Class Details

The course was developed to provide those entering the fascinating world of computer security consulting, a foundation prior to embarking on this journey. The more solid foundation of skills you have the better you will be prepared as a consultant or security professional.

Course Outline

Module 1: Introduction to CORE skills for effective IT security

  • TCP/IP
  • Unix/Linux
  • Virtualization
  • Introduction to the hacking process 

LAB: Exploring the Command Line

  • In this lab, the students will learn the power of the command line and how to add users and leverage the access to the operating system from the command line. Tasks will be conducted to create shares, manipulate services and connect to other machines all from the command line 
  • Security Model
    • Authentication
    • Confidentiality
    • Integrity
    • Availability
    • Authorization

LAB: Security Model and Allowing a Service

  • In this lab, the students will explore the protection of data with respect to confidentiality and integrity and see how they can be compromised by eavesdropping and modification using Man in the Middle processes and techniques of attack. The lab will identify the components that have to be understood for allowing services into a network architecture Security Posture
  • The 4Ps
    • Promiscuous 
    • Paranoid 
    • Permissive
    • Prudent
  • Risk management
  • Defining types of risk 
  • Types of risk 

LAB: Managing and Mitigating Risk

  • In this lab, the student will see the risk of using clear text protocols on the network, the lab will provide an example of how this data can be compromised. A review of the factors that are involved when it comes to managing risk will be explored

Module 2: TCP/IP 101

  • Introduction and Overview Introducing TCP/IP networks 
  • What TCP/IP provides: key application services and multivendor capabilities TCP/IP and the Internet 
  • Internet RFCs and STDs 
  • TCP/IP protocol architecture 
    • Protocol layering concepts
    • TCP/IP layering 
    • Components of TCP/IP networks
  • Network protocols
    • IP 
    • TCP
    • UDP
    • ICMP

LAB: TCP/IP

  • In this lab, the student will explore the origin of TCP/IP and research the growth of the Internet while maintaining the same protocol that was originally designed for it. The lab will include the process and practice of how to do research to understand a network protocol

Module 3: Protocol Analysis

  • Analyzing network protocols
    • IP
    • ICMP 
    • TCP
    • UDP
    • ARP 

LAB: Protocol Analysis I

  • In this lab, the student having learned about the origins and historical path of the TCP/IP protocol will put it into perspective by reviewing the protocols from the aspect of an analyst who is trying to determine if what they are seeing is normal or abnormal protocol behavior
  • Transport protocols analysis
    • Packet headers and offsets
    • DNS
    • FTP
    • TFTP
    • SMB 

LAB: Protocol Analysis II

  • In this lab, the student will learn about the different headers for the main protocols and the composition within these headers. The lab will provide practice at determining at what offset a specific piece of data will be located, once this has been determined the student will learn how to view the data that they have analyzed the location of. The student will explore the main protocols of network communication 
  • Examining the data at the packet level
  • Control flags of TCP  Identifying the characteristics of network connections
  • Constructing sessions and streams 
  • Socket analysis
  • SSL/TLS 

LAB: Protocol Analysis III

  • In this lab, the student will learn a process and methodology for examining packets from a network connection. The ability to construct sessions and streams will be practiced. The method to extract data that has been part of an encrypted SSL or TLS connection will be explored as well. The student will learn what a normal packet in TCP looks like and be introduced into what an abnormal or “hacked” packet looks like

Module 4: Low Level Protocol Analysis

  • Low-level protocol processes 
  • Using protocol analyzers to access packets at the lowest level
    • tcpdump 
    • Advanced filters with tcpdump
    • dsniff
    • Extracting textual data from packets
    • Wireshark
      • Using offsets in filters
    • Ettercap/Bettercap
    • ARP poisoning
    • Password extraction
    • Etherape
    • Determining protocol sessions 

LAB: Protocol Analysis IV

  • In this lab, the student will perform packet analysis at the lowest level and learn how to read what is “truly” taking place in the network connection. The process of using filters and tools to extract the data from the connections using low-level offsets will be practiced. The popular tool Ettercap and Etherape will be used to assist in the network analysis learning process. The extraction of passwords and authentication data will be conducted to gain an understanding of the need for protection of this data

Module 5: Wireshark Unplugged

  • Wireshark
    • Leveraging the filter capabilities
    • Working within the GUI 
    • Low level analysis
    • Following session communication
    • Customizing the interface 
    • Using the statistics features within the tool
    • Command-line Wireshark
    • Packet decomposition

LAB: Advanced Wireshark

  • In this lab, the student will learn advanced features of Wireshark to include Statistical capability, file extraction, data decoding. The customization of the interface will be shown so that the student can tailor and configure the Wireshark display to their preferences. The ability to use the command line with Wireshark will be practiced as well 
  • tcpreplay
    • Using traffic replay for training and advanced analysis
  • Customizing and crafting packets
    • Command line tools
    • GUI based tools 

LAB: Crafting Packets

  • In this lab, the student will learn the process of “playing” back network capture files for practicing their analysis skills using command line tcpreplay as well as a GUI tool. The art and technique of crafting packets will be examined and the students will learn how to create a crafted packet to see how a network or target will respond

Module 6: UNIX

  • Interacting with UNIX
  • The command line interface
  • Entering commands to the shell
  • Browsing online documentation
  • Displaying man pages
  • Managing Files Essential file housekeeping tools
    • Copying: cp
    • Renaming: mv
    • Removing: rm 

LAB: UNIX I

  • In this lab, the student will get to explore the process of how to interact with UNIX, the use of man pages to learn and discover information about the UNIX commands that they want to learn about. The management of files will be practiced so that they know how to copy, move and remove files. Command options and popular shell commands will be practiced. A review of the available shells will be shown with a comparison of the methods of how to use the shells
  • Processes and jobs
    • ps
    • jobs 
    • kill
  • Disk commands
    • mount
    • umount
  • Compression
    • gzip
    • gunzip
    • zcat
    • tar
  • Searching files and directories
  • Word searching
    • grep
    • strings
  • Compiling programs
  • Networking

LAB: UNIX II

  • In this lab, the student will learn how to manipulate process and use the jobs commands. The methods for working with disks to access via the mount, or disconnect via the umount command will be discussed. The available compression methods and learning how and when to use them along with the tar command and the process of extracting a tarball will be practiced. A variety of search methods for the file systems will be practiced by the student. The methods to build and compile software programs will be reviewed

Module 7: Linux

  • Introducing Linux
  • The UNIX heritage
  • UNIX and Linux compared
  • Which distro?
  • Man is your friend
  • Installing packages
    • apt 
    • yum 
    • dpkg 

LAB: Linux

  • In this lab, the student will explore Linux and the similarities and differences between the UNIX Operating System. The student will use several different Linux disto’s to gain familiarity with. The process of updating and upgrading the distro will be conducted on the different distro’s. Methods of installing packages for the different versions of Linux will be experienced to compare which of the methods works the best for the requirements

Module 8: Introduction to the Hacking process

  • Creating a security testing plan
    • OSSTMM
    • NIST-SP800-115
    • others
  • Testing methods
    • War games
    • Security testing
    • Penetration testing
  • Hacking methodology
    • Surveillance
    • Footprinting
    • Scanning
    • Vulnerability assessment
    • Exploitation
    • Covering tracks

Evasion LAB: Conducting the Hacking Methodology

  • In this lab, the student will perform the steps of the hacking methodology against live targets, the process of non-intrusive and intrusive target search will be used to enumerate and find information about the targets. From the discovered information a method for identifying the weaknesses will be explored. The discovered weakness will be validated by gaining access to the targeted machine(s)