Inside IDS systems with SNORT and OSSIM
Install Snort by yourself and make sure of detecting basic attacks.
Configure and run open-source Snort and write Snort signatures
Configure and run open-source Bro to provide a hybrid traffic analysis framework
Use open-source traffic analysis tools to identify signs of an intrusion
Write your own rule for detecting concrete signatures in network traffic in SnortIDS or SurricataIDS.
Test anomaly detection preprocessor for Snort – PHAD.
Install OSSIM (opensource SIEM) and setup it to collect events. Setup event correlation.
Write tcpdump filters to selectively examine a particular traffic trait.
Use the open-source network flow tool SiLK to find network behavior anomalies
Use your knowledge of network architecture and hardware to customize placement of IDS sensors and sniff traffic off the wire.
1) Introduction to intrusion detection systems (IDS).
2) Signature-based IDS algorithms.
3) Statistical anomaly-based IDS algorithms.
4) IDS with artificial intelligence anomaly detection.
5) Typical methods of bypassing IDS.
6) Understanding SIEM-systems underlying principles and event correlation.
Exploiting VoIP Systems
This workshop will introduce the VoIP world to the reader, with a particular focus on the network protocols used by VoIP systems and the security holes belonging to them.
The reader will see both theoretical and practical aspects about VoIP attacks and relatives countermeasures. Several activities will be explained step by step in the following lessons. In particular, after this workshop the reader will be able to:
– setting up a Private Branch eXchange (PBX) – such as Asterisk – and softphones – such as ZoIPer and X-Lite -, in order to set up a basic VoIP telephone call between two end points;
– understanding the Session Initiation Protocol (SIP) and Real Time Protocol (RTP). These are the two main network protocol and they’re used by all VoIP systems;
– knowing about several VoIP attacks and performing some of that.
1) Introduction to VoIP and its protocols: in this lesson the author will accomplish an easy introduction to the most used VoIP protocols: SIP and RTP.
2) Test Plant activities: in this lesson the author will explain to he radear how to accomplish the installation and configuration of Asterisk.
3) Footprinting, Scanning and Enumeration: in this lesson the reader will learn how to look for a target VoIP network and then how to scan (with several techniques) it, in order to find out exploitable devices.
4) DoS attacks: in this lesson the reader will learn about DoS methods applied to VoIP systems.
5) Flooding attack: this lesson is focused on those methods used in order to disturb a VoIP network by mean of a wide number of packets which have the goal to avoid that the targeted network works fine.
6) Telephone Tapping: this lesson will explain to the reader how to listen a call between two VoIP end points.
7) Telephone Tampering: this lesson will threat the methods used in order to inject malicious signal into the RTP altering the telephone conversation.
8) Fuzzing: this lesson will do an overview about fuzzy techniques used in order to test the robustness of a VoIP network.
Journey In The World of The XSS
Detect and exploit XSS vulnerability;
Understand the real risk behind this kind of of vulnerability;
Impress your customers with awesome Proof of Concept far beyond the classic pop-up.
Write your first XSS exploit.
Detect the vulnerabilities that allow you to perform XPS attacks.
Common tools useful during a pentest to perform XSS attacks.
1) Introduction to web application security.
2) Detect the vulnerabilities that allow you to perform XSS attacks.
3) Network Packet manipulation with scapy.
4) XPS attack vectors.
5) Filter evasion via “unusual” attack vector.
6) Filter evasion via character encoding.
7) Common tools useful during a pentest to perform XSS attacks.
How to apply the incredible capabilities of the Metasploit Framework in a comprehensive penetration testing and vulnerability assessment regimen, according to a thorough methodology for performing effective tests.
1) Deploy a fully sand boxed network running on Virtualbox to do all the testing you need.
2) Using Metasploit to gather information than you can use in your advantage.
3) Run a fully functional lab environment for your penetration testing
4) Real life example on how to create a back door.
5) Use auxiliary exploits to get credentials from our target.
6) Create, manage and connect your Metasploit to multiple databases.