Syllabus Hacker 06
Please note: You will not be able to get files from the server unless you are a paid student and have been issued an account. So some links on this page will not work if you are a guest.
The steps below, the files, and links within, are numbered in order of what you will need to read and do. If this set of steps is unclear, please attend orientation for a walk-through.
00- Reading -
SPT #22
PPT #11
For SQL injection – read as many online docs (in the links below) as humanly possible.
Two other source documents are here:
OSSTMM (16MB) SP800-115 (.6MB)
01-Mind map review for Note Cards, Terms and Process. For every term in the concepts section of the mindmap you should find a definition first from the book and second from your research. For every tool in the book you should make a notecard based upon Reconn Layer, Exploit Category, and Process.
02-Tool review
Our first week of class is different from this process- Start off with small artifacts submitted via email.
You must have the VBox structure in place to start the labs. Every week and every class you will be assigned one or two base tools. We will discuss that tool in the Lab part of class. Your assignment is to work the tool, collect artifacts and send via email or post them. Artifacts are ALWAYS packet captures and sometimes a screenshot. Do not send large raw packet captures- you must cut the capture down to the attack/response data. You should be able to discuss this tool’s function, place in the process, and comparison to other tools.
The list of tools discussed this week:
12. Web Application Vulnerabilities
- OWASP web goat
- Instant Source
- Wget
- Lynx
- Helpme2.
- Black Widow
- WindowBomb
- WebSleuth
- IEEN
13. Web Based Password Cracking Techniques
- WinSSLMiM
- Brutus
- ObiWan
- Munga Bunga
- Dictionary Maker
- PassList
- ReadCookies.html
- WebCracker
- Revelation
03-Reports
As a professional you will be required to report your findings to management in a meaningful, actionable way. For each tool you must know how it fits with your original plan, the outcomes from its use, and what should be done to protect the environment from its use in the future.
04-Recording links are listed for your review of presentations. These are updated one week after the new class.
SPECIAL : Recording 13
You can find these links and the class schedule here:http://www.expandingsecurity.com/about/events/
12 Hacking Web Applications (13)
-
12 Reading
- Basic HTML Examples
- PDF of Hacking Exposed chapter 1
- OWASP Top 10 2010 Web Application Vulnerabilities
- WebGoat Web Hacking Simulation Series
- w3af – Web Application Attack and Audit Framework
- Components and Web Application Architecture
- A New Threat To Web Applications: Connection String Parameter Pollution (CSPP) | ORA600
- WGET 1.11.4 for Windows (win32)
- Bugtraq: Re: Bad news on RPC DCOM vulnerability
-
12 Tools
- Web Application Penetration Testing – OWASP
- Burp Suite
- Nikto2 | CIRT.net
- Web application security – Acunetix Web Vulnerability Scanner
- Wget for Windows
- Sleuth 1.4 Overview
- HooBieNet – Home
- soapUI – The Home of Functional Testing
- XML Editor, Data Management, UML, and Web Services Tools from Altova
- Products » Enterprise | N-Stalker The Web Security Specialists
- SecuBat Vulnerability Scanner
- skipfish – web application security scanner – Google Project Hosting
- Websecurify | Web Application Security Scanner and Manual Penetration Testing Tool
- website monitoring KeepNI
- Wapiti – Web application security auditor
- Web Application Firewall, Affordable Industry Leading Web Security
- Imperva ThreatRadar – Reputation-Based Security for Automated Attacks
- Radware AppWall: Web Application Security and Compliance Solution
- Intrusion Detection and Prevention, Security Data Analytics, Personal Firewall – Privacyware
- Web Application Security, Web Application Firewall
-
12 XSS
- What is Cross Site Scripting (XSS) | Cross-Site Scripting Examples and Information
- XSS (Cross Site Scripting) Prevention Cheat Sheet – OWASP
- [DOM Based Cross Site Scripting or XSS of the Third Kind] Web Security Articles – Web Application Security Consortium
- Common Security Mistakes in Web Applications – Smashing Magazine
- The Cross-Site Scripting (XSS) FAQ
-
12 Attacks
- The Web Application Security Consortium / Threat Classification
- The Web Application Security Consortium / Web-Hacking-Incident-Database
- Top 10 attacks – OWASP
- OWASP Testing
- Secure Coding Guide: Validating Input
- InformIT: Security Reference Guide > Code Injection Explained
- The Web Application Security Consortium / LDAP Injection
- Preventing HTML form tampering
- CSRF Attacks and Web Forms
- The Cross-Site Request Forgery (CSRF/XSRF) FAQ
- Cookie Poisoning (Definition, Examples, Videos, and Prevention)
- Cookie Poisoning how to.
- The Web Application Security Consortium / Buffer Overflow
- Anatomy of a Web Services Attack | SYS-CON NEWS DESK
- SensePost – J-Baah – Generic HTTP Fuzzer
- The Web Application Security Consortium / XPath Injection
-
12 Defense
- Samoa: Formal Tools for Securing Web Services – Microsoft Research
- Microsoft’s Anti-Cross Site Scripting Security Runtime Engine Sample – AntiXSS 3.1
- The Simplest Security: A Guide To Better Password Practices | Symantec Connect Community
- Port80 Software » Products » PCI Compliant Web App Firewall for IIS Servers
-
13 Reading
- SQL Injetion by LANG NAVORIGIN
- EvilSQL
- SQL Injection Attacks by Example
- SQL Hacking Truths: Top 10 Tricks to exploit SQL Server Systems
- Blind SQLInjection.pdf
- SQL classification of atacks
- SQL Injection
- SQL Injection Cheat Sheet
- SQL Injection – Hakipedia
- http://www.ijcaonline.org/journal/number25/pxc387766.pdf
- https://www.owasp.org/images/8/8e/One_Click_Ownage-Ferruh_Mavituna.pdf
- Oracle_sql_crashcourse_for_developers.pdf
- Code Injection – OWASP
- Reviewing Code for SQL Injection – OWASP
- Cross Site Scripting Flaw – OWASP
- Injection Flaws – OWASP
- http://www.toorcon.org/tcx/16_Alonso.pdf
- Data Security and Compliance Terms | Glossary
- ‘SQL injection’ attacks on the rise in Atlanta | Atlanta Business Chronicle
-
13 Tools
- BSQL Hacker – Portcullis Labs
- Marathon Tool
- SQL Power Injector Product Information
- ITSecTeam, IT Security Research & Penetration Testing Team
- Bobcat SQL Injection Tool
- sqlninja – a SQL Server injection & takeover tool
- [ISR] Infobyte Security Research
- 0×90.org // [Absinthe :: Automated Blind SQL Injection] // ver1.3.1
- sqlmap: automatic SQL injection and database takeover tool
- SQID – SQL Injection digger
- cqure.net » SQLPAT
- sqlsus : (My)SQL injection tool
- BCable.net – SQLIer
- Database Management Tools | SQL Block Monitor | Overview
- Web application security – Acunetix Web Vulnerability Scanner
- GreenSQL | Open Source SQL Database Security, SQL Injection Prevention
- ntsecurity.nu – toolbox
- SQL Injection tools – databasesecurity.com
- SQL Power Injector Product Information
- sqlmap: automatic SQL injection and database takeover tool
- All content is copyright protected. Downloading or reviewing any material means you consent to the copyright restrictions placed on all works by the author. You are forbidden from using any of this material in the teaching of any class. You are only permitted to use this as a current student of Expanding Security. You are not permitted to copy or distribute these materials in any way.