Workshop

10. Security Assessment and Audit
Trainer Net Square (IN)
Date 28-29 August 2006
Duration 2 Days
Price Rp. 11.000.000,-
Requirement Participants are required to bring their own laptops

 

Overview

This class offers a technical perspective and exposure to various audit and assessment tools and products to match the best in the indstry, the primary objective being to equip participants with the skills necessary to independently conduct assessments and audits of system/networks.

This course is designed and developed with following objectives for security professionals.

  • Briefing about security issues and concerns
  • Understanding security requirements
  • Gaining knowledge of assessment and audit methods
  • Performing large scale network assessments
  • Footprinting, enumerating and attacking systems
  • Vulnerability and exploit understanding
  • Web, routers, firewall assessments
  • Database hacking
  • Reporting and best practices

top ^

Course Outline

  1. Security Fundamentals and Priciples
    1. Security industry landscape and trends
    2. Security posture and evolution
    3. Corporate security objectives
    4. Treat framework and modeling
    5. Attack vectors and their impact
    6. Popular attack points and severities
    7. Q & A
  2. Assessment and Audit - approaches & methods
    1. Assessment methodologies and basics
    2. Goals and objectives of assessment
    3. Role of tools and credibility
    4. Areas of assessment and importance
    5. Audit basic and objective
    6. Compliance and standards
    7. Q & A
  3. Network Assessment - footprinting & asset identifications
    1. Footprinting basics and objectives
    2. Methodologies and approaches
    3. Public domain queries
    4. WHOIS - query all
    5. ARIS lookup
    6. DNS queries and zone transfers
    7. Trace routing and mapping
    8. Network reconnaissance
    9. Windows footprinting
    10. Reporting and builing targets
    11. Lab
  4. Discovery & Posture mapping
    1. TCP fundamentals
    2. Ping sweeps
    3. Scanning networks (TCP & UDP)
    4. OS identification and stack fingerprinting
    5. Banner grabbing
    6. Protocol identification
    7. Network mapping
    8. Reporting and mapping targets
    9. Lab
  5. Information Gathering & Enumeration - Windows
    1. Windows security overview
    2. Enumerating fundamentals
    3. Security issues with enumeration
    4. Windows enumeration - NetBIOS over TCP
    5. DNS enumeration
    6. SNMP querying
    7. LDAP enumeration
    8. Lab
  6. Information Gathering & Enumeration - Linux/Unix
    1. Linux/Unix security overview
    2. Linux/Unix systems enumeration basics
    3. NFS enumeration
    4. RPC querying
    5. snmpwalk and enumeration
    6. Users and groups enumeration
    7. SAMBA information gathering
    8. finger, rwho, rusers
    9. Lab
  7. Attacks & Hacking
    1. Password guessing
    2. Password cracking
    3. Password sniffing
    4. Privilege escalation
    5. Netcal shell introduction
    6. Other attack vectors
    7. Lab
  8. Vulnerability Assessment & Exploitation
    1. Vulnerability basics
    2. Detecting vulnerabilities
    3. Vulnerability scanning using Nessus and other tools
    4. Crafting exploits
    5. Exploit frameworks - Metasploit
    6. Countermeasures and Security
    7. Lab
  9. Web Hacking
    1. HTTP protocol basics
    2. Web application components
    3. Web server assessment
    4. Web application profiling
    5. Web application hacking
    6. Defending web applications
    7. Tools and methods
    8. Lab
  10. Hacking Network Devices
    1. Network mapping and entry points
    2. Router identification
    3. Compromising routers
    4. Firewall identification
    5. Firewall banner grabbing
    6. Firewall loop holes
    7. Compromising ACLs
    8. VPN and other devices
    9. Lab
  11. SQL Hacking
    1. SQL identification
    2. SQL banner grabbing
    3. MS-SQL cracking
    4. MS-SQL hacking
    5. ORACLE cracking
    6. Security issues with ORACLE
    7. Tools and methods
    8. Lab

top ^

About the tutor

Shreeraj Shah is founder and director of Net-Square. He has five years of experience in the field of security with a strong academic background. He has experience in system security architecture, system administration, network architecture, web application development, security consulting and has performed network penetration testing and application evaluation exercises for many significant companies in the IT arena. Shreeraj graduated from Marist College with a Masters in Computer Science, and has a strong research background in computer networking, application development, and object-oriented programming. He received his Bachelor’s degree in Engineering, Instrumentation and Control from Gujarat University, and an MBA from Nirma Institute of Management, India.

Shreeraj is the co-author of "Web Hacking: Attacks and Defense" published by Addison Wesley. He has published several advisories, tools, and white papers as researcher, and has presented at conferences including HackInTheBox, RSA, Blackhat, Bellua, CII, NASSCOM etc. You can find his blog at http://shreeraj.blogspot.com/.

For questions regarding event registration, please call +62-21-570-5800 (Ms. Astri). For general questions, please email bcs2006@bellua.com or send an empty message to bcs-announce-subscribe@bellua.com to receive future event information.

< back top ^

This document is available at PT BELLUA ASIA PACIFIC's website and protected by the copyright laws of the Republic of Indonesia and International treaties. All use subject to "DISCLAIMER" set forth at /disclaimer/