SANS Hacker Techniques - days 4 and 5

Other posts in this thread:

• Overview
• Day 1
• Day 2
• Day 3
• Day 6

Days 4 and 5 of the course were in many ways more of the same as Day 3 - great material, and lots of it, with only brief simple hands on exercises from time to time (between two and four exercises daily). Of the more interesting exercises was cracking password hashes with John the Ripper. Another was seeing how many anti-virus programs were fooled by simply getting a hex editor and changing the port at which tini listens. The Covert_TCP file transfer was also fascinating - essentially it transfers data one byte at a time within TCP/IP headers. I'd like to see your IDS pick that up!

Unfortunately, I missed a significant portion of the afternoon of Day 4 due to a combination of illness and client demands. Again, over these two days, the balance of lecture to hand-on seemed to be off although the content of the lectures continued to be detailed, wide ranging, well researched, and more than a little frightening.

Summary

• Day: Days 4 and 5
• Topics: Password cracking, getting a shell, worms, web app attacks, DoS, backdoors, app level trojans, backdoor wrappers, rootkits, hinding files, covering tracks in logs, covert networking, more stego
• Tools: brutus, hydra, Cain and Abel, Rainbow Crack, SYSKEY, John the Ripper*, PAM, shred, netcat*, phatbot, SQL Slammer, OWASP suite of tools, Achilles, Paros, Windows at command, CpuHog, Ping of Death, Rose, Smurf, synflood, Tribe Flood Network 2000, tini*, VNC, WinVNC, Sub7, Back Orifice 2000, Setiri, wrappers, burneye, Ollydbg, LRK, AFX, Solaris kernel-mode rootkit, KIS, Adore, FU, Rootkit Revealer, LADS*, WinZapper, reverse www shell, Loki, Covert_TCP*, cd00r, s-tools, stegdetect, xsteg (In the appendix but not discussed: red button, campas, aglimpse, crack, lc5, GetAdmin, SecHole, NetMeeting Buffer Overflow, Tooltalk Buffer Overflow, IMAPd Buffer Overflow, WinNuke, land, redir, SMBRelay, TBA Palm OS War Dialer, QAZ, T0rnkit, RDS, jolt2, DumpSec, Tin00, knark)
• Overall value: 3 out of 5
• Coolness: 4 out of 5

* Starred items were part of hands on exercises.

Tags: infosec sans courses reviews