1

Hacking and security

• Forms of attacks, procedures, actors, challenges.
• Audits and intrusion tests, place in an ISMS.

2

Sniffing, interception, analysis, network injection

• Anatomy of a packet, tcpdump, Wireshark, tshark.
• Hijacking and intercepting communications (Man-in-the-Middle, VLAN attacks, honeypots).
• Packets: Sniffing, reading/analyzing from a pcap, extracting useful data, graphical representations.
• Scapy: Architecture, capacities, use.

3

Recognition, scanning, and enumeration

• Intelligence gathering, hot reading, operating the darknet, social engineering.
• Recognizing services, systems, topology, and architectures.
• Types of scans, filtering detection, firewalking, fuzzing.
• Camouflage using spoofing and bouncing, identifying paths with traceroute, source routing.
• Evading IDS and IPS: Fragmentations, covert channels.
• Nmap: Scanning and exporting results, options.
• Other scanners: Nessus, OpenVAS.

4

Web attacks

• OWASP: Organization, chapters, Top 10, manuals, tools.
• Discovering infrastructure and the corresponding technologies, strengths and weaknesses.
• Client-side: Clickjacking, CSRF, stealing cookies, XSS, components (flash, java). New vectors.
• Server-side: Authentication, session theft, injections (SQL, LDAP, files, commands).
• Including local and remote files, cryptographic attacks and vectors.
• Evading and bypassing protections: Example techniques for bypassing WAF.
• Burp Suite tools, ZAP, Sqlmap, BeEF

5

Application and post-operation attacks

• Microsoft authentication attack, PassTheHash.
• From C to the machine code assembler. Shellcodes.
• Encoding shellcodes, deleting null bytes
• Rootkits. Using processes: Buffer Overflow, ROP, Dangling Pointers.
• Protections and bypassing: Flag GS, ASLR, PIE, RELRO, Safe SEH, DEP. Shellcodes with hardcoded addresses/LSD.
• Metasploit: Architecture, features, interfaces, workspaces, writing exploits, generating Shellcodes.