FNS-003 Foundstone Ultimate Hacking
Duration: 5 days (9:00 am to 5:00 pm)
Course Description
Attended by thousands, Foundstone Ultimate Hacking: Hands On course is specifically designed to
equip you with the same knowledge, techniques and methodology used by security consultants and
hackers alike. By understanding the "hacker methodology", you will be empowered with proactive
strategies that keep you ahead of future threats. You will also learn to audit, assess and secure net
works, hosts and applications. In our course, you will be exposed to dozens of attacks, exploits and
other hacker techniques and learn effective countermeasures to these threats in a structured lab
environment that emulates real world scenarios in a hands on fashion. If you're in charge of your
network's security, you must understand how hackers' minds work and what tools they're using for
their attacks. It's not enough to apply the latest patches to your servers and workstations or
otherwise defend yourself reactively. If you learn what hackers know, you will have a better
chance of identifying and eliminating vulnerabilities before any damage is done. One of the best
ways to get educated is to take a crash course on the methodology hackers use to test systems for
weaknesses and gain access.
Target Audience
System and network administrators, security personnel, auditors, and/or consultants concerned with
network and system security. Basic UNIX and Windows competency is required for the course to
be fully beneficial.
Course Objectives
Because security is an ever-changing battlefield, Ultimate Hacking exposes you to the latest in
network vulnerabilities and defenses. From Windows and UNIX hosts to routers and firewalls,
instructors will illustrate each technology's default security posture, installation weaknesses,
methods hackers use to circumvent "secure" settings, and countermeasures for each vulnerability.
More than just theory, you will gain critical security skills by practicing with your classmates and
instructors in a full-featured computer lab. Instructors will walk you through foot-printing an
organization's Internet presence to show you how to identify, exploit, and secure popular and littleknown vulnerabilities in Windows, and Unix systems. You will also explore common weaknesses
in router and firewall installations, learning ways to circumvent both traditional and "hardened"
security filters or firewalls. Finally, in a review exercise, you will attempt to exploit a simulated
"secure" network with multiple operating systems and security mechanisms.
TO REGISTER
Email: [email protected]
Tel: (65) 6822 8708
Fax: (65) 6822 8709
Page 1 of 7
Course Outline
Day 1: Setting the Foundation
Day one sets the foundation in which penetration tests are performed. Emphasis is placed on the
importance of performing the work in a methodical and thorough manner.
Information Gathering
♦ Obtain all system and user information to understand the environment
♦ Utilize information gathered to execute local and remote attacks
♦ Reduce risk of being discovered
♦ Determine countermeasures to minimize Consequences of information gathering
Internet Footprinting
♦ Reviewing publicly available information
♦ Network and domain enumeration
♦ "whois" lookups
♦ ARIN lookups
♦ DNS Interrogation
♦ Zone transfers
♦ Network reconnaissance
Scanning / Landscape Discovery
♦ Ping sweeps
♦ Port scanning
♦ Banner grabbing
♦ OS guessing
Footprinting Lab (Hands-on)
Use the tools and techniques taught on day one to footprint and scan Foundstone's Footprinting
Network in Irvine, California. The Footprinting Network consists of a wide variety of machines on
the Internet (Windows, Red Hat, Solaris, HP-UP, AIX, etc.). These machines are specifically made
available to the class for the purpose of running live scans. The appropriate entries in ARIN and
Network Solutions have also been made so that students can perform actual lookups against those
databases. This lab gives students the opportunity to run the tools in a realistic manner against live
machines on the Internet.
TO REGISTER
Email: [email protected]
Tel: (65) 6822 8708
Fax: (65) 6822 8709
Page 2 of 7
Day 2: Windows
The material taught on day two focuses on Windows, and begins with a basic overview of
Windows security, followed by Foundstone's methodology for hacking and securing these systems.
During the lecture portion of the day, there will also be test machines for student experimentation.
Hacking Windows
♦ Windows security overview
SIDs and RIDs
LSASS
SAM
♦ Domain and network relationships
Footprint / scan
Identify OSs
Identify services
♦ Enumerate
Computer roles
Users and groups
Discovering Network Topology
Services and pipes
Hardware
LDAP
♦ Penetrate
Windows passwords
Password guessing
Password sniffing
Password cracking
♦ Escalate
Windows attacks
Named Pipes prediction attack
TO REGISTER
Email: [email protected]
Tel: (65) 6822 8708
Fax: (65) 6822 8709
Page 3 of 7
♦
♦
♦
Pillage
Auditing
Log cleaning
Grabbing the SAM
Windows password cracking
Syskey
Important registry keys
Finding "hidden" plaintext passwords
Get interactive
netcat shells
PSExec command shell
PushVNC graphical desktop
Expand influence
Sniffers
Keystroke Loggers
Remote Control Packages
Windows Lab
The day ends with a hands-on lab involving four target machines. Students will follow the
methodology and employ the tools taught during the day in order to compromise the final machine.
This "capture the flag" style exercise is best performed in teams and will take a couple of hours to
complete.
TO REGISTER
Email: [email protected]
Tel: (65) 6822 8708
Fax: (65) 6822 8709
Page 4 of 7
Day 3: UNIX
Day three focuses on UNIX. Once again, methodology is emphasized throughout the day. Linux
and Solaris machines are available during the day to experiment and test the newly taught
techniques.
Hacking UNIX
♦ UNIX landscape discovery
♦ UNIX host enumeration
♦ Remote attacks
Brute force attacks
Remote buffer overflows
Input validation attacks
Creating back channels
Common remote attacks
♦ Local attacks
UNIX passwords
UNIX password cracking
Race condition attacks
Local buffer overflows
File and directory permission attacks
♦ Beyond root
Network mapping
Rootkits
Trojans
Backdoors
Sniffers
Loadable kernel modules
UNIX Lab
This hands-on lab involves four UNIX target machines (Linux and Solaris). Students will be
required to use the methodology, tools, and techniques taught earlier during the day in order to
successfully complete this multi-hour lab.
TO REGISTER
Email: [email protected]
Tel: (65) 6822 8708
Fax: (65) 6822 8709
Page 5 of 7
Day 4: Network Hacking
The material taught on day four is not operating system-specific. Router and firewall vulnerabilities
and weaknesses are covered in the network hacking module. Port redirection to bypass firewalls
and other filtering mechanisms is also covered in detail with a hands-on exercise.
Network Hacking
♦ Router issues
Vulnerabilities
Services
Passwords
♦ Routing issues
Path integrity
IP spoofing
Denial of service
♦ Firewall architectures
♦ Firewall attack scenarios
Insider
Vulnerable services
♦ Firewall identification and enumeration
Banner grabbing
ACL enumeration
♦ Port identification
♦ Liberal ACLs
♦ Port redirection
datapipe
fpipe
TO REGISTER
Email: [email protected]
Tel: (65) 6822 8708
Fax: (65) 6822 8709
Page 6 of 7
Day 5: Web Hacking
The material taught on day the last will be Hacking web-based applications and a discussion of
Foundstone's eCommerce application review methodology are covered in the web hacking module.
Web Hacking
♦ E-commerce primer
♦ Information gathering
Port scanning
Web reconnaissance
Enumeration
Vulnerability checking
Site duplication
Source sifting
Key field enumeration
♦ Viewing source
Active server pages
Common gateway interface
Cold fusion
♦ File system traversal
The infamous ".." or "dot dot" bugs
CIM
♦ Input validation
Metacharacters
Field overflows
Application buffer overflows
Server side includes
Hidden tags
IIS unicode
Local command execution
Ultimate Lab
The course concludes with a lab involving routers, NT/2000, UNIX, and web hacking. It is a multiOS lab that will require using tools and techniques from all four days. Teamwork is essential in
order to complete the lab. This lab typically takes several hours to complete.
TO REGISTER
Email: [email protected]
Tel: (65) 6822 8708
Fax: (65) 6822 8709
Page 7 of 7