TECH TRAINING 2 – HACKING PDF

OVERVIEW

The purpose of this course is to give a full understanding of what wireless networks are, how they work, how they are found and  exploited, and how they can be secured. Students will learn how to attack wireless networks and how to secure them from both management and technical perspectives. There will be a discussion and case studies on actual wireless security penetration test.

WHO SHOULD ATTEND

• IT Operation Professionals
• Information Security Managers and Officers
• Existing security auditors who wish to expand their auditing skills.
• Consultants who wish to provide advice on wireless technology and security

KEY LEARNING OBJECTIVES 

• Hands-on “War Driving”, performing a Wireless Security Survey
• Technical Awareness of Wireless Hacking and Security Techniques
• Future development in Wireless Security
• Awareness on management control and policy to enhance shortcomings in wireless technologies

AGENDA

Module 1 : Introduction

• Course introduction

• Backtrack setup & Mini-interview

Module 2 : Learning to War Drive

• 802.11 Primer/Refresher

• The Rig: 802.11 Hardware (Laptops, embedded devices, PDAs, GPS, antennas…)

• Case Study : War Driving Jakarta

• Limitations

• Hands-on : Using Kismet & Airodump

Module 3 : Hacking public hotspots

• Hacking captive portals

• Rogue AP “Evil Twin”

• DNS Tunneling

• By-passing MAC, IP and MAC+IP Authorization

• Attacking clients using Blancher’s Wifitap

• Hands-on: DNS tunneling

Module 4 : Cracking WEP & WPA

• WEP Primer

• What’s Wrong with WEP

• Cracking WEP

• Hacking WEP without cracking

• Hands-on: Cracking demo WEP AP using aircrack-ng

• Cracking WPA

• Building rainbow tables using CUDA PFU, Nvidia GPU

• Hands-on: Cracking demo WPA AP using cowpatty rainbow tables

• Hands-on: Brute force attack against Wifi Protected Setup (WPS)

• Practical attacks against WPA networks

• Latest development

Module 5 : Analysis and Mapping

• Case study: War Driving & Wireless hacking phase of an actual penetration test

• Data analysis

• Hands-on: Extracting useful information (passwords, cookies, WPA handshakes, e-mails, etc.)

• Hands-on: Generating a map

Module 6 : Rogue Access Points

• Invisible Access Point using illegal frequencies (kugutsumen & zero chaos Ath5k driver patch)

• Man-in-the-Middle Attacks using karma

• Social Engineering Attack

Module 7 : Wireless Security

• Best practices and pitfalls

• Case study: Using WPA2 Personal and expiring keys using OpenWRT

• Case study: Using WPA2 Enterprise in practice

• Protecting the users

• Wireless Security and consumerization

• Planning for failure

Module 8 : Hacking Bluetooth, VSAT and others…

• Bluetooth hacking

• Demo: Sniffing Bluetooth using frontline comprobe

• Video demo: hacking satellite network by Bellua consultants, Jim Geovedi & Raditya Iryandi

Module 9 : Conclusion

• Future developments

• Completion of course appraisal forms

• Summary and end of course

WHAT TO BRING:

A working laptop with the following hardware/software requirements:

Hardware Requirements

• Intel 64-bit machine.

  Hardware must be able to run a 64-bit VM

  If you can only get an Intel 32-bit machine you will still be able to do 85% of the labs, so don’t fret.

• MINIMUM 2048 MB RAM required.

  If you can only get 1GB then you will get by but just slowly.

• Wireless network card – no wired network provided

• 20 GB free Hard disk space

• USB 2.0 port to copy lab VMs

Operating Systems (one of the following)

• Windows XP SP2/SP3 or Windows 7 (I don’t trust Vista so you are on your own, but go for it)

• Administrator access mandatory

• If it’s a company laptop with user access only, get your administrator to allow USB and install the latest version of VMWare Player

  • Ability to disable Anti-virus / Anti-spyware programs

  • Ability to disable Windows Firewall or personal firewalls

  • An SSH client, such as PuTTY

  • OR

  • Linux kernel 2.4 or 2.6

  • Kernel 2.4 or 2.6 required

  • Root access mandatory

  • Ability to use an X-windows based GUI environment

  • SSH should be available

ABOUT THE TRAINER

Anthony ‘gaius’ Zboralski

Anthony Zboralski of IOActive is a recognised security expert with more than 16 years of experience performing Penetration tests, security assessments, forensics and related services for industries areas ranging from manufacturing through telecommunications & banking to government as well as a dozen Fortune 500 companies. Anthony C. Zboralski: Anthony he is also the co-founder and president of the Hacker Emergency Response Team (HERT).