Hands-on Hacking Essentials (HOHE) (inglise keeles)
Training duration: 2 days (16 ac h) of pure hacking and feeling “1337”
Group size: 12 participants maximum
Target audience: System administrators, information security specialists and -managers and any other IT personnel that is not afraid of the shell or command prompt.
The training is held by our partner Clarified Security.
Ideology of this training
The main differences between hacking and penetration testing are the intent and (imposed) limitations. Therefore, the idea behind this training is to see practical information security from the attacker’s or “opposing team’s” point of view and to deliver first-hand experience or running attacks.
Although this training is highly technical and extensively hands-on, all scenarios are built so that with the help of hints or even full HOWTO’s from the scoring server, everyone can complete all exercises regardless of prior 1337 skills or experience level with various operating system.
Everyone will walk through the phases of an attack until successfully pWning various systems and services. There are plenty of attack scenarios to play through and to complete scored objectives. Since the expected participants’ skill and experience level is varying to a large degree, we cover a mix of *nix and Windows world and focus on explaining key concepts and on showing the real attack even to those who have never compiled or launched any exploits before.
Contents of the training
Introduction – The attacker point of view. Intro to the scoring server and virtualized training environment.
Reconnaissance and information gathering – banner grabbing, fingerprinting, service mapping, port- & vulnerability scanning. Finding vulnerabilities, suitable exploits and staging your attacks.
Privilege escalation – local privilege escalation tricks and exploits, password cracking, fun with meterpreter and Armitage features, etc.,)
“Jumping the (fire)wall” – using targeted client-side attacks to gain foothold behind firewalls, pivoting your attacks through the initial compromised workstation, escalating, dumping password hashes, pilfering, passing-the-hash, credential and plaintext password harvesting with browser tools, Mimikatz and WCE, planting backdoors, exfiltrating data, evading Anti-virus products and making a general nuisance of yourselves in the process of 0wning internal networks.
Kali Linux – all hands-on activity takes place on this popular penetration testing distro. Each student has his own Kali Linux with individual target networks cloned in the training environment.
Remote exploitation – attacking various operating systems (both *nix & Windows) and common services (like FTP, SSH, HTTP/S, etc.,) remotly, compiling and running exploits and using ready-made tools.
Attack Toolsets – Metasploit Framework & meterpreter, Armitage (essentially a point-and-click front-end for Metasploit).
“Network Takeover” scenario – putting it all together in a whole day hands-on scenario that walks participants through a small company network takeover scenario from an attacker’s perspective. Mostly Armitage along with other tools on Kali Linux will be used for attacking, making it easy to track and visualize how the victim network and subnets reveal themselves as participants hack deeper into the network.
During the 2 day hands-on training experience the participants should form a good understanding of current attacker tool-set, attack types and methods. By experiencing the attacker mindset and point of view via hands-onexercises the participants not only will gain much higher appreciation for attack threats, but will be much more alert and better prepared for their own IT systems defence and security testing.
Trainers will engage participants with lectures, live attack demonstrations and practical examples followed by individual hands-on exercise scenarios. Training is interactive, practical, and besides active participation also full of attack stories that help to change the perspective and understanding of real life security threats.
Training environment is essentially a mobile training lab that can be brought to the participants anywhere in the world as long as VPN connection via decent Internet connectivity is viable. Training activity takes place inside a special virtualization server (VMWare ESXi5, 24 cores, 96GB RAM, 2TB HDD). Every student has access to a individual Kali machine and targets in a separate subnet.
Scoring server is a multi-functional tool to assist the students and trainers, to make the training more interactive with competitiveness and challenges. All attack scenarios and targets contain challenges and hidden answers that can only be reached and entered into the scoring server via successful attacks. There are plenty of hints and full HOWTOs that can be used a the cost of come points. This lets everyone complete the exercises at their own suitable pace, from simply following the hints and instructions to show off “1337” skills. The scoring system always rewards active participation, so even taking hints and struggling through the scenarios is more fun and rewarding than passive listening. At the same time, those who like challenges can, try more creative approaches and to choose their own way to pWn the box.
Technical requirements for the training
You will need to bring your own laptop. Everyone needs to bring their own laptop that has WiFi (or LAN cable port) for connecting to the training environment via our VPN device. Any OS is fine, all you need is a SSH and VNC client. For Windows users portable apps Putty.exe and vncviewer.exe will be available to download locally, thus, typical corporate Windows users do NOT need any admin privileges.
Computers need at least 1024×768 resolution, must be able to obtain IP address from our device’s DHCP server. Users must be able to log in with local accounts as domain controller nor direct Internet connection will not be available.
You will be connecting to your attack platform (a Kali Linux VM), hosted within our our hacking lab environment, using SSH and VNC. If you don’t have clients for these protocols already, we can provide them to you when you arrive.
Täienduskoolituse õppekavarühm: Informatsiooni- ja kommunikatsioonitehnoloogia interdistsiplinaarne õppekavarühm
Karl RaikPentester (WebApps) and trainer
Karl joined Clarified Security team in September 2015 as a Web application pentester. His previous work experience consists mainly of Web Application development. He holds a M.Sc. degree in Cyber Security from Tallinn University of Technology. He wrote his masters thesis about improving Web Attack Campaign overview in Cyber Defense Exercises. Karl is a trainer of our Hands-on Hacking Essentials (HOHE) and Hands-on Hacking Advanced (HOHA) courses.