Course : Hacking and Security, Level 1

Hacking and Security, Level 1

Download in PDF format Share this course by email 2


This advanced training will teach you essential techniques for measuring your Information System's level of security. After these attacks occur, you'll learn how to trigger the appropriate response and raise your network's security level.


Inter
In-house
Custom

Practical course in person or remote class

Ref. HAC
Price : 3530 € E.T.
  5d - 35h00




This advanced training will teach you essential techniques for measuring your Information System's level of security. After these attacks occur, you'll learn how to trigger the appropriate response and raise your network's security level.

Teaching objectives
At the end of the training, the participant will be able to:
  • Understand the techniques used by computer hackers and be able to counter their attacks
  • Measure your information system's security level
  • Carry out a penetration test
  • Define the impact and scope of a vulnerability

Intended audience
Department heads, security architects. System and network technicians and administrators.

Prerequisites
Good knowledge of IS security, networks, systems (in particular Linux) and programming. Or knowledge equivalent to that provided by the course "System and Network Security, Level 1" (code FRW).

Course schedule

Hacking and security

  • Forms of attacks, procedures, actors, challenges.
  • Audits and intrusion tests, place in an ISMS.

Sniffing, interception, analysis, network injection

  • Anatomy of a packet, tcpdump, Wireshark, tshark.
  • Hijacking and intercepting communications (Man-in-the-Middle, VLAN attacks, honeypots).
  • Packets: Sniffing, reading/analyzing from a pcap, extracting useful data, graphical representations.
  • Scapy: Architecture, capacities, use.
Hands-on work
Listening to the network with sniffers. Creating a mini packet interceptor in C. Using scapy (command line, Python script): injections, interception, pcap reading, scanning, DoS, MitM.

Recognition, scanning, and enumeration

  • Intelligence gathering, hot reading, operating the darknet, social engineering.
  • Recognizing services, systems, topology, and architectures.
  • Types of scans, filtering detection, firewalking, fuzzing.
  • Camouflage using spoofing and bouncing, identifying paths with traceroute, source routing.
  • Evading IDS and IPS: Fragmentations, covert channels.
  • Nmap: Scanning and exporting results, options.
  • Other scanners: Nessus, OpenVAS.
Hands-on work
Using the tool nmap, writing an NSE script in LUA. Filtering detection.

Web attacks

  • OWASP: Organization, chapters, Top 10, manuals, tools.
  • Discovering infrastructure and the corresponding technologies, strengths and weaknesses.
  • Client-side: Clickjacking, CSRF, stealing cookies, XSS, components (flash, java). New vectors.
  • Server-side: Authentication, session theft, injections (SQL, LDAP, files, commands).
  • Including local and remote files, cryptographic attacks and vectors.
  • Evading and bypassing protections: Example techniques for bypassing WAF.
  • Burp Suite tools, ZAP, Sqlmap, BeEF
Hands-on work
Implementing different Web attacks under actual conditions, both server-side and client-side.

Application and post-operation attacks

  • Microsoft authentication attack, PassTheHash.
  • From C to the machine code assembler. Shellcodes.
  • Encoding shellcodes, deleting null bytes
  • Rootkits. Using processes: Buffer Overflow, ROP, Dangling Pointers.
  • Protections and bypassing: Flag GS, ASLR, PIE, RELRO, Safe SEH, DEP. Shellcodes with hardcoded addresses/LSD.
  • Metasploit: Architecture, features, interfaces, workspaces, writing exploits, generating Shellcodes.
Hands-on work
Metasploit: Operating and using the database. Msfvenom: Generating Shellcodes, file trapping. Buffer overflow in Windows or Linux, exploit with shellcode Meterpreter.


Customer reviews
4,5 / 5
Customer reviews are based on end-of-course evaluations. The score is calculated from all evaluations within the past year. Only reviews with a textual comment are displayed.


Dates and locations
Select your location or opt for the remote class then choose your date.
Remote class