FRHACK

Title
=====
Crash Course in Penetration Testing

Instructors
===========
Joe McCray, and Chris Gates

Description
===========
This course will cover some of the newer aspects of penetration testing such as Open Source Intelligence Gathering with Maltego and other Open Source tools.

Advanced Scanning, Enumeration, Exploitation (remote and client-side), and Post-Exploitation relying heavily on the features included in the Metasploit Framework will also be covered.

Emphasis throughout the entire workshop will be placed on being as stealthy as possible, and dealing with popular defensive technologies such as:

- Network Intrusion Detection/Prevention Systems
- Host-Based Intrusion Detection/Prevention Systems
- Web Application Firewalls
- Anti-Virus
- Content-Filtering Proxies

Web Application penetration testing will be covered as well with focus on practical exploitation of cross-site scripting (XSS), cross-site request forgery (CSRF), local/remote file includes, and SQL Injection.

Topics
======

Day 1:
- Penetration Testing Fundamentals
- Scope of Modern Pentests
- Compliance Testing (PCI, HIPAA, ISO 27000)
- Blackbox
- Whitebox
- Full Scope

- The Down & Dirty
- Open Source Intelligence (OSINT)
- Maltego, and other tools

- Scanning
- Vulnerability Scanners
- Port Scanners
- Tips & Tricks
- Nmap Scripting

- Stealth Scanning Techniques
- Scanning from the outside
- Scanning from the inside

- Enumeration
- Bannergrabbing
- HTTP Fingerprinting
- SMB Version Detection

- Vulnerability Testing
- Using Nessus Attack Scripting Language (NASL)
- Correlating Scan results to public exploits

- Owning Boxes for Fun and Profit
- Exploitation
- Remote Exploits
- Local Exploits
- Why didn't my exploit work?

- Client-Side Attacks
- Delivery Methods

- Post-Exploitation (Old School)
- Setting up a workshop

- Metasploit (MSF)
- MSF Basics
- MSF Post-Exploitation
- Customizing MSF (Cool stuff)


Day 2:
- Transitioning from Network to Web App Penetration Testing
- Similarities & Differences

- What Makes up a Web Application Assessment
- Web Application Security Threat Classification
- OWASP Testing Guide

- Injection Vulnerabilities
- SQL Injection
- Error-based
- Union-based
- True/False Blind
- Time Based Blind

- Platform Specifics
- SQL Server (2000/2005)
- MySQL
- Oracle

- Abuse of Trust Vulnerabilites
- Cross-Site Scripting
- Cross-Site Request Forgery

- File Handling/Redirection Vulnerabilities
- Remote File Includes
- Local File Includes
- File Upload
- Null Byte Injection

- Filter/IDS/Web Application Firewall Evasion
- Client-Side Filtering
- Alphanumeric Filtering
- IDS Signature Evasion
- Dealing with Web Application Firewalls


Prequisites
===========
Students should be familiar with IT Security best practices, and have a good understanding of TCP/IP and common web technologies.

- Basic Windows administration for servers and workstations
- Basic command line proficiency on *NIX systems
- Basic Linux/*NIX system administration skills

Students should be familiar with the following web technologies and languages:

- HTTP
- HTML
- Javascript
- ASP
- PHP
- SQL

Prequisite Materials
====================
Each student must bring his own laptop with Windows XP/Vista or a recent Linux distribution such as:
- Fedora
- RHEL
- Gentoo
- Ubuntu

Software packages that should be install prior to class are:
- Metasploit: www.metasploit.com
- Nmap: nmap.org/download.html
- Maltego: www.paterva.com/maltego/community-edition/
- Paros: http://www.parosproxy.org/
- Nessus: http://nessus.org/ (Personal Feed)
- VMPlayer: www.vmware.com/products/player/

Windows Specific Tool:
- PSTools: technet.microsoft.com/en-us/sysinternals/bb896649.aspx

Linux Specific Tool:
- Winexe: http://eol.ovh.org/winexe/

Registration Maximum
====================
15 Students

Title
=====
Web Application Penetration Testing with Firefox

Instructor
==========
Joe McCray

Presented "Advanced SQL Injection" at Toor Con 2008
(http://sandiego.toorcon.org/content/section/3/9/#9)

Gave workshop on Penetration Testing at Toor Con 2008
(http://sandiego.toorcon.org/content/section/4/8/)

Sold Out Toor Con 2007 Workshop (http://toorcon.org/2007/workshops.php)

Currently teaching the following courses at Johns Hopkins University (JHU), University of Maryland Baltimore College (UMBC), CEDSolutions.com, TrainAce.com, LearnSecurityOnline.com and at various other universities, colleges, and training centers around the country:

• CISSP
• Certified Ethical Hacker
• Certified Hacking Forensic Investigator
• Security+
• Network+
• Linux+
• Hacker Techniques and Tactics (Hacking 101/Web Application Security)

Current Position:
Assessment Practice Manager at Rapid7
LearnSecurityOnline.com Founder

Performs as well as manages the consultants performing the security practice offerings.

Rapid7’s security offering portfolio includes:
• Penetration Testing
o Blackbox & Whitebox Penetration Testing
o Wireless Penetration Testing
o VoIP Penetration Testing
o Social Engineering

• Regulatory Compliance Auditing
o PCI, and HIPAA Gap Analysis
o ISO 27002 Audit
Description
===========
There are a few commercial vulnerability scanners and penetration testing tools for the Web Application security space. There are even fewer open-source vulnerability scanners and penetration tools that serve this purpose. Firefox with its collection of security extensions and its relative ease of extension development is fast becoming a Web Application Penetration Testing platform of choice.

This workshop will focus on using Firefox as a Web Application Penetration Testing platform, developing Firefox extensions to automate common penetration testing tasks, and writing extensions to address issues that commercial tools don't.

Topics
======

- What Makes up a Web Application Assessment
- Web Application Security Threat Classification
- OWASP Testing Guide

- Firefox Pentesting
- What Firefox Can Do
- What Firefox Can't Do
- Penetration Testing Steps
Information Gathering
- Passive Recon
- Server Fingerprinting
- Web Application Mapping
Vulnerability Identification
- Injection Vulnerabilities
- SQL Injection
- XPATH Injection
- XML Injection
- Abuse of Trust Vulnerabilities
- Cross-Site Scripting
- Cross-Site Request Forgery
- File Handling Vulnerabilities
- Remote File Includes
- Local File Includes
- File Upload
- Null Byte Injection

- Developing Firefox Extensions for Peneration Testing
- Understanding extension structure
- Disecting popular extensions
- Writing a simple extension

- Firefox Challenges
- Getting past "Hello World"
- Writing something useful

Prequisite Working Knowledge
============================
Students should be familiar with the following web technologies and languages:
- HTML
- Javascript
- ASP
- PHP
- SQL

Prequisite Material
===================
Each student must bring his own laptop with Windows XP/Vista or a recent Linux distribution such as:
- Fedora
- RHEL
- Gentoo
- Ubuntu

Your operating system must have Firefox 2 or Firefox 3 with the following packages installed prior to class are:
- Chickenfoot http://groups.csail.mit.edu/uid/chickenfoot/index.php
- Hackbar https://addons.mozilla.org/firefox/addon/3899
- Live HTTP Headers https://addons.mozilla.org/en-US/firefox/addon/3829
- Poster https://addons.mozilla.org/en-US/firefox/addon/2691
- Tamper Data https://addons.mozilla.org/en-US/firefox/addon/966
- TorButton https://addons.mozilla.org/firefox/addon/2275
- UserAgentSwitcher https://addons.mozilla.org/en-US/firefox/addon/59
- Web Developer Toolbar https://addons.mozilla.org/en-US/firefox/addon/60
- Passive Recon https://addons.mozilla.org/en-US/firefox/addon/6196
- Firebug https://addons.mozilla.org/en-US/firefox/addon/1843
- ShowIP https://addons.mozilla.org/en-US/firefox/addon/590
- Advanced Dork https://addons.mozilla.org/en-US/firefox/addon/2144
- QuickJava https://addons.mozilla.org/en-US/firefox/addon/1237
- ServerSpy https://addons.mozilla.org/en-US/firefox/addon/2036
- Slogger https://addons.mozilla.org/en-US/firefox/addon/143
- FormFox https://addons.mozilla.org/en-US/firefox/addon/1579
- Technika https://addons.mozilla.org/en-US/firefox/addon/4665
- Extension Developer https://addons.mozilla.org/en-US/firefox/addon/7434

Registration Maximum
====================
15 Students

By Andres Riancho , the w3af creator,

Training name: Discovery and exploitation of web application vulnerabilities

Overview

This training course focus is on manual and automated, discovery and exploitation of web application vulnerabilities. During this course you are going to go through a series of lectures followed by hands on practice. In each practice you will find vulnerabilities to exploit, each with a different level of complexity, which will defy your understanding of the subject. After the hands on practice, a small lecture on how the vulnerability is fixed is presented, together with common errors introduced by developers in that process.

The training will also teach you how to use the most advanced tools used by professionals in the field, like w3af (developed by the trainer), the burp suite, sqlmap and many others.

Course Structure

This is a two-day course that combines lectures with increasingly difficult hands-on exercises designed to teach the attendee different ways to discover and exploit web application vulnerabilities. All course materials, and a certificate of completion will be offered. You must provide your own laptop.

About the trainer
Andrés Riancho is an information security researcher and founder of Bonsai, where he is mainly involved in Penetration Testing and Vulnerability Research. In the research field, he discovered critical vulnerabilities in IPS appliances from 3com and ISS; and contributed with SAP research performed at his former employer.
His main focus has always been the Web Application Security field, in which he developed w3af a Web Application Attack and Audit Framework used extensively by penetration testers and security consultants. Andrés has spoken and hold trainings at many security conferences around the globe, like OWASP World C0n (USA), CanSecWest (Canada), T2 (Finland) and ekoparty (Buenos Aires).
Andrés founded Bonsai in 2009 in order to further research into automated Web Application Vulnerability detection and exploitation.
Deliverables

- Training booklet with printed slides and trainer comments
- Live CD with Web Application Security Tools
- VMware image with the training environment
- w3af T-Shirt ;)

Audience

Security consultants, system and network administrators, experienced web application developers, information security officers, government agencies.

Topics Covered

• Day One
  
  
  1. HTTP protocol review
     
  • Web architecture
    
  • HTTP headers and methods
    
  • HTTP authentication
    
  • HTTPS
    
  • Session management: cookies
    
  
  
  2. Common web server misconfigurations
  • Banners
    
  • Directory Indexing
    
  • HTTP authentication
    
  • HTTP method restrictions
    
  
  
  3. Common development and configuration errors
     
  • HTML comments and versioning
    
  • File inclusions
    
  • Backup and local database files
    
  • Hidden HTML Fields
    
  • Path Disclosure and directory enumeration
    
  • Exceptions and error messages
    
  
  
  4. Types of analysis
     
  • Static code analysis, black box testing and gray box testing:
    
  • Definitions
    
  • Vulnerabilities that can be detected
    
  • Vulnerabilities that CAN'T be detected
    
  
  
  5. Web Application Vulnerabilities
     
  • Reverse engineering of Java applets y Flash movies
    
  • Local file read
    
  • Local file inclusions
    
  • Path Traversal and Null Bytes
    
  • Remote file inclusions
    
  • Cross Site Scripting (XSS)
    
  • Cross Site Tracing
    
  • Cross Site Request Forgeries / Session Riding
    
  • HTTP Response Splitting
    
  
  
• Day Two
  
  
  1. Web Application Vulnerabilities
     
  • Uncommon attack vectors
    
  • LDAP Injection
    
  • OS Commanding
    
  • SQL Injection:
    
  • Enumeration of tables and columns
    
  • Execution of queries and stored procedures
    
  • Creation of files
    
  • Execution of OS commands
    
  • Blind SQL Injection
    
  
  
  2. Web application privilege escalation
     
  • Session handling
    
  • Logical vulnerabilities
    
  
  
  3. Countermeasures
     
  • mod_security
    
  • PHP hardening:
    
  • Secure configuration parameters
    
  • GRASP
    
  • PHP-IDS
    
  • Hardening for Java - HDIV
    

By ThinkSECURE

Description:

The Organizational Systems Wireless Auditor® (OSWA™) is an international wireless auditing and pentesting programme which focuses specifically on providing IT professionals with the technical knowledge and skills of how to practically and technically conduct and execute wireless security audits & penetration tests against both wireless infrastructures and wireless clients. With many countries announcing wireless internet access initiatives, attending the OSWA™ will give you a solid grounding in how to audit the security of wireless networks and clients.


Unlike many other "wireless security" courses, the OSWA™ is specially designed by wireless security professionals to teach all aspects of wireless security from an auditor's viewpoint. Using ThinkSECURE's 5E Attacker Methodology as a framework, the programme covers topics such as Radio Frequency (RF) and RF Spectrum Analysis, 802.11 frame analysis, advanced wireless LAN penetration techniques, RFID security weaknesses, Probemapping and wireless client targeting and building/hacking wireless hardware. Attendees will also learn how to geographically isolate and hunt down wireless hackers, moochers and other unauthorized wireless users using ThinkSECURE's MoocherHunter™ tool.


Furthermore, with its 100% practical certification examination, the OSWA™ distinguishes itself from other certifications who use non-practical online MCQ tests which are susceptible to brain-dumping and thus devalue over time. Anyone who can pass the OSWA™ practical certification examination has proven that they have true practical skill and how to apply knowledge to unfamiliar situations!


Programme attendees will also get a special laser-etched version of the OSWA™-Assistant, ThinkSECURE R&D's customized wireless auditing software toolkit CD. This toolkit is an indispensible tool for helping IT-security professionals to audit 802.11, Bluetooth and RFID wireless technologies.


The OSWA™ augments and improves the skills and capabilities of IT-Security professionals by equipping them with the relevant technical skills and an understanding of ethical and legal issues involved in wireless auditing. Simply put, participants will come away with the following:

• A comprehensive understanding of the nature of Radio Frequency (RF)

• Technical knowledge of 802.11, Bluetooth & RFID security issues

• Ability to detect and identify the presence and security characteristics of wireless networks

• Knowing what pre-wireless-audit hardware, software, legal and procedural preparation is required

• Advanced technical skills and ability in performing wireless security audits

• Thorough knowledge of how to isolate and geographically track down wireless hackers and moochers

• Ability to build and hack your own wireless hardware

• Ability to recommend wireless security countermeasures

With its wide variety of practical classroom labwork and a hands-on, practical certification exam, the OSWA™ wireless auditing and penetration-testing programme is an ideal complement to the defence-oriented OSWiSP™ secure wireless deployment and administration training programme.

Who Can Benefit From This Programme:

IT Professionals who will benefit from this programme include the following:

• Security Analysts / Consultants

• Penetration Testers

• Audit Teams

• Law Enforcement Investigators

• Network Designers

• Network Administrators

• System Administrators

• IT Engineers

and anyone who is involved in the security, testing, design, deployment and/or operation of a WLAN.


OSWA-Course-Outline.pdf

HACKING AND DEFENDING ORACLE DATABASES

Basically this course will teach you the latest (most unknown) techniques to hack and protect Oracle Database servers.


LEVEL:
* High

PREREQUISITE:
* Pretty basic knowledge of Oracle database administration and PL/SQL language.
* Students should have their computer with at least 5 gigabytes of free disk space.

WHO SHOULD ATTEND THIS COURSE:
* Oracle Database Server Administrators.
* Developers using Oracle Databases that wants to create secure applications.
* Auditors and penetration testers.
* Managers in charge of Information Security.
* You.

TOPICS:
1) Hacking and protecting the Oracle Listener
* Discovering Oracle Listeners
* Attacking Oracle Listeners
* Vulnerabilities in the Oracle Listener
* How to secure the Listener

2) Hacking and protecting user passwords
* Default users
* Getting user passwords in clear text
* Cracking user passwords (offline hash attacks and online attacks)
* How to protect user passwords
* Auditing users and passwords
* Using Profiles to ensure passwords are protected
* Using a Secure External Password Store

3) Getting security sensitive information
* Getting listener information
* Getting Oracle configuration
* Enumerating users, linked servers and other objects
* How this information can be used to hack the database
* How to protect

4) Vulnerabilities in the Oracle Database software
* Overview of Oracle database vulnerabilities
* SQL Injection in Oracle
* Exploiting PL/SQL Injection vulnerabilities
* Analyzing a PL/SQL Injection vulnerability
* How to exploit a PL/SQL buffer overflow vulnerability
* How to protect

5) SQL Injection
* Different kinds of SQL injection vulnerabilities
* Autonomous transactions
* Exploiting SQL injection vulnerabilities using different techniques
* How to view wrapped PL/SQL for SQL Injection vulnerabilities
* Advanced SQL Injection
* How to protect

6) Oracle Database rootkits & backdoors
* Rootkit & backdoor installation
* Implementing a rootkit & backdoor
* Detecting a rootkit & backdoor

7) Data theft attacks
* Advanced techniques
* Stealing a complete database
* Stealing data using a rootkit & backdoor
* Detecting attacks with database honeypots

8) IDS/IPS evasion techniques
* Database exploits encoding techniques

9) Data encryption
* Overview of database encryption
* Ways to implement data encryption

10) Auditing Oracle
* What can be audited in Oracle databases
* How to enable auditing
* Fine Grained auditing
* Auditing Administrative users
* Alert logs and trace files
* Analyzing audit trails
* Auditing using the redo log files (LogMiner)
* What should be audited

11) Secure configuration checklist
* Differences between existing checklists
* Review of a recommended security checklist

12) Security Patches
* Overview of Oracle Patches
* Problems with patches
* Detecting and solving problems


Trainer: Esteban Martínez Fayó
Esteban is a security researcher/consultant; he has discovered and helped to fix multiple security vulnerabilities in major vendor software products. He specializes in application security, he is recognized as the discoverer of most of the vulnerabilities in Oracle server software and he has also developed and researched novel Oracle attacks techniques. He has presented many times at international conferences such as Black Hat, WebSec, NcN, etc.
Esteban currently works for Argeniss doing information security research and developing security related software solutions.

Español:
Esteban Martínez Fayó es un investigador y consultor de seguridad informática; ha descubierto y ayudado a arreglar múltiples vulnerabilidades de seguridad en los productos de software de los fabricantes más importantes. Se especializa en seguridad de aplicación y es reconocido como el que más vulnerabilidades en bases de datos Oracle ha descubierto. Esteban ha desarrollado y presentado novedosas técnicas de ataque a base de datos en conferencias internacionales como Black Hat y WebSec.
Actualmente trabaja para Argeniss, realizando investigación en seguridad informática y desarrollando software relacionado con seguridad. Esteban es egresado de la carrera de Ingeniería en Sistemas de Información de la Universidad Tecnológica Nacional.

Introduction to Malware Analysis
Trainers: Jason Geffner (Next Generation Security Software Ltd.) and Scott Lambert (Microsoft Malware Protection Center)

Primary Target Audience:

This class is for security analysts who wish to learn how to statically and dynamically analyze malware to understand its functionality.

Secondary Target Audience:

Individuals interested in exploring and gaining a strong understanding of binary analysis methodologies and its applications to malicious code analysis.

Description:

Security researchers are facing a growing problem in the complexity of malicious executables. While dynamic black-box automation tools exist to discover what malware will do on a given execution, it is often important for an analyst to know the full capabilities of a given malware sample. What port does it listen on? What password does it expect for backdoor access? What files will it write to? What will it do tomorrow that it didn't do today?

This class will focus on teaching attendees the steps required to understand the functionality of given malware samples.

This is a hands-on course. Attendees will work on real-world malware through a series of lab exercises designed to build their expertise in understanding the analysis process.

Key Learning Objectives:

· x86 Assembly language
· PE File format
· API functions often used by malware
· Anti-analysis tricks and how to defeat them
· Exploits and Shellcode
· A methodology for analyzing malware with and without the use of specialized tools

General Learning Objectives:

· An understanding of how to use reverse engineering tools
· An understanding of low-level code and data flow

Course Style:

Combination of lecture and lab. Labs will be interspersed with lectures and will include both group and individual work.

Course Duration:

2 days

What to Bring:

Attendees must bring their own laptop with Microsoft Windows XP, Microsoft Windows Server 2003, or Microsoft Windows Vista installed inside of a virtual machine.

Attendees are expected to have the following software installed in a virtual machine prior to the first day of the course:

· API Imports/Exports Viewer - Dependency Walker
http://www.dependencywalker.com/

· API Logger - Auto Debug
http://www.autodebug.com/download.php

· Debugger – OllyDbg
http://www.ollydbg.de/download.htm

· Disassembler - IDA Pro
http://www.hex-rays.com/idapro/idadowndemo.htm

· Hex Editor - Hex Workshop
http://www.bpsoft.com/downloads/index.html

· Import Table Reconstructor and Memory Dumper - Import REConstructor
http://www.woodmann.com/collaborative/tools/index.php/ImpREC

· Packer Detector – PEiD
http://peid.has.it/

· PE Editor – LordPE
http://www.woodmann.com/collaborative/tools/index.php/LordPE

· Resource Monitor – Process Monitor
http://www.microsoft.com/technet/sysinternals/FileAndDisk/processmonitor.mspx

Prerequisites:

Attendees should be comfortable in the Windows environment.

Attendee Expectations:

Attendees will be required to work both alone and in groups when performing analysis of malware samples. In addition, attendees will also share the results of their analysis with respective classmates.

Materials:

Attendees will be presented with the following materials to be used and referenced throughout the duration of the course:

· Notebooks containing lecture slides and worksheets.
· CDs containing various software tools and reference material.

Course Schedule:

Day 1

· Administrivia and Background Information
· Dynamic Analysis vs. Static Analysis
· Windows Internals
· Code and Data Flow on x86 Systems
· x86 Assembly Language
· PE File Format

Day 2

· Analyzing malware with IDA Pro
· Analyzing malware with OllyDbg
· Exploits and Shellcode
· Malware Deobfuscation

WAPT like an Hacker
Syllabuse

About Trainer:
Aditya K Sood is an independent Security Researcher and Founder of SecNiche Security. He has been working in security field for last 5 years. He is a Lead Author for Hakin9 group for writing security and hacking papers. His research has been featured in Usenix; login magazine and ELSEVIER Network Security and Computer Fraud Journals. His work has been quoted at EWeek, SCMagazine, Zdnet, Internetnews etc. Aditya‘s academic background holds a BE and MS in Cyber Law and Information Security from Indian Institute of Information Technology (IIIT-A). He had already spoken at conferences like EuSecWest, XCON, Xkungfoo, OWASP, CERT-IN, Clubhack etc. His other projects include Mlabs, CERA and Triosec. He has written number of security papers released at packetstorm security, Linux security, infosecwriters, Xssed portal etc. He has also given number of advisories to forefront companies. At present he is working as a Lead Penetration Tester in KPMG IT Advisory Services.
Web: http://www.secniche.org
Blog: http://zeroknock.blogspot.com

Basic Aim:
To present the real world problems with an insight of type of penetration tests to be conducted and to educate professionals. Our class is interactive. The targets are developed as a vulnerable application on Virtual Machines. We will be covering all web based flaws and provide a hand on experience to the users by interactive discussions and hand on targets. The point is to clear the basics.
Note: We will discuss real world hacks too as cited examples. We will go beyond OWASP Top 10 attacks to cover what else can be done with a vulnerable application. We will also run real world application flaw videos.

Target Audience
Security Managers, Security Consultants and Auditors, Administrators, Developers, QA team and Code reviewers.All concepts taught in this class are punctuated with hands-on exercises based on situations observed in real life. The class ends with a challenge exercise. Working within a limited time period, participants are expected to analyze the code, identify loopholes, exploit vulnerabilities present in the applications and suggest appropriate defense strategies.

Course Outline:
[1] Under standing the Spectrum of Web application:
In this we will cover about application security fundamentals and principles. The talk revolves around the evolution of applications and threats related to it.

[2] Breaking inside Application components
We will be covering:
2.1 Communication Protocols and application components.
2.2 Understanding multi-layered application architecture, programming languages used in applications.
2.3 Browser Interaction, the client side coding, pluggable protocol handlers execution etc.
2.4 Server Side Technologies and Languages PHP, ASP, JSP, J2EE,.Net.
2.5 Introduction to standard tools to execute the concepts practically.
2.6 Web Server configuration, web server vulnerabilities, fingerprinting web servers and application servers, security controls pertaining to web servers and their deployment

[3] Application Discovery and Mapping
3.1 Application Foot printing and Enumeration.
3.2 Discovering the functional structure of applications – the hacker’s viewpoint, advanced techniques.
3.3 Server Side attack points and Web server configuration checks.
3.4 Infrastructure tests for application running on servers.
3.5 Exploiting Search Engine functionalities: Advanced Keywords.
3.6 Web garbage dumping for finding information about the targets.
3.7 Detection of HTTP interfaces Embedded Devices etc.

[4] Application Attack Vectors
4.1 Understanding the assets and Mapping them to targets.
4.2 Walk along HTML source for extracting information.
4.3 Information leakage through error messages, source code disclosure, input tampering and input validation attacks.
4.4 SQL injection and attacks on the database, injecting malicious code and remote command exec, accessing the underlying file system.
4.5 Brute forcing HTTP authentication, Brute Forcing HTML form authentication, Session Hijacking, Cross Site Scripting (XSS) attacks, Cross Site Request Forgery (XSRF) attacks.
4.6 Remote File Inclusion and Local File Inclusion attacks.
4.7 HTTP Verb Tampering Attacks
4.8 Cookie Dissection and Analysis
4.9 Generic Secure Coding Flaws , Frame Injections , Hidden Frame Exploitations, Same Origin Policy etc.

[5] What about Threat Analysis – Impact on Business
5.1 Threat Modeling - Threat analysis, Architecture review, Technologies and Source Code.
5.2 Threat matrix, Security controls for code, Design analysis and review.

[6] Prerequisite Knowledge
6.1 Working knowledge of Windows or Unix Operating Systems and command-line tools
6.2 Working knowledge of HTTP, SSL and related protocols
6.3 Working knowledge of shell scripts, SQL, Perl and JavaScript

PREREQUISITE WARNING
Each class has prerequisites for software loads and a laptop is mandatory. These individual class guides will list material the students are expected have knowledge about coming in and software tools that need to be pre-installed before attending so you get the maximum benefit from the focused intermediate or advanced level course. Please pay particular attention to the prerequisites, as the material listed there will not be reviewed in the courses, and will be necessary to get the maximum benefit out of these educational programs.

Essential Pentest Class 101
1. Trainer names: Julio Cesar Fort and Gustavo Pimentel Bittencourt (Digital Trust, Brazil)

Bio:
Julio Cesar Fort is security consultant at Digital Trust and undergraduate student of Computer Engineering at Federal University of Pernambuco (UFPE). In the past he worked as security consultant contractor at Matta Ltd., a company based in London, UK, and as security analyst trainee at Tempest Technologies, a Brazilian market-leading computer security company based in Recife, Brazil. Prior to joining Tempest, he held a scholarship of CNPq, acting as intern researcher at C.E.S.A.R. and authored papers and "philes" on computer security.
Julio has been speaker at several conferences such as Chaos Communication Congress, H2HC, Ekoparty and was the main organizer of uCon Security Conference, in Recife, Brazil, and also used to be editor-in-chief of The Bug! Magazine, an electronic hacker-focused magazine mainly written in Portuguese.

Gustavo Pimentel Bittencourt is an undergraduate student at Federal University of Pernambuco (UFPE) and currently holds a position as security engineer at Tempest Security Intelligence, mainly performing penetration testing on web applications and network infrastructure for high-profile customers in Brazil. He was a scholarship holder of CNPq (Brazilian National Council for Scientific and Technologic Development) working as intern researcher at C.E.S.A.R. (Center for Studies of Advanced Systems of Recife), a well-known research and software development center in Brazil.
Acting as security consultant at Digital Trust, in the past years Gustavo has been teaching classes in colleges and conferences about topics on computer security.

Abstract:
In the past 10 years problems related to security flaws have increased and this evolution resulted in several new classes of issues evolving significantly - creating in the process whole new categories of problems.

With the intent to improve students' technical security skills and keep them up to date with the latest security threats, this course covers the methodologies, tools and - most importantly - techniques required to perform a successful security audit, be it manual or automated, and to keep your systems safer. Common hacking techniques are revisited in an out of the box fashion from a professional and practical point of view in order to achieve a successful penetration test with more efficiency.

Essential Pentest Class 101 begins with the very basics of an assessment, with target profiling, and rapidly evolves into identification and further exploitation of potential security holes, including forgotten and obscure ones, achieving the ultimate goal of successfully compromise a target system.

In order to provide a training focused on a practical approach, the classes have been designed to replicate real-life environments and situations one may face in most of security tests.

This course is aimed at newcomers into the information security world with a technical profile that work or have interest to work with penetration test. The way classes are conducted allows the student to obtain a strong overview about every topic covered by this course.

Moreover, this training introduces methodologies such as OSSTMM and OWASP.

Who should attend?
This is a technical course aimed at fresh security professionals in need of a practical, real world penetration testing knowledge and people in general who are looking forward to delve into the exciting world of information security. Although being an entry level course, students are expected to be familiar with the prerequisites outlined below in this text.

Course length
Two days. This course will provide all classes materials and custom VMware images in order to simulate a real world environment for in-class training.

What to bring
Students must bring their own laptop with the minimum requirements to run a virtual machine without performance impact. A wireless capable laptop is also recommended.

Topics covered
* Enumeration and information gathering
* Security analysis
* Attacks to network protocols
* Various real life exploitation/post-exploitation techniques and practical "0wnage"

Prerequisites
* Students must be familiar with UNIX-like operating systems and Windows
* Knowledge of basic shell script and network tools such as netcat, nmap, etc, is highly recomended;
* Basic knowledge of architecture and network protocols, mainly TCP/IP, and introductory understanding of network services such as DNS, SMTP, NFS, NetBIOS, etc.