Course
Cyber Security Tester/Analyst – Hands-On Exploiting («HAK4»)
Course facts
- Implementing known and new exploiting techniques
- Testing of security measures against exploits in test environments (hacking labs)
- Sharpening of analytical skills against targeted attacks
- Better understanding and faster detection of attack patterns
In the course we will work with KALI LINUX™ and various own codes. A corresponding LAB environment for hands-on exercises is available for all participants. They are introduced step by step to the exciting exploit topic in the guided LAB exercises. In addition to professional exploit tools such as the Metasploit™ framework, various own scripts are also used. In the LAB, attacks on client and server systems as well as on web applications are looked at. We gain access to systems via exploits and increase our system rights via privilege escalation. For a deeper understanding of current attacks, we look at the particularly interesting approach of «Living off the Land Hacking», against which basic protective measures are currently insufficient.
The course is rounded off with the essential attack techniques against web applications, since these are an exposed and popular target of criminal hackers. After this course, you will be able to analyze known and new exploit techniques in your own test environment and thus improve your own cyber security measures and detection rules. All participants explicitly commit themselves not to misuse the acquired knowledge. A written agreement to this effect must be signed before the course begins.
- Set up your own Exploiting Lab
- Classify computer architectures and assembler code in the context of exploits
- Introduction to debugging programs like gdb, OllyDbg and Immunity
- Detection of weak points by means of fuzzing
- Understand basic exploiting techniques such as buffer and heap overflows, format string vulnerabilities, etc
- Create your own exploit scripts together
- Understand the use of shellcodes within the exploit
- Generate shellcodes and embed them into your own exploit script
- Ensure that the exploit is executable (Bad Chars)
- Perform various user space exploits
- Using kernel exploits to gain root privileges
- Exploit vulnerable program libraries (DLLs)
- Classify protective effect and limits of DEP and ASLR in the context of system curing
- Testing protective measures with «Living off the Land Hacking»
- Understand basic attack techniques against web applications such as XSS, SQL injection, etc
- Tasks for own LABs for independent knowledge deepening
*KALI LINUX™ is a trademark of Offensive Security.
*Metasploit™ is a trademark of Rapid7 LLC.
This course is aimed at security professionals, computer scientists and managers who have attended the course «Cyber Security Tester - Hands-on Professional (HAK2)» and would like to deepen their previously acquired knowledge and analytical skills in a hands-on training with various exploiting techniques.
Completion of one of the following courses or equivalent broad practical hacking experience with KALI LINUX™:
This compact seminar can be used together with own exercises to prepare for various IT security and hacking certificates and is part of the preparation for the renowned certificate: «OSSTMM Professional Security Analyst».
Participants must have a remote desktop client installed on their PC/notebook.
- Under Windows, the official Microsoft client is usually already installed
- macOS users can download the official Microsoft client from the Apple App Store: https://apps.apple.com/ch/app/microsoft-remote-desktop/id1295203466
Important: For security reasons, companies often block a remote desktop connection on business devices and in the company network. It is recommended to participate in the training on a private device and not on the company network. Alternatively, you can clarify in advance with the responsible IT department whether remote desktop connections are possible.