-
August 11th, 2006, 05:47 PM
#1
Hacking "labs"
Hey all,
I'm going to be giving a pretty in-depth network security course at the end of the month (5 days long). I would like to incorporate several "labs" so the student actually get a hands on feel for hacking. I have designed a few labs for cracking WEP/WPA; however, I would like to have a total of 5-10 labs. I was figuring on doing some password cracking, Jumping Vlans, and some DDOS. Then having them "Catch" and "Prevent" the attacks. I want to see what your guys thoughts are on some "labs". Any input would be great. So If you have any ideas as to what sort of labs I should do let me know!
Thanks,
Linuxcomando
-
August 11th, 2006, 05:56 PM
#2
I'm going to be giving a pretty in-depth network security course at the end of the month (5 days long). I would like to incorporate several "labs" so the student actually get a hands on feel for hacking. I have designed a few labs for cracking WEP/WPA; however, I would like to have a total of 5-10 labs.
How many computers in each 'lab'? If I was you, I would cover windows 2000 pro, windows xp Pro, windows server 2003 and apache. Also, Linux/unix distros of course. What applications do you plan on running to do this? If not through applications, what vulnerabilities do you plan to exploit to do this?
-
August 11th, 2006, 06:13 PM
#3
linuxcommando, while a bit old, you might want to look through and review my tutorials on WarGames. Might give you an idea as to how to setup the network/labs.
-
August 11th, 2006, 06:17 PM
#4
How about a capture the flag type event, with a twist. Once you've captured the flag (pwned the computer) patch it before some one else can take it away from you. Make it so it has several remote exploits, the one who closes the last hole and prevent anyone else from taking it away, wins.
There are two rules for success in life:
Rule 1: Don't tell people everything you know.
-
August 11th, 2006, 06:36 PM
#5
Junior Member
We have something called "SPARSA Challenge" boxes during our hacking competition which can essentially be mini labs. This year we're using the "Hacme Bank" application by Foundstone and modifying it heavily such that the hackers can flex their skills on SQL injection and see if they can find a "terrorist" bank account in a bunch of fake accounts and transactions. Needle in a haystack style they have to find one account out of 10,000 and the odds of doing it in real life are even smaller. It would make a good lab (in my opinion) to setup a Hacme Bank installation and teach from the solution guide, how attacks are done and what was the design flaw that caused this.
Note: Hacme bank needs to be modified in the Main.aspx to allow for anyone other than localhost to access the website...
Vice President of Practices
RIT\'s Security Practices and Research Student Association
http://www.sparsa.org
-
August 11th, 2006, 10:10 PM
#6
Banned
Also just jumping off what was said earlier in regards to some systems to try it on, Windows NT comaptible machines may offer a bit more with regards to versatility. Also with regards to the actual attacks a good one to have them excercise might be getting them to try exploiting the vulnerability of a buffer overflow in some systems along with other DOS attacks.
-
August 12th, 2006, 12:30 AM
#7
Hey Hey,
I'm kinda curious... you're ding a 5-day intensive course on network security.... And you want to cover password cracking, vlan jumping, wep/wpa cracking and DDOS... Who are you targetting? Who will be taking this class..
How do you plan to cover password cracking? JtR, Hydra, Rainbow Tables, LC....
Why VLAN Jumping?? WIth yersinia out you could cover a whole combination of attacks on networking equipment...
Why WEP Cracking? I've always wondered about this... WEP cracking is great... but unless you're training Pen Testers being able to crack a WEP key is useless for legit purposes... and DDOS You're going to teach people DDOS?? This makes it sound like a joke..
Assuming that this is targetted at professionals (IT Admins, etc)... you want to cover things that will actually be useful to them in their environment..
They say the best way to defend is to know how to attack... but the things you have mentioned (WEP Cracking, Password Cracking, DDOS) you really can't defend against.. Sure password policies can be put into place, but that means nothing when you look at pre-computed hashes.... WEP Cracking... if you only support WEP or have a hybrid OS environment you'll need WEP.. so even if you can crack it it doesn't help you defend against it and DDOS is generally just a pipe saturation... which you can't stop.... we've seen that in the DDOS attacks against some of the big players on the net..
How about teaching things like
Nessus... Introduction: Setup, Usage, etc
Nessus... Advanced: NASL Scripting
Metasploit... Introduction: Setup, Usage, etc
Metasploit... Advanced: Writing custom exploits
Security Tools: Introduction... Detail things like dsniff, nmap, hping2, netcat, etc
Security Tools: Advanced... What can you do with these tools
SQL Injection
Code Auditing
IDS Evasion (this builds on your Metasploit stuff)
Writing Better IDS Rules (This builds on IDS Evasion which provides a better understanding of what a good rule needs)
Access Control Lists
Physical Security
Cryptography
Scripting (Be it Bash, Perl or Python)
You say you are teaching Network Security... People like to apply these titles... Network Security, Application Security, Physical Security... The simple matter is that those are all seperate areas of "IT Security" and without knowledge in all of them everyone of them will fail...
What you currently plan on teaching sounds like some little skiddie group sitting around right now, hopefully you don't take offense to that... but that's what I get out of it.
Peace,
HT
-
August 12th, 2006, 01:11 AM
#8
Banned
Good point
Come to think of it - HT Regs has a good point, why such intense offensive strategies for beginner introduction to the world of system and network security? if it isn't aimed at the introductory audience then fine, but if it is...good luck.
-
August 12th, 2006, 01:19 AM
#9
Re: Good point
Originally posted here by heiress
Come to think of it - HT Regs has a good point, why such intense offensive strategies for beginner introduction to the world of system and network security? if it isn't aimed at the introductory audience then fine, but if it is...good luck.
I sure hope you don't think that was my point... if so.... ouch.
-
August 12th, 2006, 04:36 AM
#10
Banned
Buster
Wow, you really are funny. Considering that you make fun of yourself. Actually that was my point but in case you didn't notice I was congradulating you on perceptive thinking.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|