hacking” and network intrusion detection systems (NIDS). Mr. DeBus holds or has held the following IT certifications; Sec+, CEH, CPT, ECSA/LPT, CHFI, CISA, CISM and CISSP

I. Getting Started with Kali
II.  Information Gathering Techniques
III. Port Scanning
IV.  ARP Spoofing and MitM
V. Buffer Overflow Exploitation
VI.  Working with Exploits
VII. Transferring Files
VIII. Metasploit
IX.  Client Side Attacks
X.  Exfiltrating Data
XI. Password Attacks
XII. Web Application Attacks
XIII. Trojan Horses
XIV. Rootkits
XV. Wireless Attacks
XVI. Scripting for Vulnerabilities and Exploits
XVII. Exploit Development
XVIII. Mobile Exploit

Participants in the following industries will benefit mostly:
• Information security engineers
• Penetration Testers
• Those engaged in cyber warfare or espionage activities

Students are required to know:

Basic Linux
Understanding of Microsoft Windows
Exploitation Concepts
Information Security Concepts
WHAT YOU SHOULD BRING

An Open mind
A computer with Kali Linux installed (VM is acceptable)
Enthusiasm for Information Security


Web Application Hacking Live Class

Our websites are under attack on a daily basis and the next security breach is just a matter of time.

This intensive hands-on course will teach you how to find those vulnerabilities in your web applications before the bad guys do. The course will introduce the various methods, tools and techniques used by attackers, in order to know how to test for the major security vulnerabilities and how to identify security bugs on real systems, by using live hacking demonstrations and hands-on labs. The objectives of the course are to teach developers and security professionals about the most dangerous vulnerabilities and how to perform security testing, and by that increasing the amount and quality of test cases that can be performed by the auditor.

This course provides intensive hands-on labs using real world applications.

8 sessions – 4 hours each – learn with instructor in real time!
With this Live Class you have a chance to really feel what it's like to hack an application!


Learn from the pro's all about how to detect and exploit application vulnerabilities:
AppSec Labs is a cutting edge application security company founded in 2010 providing organizations across the globe with high end application security services and R&D

What you will learn about:

1. Information Gathering
Application discovery
Site mapping & web crawling
Server & application fingerprinting
Identifying the entry points
File extensions handling
Page enumeration and brute forcing
Looking for leftovers
Google hacking
Analysis of error code
LAB – Collect information and reveal application's sensitive data

2. Injections and Validations
Encoding attacks
Command injection
Code injection
LDAP injection
Log / CRLF injection
Header injection
SMTP injection
XML injection
XPATH injection
Input validation techniques
Blacklist VS. Whitelist input validation bypassing
LAB – Exploit improper input validation

3. Authentication Vulnerabilities
What is authentication?
Supported authentication types - anonymous, basic, digest, forms, Kerberos, client
certificate
Authentication scenarios
User enumeration
Guessing passwords - brute force & dictionary attacks
Direct page requests
Parameter modification
Password reset flaws
Password change flaws
Bypassing weak CAPTCHA mechanisms
Common implementation mistakes - authentication bypassing using SQL injection, LDAP
injection, XPATH injection
LAB – Bypass authentication forms using multiple method

4. Authorization Vulnerabilities
What is authorization?
Authorization models - DAC/MAC
RBAC
Authorization bypassing
Canonicalization & path traversal
Parameter tampering
Forceful browsing
Rendering based authorization
Client side validation attacks
Hardening
LAB - Authorization bypassing and impersonatio

5. Business Logic Vulnerabilities
Business flow bypass
Replay attack
Currency manipulation
Business logic attack vectors
Direct access to web services
LAB – Exploit business logic vulnerabilitie

6. SQL Injection Vulnerabilities
Introduction to SQL command structure
NoSQL injection – Mongo, ORM
Database manipulation
Circumventing authentication
Retrieving data
Inserting data
Deleting data
Attacking availability
Local system access
Discovering vulnerable apps
Error based
Blind
Binary search
Evasion
LAB – Practice SQL injection attacks

7. File Handling Attacks
Path traversal
Canonicalization
Uploaded file backdoors
Insecure file extension handling
Directory listing
File size
File type
Malware upload
LAB – Exploit insecure file handling, upload web shells, deface using upload file
mechanism

8. Cross Site Scripting (XSS) Vulnerabilities
Overview of XSS
XSS Description
Reflected XSS
Stored / persistent XSS
DOM based XSS
XSS Whitelist VS. Blacklist input validation
Discovery approaches – Manual VS. Automatic VS. Semi-automatic
Different XSS scenarios
XSS input validation evasion
LAB – Perform XSS attacks

9. Browser Manipulation Techniques
CSRF (Cross Site Request Forgery)
Clickjacking
Open redirects
HTTP response splitting
LAB – Perform actions on-behalf users by CSRF, Testwebsites for Click jacking

10. Cryptography Pitfalls
Symmetric cryptography
Asymmetric cryptography
Hashing
Digital signing
PKI / certificate
SSL protocol
SSL cipher suite
Insufficient transport layer protection
LAB – Cryptography lab

11. Application Denial Of Service (DoS) Vulnerabilities
Application / OS crash
CPU starvation
Memory starvation
File system starvation
Resource starvation
Triggering high network bandwidth
User level DoS
Exploiting a specific vulnerability
Zip bomb
Over flows
reDoS
Parsing errors
LAB - Application DoS

12. Attacking Client Side Applications
HTML5 approach
Client side attacks
Analyze client side source code
Insecure storage
Flash decompile
Crossdomain.xml
CORS requests
Lab – Client site application hacking


27.08.2015
31.08.2015
03.09.2015
07.09.2015
10.09.2015
17.09.2015
21.09.2015
24.09.2015

Training hours 18:00 - 22:00 Poland Time Zone.


Minimum number of students required for Live Class to start is 8.

Latest Courses

Why choose us?

Flexitime & Flexplace Studies

Hakin9 comes with yearly unlimited access to all online materials. Hakin9 offers the online IT security courses and provides you the skills needed to learn how to become the Ethical Hacker. All courses are available online and in PDF version. You decide when you will work and where you will work.

Interaction & Ability to Concentrate

Hakin9 Online Courses offer the opportunity to participate in class discussions, forum or chats with more ease than face-to-face class sessions. You won't be distracted by other participants anymore.

Become a Certified Hacker

Hakin9 offers Hakin9 Certificates. When you complete the Hakin9 courses, you will obtain the certification that will prove your practical skills. Hakin9 Certificate is the most practical and professionally oriented certification.

Hakin9 Online Course is for ...

Cyber Fraud Investigator, Security Consultant, IT Security Manager, Systems Engineer, Network Engineer, Security Engineer, Security Professional, Security Architecture and Threat and Security Incident Manager, Network Admin, System Admin, System Architect for Gov't systems, CISSP and QEH Professional, Information Assurance/Network Defense Expert, Malware Researcher ... .

Variety of Courses

No matter what age you are and where you are. If you wish to become an IT security expert, you will join our online courses when you are ready and you need to expand your skill set. Hakin9 offers the new online courses every month so that you will have the opportunity to explore areas of hacking by attending various courses designed for this purpose.

Comfortable Learning Environment

All courses and other materials are available online via private, secure account created by you. The materials can be read online or can be downloaded by you in user-friendly PDF versions. There is no need to fight traffic, find parking spaces, leave work early to go to class, or miss important family time.

Popular Issues

Recent Posts

Testimonials

S​EEKING INSTRUCTOR

photodune-8522811-speaker-at-business-conference-and-presentation-mWANTED: Talented ​Instructors/​Trainers

​Hakin9 is currently seeking excellent​ instructors​ of online course and live classes. This is a highly interactive course​s​ and requires the best instructors​. Th​es​e​ ​are not theory​ courses and​ class​es​​. The course​s are​ designed to give ​our members real life scenarios and practical knowledge from IT Security field.

As a reminder, please send your resume ​to ewa.d@hakin9.org

Apply for Instructor

Partners with