HI-TEC: Ethical Hacking

July 28, 2011 Sam Bowne

Description

Learn how hackers steal passwords, bring down servers, and take control of your computer with malicious web pages. After a brief lecture and demonstration of the attacks, participants will perform real attacks using laptop computers provided at the workshop. Participants will see for themselves how vulnerable they are and will learn the value of anti-virus and other defenses. Classroom-ready lecture materials and instructions for the projects are available free of charge on the web.

Lectures
DoS SQL

Back to Top

Projects
Projects Join Twitter WebGoat Setup SQL Injection Lessons with WebGoat Scanning for SQL Injections with skipfish Win 7 DoS with Router Advertisements Other Projects & Materials BackTrack Downloads Install Backtrack 5 on USB flash memory stick Exploitable Message Board Student Agreement Code of Ethics Cold Calls Virtual Machines at Home Fixing Ubuntu Virtual Machine Problems Proj 1: HTTP Headers (15 pts) Proj 2: Tamper Data (20 pts) Proj 3: Building a Web Server (10 pts) Proj 4: DoS Attack with the Low Orbit Ion Cannon (15 pts) LOIC (7-zip, password sam) Proj 5: Independent Project (20 pts. or more) Proj 6: WebGoat Setup (20 pts.) Proj 7: WebGoat Introduction (15 pts.) Proj 8: WebGoat: Access Control (15 pts.) Proj 9: Attacking Apache (20 pts.) Proj 10: Port Knocking on BackTrack Linux (20 pts.) Proj 11: Attacking Apache with the OWASP Slow Http Tool (15 pts.) Proj 12: Attacking IIS with the OWASP Slow Http Tool (15 pts.) Proj 13: IPv6 Router Advertisements (15 pts.) Proj 14: Using thc-ipv6 to Scan an IPv6 Network (15 pts.) Proj 15: Protecting a Web Server with a Load Balancer (20 pts.) haproxy-1.4.11.tar.gz Proj 16: Protecting Apache with mod_security (20 pts.) Proj 17: Introduction to scapy (15 pts.) Proj 18: TCP Handshake with scapy (15 pts.) Extra Credit Projects Proj 1x: IPv6 Tunnel (10 pts.) Proj 2x: Attacking nginx (15 pts.) Proj 3x: Attacking nginx with the OWASP Slow Http Tool (15 pts.) Proj 4x: Benchmarking Web Server Performance (15 pts.) Proj 5x: Protecting Apache with iptables (15 pts.) Proj 6x: Social Engineering Toolkit Java Exploit (15 pts.) (updated 4-15-11) Proj 7x: IPv6 with scapy (20 pts.) Proj 8x: Win 7 DoS with Router Advertisements (20 pts.) Proj 9x: Router Advertisements with scapy (20 pts.) Proj 10x: Slow Loris Attack with scapy (20 pts.) Proj 11x: Router Advertisement attack with npg on Windows (10 pts.) ra-attack.txt Proj 12x: Duplicate Address Detection (15 pts.) Proj 13x: DoS with Secure Neighbor Discovery (SeND) (10 pts.) Proj 14x: yesman--Scanner Honeypot with scapy (15 pts.) Proj 15x: ARP Spoofing with scapy (10 pts.) Proj 16x: Detecting Promiscuous NICs with scapy (10 pts.) Proj 17x: Introduction to gdb (20 pts.)

Projects

Join Twitter
WebGoat Setup
SQL Injection Lessons with WebGoat
Scanning for SQL Injections with skipfish
Win 7 DoS with Router Advertisements

Other Projects & Materials

BackTrack Downloads
Install Backtrack 5 on USB flash memory stick
Exploitable Message Board

Student Agreement
Code of Ethics

Cold Calls

Virtual Machines at Home
Fixing Ubuntu Virtual Machine Problems

Proj 1: HTTP Headers (15 pts)
Proj 2: Tamper Data (20 pts)
Proj 3: Building a Web Server (10 pts)
Proj 4: DoS Attack with the Low Orbit Ion Cannon (15 pts)
LOIC (7-zip, password sam)
Proj 5: Independent Project (20 pts. or more)
Proj 6: WebGoat Setup (20 pts.)
Proj 7: WebGoat Introduction (15 pts.)
Proj 8: WebGoat: Access Control (15 pts.)
Proj 9: Attacking Apache (20 pts.)
Proj 10: Port Knocking on BackTrack Linux (20 pts.)
Proj 11: Attacking Apache with the OWASP Slow Http Tool (15 pts.)
Proj 12: Attacking IIS with the OWASP Slow Http Tool (15 pts.)
Proj 13: IPv6 Router Advertisements (15 pts.)
Proj 14: Using thc-ipv6 to Scan an IPv6 Network (15 pts.)
Proj 15: Protecting a Web Server with a Load Balancer (20 pts.)
haproxy-1.4.11.tar.gz
Proj 16: Protecting Apache with mod_security (20 pts.)
Proj 17: Introduction to scapy (15 pts.)
Proj 18: TCP Handshake with scapy (15 pts.)

Extra Credit Projects

Proj 1x: IPv6 Tunnel (10 pts.)
Proj 2x: Attacking nginx (15 pts.)
Proj 3x: Attacking nginx with the OWASP Slow Http Tool (15 pts.)
Proj 4x: Benchmarking Web Server Performance (15 pts.)
Proj 5x: Protecting Apache with iptables (15 pts.)
Proj 6x: Social Engineering Toolkit Java Exploit (15 pts.) (updated 4-15-11)
Proj 7x: IPv6 with scapy (20 pts.)
Proj 8x: Win 7 DoS with Router Advertisements (20 pts.)
Proj 9x: Router Advertisements with scapy (20 pts.)
Proj 10x: Slow Loris Attack with scapy (20 pts.)
Proj 11x: Router Advertisement attack with npg on Windows (10 pts.)
ra-attack.txt
Proj 12x: Duplicate Address Detection (15 pts.)
Proj 13x: DoS with Secure Neighbor Discovery (SeND) (10 pts.)
Proj 14x: yesman--Scanner Honeypot with scapy (15 pts.)
Proj 15x: ARP Spoofing with scapy (10 pts.)
Proj 16x: Detecting Promiscuous NICs with scapy (10 pts.)
Proj 17x: Introduction to gdb (20 pts.)

Back to Top

Links

Back to Top

Last Updated: 7-27-11 9 pm

HI-TEC: Ethical Hacking

July 28, 2011 Sam Bowne

Description

Lectures

Projects

Projects

Other Projects & Materials

Extra Credit Projects

Links