International Security Conference - Hacktrix 2007
*www.mkcl.org/hacktrix/
Organized by
Maharashtra Knowledge Corporation Limited, National Anti Hacking Group and Hackers Center.
Pune , Ahmedabad , Mumbai, Thane
HackTrix 2007 aims to focus on "offensive" hacking techniques, as well as defensive security methodologies designed to combat them. The conference will allow attendees to refine their capabilities, potentially leading to awareness of the general skill-level of hackers.
Who Should Attend?
CTOs,Network/System Administrators, Security
Professionals/Analysts and IT Pros.
Why Should I attend?
· To get to know hacker's approaches and get
familiar with the latest threats/vulnerabilities
and how you can secure your Network and Web
Applications.
· Not just to fulfill a requirement by current
employer, as part of your personal career path
and to earn certification for increased
creditability.
What I will get ?
· To stay current with hacking/Security skills and
to increase efficiency/knowledge for your current
project.
· Exclusive study material along with tools/exploits
· Certificate of Attendance
Agenda
Imagine being part of a security revolution and not just as a passive observer, but at the very centre of it all where the action is. If the very thought excites you, then read more...
HackTrix 2007Agenda
15/07/2007
Pre-Conference Workshop (1 day)
16/07/2007 to 18/072007
Conference: System Hacking (3 days)
19/07/2007 to 20/07/2007
Conference: Web Application Hacking (2 days)
Timings
2PM to 7:30 PM
Speakers
1. Armando Romeo (Italy).
2. Jordan Thomas (Chicago)
3. Yash Kadakia (Germany)
4. Vineet Kumar
5. Umesh Tiwari
6. Vipin Kumar
7. Nitin Kumar
Conference Schedule
Pre-Conference (Free for all )
Duration: 1 day
Pre-Conference
Introduction to the Course
Security Awareness
General Introduction to Hacking
What does a hacker do?
Vulnerabilities
Exploits
HTTP Protocol Basic
Legal Perspective
System Hacking
Duration: 3 days
Day 1
Collecting Information on our Target
Time: 45 minutes
Passive and Active methods:
Google, Netcraft, VisualRoute, Scanners, Fingerprinting, Identifying Assets, Footprinting, Competitive Intelligence
Extended Network Mapping
Time: 45 minutes
An analysis of various techniques used for network mapping:
Passive and Active resources, DNS mapping, Spidering Tools, Nmap techniques, Traceroute Hop Mapping
Collecting Information on Old and New Vulnerabilities
Time: 15 minutes
Identify and use various sources of information about new and old vulnerabilities:
Securityfocus, Milw0rm, Securiteam, IRC, etc
Vulnerability Classification
Protecting Anonymity while Hacking
Time: 1 hour 15 minutes
Various techniques for Covert Hacking:
Proxy servers, Socks, Wingate, Shell Accounts, Tor, Anonymizers, SSL Proxy, SSH Tunneling
Analyzing the anonymity of a proxy server, Covering tracks
Vulnerabilities
Time: 2 hours
Encrypted communication lines, Firewalls and Routers, Web servers (Apache/IIS), Applications, Databases, IPSEC, VPN, ACLS, Web server administration systems, Database management systems
Corporate Product Demo/Presentation
30 minutes
Briefing of Day 2
15 minutes
Day 2
The Typical Structure of a Web Site
Time: 30 minutes
Enumeration of the components of a web site and their inherent possible vulnerable points
Using tools such as Wikto, robots.txt etc
Introducing and Exploiting Most Common Linux Vulnerabilities
Time: 1 hour
SSH, SSL, Apache, Bad configurations, MAIL servers, FTP servers, Escalating privileges, Kernel Attacks, Covering tracks
Introducing and Exploiting Most Common Windows Vulnerabilities
Time: 1 hour
FrontPage extensions, Unicode, NetBIOS Hacking, Null Sessions, SQL server, Terminal Server, IIS, WebDAV, RPC Dcom, ASN exploits, ASP Trojans, File System Traversal, Prevention
Buffer Overflows: after decades, still one of the most severe vulnerabilities
Time: 1 hour
Stack Overflow, Heap Overflow, Format Strings Local Buffer Overflow, Remote Buffer Overflow
Man in the Middle: a particular category of attacks
Time: 45 minutes
ARP Poisoning, DNS Poisoning, ICMP Redirect, Man in the middle attacks
Passwords
Time: 30 minutes
Password Security, Hacking tools, Cracking passwords and their countermeasures
Corporate Product Demo/Presentation
30 minutes
Briefing of Day 3
15 minutes
Day 3
Exploiting Database Vulnerabilities
Time: 1 hour
SQL Injection, URL Poisoning, SQL Server vulnerabilities, SQL Database enumeration (MySQL/SQL)
Sniffing For Information
Time: 1 hour
Active sniffing, Passive Sniffing
Denial of Service Attacks
Time: 45 minutes
Types of attacks, Classification of attacks, Tools, DDOS, Prevention
Cross Site Scripting
Time: 30 minutes
Learn the basics of the Cross site scripting vulnerability, one of the most commonly found vulnerabilities
Social Engineering: Techniques and Psychological traps
Time: 15 minutes
Attack Against the User: Malware
Time: 30 minutes
Live Hacking Sessions
Time: 1 hour
Information Gathering Session
System Scanning and Enumeration Session
System Hacking and Backdooring Session
Linux Hacking Session
Black-Box Hacking Session
Corporate Product Demo/Presentation
30 minutes
Briefing of Day 4
15 minutes
Web-Application Hacking
Duration: 2 days
Day 4
Statistics on Web Server Attacks
Time: 15 minutes
Web Server Structure
Time: 15 minutes
Analysis of the structure and configurations of different web servers with relevance to exploitation
Classification of Web Application Attacks
Time: 30 minutes
Authentication, Authorization, Client-side Attacks, Command Execution, Information Disclosure, Logical Attacks
Collecting Information on Our Target: Google Hacking
Time: 15 minutes
Cross Site Scripting in Depth
Time: 45 minutes
Detailed analysis of Cross site scripting vulnerabilities, how they can be discovered, exploited and prevented
Exploiting XSS vulnerabilities to obtain:
Site hijacking, Session hijacking, Reprogramming network components, HTML principles and vulnerabilities
Cookie Manipulation
Time: 15 minutes
Backdoors with JavaScript
Time: 15 minutes
Analysis of JavaScript based backdoors
Remote Files Reading /Inclusion
Time: 15 minutes
Common Errors in PHP Applications
Time: 2 hours
Execution of arbitrary code, Execution of commands, File disclosure
Corporate Product Demo/Presentation
30 minutes
Briefing of Day 5
Time: 15 minutes
Day 5
SQL Injections
Time: 2 hours
Attacking a system using SQL vulnerabilities: Form bypassing, Database dump, Command execution, Gaining root access
Preventing SQL Injections via source code and database planning
Cross Site Request Forgery
Time: 15 minutes
Encoding Attacks
Time: 30 minutes
Bypassing IDS and filtering
Other Vulnerabilities
*www.mkcl.org/hacktrix/
Organized by
Maharashtra Knowledge Corporation Limited, National Anti Hacking Group and Hackers Center.
Pune , Ahmedabad , Mumbai, Thane
HackTrix 2007 aims to focus on "offensive" hacking techniques, as well as defensive security methodologies designed to combat them. The conference will allow attendees to refine their capabilities, potentially leading to awareness of the general skill-level of hackers.
Who Should Attend?
CTOs,Network/System Administrators, Security
Professionals/Analysts and IT Pros.
Why Should I attend?
· To get to know hacker's approaches and get
familiar with the latest threats/vulnerabilities
and how you can secure your Network and Web
Applications.
· Not just to fulfill a requirement by current
employer, as part of your personal career path
and to earn certification for increased
creditability.
What I will get ?
· To stay current with hacking/Security skills and
to increase efficiency/knowledge for your current
project.
· Exclusive study material along with tools/exploits
· Certificate of Attendance
Agenda
Imagine being part of a security revolution and not just as a passive observer, but at the very centre of it all where the action is. If the very thought excites you, then read more...
HackTrix 2007Agenda
15/07/2007
Pre-Conference Workshop (1 day)
16/07/2007 to 18/072007
Conference: System Hacking (3 days)
19/07/2007 to 20/07/2007
Conference: Web Application Hacking (2 days)
Timings
2PM to 7:30 PM
Speakers
1. Armando Romeo (Italy).
2. Jordan Thomas (Chicago)
3. Yash Kadakia (Germany)
4. Vineet Kumar
5. Umesh Tiwari
6. Vipin Kumar
7. Nitin Kumar
Conference Schedule
Pre-Conference (Free for all )
Duration: 1 day
Pre-Conference
Introduction to the Course
Security Awareness
General Introduction to Hacking
What does a hacker do?
Vulnerabilities
Exploits
HTTP Protocol Basic
Legal Perspective
System Hacking
Duration: 3 days
Day 1
Collecting Information on our Target
Time: 45 minutes
Passive and Active methods:
Google, Netcraft, VisualRoute, Scanners, Fingerprinting, Identifying Assets, Footprinting, Competitive Intelligence
Extended Network Mapping
Time: 45 minutes
An analysis of various techniques used for network mapping:
Passive and Active resources, DNS mapping, Spidering Tools, Nmap techniques, Traceroute Hop Mapping
Collecting Information on Old and New Vulnerabilities
Time: 15 minutes
Identify and use various sources of information about new and old vulnerabilities:
Securityfocus, Milw0rm, Securiteam, IRC, etc
Vulnerability Classification
Protecting Anonymity while Hacking
Time: 1 hour 15 minutes
Various techniques for Covert Hacking:
Proxy servers, Socks, Wingate, Shell Accounts, Tor, Anonymizers, SSL Proxy, SSH Tunneling
Analyzing the anonymity of a proxy server, Covering tracks
Vulnerabilities
Time: 2 hours
Encrypted communication lines, Firewalls and Routers, Web servers (Apache/IIS), Applications, Databases, IPSEC, VPN, ACLS, Web server administration systems, Database management systems
Corporate Product Demo/Presentation
30 minutes
Briefing of Day 2
15 minutes
Day 2
The Typical Structure of a Web Site
Time: 30 minutes
Enumeration of the components of a web site and their inherent possible vulnerable points
Using tools such as Wikto, robots.txt etc
Introducing and Exploiting Most Common Linux Vulnerabilities
Time: 1 hour
SSH, SSL, Apache, Bad configurations, MAIL servers, FTP servers, Escalating privileges, Kernel Attacks, Covering tracks
Introducing and Exploiting Most Common Windows Vulnerabilities
Time: 1 hour
FrontPage extensions, Unicode, NetBIOS Hacking, Null Sessions, SQL server, Terminal Server, IIS, WebDAV, RPC Dcom, ASN exploits, ASP Trojans, File System Traversal, Prevention
Buffer Overflows: after decades, still one of the most severe vulnerabilities
Time: 1 hour
Stack Overflow, Heap Overflow, Format Strings Local Buffer Overflow, Remote Buffer Overflow
Man in the Middle: a particular category of attacks
Time: 45 minutes
ARP Poisoning, DNS Poisoning, ICMP Redirect, Man in the middle attacks
Passwords
Time: 30 minutes
Password Security, Hacking tools, Cracking passwords and their countermeasures
Corporate Product Demo/Presentation
30 minutes
Briefing of Day 3
15 minutes
Day 3
Exploiting Database Vulnerabilities
Time: 1 hour
SQL Injection, URL Poisoning, SQL Server vulnerabilities, SQL Database enumeration (MySQL/SQL)
Sniffing For Information
Time: 1 hour
Active sniffing, Passive Sniffing
Denial of Service Attacks
Time: 45 minutes
Types of attacks, Classification of attacks, Tools, DDOS, Prevention
Cross Site Scripting
Time: 30 minutes
Learn the basics of the Cross site scripting vulnerability, one of the most commonly found vulnerabilities
Social Engineering: Techniques and Psychological traps
Time: 15 minutes
Attack Against the User: Malware
Time: 30 minutes
Live Hacking Sessions
Time: 1 hour
Information Gathering Session
System Scanning and Enumeration Session
System Hacking and Backdooring Session
Linux Hacking Session
Black-Box Hacking Session
Corporate Product Demo/Presentation
30 minutes
Briefing of Day 4
15 minutes
Web-Application Hacking
Duration: 2 days
Day 4
Statistics on Web Server Attacks
Time: 15 minutes
Web Server Structure
Time: 15 minutes
Analysis of the structure and configurations of different web servers with relevance to exploitation
Classification of Web Application Attacks
Time: 30 minutes
Authentication, Authorization, Client-side Attacks, Command Execution, Information Disclosure, Logical Attacks
Collecting Information on Our Target: Google Hacking
Time: 15 minutes
Cross Site Scripting in Depth
Time: 45 minutes
Detailed analysis of Cross site scripting vulnerabilities, how they can be discovered, exploited and prevented
Exploiting XSS vulnerabilities to obtain:
Site hijacking, Session hijacking, Reprogramming network components, HTML principles and vulnerabilities
Cookie Manipulation
Time: 15 minutes
Backdoors with JavaScript
Time: 15 minutes
Analysis of JavaScript based backdoors
Remote Files Reading /Inclusion
Time: 15 minutes
Common Errors in PHP Applications
Time: 2 hours
Execution of arbitrary code, Execution of commands, File disclosure
Corporate Product Demo/Presentation
30 minutes
Briefing of Day 5
Time: 15 minutes
Day 5
SQL Injections
Time: 2 hours
Attacking a system using SQL vulnerabilities: Form bypassing, Database dump, Command execution, Gaining root access
Preventing SQL Injections via source code and database planning
Cross Site Request Forgery
Time: 15 minutes
Encoding Attacks
Time: 30 minutes
Bypassing IDS and filtering
Other Vulnerabilities