Pentesting with BackTrack

Overview

This is an intensive, hands-on security class by Offensive Security, the creators of Backtrack, and is especially designed for delivery at BlackHat. "Pentesting with BackTrack" is targeted towards network administrators and security professionals who need to get acquainted with the latest hacking tools and techniques available with the world-renowned BackTrack 5.

If you're looking for intensive training with hands on exercises and no slides, you've come to the right place. You'll be guided through the basics and taught how to think through hardcore security scenarios. Each block of instruction includes hands-on exercises that encourage you to not only leverage tools, but to develop creative solutions and make use of lateral thinking in order to solve problems - just like those you'll encounter in the real world.

As a result, you'll not only learn to use tools, but you'll understand the raw mechanisms and technologies behind the tools, providing you with a solid knowledge foundation that will propel you in the adventure that is Offensive Security.

Are you up the challenge? Are you ready to Try Harder?

Topics Covered

• Advanced Information Gathering Techniques
• Essential Bash scripting for Pentesters
• Data Mining with Maltego
• Do-It-Yourself ARP Spoofing and advanced MITM Attacks
• Understanding and Executing Password Attacks
• Reverse Tunneling and Exfiltration Techniques
• Fuzzing and Exploiting Windows Applications
• Analyzing and Reconstructing and porting Public Exploit Code
• Client side attacks reconstructed
• Web Application Attacks
• Developing Strong Metasploit Kung-Fu

Lab Description

This course includes complex hands-on labs throughout the training. All students will be provided with pre-configured VMware machines for the duration of the course for a personal and in-depth learning experience.

Who should attend?

This is a highly technical course aimed at security professionals. People with entry level hacking security certifications in need of modern and practical real world penetration testing experience and insights should attend. Less knowledgable and experienced students who are "hungry" to succeed may also find success in this course if willing to dive into the supplied reading material and put in late nights mastering the previous day's exercises.

Prerequisites

• Students need to be comfortable in Linux ‐ We'll be using BackTrack during the whole course as our attacking platform. Navigating through directories, executing scripts and tools and writing basic bash scripts are the basic skills expected from the student.
• A solid understanding of TCP/IP and various network services (DNS, DHCP, etc)
• Knowledge of a scripting language (Perl, Python, Ruby) is recommended, but not required.
• A desire for moderate pain and suffering

What to bring

Students are required to bring their own laptops with a minimum 2 GB RAM installed.

• VMware Workstation / Fusion installed.
• At least 60 GB HD free
• Wired Network Support
• DVD-ROM / USB 2.0 support

Course Length

Four days. All course materials, custom BackTrack CD's, lunch and two coffee breaks will be provided. A Certificate of Completion will be offered.

Trainers

Johnny Long is a professional hacker. A penetration tester with over a decade of experience, Johnny has led successful physical and network security assessments against scores of clients including many Fortune 100 companies, every branch of the U.S. military and the US Department of Defense. A highly sought-after public speaker and trainer, Johnny has developed and led technical courses for most U.S Federal Law Enforcement agencies, several U.S. Intelligence agencies and other clients who prefer to remain nameless. Johnny has authored and co-authored a dozen or so computer security-related books and currently lives in Uganda, East Africa where he carries on the work of his favorite not-for-profit, Hackers For Charity.

Paul Hand is an Offensive Security instructor and has recently earned a Masters degree in Information Assurance. Paul works on various projects including the free online Metasploit Unleashed course, Exploit-DB, and the BackTrack Wiki. Paul also has a passion for problem solving and critical thinking.