|
|
| (8 intermediate revisions by 4 users not shown) |
| Line 1: |
Line 1: |
| − | =Offensive Techniques by Russ Gideon= | + | =Offensive HTML, SVG, CSS and other Browser-Evil by Mario Heiderich= |
| − | In the professional information security world, there has yet to be a course which provides the
| + | (or How to make sure your Pentest Report is never empty) |
| − | students the knowledge and skills to carry out a real world attack. Traditional penetration
| |
| − | testing courses impart only a limited view of the exposure and vulnerabilities companies suffer
| |
| − | from. Traditional classes are generally focused on standard scanner, framework and tool usage
| |
| − | as well as techniques for collecting “shells” on target systems. In contrast, this course is
| |
| − | designed to teach its students how to plan and execute a successful attack against a target,
| |
| − | using the same techniques and mindsets that real attackers use.
| |
| | | | |
| − | Attack Research will bring a unique approach to penetration testing, using deep system
| + | ===Course Description=== |
| − | knowledge and lesser-known techniques that will arm the student with true offensive
| + | This workshop was formerly held in closed environments for government |
| − | capabilities. This class is designed to help students think past the need for known exploits.
| + | contractors, companies and other organizations and is now available on |
| − | Alternating between hands-on exercises and lectures the students will walk away with having
| + | conferences and alike. This comprehensive hands-on no-bullshit guide |
| − | been given the chance to utilize the new skills that they will learn. A virtual target network will
| + | through the crazy world of HTML and its satellite technologies will |
| − | be provided, along with all of the software needed to participate in the labs.
| + | give a very detailed overview on the current attack landscape. |
| | | | |
| − | The first day of the class will cover the basic, core skill sets, that are needed to be successful in
| + | * Did you know that CSS3 can function as XSS filter and steal session tokens? |
| − | an offensive operation. These skills are the foundation for being able to handle and evade a
| |
| − | large array of technical defensive measures which the student may experience when attacking
| |
| − | sophisticated environments. The Metasploit Framework will be used as a development
| |
| − | platform for building custom tools and launching specialized attacks.
| |
| | | | |
| − | In the second day, our attention will turn to the initial target exploitation and lateral
| + | * Did you know that copy & paste from an Office-Document is completely unsafe? |
| − | movement. The students will learn how to gain persistence and deep footholds into an
| |
| − | organizations network. We will focus heavily on the persistence and post exploitation
| |
| − | techniques that have been perfected by the Attack Research team. At the end of this day
| |
| − | students will have a strong understanding of how to get into a network and then stay in.
| |
| − | The third day will focus on deeply penetrating a Unix environment which is designed to emulate
| |
| − | common corporate setups. Many penetration testing classes focus on Windows based
| |
| − | methodologies and attacks, neglecting the wide array of Unix scenarios that may be
| |
| − | encountered in the real world. After the third day the students will not only be capable of
| |
| − | taking over a Windows domain, but they will also be able to compromise Unix domains as well.
| |
| − | Some of the techniques covered in the Unix domain are also applicable to mobile devices.
| |
| | | | |
| − | Students will test all of the skills they have gained in the course against a virtual network
| + | * Did you know that you have a SOP violation whenever you can control the first byte of a HTML document? |
| − | specially designed for the class. The labs will be interwoven into the lecture so that students
| |
| − | will receive a significant amount of time practically exercising these new skills as they learn. By
| |
| − | the end of the class students will have spent roughly 50% of the time in a lab environment.
| |
| | | | |
| − | ===Technical Requirements and prerequisites===
| + | The focus of this workshop will be on the offensive parts of HTML, the |
| − | Student machines must be able to run at least 2 virtual machines utilizing either: VMWare
| + | nasty and undocumented stuff, dozens of new attack techniques straight |
| − | Workstation (which can be obtained through a demo license) or Virtual Box. This usually means
| + | from the laboratory of horrors of those maintaining the HTML5 Security |
| − | at least 4 gig’s of memory is needed.
| + | Cheatsheet... and will even cover the defence parts necessary to |
| | + | protect one's fine web-applications. |
| | | | |
| − | Student laptops must be running either OSX, Linux, or Windows and they must have the ability
| + | We'll learn how to attack any web-application with either legacy |
| − | to disable all antivirus on the machine. You must have administrative access on your machine as | + | madness - or the half-baked results coming to your browser from the |
| − | well for sniffing traffic, adjusting firewalls, etc, etc.
| + | meth-labs of W3C and WHATWG without you even knowing it. Whether you |
| | + | want to attack classic web-apps or shine Chrome Packaged Apps - you'll |
| | + | not be disappointed. Whoever likes crazy HTML, CSS and JavaScript |
| | + | will enjoy and benefit from this workshop. A bit of knowledge on |
| | + | either of those is required, rocket scientists and adepts will be |
| | + | satisfied equally. |
| | | | |
| − | Students must have:
| + | ''Wed. 23 - Fri. 25 April (09:00 - 17:00)'' |
| − | * a concept of scripting languages such as Python/Perl/Ruby
| |
| − | * A medium level of systems administration on a Windows or Linux machine (Windows preferable but not a must)
| |
| − | * Student’s laptop must be capable of running the Metasploit software
| |
| − | | |
| − | ===Detailed Agenda===
| |
| − | | |
| − | '''Day 1''' | |
| − | * intros
| |
| − | * schedule & venue
| |
| − | * class setup
| |
| − | * class overview / philosophy
| |
| − | * Metasploit Tutorial
| |
| − | ** msf background / history
| |
| − | ** core components/meterpreter
| |
| − | ** Multihandler
| |
| − | ** auxiliary modules / scanners
| |
| − | ** exploits & payloads
| |
| − | * recon activities
| |
| − | | |
| − | '''Day 2'''
| |
| − | * Initial Penetration
| |
| − | ** Web / sqli
| |
| − | ** Social Engineering
| |
| − | ** File format attacks
| |
| − | ** Java applet
| |
| − | ** Physical & Hardware
| |
| − | * Post Exploitation
| |
| − | ** Command & Control
| |
| − | ** Persistence
| |
| − | ** Stealth
| |
| − | ** PSP Evasion
| |
| − | ** Cleanup
| |
| − | ** Data Exfiltration Strategies
| |
| − | | |
| − | '''Day 3'''
| |
| − | * Unix Domain Takeover
| |
| − | ** Unix Intro
| |
| − | ** NFS
| |
| − | ** Authentication Systems
| |
| − | ** Kerberos
| |
| − | ** SSH
| |
| − | * Windows Domain Takeover
| |
| − | ** Lateral Movement
| |
| − | ** SMB
| |
| − | *** WPAD
| |
| − | *** SMBRELAY
| |
| − | * Insecure Services
| |
| − | * Privilege Escalation
| |
| − | * RDP/VNC/Sethc
| |
| − | * Authentication Abuse
| |
| − | ** Hashes and Passwords
| |
| − | ** Token Hijacking
| |
| − | * Domain Enumeration
| |
| − | | |
| − | =Trainer Biography=
| |
| − | [[File:Attack-Research-Logo.jpg|190px|thumb|left]] '''Russ Gideon''' has many years of experience in information security fulfilling many diverse roles from
| |
| − | being a core component of an Incident Response operation to managing an effective Red Team.
| |
| − | Russ excels both at malware reverse engineering, which enables him to deeply understand how
| |
| − | the attackers do what they do, as well as at high end Red Teaming where he has to penetrate
| |
| − | sophisticated and well protected high value systems. Russ currently serves as the Director of
| |
| − | Malware Research at Attack Research, LLC.
| |
| − | | |
| − | More information is available on [http://carnal0wnage.attackresearch.com carnal0wnage]
| |
| − | | |
| − | [[Image:300px-twitter-icon.jpg|17px]] [https://twitter.com/#!/attackresearch @attackresearch]
| |
| − | | |
| − | [http://www.attackresearch.com http://www.attackresearch.com]
| |
| − | | |
| − | [[File:Attack-Research-Logo.jpg|190px|thumb|left]] '''Dave Sayre''' has worked in the computer security area for the past ten years. He has specialized in reverse engineering, malware research, and penetration testing. He is currently a researcher at Attack Research. Dave specializes on *nix systems and enjoys figuring out how to abuse various trust relations between *nix systems.
| |
| − | | |
| − | <br><br><br><br><br><br><br><br><br><br><br>
| |
| − | ''23 - 25 September (09:00 - 17:00)''
| |
| | | | |
| | [[File:Register.jpg||link=https://registration.brucon.org/training-registration/]] | | [[File:Register.jpg||link=https://registration.brucon.org/training-registration/]] |
| | | | |
| | [[Training|Back to Training Overview]] | | [[Training|Back to Training Overview]] |
