Instructors: cirosec consultants
Duration: 4 days
You can achieve the greatest possible level of security only if you know the attackers, the methods they use and the way they proceed, and if you can understand both their way of thinking and their motives.
Security mechanisms are often planned and developed only from the perspective of an admin or a network expert. In general, however, the way an attacker sees things greatly differs from this, which is one of the reasons why successful attacks on company networks happen repeatedly.
This intensive training will illustrate the way an attacker proceeds beyond web applications. Starting with information gathering, we will, in numerous steps, cover Linux servers, Windows clients and the domain. The training includes both well-known and lesser-known attacking techniques: from basic classics up to bypassing modern security mechanisms, from conceptual problems down to hardware processing. Numerous demonstrations will examine examples from real life.
In several laboratory exercises, you will get to put into practice what you have learned. For this purpose, each participant will be provided with a laptop with numerous tools and exploits, which go far beyond usual scanners. In addition to several aha moments, participants will be able to evaluate and assess security-relevant questions realistically this way.
The trainers carry out security assessments on a regular basis, and they will pass on their practical experience and insider knowledge they have obtained in this field.
- Motivation of attackers
- Terminology / definition of important terms
- Possible points of attack
- Information gathering
- Sources of information
- DNS-based information gathering
- Host discovery
- Port scanning
- Fingerprinting (active, passive)
- Firewall/IDS evasion
- Information from log files
- Information disclosure by the browser
- Software vulnerabilities / Binary exploitation in general
- Technical basics for reverse engineering
- Format-string vulnerabilities
- Buffer overflows
- Logical errors
- Applied countermeasures and bypassing, including
- Targeted privilege escalation
- Linux and Windows part
- Protection domains (user mode, kernel mode and even below)
- Kernel exploitation
- Configuration errors
- Race conditions
- Windows-specific attacks
- Client applications (Office, browser, ...)
- LM, NTLM and NTLMv2 vulnerabilities
- Pass-the-hash attacks
- Network-based attacks (in a switched environment)
- Man in the middle
- Post exploitation
- Backdoor technologies
- Host hopping
- Other topics included
- Social engineering
- Tools and frameworks
- Attacks on SSL/TLS
- Downgrade attacks
- Side-channel attacks
- Attacks on passwords/password hashes
The topics covered will be explained using demonstrations and exercises.
Operating systems covered:
Linux/Unix environment and Windows
Admins, network experts, security managers and employees on management level who are not afraid of viewing (in)security through the attacker’s eyes, diving deeply into a technical world.
Knowledge of the basic processes of using and administrating Windows and Linux systems. Knowledge of the TCP/IP stack and the functionality of common protocols would be of advantage.
Maximum number of participants: 15 people
Price: € 2,995
You will receive CPE Points for participating in the Hacking Extreme training. The training takes 32 hours. You will get a certificate after having completed the training.
May 14 - May 17, 2019 Munich
July 2 - July 5, 2019 Hamburg
September 17 - September 20, 2019 Ludwigsburg
December 03 - December 06, 2019 Köln
The training course will take place in fine, selected hotels:
- Hamburg: Mövenpick Hotel Hamburg
- Cologne: Hilton Hotel (2018); art'otel Cologne (2019)
- Munich: Steigenberger Hotel München
- Stuttgart: nestor Hotel Ludwigsburg
We will gladly reserve a room for you at a special rate in the hotel where the training course takes place.
We may also gladly offer you the course in form of an in-house training.
What previous participants say:
"The Hacking Extreme training course satisfied all my expectations. It was managed and held in a professional manner by highly competent individuals."
Tamino Fuchs, Coop Switzerland
"The training course did not promise too much. You got to know the "other" side in a spectacular way. This course is highly recommendable for all administrators, systems managers and security members. It doesn't matter if you come from the world of Unix or Windows, as both operating systems are addressed in detail. The timely topic of exploits and hacks is impressive. Another positive factor is the small number of participants. The instructors had enough time to answer each participant's questions and offer help during the practical exercises. All in all, I fully recommend this training course to others."
Holger Koch, Liebherr Logistik GmbH
"The training course is a must for all security admins. Following the course you hover between "I'll show 'em!" and "Ok - today's the open house." Valerian and schnapps should be handed out in the future. ;) You get great deal of food for thought from the point of view of hackers. No far-fetched attack practices, but rather, efficient procedures are shown."
Volker Kölz, BW Bank AG Stuttgart
"Hacking Extreme - three exciting, intensive days full of déja-vu experiences and surprises. I've been reading about it and suspecting it for a long time: Operating systems are vulnerable and hackers are just waiting to discover more vulnerabilities in the system or with the user. How it works was something I was able to experience directly in the course and try out for myself. The course instructors conveyed some pretty complex material with their great expertise and ability. The many examples and exercises allowed us to immediately comprehend the practical implications. The course offered very good transfer of knowledge and gave me a lot of additional knowedge that I can use sensibly for my company in my position as Information Security Officer."
Urs Schmid, Manor AG
"I liked the Hacking Extreme training course in Hamburg very much. The entire course gave the impression of being well-developed and sophisticated. The examples and exercises were interesting, striking and taken from the network world, and they worked continuously. By that I mean that you come across all the tools and exploits used during the course "in the wild", making them available to all "potential" attackers. The approach made it clear what information is essential for an attacker and how it can be obtained. The speakers were very competent and did not leave any questions open. Overall, a very pleasant, stimulating three-day training course, by all means worthy of a fourth day.”
Torsten Gödicke, Wer liefert was? GmbH
"Hacking Extreme" - a seminar that packs a punch is buried in these 2 words!
"Over these days I received knowledge concentrated at a high level. A splendidly organized seminar, extensive training documents and practical orientation afforded penetrating glimpses of the "other" side of IT. I was especially impressed how intelligent exploits and sound background knowledge - not 'fake' computers and automated 'hacking tools' on the script kiddy level (as we saw on the system in some 'hacking demos') - could be used to outsmart presumably 'secure' IT environments without leaving a trace! It was precisely that, extreme hacking. I fully recommend this seminar to others!"
Marco Marchand, Kommunale Informationsverarbeitung Reutlingen-Ulm (KIRU)
"Hacking Extreme was exactly what the name promised. It went beyond everything that you normally see and know. The topic of hacking IT systems is treated seriously, discussed and demonstrated in a manner that closely resembles reality. Not the usual method of instilling fear that you otherwise find, but rather, existing vulnerabilities and approaches to exploiting them are conveyed in a sound manner. The contents are very up-to-date and the tools used are 'state-of-the-art'. I recommend this course to anyone who deals with IT security in his or her job. He or she can get to know the reality of the otherwise prevailing theory and then be able to reassess the existing risks within his or her IT environment.
Andreas Wuchner, Global IT Security Manager, Novartis Pharma AG
Here's some more praise from me once again: The two-day Hacking Extreme course on IT defense was really great. Although my many years of work in security have made me familiar with a great number of the products and techniques introduced, it was more than interesting to see both the old and new "hacking techniques", among other things, LIVE in practical demonstrations. Information and entertainment value: 10 points Alexander Rosswog, AGIS Allianz Dresdner Informationssysteme GmbH