Tactical Exploitation

Overview

Penetration testing often focuses on individual vulnerabilities and services, but the quickest ways to exploit are often hands on and brute force. This two-day course introduces a tactical approach that does not rely on exploiting known vulnerabilities. Using a combination of new tools and lesser-known techniques, attendees will learn how hackers compromise systems without depending on standard exploits. The class alternates between lectures and hands-on testing, providing attendees with an opportunity to try the techniques discussed. A virtual target network will be provided, along with all of the software needed to participate in the labs.

In the first half of the course, attendees will investigate a wide variety of information gathering and footprinting techniques, many of which are critical to a successful penetration test. The Metasploit Framework will be used as a development platform for building custom discovery tools.

In the second half of the course, the focus will shift from information discovery to information exploitation. Attendees will learn how to compromise common operating systems, and once in, how to gain access to the rest of the network.

This course is well-suited to penetration testers of any skill level and all security professionals who have a basic grasp of networking and software exploits. This course differs from a typical ethical hacking program in that the focus is on techniques that are not affected by patch levels. A portion of the class will be dedicated to building new tools, on the fly, to solve the challenges posed by a difficult penetration test.

What to bring

• Students should bring a laptop capable of running the Metasploit framework.
• Students should be familiar with Windows and at least one Unix-like environment (OS X, Linux, Solaris, etc).
• Students should have a general understanding of scripting languages such as Perl, Python, and Ruby.
• Students should be comfortable with a variety of common networking tasks, such as assigning an IP address and troubleshooting connectivity.

Recommendations

• Experience with Metasploit Framework
• Experience with network sniffers, such as Wireshark
• Experience programming in the Ruby language
• Experience with low-level IP networking tools (hping, nmap, etc)

Trainer

Attack Research was founded by Valsmith in the winter of 2008 after his decision to move on from his previous malware research company. There were two purposes in mind when Attack Research was formed:

• A community focused company, built on in-depth knowledge and understanding about the way computer attacks work. From exploit, to network traffic, to things such as client side web attack infrastructure; all aspect of attacks will be analyzed and discussed.
• To be a company which draws on the extensive real world experiences of its members to provide unconventional training, testing, incident response, consulting and research services in the computer security arena.

In addition to these fundamental drivers of our organization, Attack Research also provides a publishing vehicle for community members. Papers, presentations, and tools related to computer security and attack methodologies may be distributed under the Attack Research umbrella.