Description

This training, both theoretical and practical, presents the most advanced attack techniques to date and shows how to deal with them. From attacks carried out on identified targets (Web servers, clients, networks, firewalls, databases, etc.), the participant will learn how to trigger the appropriate response (anti-Trojan filtering, filtering of malformed URLs, spam detection and real-time intrusion detection with IDS probe).

Who is this training for ?

For whom ?

Manager, security architect. Systems and network technicians and administrators.

Prerequisites

Training objectives

Identify and understand analysis and detection techniques Acquire the knowledge to deploy different intrusion detection tools Implement intrusion prevention and detection solutions Manage an intrusion incident Know the legal framework

Training program

• The world of IT security
  • "Official" definitions: hacker, hacking.
  • The community of hackers in the world, the "gurus", the "script kiddies".
  • The hacker's state of mind and culture.
  • Conferences and major security sites.
  • Practical work Underground navigation.
  • Know how to locate useful information.
• TCP/IP for firewalls and intrusion detection
  • IP, TCP and UDP from another angle.
  • Focus on ARP and ICMP.
  • Forced routing of IP packets (source routing).
  • IP fragmentation and reassembly rules.
  • The usefulness of serious filtering.
  • Securing your servers: an imperative.
  • Parades by technology: from filtering router to stateful inspection firewall; from proxy to reverse proxy.
  • Quick overview of solutions and products.
  • Practical work Visualization and analysis of classic traffic.
  • Use of different sniffers.
• Understanding attacks on TCP/IP
  • IP "Spoofing".
  • Denial of service attacks.
  • TCP sequence number prediction.
  • Theft of TCP session: Hijacking (Hunt, Juggernaut).
  • Attacks on SNMP.
  • Attack by TCP Spoofing (Mitnick): demystification.
  • Practical work r nInjection of packets manufactured on the network.
  • Use of the participants' choice of graphical tools, Perl, C or dedicated scripts.
  • Hijacking of a telnet connection.
• Intelligence Gathering : l'art du camouflage
  • Search for traces: querying Whois databases, DNS servers, search engines.
  • Identification of servers.
  • Understanding the context: analyzing the results, determine the filtering rules, specific cases.
  • Practical work Search using non-intrusive techniques for information on a potential target (participants' choice).
  • Use of network scanning tools.
• Protect your data
  • "Clear" password systems, by challenge, encrypted.
  • An update on authentication under Windows.
  • Reminders about SSH and SSL (HTTPS).
  • Sniffing a switched network: ARP poisoning.
  • Attacks on encrypted data: "Man in the Middle" on SSH and SSL, " Keystoke Analysis" on SSH.
  • Sniffer detection: advanced tools and methods.
  • Password attacks.
  • Practical work Decryption and SSH session theft: "Man in the Middle" attack.
  • Password cracking with LophtCrack (Windows) and John The Ripper (Unix).
• Detect trojans and backdoors
  • State of the art of backdoors under Windows and Unix.
  • Setting up backdoors and trojans.
  • Downloading scripts on clients, exploitation of browser bugs.
  • The "Covert Channels": client-server application using ICMP.
  • Example of communication with distributed Denial of Service Agents.
  • Access private information with your browser.
• Defend online services
  • Taking control of a server: searching for and exploiting vulnerabilities.
  • Examples of setting up "backdoors" and removing traces.
  • How to bypass a firewall (netcat and bounces)? The search for denial of service.
  • Distributed denials of service (DDoS).
  • Buffer overflow attacks ).
  • Exploitation of vulnerabilities in the source code.
  • Similar techniques: "String Format", "Heap Overflow".
  • Vulnerabilities in Web applications.
  • Theft of information from a database.
  • RootKits.
  • Practical work Exploitation of the bug used by the worm "Code Red".
  • Obtaining a root shell by different types of buffer overflow.
  • Testing a denial of service (Jolt2, Ssping).
  • Using netcat to bypass a firewall.
  • Using "SQL Injection" techniques to break web authentication.
• How to manage an incident?
  • The signs of a successful intrusion into an IT system.
  • What did the hackers obtain? How far did they go? How to react to a successful intrusion? Which servers are affected? Know how to find the entry point and fill it.
  • The Unix/Windows toolbox for finding evidence.
  • Cleaning and returning compromised servers to production.
• Conclusion: what legal framework?
  • The appropriate response to hackers.
  • French law on hacking.
  • The role of the State, official bodies.
  • What to expect from the Central Crime Control Office (OCLCTIC)? The search for evidence and perpetrators.
  • And in an international context? The intrusive test or domesticated hacking? Stay within a legal framework, choose the service provider, be sure of the result.