Hacking & Safety: Advanced

General information Code: HSA Duration: 4 days Present: 10 Maximum Price: 2490 € HT Public concerned RSSI Consultants in safety Engineers/Technicians System administrators/networks Pre-necessary Administration Windows/Linux TCP/IP Means Support of course (250 pages) 80% of practical exercises 1 PC by anybody CD with tools LiveCD Linux Auditor Metasploit support Objectives To include/understand and detect the attacks on an S.I. To define the impact and the range of a vulnerability To carry out a test of penetration To correct the vulnerabilities To make safe a network, and to integrate adequate security tools	Description This course is a advanced and practical approach the methodologies used within the framework of intrusions on corporate networks. We stress technical comprehension and the practical application of the various forms of existing attacks. The objective is to provide you the technical skills necessary to the realization of audits of safety (tests of penetration), while judging by yourself the criticality and the real impact of the vulnerabilities discovered on the S.I. The presentation of the techniques of attacks is accompanied by applicable procedures of safety under various architectures (Windows and Linux).
	Day 1 & 2 Introduction Recall TCP/IP Acquisition of information Presentation of the techniques of acquisition of remote information on corporate networks and systems distant Public information Enumeration of the systems Enumeration of the services Enumeration NETBIOS Applicatif Fingerprinting Enumeration of the rules network Vulnerabilities customers remote Intrusion of the stations customers by exploitation of the vulnerabilities on the navigators Web, customers of transport… The Trojan ones Car execution the Trojan ones Vulnerabilities networks Attacks of the rules of Firewalling, interception/analyzes encrypted transmissions networks Sniffing network Spoofing network/Bypassing of firewall Idle Host Scanning Diversion of connections Attacks of the protected protocols Denial-of-services Vulnérabilités Web Attacks dynamic Web scripts (PHP, Perl…), and of the associated databases (MySql, Oracle)  Cartography of the site Faults PHP (include, fopen…) Attacks cgi (Escape Shell…) Injections SQL XSS	Days 3 & 4 Applicatives vulnerabilities Remote intrusion of a system Windows and Linux by the exploitation of the services of the applicatif type, with the Metasploit platform Escape Shell Buffer overflow Study of methodologies of attacks advanced locally and takeover of the statute administrator Use and integration of exploit in Metasploit Faults of the type Backdooring system and taking possession of a system following an intrusion and maintenance of the access Rough force of authentification Espionage of the system Backdoor Kernel Generic safety generic Tools of monitoring and security of the system/network. Cryptography Safety system Firewall/VPN/IDS Faults of the system type Backdooring and taking possession of a system following an intrusion and maintenance of the access Rough force of authentification Espionage of the system Backdoor Kernel Generic safety Generic tools of monitoring and security of the system/network. Cryptography Safety system Firewall/VPN/IDS