Hack1/Hack2: Hacking Workshop

Computer abuse and cybercrime pose a threat to IT networks every day. They mostly happen very unobtrusively and are not noticed until damage has occurred. They therefore represent a serious threat. In order to enable companies to better protect their IT environment against dangers of this kind, we have developed the Hack1 and Hack2 workshops. During these workshops, we will examine the topic of IT security from the perspective of a perpetrator or a "hacker". This can then help the workshop participants to better protect networks in their own area of responsibility. Although both parts can be attended independently of one another, workshop 2 builds on workshop 1.

Workshop 1

Topics

Information sources

  • Identification of accessible systems; Search for indications of potential attack targets

Standard security tools and their use

  • Port scanner, Sniffer

Man-in-the-middle (MitM) attacks

  • Especially in local networks, man-in-the-middle attacks can be used to read encrypted traffic or listen to VoIP telephone calls. Attack scenarios will be implemented and protection mechanisms will be discussed during the workshop.

Password security under Linux and Windows, and in Windows networks

  • Using different cracking techniques, we will estimate the security offered by a password policy.

Security gaps in the network

  • Procedure adopted by an attacker to exploit vulnerabilities in the network (use of exploits, trojanization of the target system)

Duration

Two days

Workshop 2

Topics

Metasploit Framework

  • Introduction to and handling of different modules

Security in Windows networks

  • Escalation of user privileges to the domain administrator, handling of Windows tokens

Security scanners

  • Functionality, configuration and handling of a security scanner

Tunneling

  • Use of harmless protocols for hidden transmission of data or external remote access

Duration

Two days