Ethical Hacking

Summary

This course teaches the hacking techniques and tools used to penetrate computer systems. It is taught by seasoned security specialists using a combination of class lectures and practical sessions.

Course length:	5 days
Language:	English

Intended audience

Network and system engineers that are keen to learn how a hacker would view their IT infrastructure IT consultants who want to learn to perform in-depth security assessments This course is not intended for misguided individuals who intend to use tools and techniques for criminal purposes

Prerequisities

Students should have a reasonable understanding of

TCP/IP Unix Windows 2000/2003

Lecture topics

Day One - Information gathering

Using publicly available information to target the attack (whois, web search engines, Usenet, Directories) Internet Relay Chat - IRC Social engineering Using DNS information for hacking Port scanning and operating system fingerprinting – how it works Banner grabbing Other methods of identifying operating systems and services War dialing War driving – wireless networks

Day Two - Windows Hacking

Windows security architecture (user accounts, SAM database, file system permissions) Windows networking (NetBIOS, SMB/CIFS) – how it works Windows-specific information gathering (null-sessions, DCE/RPC, SNMP, LDAP) Remote attacks (share scanning, account brute-forcing) Local privilege escalation

Day Three - Unix Hacking

Unix security architecture (user accounts, root privileges, file permissions, set-user-id bit, etc.) Unix-specific information gathering (RPC portmapper, NFS, Finger daemon, SMTP, SNMP) Programming errors resulting in security vulnerabilities (detailed explanation of each bug and methods of exploitation) Buffer overflows Format string issues Race conditions Incorrect input validation

Day Four - Web Hacking

Getting information from the web server (version, directory structure, server-side applications installed, etc.) Classification of web vulnerabilities (buffer overflows, directory traversal, incorrect input validation, encoding/decoding bugs, etc.) Scanning for known vulnerabilities Checking for configuration errors Escalating privileges Assessing the security of custom Web Applications

Day Five - Miscellaneous topics and Hacking contest

Routers What you can do with a hacked router Services offered by routers Checking known vulnerabilities Router configuration errors Password cracking

And a hacking contest will be held on day Five.

Additional topics

Firewalls (types of firewalls, how they work, how they fail) Intrusion Detection Systems Rootkits and Trojans E-mail hacking

Practical Sessions

Each topic covered during the lectures will be illustrated during the practical session. Each student will try out the tools and techniques they learned in the class on the lab machines.

During the five day course the students will try to break into the following systems

Microsoft Windows 2000/2003 Sun Solaris RedHat Linux FreeBSD Cisco routers

Each student will get a CD with all the tools that were used during the labs. Both Windows-based and Unix-based attack tools will be used.

Dates:
June 22, 2008 - June 27, 2008 (Register for this date)
Aug 03, 2008 - Aug 07, 2008 (Register for this date)

Download course leaflet as a Adobe PDF file
For more information concerning this course, please contact courses@scanit.net.

Oracle Anti-Hacking

Summary

Know your enemy is important if you are responsible for the protection of Oracle databases and application server. In this session you learn various tricks of Oracle Hacker and the appropriate countermeasure.

Course length:	5 days
Language:	English

Intended audience

Database Administrators that are keen to learn how a hacker would view their database deployments IT consultants who want to learn to perform in-depth security assessments This course is not intended for misguided individuals who intend to use tools and techniques for criminal purposes

Prerequisities

Students should have a good understanding of

Oracle Databases

Table of contents

Oracle Security Information

Oracle Security related Websites (Where to find Exploits, Gossip....) Books (Useful Oracle Security books) Metalink Hacking (Find unknown/unpublished security bugs in Metalink) Google Hacking of Oracle Technologies Yahoo Hacking of Oracle Technologies Analysing Oracle Security Patches Where to buy unpublished Oracle Security Bugs

Security Basics

Secure Oracle Architecture (Client, Server, Application Server, Backup/Recovery...) Oracle Security Features (Audit, Encryption, ASO, VPD, OLS...) Encryption (Concepts, Network, Database...) Privileges Audit (Concept, what...) Forensics D.o.S. - Denial of Service (Concepts, TNS-Listener, database, database user, oid...) Buffer Overflows (Concepts, Packages, SQL functions...) SQL Injection (Concepts, Packages, Trigger, Webapplication...) Cross Site Scripting (Concepts, How to use...) Tools (Scripts, Oracle Security Scanner, Free and commercial software ...)

Database

Attack Scenarios Overview Security Windows (Services, Patches...) Overview Security Unix (X11, Services, Patches...) File Permission (Common Issues, Become Root... ) Listener (TNS, MTS, XMLSDB, Exploits, Securing Listeners...) Network Sniffing & Tracing (Ethereal/Wireshark, Tracing, ASO...) Reading and stealing files (Export, archive, utl_file, dbms_lob...) Creating Files ( utl_file, external tables, dbms_advisory, Java, ...) Oracle Database Passwords (Brute Force Cracker, Password Algorithm, hashkeys...) Other Oracle Passwords (modplsql, CMDSK, changing, decrypting...) Execute OS commands (Java, Extproc, undocumented Procedures...) Database Encryption (Decrypt Data, Steal encryption keys, Circumvent Encryption, sort_area_size, Reverse Engineering Key Algorithms) PLSQL (Wrapping, Unwrapping PLSQL, Patching wrapped procedures, ...) XMLDB (D.o.S, XSS, ...) Backdoors (How to Implement, Find) Become DBA (several ways to become DBA) Components - HTMLDB - XMLDB - Enterprise Manager - Database Control / Grid Control - iSQLPlus - OID Hardening Oracle Database (Approach, where to start, top-5-issues, Keep the database secure...)

Oracle Clients

Attack Scenarios Passwords & Accounts (Handling, Roaming, Decryption, ...) Client Startup Files SQL Logging Temp Files Analysing various Oracle Clients Using Windows PE / Knoppix (Create own Oracle Boot-CD) Hardening Oracle Clients

Application Server

Attack Scenarios Oracle HTTP Server (Apache) Oracle Forms Server (SQL Injection, OS execution...) Oracle Reports Server (SQL Injection, OS execution...) Oracle Webcache Oracle Portal (SQL Injection) Hardening Oracle Application Server

Advanced Topics

Oracle Rootkits (Concepts, V1, V2,Create invisible users, modify packages, ...) Oracle Viruses (Concepts) Oracle Worms (Concept) Oracle Forensincs Hacking Oracle Database Vault Hacking Transparent Data Encryption (TDE) Oracle Phishing Oracle Patch Modification Using Matrixay for Webapps Using Repscan

Dates:
May 18, 2008 - May 22, 2008 (Register for this date)
July 06, 2008 - July 10, 2008 (Register for this date)

Download course leaflet as a Adobe PDF file
For more information concerning this course, please contact courses@scanit.net.

Oracle Forensics

Instructor: Alexander Kornbrust

Summary

This training describes how to do Oracle Forensics in different real-world scenarios.  Attendees will learn the Oracle Forensic Basics, what tools to use and efficient approaches to find traces in Oracle.

Course length:	3 days
Language:	English

In the exercises attendees will learn.

Oracle Forensic Basics Classification of Attackers Attack scenarios (disgruntled employee, external hacker, curious DBA, ...) Database Forensic Tools Analyzing Log Files (Listener, HTTP, ...) Analyzing Audit Logs Analyzing Archive Logs Find peaks (usage, connects, ...) Generating and comparing checksums of database objects Find backdoors (unwrap PL/SQL, Java, ...) Anti-Forensics Dates: Jan 06, 2008 - Jan 08, 2008 (Register for this date) For more information concerning this course, please contact courses@scanit.net.

Oracle Setup Auditing

Instructor: Alexander Kornbrust

Summary

This training describes how to use Oracle Audit features.

Course length:	3 days
Language:	English

In the exercises attendees will learn.

Oracle Auditing Basics Oracle Auditing Fine Grained Auditing (FGA) Custom Trigger Database Vault Auditing Oracle Audit Vault Analyzing Audit Logs Find and define interesting targets for auditing Bypass Auditing and countermeasures Auditing and Encryption Using 3rd party auditing applications (e.g. Sentrigo Hedgehog) Detecting Attacks (logsurfer)

Dates:
Aug 24, 2008 - Aug 26, 2008 (Register for this date)

For more information concerning this course, please contact courses@scanit.net.

WIFI Anti-Security

Summary

During this course you will acquire a deep understanding of WLAN technologies and Security. You will also spend half of the time experiencing practical hacking excersises, monitoring and defending a wireless network in a Lab, You will also train on the monitoring tools and on AP's configuration. Each lecture will be followed by practical example and training. Each hacking demo will be practiced by the student. Each security measure will be discussed, applied and tested by the students. This course is a real hacking and defense course, with a lot of practical experience built in.

Course length:	5 days
Language:	English

Intended audience

Decision makers for security and networking, such as directors or managers of networking, Chief Security Officers, and directors or managers of information security. Designers, architects, implementers and administrators of WLANs and security. Consultants and integrators for security and IT services.

Prerequisities

Due to the very technical nature of this course, each student need to have a good understanding of the following topics:

Networking topologies and technologies Basic knowledge of Linux and Microsoft Operating systems TCP/IP Basics of security.

The student should ideally have at leave 3 years of solid IT experience.

Lecture topics

Introduction to Wireless technologies and security. Discussion about wi-fi design in networks RF basics, legal aspects, glossary. The antenna's ( Omni, Yagi, etc...) Discovering Wireless networks Breaking WEP keys Breaking WPA keys Breaking LEAP Wifi MIM attacks Wifi DOS's Analysis of EAP protocols Radius & Client implementation MAC cloning Rogue access point detection Wifi intrusion detection

Download course leaflet as a Adobe PDF file
For more information concerning this course, please contact courses@scanit.net.

Security Awareness

Summary

During this 3 day course, you will learn about the pillars of IT & IS Security Awareness Campaigns. Students will be walked through various best-practices and guidelines on how to conduct successful awareness programs. Using a task-based approach, students will also face some of the common pitfalls of design, development and implementation of security awareness programs.

Course length:	3 days
Language:	English

Prerequisities

None

Table of Contents

Understanding awareness
Basic concepts:

Awareness & Training Education & Professional Development Awareness Strategy Why defined awareness responsibilities Why management support

Key components of a successful Awareness Strategy

How to determine awareness needs Conducting awareness needs assessment Developing preliminary strategy plans Developing and approving the strategy plan Funding the awareness program

Awareness Materials

How to select awareness topics What the sources are for awareness material Definition of awareness target groups Identification of workshops & general training requirements Sources of training courses and workshops

Successful implementation

Techniques for the delivery of the awareness materials and training How to monitor the implementation Monitoring compliance Awareness Program Evaluation Feedback

Course Material

English course notes Scripts Free Security Software

Dates:
July 27, 2008 - July 29, 2008 (Register for this date)

Download course leaflet as a Adobe PDF file
For more information concerning this course, please contact courses@scanit.net.

VoIP Security

Summary

In this 3 days course, you will learn wide variety of techniques used by attackers against VoIP architectures. You will also learn how to identify such attacks, how to defend against such attacks and how to build Security VoIP Architecture. The course also covers the basics of VoIP Protocols, as well as basic penetration testing techniques.

Course length:	3 days
Language:	English

Prerequisities

Basics understanding of VoIP technology

Lecture topics

Introduction to VoIP Introduction to VoIP Protocols Protocols, Vulnerabilities & Known Issues Phreaking VoIP Attacks & Defense Scenarios VoIP Architecture & Security Considerations Create secure VoIP Architectures VoIP Penetration Testing

Scada Security

Summary

In this 5 days course, you will learn wide variety of techniques used by attackers against Critical Infrastructures. You will also learn what the major standards requirements and guidelines for security SCADA systems are. Practical exercises will include analysis of Modbus/ TCP network traffic, identification of infrastructure design weaknesses, as well as SCADA basic penetration testing techniques.

Course length:	5 days
Language:	English

Prerequisities

Basics understanding of SCADA technology

Lecture topics

Introduction to SCADA Introduction to SCADA Protocols Protocols, Vulnerabilities & Known Issues Firewalls, IPSs, DMZ and rules sets SCADA Attacks & Defense Scenarios SCADA Architecture & Security Considerations How to create secure SCADA Architectures SCADA security Standards, Guidelines and Best practices

Telecom Fraud

Summary

This course is focused on Telecommunications Fraud Department Professionals, Engineers, Consultants or Management.

It teaches the techniques and methodology used to intentionally access a telecommunication service by using false identities with "no intention to pay". As from 2001 the number of complaints regarding subscription fraud quintupled. 85% of all telecommunications fraud starts with a subscription fraud. This trend appears to be to biggest threat for the future as 50% of all fraud committed on the Internet at present is subscription fraud related.

Course length:

3 days

Intended audience

Fraud department heads and engineers Telecommunication consultants Telecommunication company management

Prerequisities

Students should have a reasonable understanding of

Telco fraud Areas of vulnerability, prepaid etc.

Practical excercises

Each topic covered during the lectures will be illustrated during the practical sessions using actual case studies.

Course topics

Introduction to fraud

Introduction to fraud and telecom fraud Fraud and Revenue assurance Fraud Evolution New types of fraud

Fixed Network Fraud

Common types of fixed network fraud Physical Attacks on interfaces Premium Rate Services Fraud Insider Fraud PBX/DISA Fraud Calling Card Fraud SS7 Attacks

Mobile Network Fraud

The security of mobile networks Common types of mobile network fraud Physical Attacks on interfaces Encryption methods employed by operators and handset/SIM card manufacturers Mobile Network and Handdset interception Mobile Network Fraud and Risk Management

Subscription Fraud

Introduction to subscription fraud Detection & identification of subscription fraud Commercial solutions for dealing with subscription fraud Risk mitigation techniques

Partnership fraud

Introduction to partnership fraud Interaction models with operators, third party providers and commercial dealers Interactions & Interoperation fraud

Content & Added value services fraud

Content risk and liability Content vaue chain fraud Payment mechanisms fraud Maintaining revenue streams through secure delivery channels

Fraud detection & prevention

Overview of fraud process and fraudulent activities Introduction to fraud management systems FMS Functionalities

Download course leaflet as a Adobe PDF file
For more information concerning this course, please contact courses@scanit.net.

Forensics Acquisition & Analysis

Summary

This course teaches participants how to perform digital forensic examinations of computers and other digital media. Knowing how to properly find, recover and preserve "digital evidence" is a necessity for both criminal and civil investigations. There are very specific standards and methodologies that must be followed for digital evidence to be accepted in most courts of law. Our instructors will take you through a real investigation, step-by-step, to put into practice the knowledge that you will receive in this course. Analysis will be conducted of several different types of media and the digital evidence that it contains. During the course, you will learn the techniques used by experienced forensic examiners in exercises with actual digital forensics tools and applications. At the conclusion of the digital investigations, you will learn how to build an electronic report that documents and preserves that evidence that you have recovered.

Course length:	5 days
Language:	English

Course Venue (April 6 -10, 2008)
This course will be taught at the Scanit technical training classroom in Dubai Internet City. The course date is April 6 - 10, 2008. The course fee is $2,500 (US) which includes a forensic write blocker and imaging software.

Course Learning Objectives
This course is designed to provide the knowledge in computer forensics procedures, tools and technology needed to serve as a computer forensic specialist. Completion of this course will provide the skills needed to properly collect digital evidence and conduct basic forensic analysis in a legally admissible manner, using accepted forensics practices.

Course Instructors
Steve Anson, CISSP, MCSE is a former Special Agent with the US Department of Defense Criminal Investigative Service (DCIS). Mr. Anson has conducted numerous Internet investigations on some of the most sophisticated network systems in the world, and has taught computer crime investigation techniques at the FBI Academy. He has served as a Task Force Agent for the FBI as well as supervised a local police department cyber crime and technology unit. Mr. Anson is a Certified Information Systems Security Professional (CISSP), a Microsoft Certified Systems Engineer (MCSE), and the coauthor of "Mastering Windows Network Forensics and Investigations".
Domingo Montanaro, GCFA, is an Information Security Specialist and Computer Forensics Expert, who has been working with High Tech crime investigation for the private sectors including the financial markets as well as law enforcement agencies as an expert consultant. Currently holding the position of Manager of Research & Development for the Information Security and Computer Forensics Labs of Oger Systems. Domingo specializes in Information Leakage, Data Recovery, and Incident Handling, as well as being highly skilled in Anti-Forensics methodologies and tools. Guest professor at a number of Universities as an expert on Computer Forensics and author of several articles/papers as well as a key speaker at major worldwide conferences.


Course outline

Course Introduction

What is digital evidence What can be found as digital evidence Type of cases involving digital evidence - civil vs. criminal What is needed to be a forensic examiner Basic forensic principals - IACIS model Testing and validation

Preserving Digital Evidence

Review of search and seizure techniques Proper documentation of evidence Imaging and acquisition - Physical write blockers Imaging and acquisition - Forensic boot CD Overview of forensic images Archival methodology

Keyword Searches

Basic GREP Indexing

Document Analysis

Metadata Viewers

Internet History Analysis

IE Firefox Cookies Bookmarks History

Email Analysis

Email formats and containers Deciphering email headers

Multimedia Analysis

Graphics Video Audio EXIF data

Registry Analysis

Overview of Windows registry Finding evidence in the registry

Recovery of Deleted Files

Manual vs. Automated Data carving techniques

Encryption Analysis

Techniques for bypassing encryption

Other Digital Media

Optical media USB Flash drives

Reporting Techniques

building an electronic report Dates: Apr 06, 2008 - Apr 10, 2008 (Register for this date)

Download course leaflet as a Adobe PDF file
For more information concerning this course, please contact courses@scanit.net.

Exploiting Software Vulnerabilities

Course Authors / Instructors:

Rodrigo Rubira Branco (BSDaemon) and Filipe Alcarde Balestra (coideloko)

Course length:	5 days
Language:	English

Course description

* Why learn how to break software?

* What is the differences between the hacking (security research) community and the open-source community?

* How do we release vulnerabilities?

* Web Vulnerabilities

• Cross-site scripting
• SQL Injection
• Remote file include
• Others

* Introduction to shellcode

• Hello World

* Injectable code
* Bypassing filters - Polymorphic shellcodes

• How it works?
• Structure
• Uses

* Stack Overflows

• Why it do exist?
• How it can be exploited?
   - Debugging software
   - Controlling the application
   - Searching for a return point
   - What else we can do?
  

* Heap Overflows

• Why it can be exploited?
   - Old School - breaking in to the old libc
   - What changed nowadays - be prepared
   - Differences between Windows and Linux systems
  

* Integer-related problems

• Widthness overflows
• Arithmetic overflows
• Signedness bugs

* Format String

• Is it dead?
• Exploiting

* Defeating security systems

• Breaking canary protection
   - controlling pointers
   - controlling indexes
  
• Breaking non-executable memory
   - Returning-into-libc (system())
   - Returning-into-libc (sprintf()/strcpy()) [the case of leaf functions]
  
• Breaking memory randomization
• By-passing glibc unlink protection

* Kernel Exploitation

• NULL pointer dereference
• Slab overflows
• Disabling security protections

* Remote exploitation - what are the challenges?

• Protocol analysis
• Remote system interaction
• Packet sizes
• Filters, Detectors (IDS/IPS/XYZ), others

* Keeping access - target inside systems

• Rootkits - How do they work?
• Syscall proxying, encoding, pivoting and others...

Dates:
July 20, 2008 - July 24, 2008 (Register for this date)

For more information concerning this course, please contact courses@scanit.net.