Expanding Security – CISSP & CEH training

Please note: You will not be able to get files from the server unless you are a paid student and have been issued an account. So some links on this page will not work if you are a guest.

The steps below, the files, and links within, are numbered in order of what you will need to read and do. If this set of steps is unclear, please attend orientation for a walk-through.

00- Reading -

There are no direct chapters in your books-

For Session Hijacking: This looks long 127 Pages, but it is a lot of slides. All rolled up in one doc here.

For Hacking Web Servers:

Since we have two main types of Microsoft and LAMP – Linux Apache MySQL PHP you get to choose.

Three links read as much as you have time for-

http://bodvoc.wordpress.com/2010/07/02/an-overview-of-a-web-server/

http://learn.iis.net/

https://www.owasp.org/index.php/Insecure_Configuration_Management

LAMP – you need to install it before you hack it

http://www.lamphowto.com/

Two other source documents are here:

OSSTMM (16MB) SP800-115 (.6MB)

01-Mind map review for Note Cards, Terms and Process. For every term in the concepts section of the mindmap you should find a definition first from the book and second from your research. For every tool in the book you should make a notecard based upon Reconn Layer, Exploit Category, and Process.

02-Tool review

Our first week of class is different from this process- Start off with small artifacts submitted via email.

You must have the VBox structure in place to start the labs. Every week and every class you will be assigned one or two base tools. We will discuss that tool in the Lab part of class.  Your assignment is to work the tool, collect artifacts and send via email or post them. Artifacts are ALWAYS packet captures and sometimes a screenshot. Do not send large raw packet captures- you must cut the capture down to the attack/response data. You should be able to discuss this tool’s function, place in the process, and comparison to other tools.

The list of tools discussed this week:

10.  Session Hijacking

11.  Hacking Web Servers

1. Unicodeuploader.pl
2. cmdasp.asp
3. iiscrack.dll
4. ispc.exe
5. CleanllSLog
6. IISHackexe
7. IISxploit.exe
8. execiis-win32.exe

03-Reports

As a professional you will be required to report your findings to management in a meaningful, actionable way. For each tool you must know how it fits with your original plan, the outcomes from its use, and what should be done to protect the environment from its use in the future.

04-Recording links are listed for your review of presentations. These are updated one week after the new class.

Recording 10

Recording CEH10 LAB

Recording CEH 11

Recording CEH11 LAB

You can find these links and the class schedule here:http://www.expandingsecurity.com/about/events/

Extra Reading links:

10 Session Hijacking (11)

10 Reading

http://www.blackhat.com/presentations/bh-europe-03/bh-europe-03-valleri.pdf

{LANG_NAVORIGIN}

http://www.cgisecurity.com/lib/SessionIDs.pdf

Anatomy of an ARP Poisoning Attack | WatchGuard

http://adventuresinsecurity.com/Papers/DNS_Cache_Poisoning.pdf

http://www.rootsecure.net/content/downloads/pdf/arp_spoofing_intro.pdf

Session hijack script

Session hijacking attack – OWASP

http://www.infosecwriters.com/text_resources/pdf/SKapoor_SessionHijacking.pdf

The Web Application Security Consortium / Credential and Session Prediction

CLIENT-SIDE ATTACKS | The Honeynet Project

Technology Bytes: Prevention from Session Hijacking

Session Hijacking

IP Security (IPSec)

How To Protect Your Login Information From Firesheep

arpspoof

10 Proxies

Parosproxy.org – Web Application Security

PortSwigger Web Security

Packet Storm ≈ Full Disclosure Information Security

SourceForge.net: JHijack – Project Web Hosting – Open Source Software

surfjack – A tool which allows one to hijack HTTP connections to steal cookies – Google Project Hosting

11 Hacking Webservers (12)

11 Reading

Website basics W3Schools Online Web Tutorials

An Overview of a Web Server | Bodvoc’s Blog

IIS Security Monster 440 Page Jason Coombs ( dated but great)

Techno Freak: IIS 7.0 Architecture

Chapter 5 – Managing Web Server Security

Firewall Penetration Testing.pdf

SSL 3.0 Specification

ATTRITION Defacement Mirror

Insecure Configuration Management – OWASP

11 Attacks

Web-Server-Hacking | Darknet – The Darkside

HTTP Response Splitting – OWASP

Tunneling protocol – Wikipedia, the free encyclopedia

11 Tools

Brutus – Download

Category:OWASP WebGoat Project – OWASP

YouTube – Learn how to use METASPLOIT

Netcraft Anti-Phishing Toolbar

HTTrack Website Copier – Offline Browser

Burp free and pro

HooBieNet – Home

Tenable Nessus | Tenable Network Security

Metasploit Framework Penetration Testing Software | Metasploit Project

Baseline Security Analyzer 2.2 – Download FAQ Resources | TechNet

11 Tools for Protection

Baseline Security Analyzer 2.2 – Download FAQ Resources | TechNet

Network Management Software, Application Server Management-ManageEngine

Web Application Security Tools – Syhunt | Sandcat » Sandcat – Web Application Security Scanner | browse

SensePost – SensePost Information Security

Static Source Code Analysis and Web Application Security – Armorize Technologies Inc.

System Management | NetIQ

N-Stalker The Web Security Specialists

Infiltration Systems – Network Security Scanning, Vulnerability Detection, and Auditing

All content is copyright protected. Downloading or reviewing any material means you consent to the copyright restrictions placed on all works by the author. You are forbidden from using any of this material in the teaching of any class. You are only permitted to use this as a current student of Expanding Security. You are not permitted to copy or distribute these materials in any way.