Hands-on Introduction to Common Hacking Tools

Full Day
(9:00 am-5:00 pm)

Lincoln 3 Room

Linux
F2
New!
David Rhoades, Maven Security Consulting Inc.
Steve Pinkham, Maven Security Consulting Inc.
Description: 

As an increasing number of valuable corporate assets are made available over computer networks, having the ability to understand the types of threats facing your organizations as well as possessing the skills required to identify and mitigate flaws on your networks are increasingly important components of an organizations' risk posture.

This full-day course will enable IT professionals to better understand the methodologies, tools, and techniques used by attackers against their technical infrastructure, with the primary aim of helping them develop better defense methods and capabilities. Attendees will learn to perform basic technical security vulnerability assessment tasks and gain a strong foundation for future studies in host and network security assessment.

The workshop will use Kali Linux™, a collection of free and open source security tools many attackers and security practitioners use. Students will have access to a network of targets that will allow them to get hands-on experience, enhancing understanding of the process and tools, and how to effectively counter them. Guidance will be provided for continued learning after the course if students wish to go on to master the tools and techniques introduced in this course.

Who should attend: 

Auditors who want to understand better the methodologies, tools, and techniques used by attackers against their network and who need help developing better policy.

Take back to work: 

The ability to perform basic assessment tasks and a strong foundation for future studies in host and network security assessment.

Topics include: 
  • Discussion of current and emerging attacker methods, techniques, concepts, and tools
  • Setting up and using Kali Linux, a collection of security tools (Kali is the successor to Backtrack)
  • Understanding the basic steps an attacker uses to penetrate a network
  • Discussing and using tools for network mapping and analysis
  • Configuring and using the OpenVAS vulnerability scanner to audit network and host security
  • Setting up and using Metasploit exploit framework to exploit found flaws
  • Understanding password cracking, enabling you to craft better authentication capabilities and audit password strength
  • An overview of building client-side exploits and basic anti-virus evasion techniques
  • Understanding the common Web flaws of SQL injection and Cross Site Scripting (XSS), and demonstrating their impact on various applications and solutions
  • References to remediate or implement compensating controls