Hacking Techniques

and Intrusion Detection

Welcome    Why?    Training    Games    ChangeBlog    External Resources    Submit Content

 

Creator:     Ali Hadi


License:    Creative Commons: Attribution, Share-Alike

(http://creativecommons.org/licenses/by-sa/3.0/)


Class Prerequisites:

1. Basic understanding of networks and network protocols

2. Operating Systems concepts

3. Basic knowledge about programming languages

4. Basic knowledge about information security


Lab requirements:

Linux system with VirtualBox running the following VMs:

1. Different Windows systems XP, 2003, and 7.

2. KALI/BackTrack Linux system.

  1. 3.Metasploitable2 Linux system.


Class Textbook: Gray Hat Hacking: The Ethical Hackers Handbook, 3rd Edition, by Allen Harper, Shon Harris, Jonathan Ness, Chris Eagle, Gideon Lenkey, and Terron Williams, McGraw-Hill. 2011.


Other library texts and supplements:

1. Penetration Tester’s Open Source Toolkit 3rd ed. Jeremy Faircloth. Syngress, 2011.

2. Social Engineering: The Art of Human Hacking. Christopher Hadnagy. Wiley, 2011.

3. Practical Packet Analysis: Using Wireshark to Solve Real-World Network Problems. 2nd ed. Chris Sanders. No Starch Press, 2011.

4. The Web Application Hacker’s Handbook: Finding and Exploiting Security Flaws 2nd ed. Dafydd Stuttard, Marcus Pinto. Wiley, 2011.

5. Hacker Techniques, Tools, and Incident Handling. Sean-Philip Oriyano and Michael Gregg. Jones & Bartlett Learning, 2011.

6. Metasploit: The Penetration Tester’s Guide. David Kennedy, Jim O’Gorman, Devon Kearns, and Mati Aharoni. No Starch Press, 2011.

7. Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning. Gordon Fyodor Lyon. Nmap Project, 2009.

8. Unauthorized Access: Physical Penetration Testing for IT Security Teams. Wil Allsopp. Wiley, 2009.

9. Hacking: The Art of Exploitation. 2nd ed. Jon Erickson. No Starch Press, 2008.


Recommended class duration: 10-15 days college lecture style, 5-6 days continuous training


Creator Available to Teach In-Person Classes: Yes


Author comments:

This course covers the most common methods used in computer and network hacking with the intention of learning how to better protect systems from such intrusions. These methods include reconnaissance techniques, system scanning, accessing systems by network and application level attacks, and denial of service attacks. During the course students will complete many hands on exercises.


Course Objectives:

The course is designed to help students gain a detailed insight into the practical and theoretical aspects of advanced topics in hacking techniques and intrusion detection. It aims to:

1. Understand the approaches used today by computer attackers.

2. Provide an understanding of the phases and techniques for public and open source reconnaissance techniques.

3. Understand the offensive and defensive techniques of computer attacks.

4. Gain solid knowledge in buffer overflow concepts and the ability to exploit, and defend against them.

5. Provide detailed understanding of password cracking techniques.

6. Demonstrate a comprehensive understanding of the different kinds of Denial of Service attacks and how to defend against them.

7. Demonstrate the value of Web App attacks such as: SQL injection, Cross-Site Scripting, and Web Session attacks.

8. Provide hands-on labs addressing scanning, exploiting, and defending systems.


Learning Outcomes:

Upon successful completion of this course, students will be able to:

1. Critically compare, analyze and evaluate the techniques needed to attack specific systems;

2. Demonstrate practical competence in a number of hacking techniques including: social engineering, reconnaissance, scanning, enumeration, exploiting Linux and Windows applications, client side attacks, web application attacks, password attacks, and denial of service attacks;

3. Exhibit a strong foundation in attacking computer and networking systems;

4. Demonstrate that they have the necessary knowledge and skills to pursue careers in industry and/or higher education degree program; and

5. Integrate their knowledge and skills into evolving techniques in information security.


Author Biography:

Ali Hadi is a Senior Information Security Researcher, Consultant, and an Associate Professor working for different Universities and companies. Holds a PhD. and a MSc. degree in Computer Information Systems and a BSc. degree in Computer Science. With 15+ years of technical experience in the IT sector for different large and reputed companies; more than 6+ years were in the information security field. Also, throughout his working career he managed to gain more than 15+ of well known technical certificates all related to information security, Linux, and Unix. More can be found: http://twitter.com/binaryz0ne.



Class Materials


All Materials (.zip of pptx format slides (622 slides))
All Materials (.zip of odp format slides (531 slides))
All Materials (.zip of pdf format slides (622 slides))


Slides Day 1 - Social Engineering (51 slides)
Slides Day 2 - Physical Pentesting (19 slides)
Slides Day 3 - Backtrack Basics (21 slides)
Slides Day 4 - Scoping (22 slides)
Slides Day 5 - Recon (46 slides)
Slides Day 6 - Footprinting (34 slides)
Slides Day 7 - Fingerprinting (29 slides)
Slides Day 8 - Scanning (50 slides)
Slides Day 9 - Software Exploitation - Introduction (84 slides)
Slides Day 10 - Software Exploitation - Debugging (32 slides)
Slides Day 11 - Software Exploitation - Shellcode (30 slides)
Slides Day 12 - Client Side Attacks (65 slides)
Slides Day 13 - Post Exploitation (23 slides)
Slides Day 14 - Metasploit (46 slides)
Slides Day 15 - Python for Security Practitioners (91 slides)



Revision History:


08-22-2014 - Added 91 slides of Python material

11-03-2013 - Initial class content upload


If you have used and modified this material, we would appreciate it if you submit your modified version for publishing here, so that all versions can benefit from your changes.