Advanced Honeypot Tactics
Description
This course shows how to use honeypot technologies as a concrete improvement to your organisations security defences. This course will concentrate on low-interaction honeynet technology.
honeyd
workings of honeyd
routing traffic to honeyd
simulation
simulation tcp/ip stacks
simulation of network infrastructure
simulation of applications
advanced honeyd configuration
centralized data collection with honeyd
traditional methods
honeyd collectorr/mustard
writing honeyd plugins
honeyd to protect cooperate infrastructure
malware collection
Collecting malware with honeypots
Techniques used
mwcollect / nepenthes
How they work
Writing own modules
Analyzing the received shellcodes
Analyzing the captured binaries
Results
Bots/Botnets
Intro to bots and demo
Reverse engineering of bot
Basic techniques
Sandboxes
Ollydbg and/or IDA
Botnet 101
How they work
What you need to know
Observing them
Live botnet observation
Results
Prerequisites
Students should be familiar with honeypot concepts and have a good understanding of TCP/IP networking and analysis tools like Ethereal.
Prerequisite material
Students need to bring a computer configured with VMWare and powerful enough to run two VMware sessions at once. The computer also should have an wired ethernet interface. Students also need to have an IRC client and the Python programming language installed. They also should have a Windows installation (native or in vmware) with OllyDbgr (http://www.ollydbg.de/) installed.
Instructor: Thorsten Holz
Thorsten Holz is a Ph.D. student at the Laboratory for Dependable Distributed Systems. He is one of the founders of the German Honeynet Project and has extensive background in the area of honeypots and bots/botnets. His research interests include the practical aspects of secure systems, but he is also interested in more theoretical considerations of dependable systems. In addition, he is the editor-in-chief of the German IT-security magazine MISC.
The Exploit Laboratory - Advanced Edition
Description
Penetration testing with canned tools and exploits is a thing of the past. As companies are getting more and more conscious of having their internal programs binary audited and reverse engineered, penetration testers are required to spot vulnerabilities in compiled code and write custom exploits for these vulnerabilities. The Exploit Laboratory takes the hacker's approach in demonstrating how seemingly trivial errors and vulnerabilities can be exploited with astonishing results. The Exploit Laboratory begins with an introduction to vulnerabilities in binary code and goes through a systematic process of debugging, reverse engineering and writing a working exploit for these vulnerabilities.
This class is aimed at demystifying the "rocket science" in writing exploits - delivered in a down-to-earth, learn-by-example methodology, by trainers who have been teaching advanced topics in computer security for over 6 years. This class does NOT require knowledge of assembly language. A few concepts and a sharp mind is all you need. Examples and exercises in this class cover both the Unix (Linux) and Microsoft Windows platforms.
Topics
Introduction to error conditions
The CPU's Registers
The Process memory map
Effective use of debuggers on Linux and Windows
Stack Overflows in Linux and Windows
Getting control of the Instruction Pointer
Making exploits reliable
Return to stack vs. return via registers
Advances in shellcode techniques
Overwriting Exception Handlers
Heap Overflows in Linux and Windows
Overwriting Global Offset Table entries
Exploiting Browsers
Format String bugs (time permitting)
Prerequisite Knowledge
Working knowledge of operating systems, Win32 and Unix.
Working knowledge of shell scripts, cmd scripts or Perl.
Be able to work easily with command line tools.
Understanding of C programming would be a bonus.
Laptop requirements
Hardware Requirements:
Intel x86 hardware required
512MB RAM required, at a minimum
Wired 10/100 Network card
CDROM drive
4 GB free Hard disk space
Operating Systems (one of the following):
Windows 2000 SP4/XP SP2 -OR- Linux kernel 2.4/2.6
For Windows users:
Windows 2000 SP4/XP SP2
Windows Vista WILL NOT WORK (you have been warned)
Administrator access mandatory
Ability to disable Anti-virus / Anti-spyware programs
Ability to disable Windows Firewall or personal firewall
Active Perl to be installed
For Linux users:
Kernel 2.4 or 2.6 required
Root access mandatory
Ability to use an X-windows based GUI environment
MAC OS X is currently not supported in this class. Participants may bring their Intel based MacBooks or MacBook Pros that have Windows XP running on them using Apple Boot Camp. If you wish to use Parallels Desktop, you may do so, but you are on your own when it comes to weird troubleshooting.
Pre-loaded software:
Netcat (nc)
SSH client (PuTTY for Windows laptop users)
Perl 5.8 or above (ActivePerl for Windows users)
Firefox browser
Instructor: Saumil Shah
Founder and CEO, Net-Square Solutions Pvt. Ltd. saumil@net-square.com Saumil continues to lead the efforts in e-commerce security research at Net-Square. He holds a designation of Certified Information Systems Security Professional. Saumil has had more than ten year s experience with system administration, network architecture, integrating heterogenous platforms, and information security and has perfomed numerous ethical hacking exercises for many significant companies in the IT area. Previously, Saumil held the position of Director of Indian operations at Foundstone Inc. and a senior consultant with Ernst & Young. Saumil has also worked at the Indian Institute of Management, A hmedabad, as a research assistant. Saumil graduated from Purdue University with a master's degree in computer science and a strong research background in operating systems, networking, infomation security, and cryptography. He got his undergraduate degree in computer engineering from Gujarat University, India. Saumil is a co-author of "Web Hacking: Attacks and Defense" (Addison Wesley, 2002) and is the author of "The Anti-Virus Book" (Tata McGraw-Hill, 1996)
Instructor: Christopher Owen
No bio.