Thanks to The Ethical Hacker Network (EH-Net) I received the November 2010 Giveaway of a free seat in InfoSec Institute’s Ethical Hacking Course. I had read and heard positive feedback about InfoSec Institute and their courses, so I was already interested to see if their [...]
Thanks to The Ethical Hacker Network (EH-Net) I received the November 2010 Giveaway of a free seat in InfoSec Institute’s Ethical Hacking Course. I had read and heard positive feedback about InfoSec Institute and their courses, so I was already interested to see if their reputation holds up. The course teaches the fundamentals of penetration testing and prepares students for both EC-Council’s Certified Ethical Hacker (CEH) and IACRB’s Certified Penetration Tester (CPT) certifications. Besides their basic ethical hacking course, InfoSec Institute also offers two more courses focused on penetration testing, targeting a more experienced audience, as well as two courses towards reverse code engineering (all with regards to their pentesting track).
InfoSec Institute describes their Ethical Hacking Course as follow: “Our most popular information security and hacking training goes in-depth into the techniques used by malicious, black hat hackers with attention getting lectures and hands-on lab exercises. While these hacking skills can be used for malicious purposes, this class teaches you how to use the same hacking techniques to perform a white-hat, ethical hack, on your organization. You leave with the ability to quantitatively assess and measure threats to information assets; and discover where your organization is most vulnerable to hacking in this network security training course.”
If you are in the same situation as me, and wouldn’t be able to sit for the live training in person, InfoSec Institute offer some of their courses in an online format, which is basically a recorded class from the live version, split into a couple of modules.
So let’s take a closer look at the online version of InfoSec Institute’s Ethical Hacking Course and IACRB’s Certified Penetration Tester certification.
Discuss in Forums
Once you are registered you’ll get a package with the following contents:
• A student textbook with about +600 pages and three DVDs (Ethical Hacking Toolkit, Linux and Windows VMs for the hands-on part)
• A lab manual with about +250 pages
• A Certified Ethical Hacker V6 Review Guide
• An installation guide for the lab setup
• Credentials for their online portal
• IACRB CPT voucher
• CEH voucher (they were nice enough to exchange this with an ECSA voucher, since I already hold a CEH)
Through their online portal you get access to prerecorded lectures (instructor was Keatron Evans), which consist basically of modules that cover the theoretical aspects and labs for the hands-on. In total there are 28 modules and 22 labs ranging from the very basics (methodologies, passive intelligence gathering, abusing protocols, network reconnaissance, service identification, password cracking, etc.) to some more advanced topics (covert channels and basic exploitation). Keatron first explains the theoretical aspects of a topic and then walks you through the labs. Finally you do it by yourself. From time to time Keatron throws in some of his personal experience and anecdotes, which is always something I appreciate in such courses and bootcamps, especially if it’s from a person who knows his stuff. The course covered most of the well-known and standard tools a pentester uses but also a couple of lesser-known ones, which is again something that I highly appreciated. The tools were a little outdated, however, since the concepts remain the same and this wasn’t an advanced course, which might have covered specific features from recent versions, I don’t see it as a real drawback.
The student textbook consists of all the slides and also some more detailed (or simply additional) explanations and side-notes. Also enough space is reserved for personal notes for later reference and studying. The recordings are clear to understand and also include the questions asked from the students while the class was recorded, which is a good thing in my opinion. Although you can’t directly ask the instructor in person if you have a question yourself, you can always forward an email to the guys at InfoSec Institute, who answered any question in a timely manner (at least that’s what I experienced).
The first modules covered the very basics and fundamentals of penetration testing, such as what penetration testing is and the common approaches of it, available methodologies in the field and so on. A short introduction into VMware and Linux (particularly the CLI) followed, before it went on with passive intelligence gathering (included topics were ARIN, APNIC, RIPE, NCC, LACNIC, EDGAR, whois, Google hacking, document grinding etc.).
The next module was titled “Abusing DNS” and explained DNS itself, record types, zone transfers and how to utilize tools such as nslookup, dig and DNSBruteforce.
Next was a module focused solely on how SNMP can be abused and was also the last module covered on the first day of the live version of this course (being an online version, I could continue past the first day at my own pace). The day would normally be finalized with a Capture the Flag (CTF) event, which obviously isn’t the case with the online version (in the live version students would have four CTFs in this 5-day course).
The next topics explained were TCP, UDP and ICMP from a “hacker’s perspective” and prepared the students for later modules ((stealthy) scanning techniques, service interrogation, system fingerprinting, etc.). Some of the tools covered in the supplementing labs included nmap, hping, netcat, xprobe2 and a couple of others. It was nice to see that also some stealthier scanning techniques, such as decoy and idle scans, were covered, too. Another good part of some of these exercises was that the students were instructed to view the logs of the machine being scanned, so that they can see both sides of the coin. By analyzing the traffic and reviewing the logs, this really helps students to understand what’s going on.
The next few modules were all about password security and how to break them, covering both Windows and Unix systems. The lectures explained password storage mechanisms, various cracking techniques (brute force attacks, dictionary attacks, hybrid-type attacks, rainbow tables, etc.) and explained in some more detail the specifics of how passwords are stored in Windows and Unix systems. In the labs students would then actually try to crack various passwords by utilizing John the Ripper, Cain and Abel, and pwdump2.
It continued with the fundamentals of exploitation, including such topics as vulnerability scanning, buffer overflows, privilege escalation, SUID root attacks, and the like, and went on with keyloggers, trojans, rootkits and anti-forensics, again covering both Windows and Unix systems. In the labs you played around with Nessus for vulnerability scanning, launched exploits through Metasploit, and tried out malicious tools such as Nuclear RAT and the Hacker Defender rootkit. For example one of the scenarios in the labs was where students must first scan a machine for vulnerabilities, compromise it with Metasploit and dump the password hashes from the machine, and finally crack them on the student’s local machine. These modules are probably the most interesting and fun ones for newcomers in the field.
One of the last modules was about wireless security. Unfortunately this module was mainly about WEP and mentioned WPA and WPA2 only incidental. The supplemental lab consisted of only cracking an (already supplied) 40- and 128-bit WEP key, which was somewhat disappointing. Fortunately this was the only skin-deep module I encountered.
The last module was about web application security and explained some of the OWASP Top 10 vulnerabilities, mainly SQL Injections. The lab went through some of the modules of the WebGoat Framework and introduced the Burp Suite. Again, this module was not as in-depth as previous ones, but it supplied enough information for further research by oneself and gave a brief introduction into web security.
The complete syllabus can be seen here.
One of the great things about the CPT exam is that it consists of two parts: A theoretical multiple choice exam (50 questions, 70% passing score, 90 minutes time for completion) and a practical exam, where supplied virtual machines must be rooted, one way or another, and specific tokens retrieved. Lastly a report must be created, which includes the tokens and a description of the steps taken to retrieve them. Your report will then be reviewed by an exam proctor, who notifies you about win or fail (I got my results back within a few days). The exam isn’t too hard and if you understood and practiced the material taught in the course, it shouldn’t be a problem to pass both parts of the exam, while still not giving away the key to the kingdom too easily. For the practical exam the candidate has 60 days from the completion of the multiple choice exam to hand in the report (again students pass with a score of at least 70%). The 60 days given are also more than enough to solve the tasks. Unfortunately there are way too few such certificates with practical, hands-on portions. Other ones would be the courses/ certifications offered by Offensive Security.
Regarding the theoretical part of the exam, it’s also worth to mention that the questions were realistic and plausible, and not kind of awkward in the sense of confusing or inappropriate.
The CPT certification is valid for four years. Then certified individuals must complete the same exam that current certification candidates must take in order to keep the certification valid. Luckily there are no fees associated with the re-certification process.
The material was presented very well and contained only very few errors and typos. Throughout each module I felt that there was a leitmotif and the modules were not just thrown together. The instructor did a great job and explained each module very well and kept things throughout interesting.
Obviously most of the presented topics could be covered in much more depth; however, as this was a course developed for five days and focuses on the basics of penetration testing, I think the guys at InfoSec Institute did a great job in introducing the students to many of the basic skills a Penetration Tester / Ethical Hacker / Security Consultant needs to know.
Although I enjoyed the online version, I still would recommend going for the live version if travel budgets make it possible. Both formats have their own pros and cons, but in this case the advantages of a live training would exceed the ones from an online training in my opinion (such as live interaction with the instructor, nightly CTFs, networking etc.) If you are not that new to security – or even better to pentesting, you shouldn’t need to watch the videos over and over again to understand a certain topic (and even if – you still would have the courseware), which would be one of the advantages of the online format.
The CPT certification was fun and mirrored the topics covered in the course very well, which is an important part when deciding for a bootcamp. Although the CPT certification is hardly known here in Central Europe, I’m still happy to have obtained it, since it was not just another memorize-type exam to add to the list.
I’d recommend this great, hands-on class to everyone who wants to enter into the field of penetration testing (the core skills should be already known, though such as Operating Systems, Networking, Shell, etc.) without hesitation. It’s one of the best entry-level courses in the field I’ve taken so far. In fact, I enjoyed it so much, that I’m already enrolled in their Advanced Ethical Hacking course. This advanced course deals with exploit development and reverse engineering (and it’s again available in an online format as well), which is also more towards my field of expertise. Keep listening for another review.
More from Mr. Heinzl: http://www.awesec.com/
Article source: http://www.ethicalhacker.net/content/view/368/2/
Your organization will get compromised! The convenience and ease-of-use that your employees and customers demand will expose your network to a plethora of compromises. As much as security paranoids, like myself, would like to completely lockdown our networks to prevent this, it is not practical. The next best [...]
Your organization will get compromised! The convenience and ease-of-use that your employees and customers demand will expose your network to a plethora of compromises. As much as security paranoids, like myself, would like to completely lockdown our networks to prevent this, it is not practical. The next best thing is to do everything in one’s power to minimize the number of incidents and recognize that, despite your best efforts, compromises will most likely happen. A well thought out plan and response is essential for an organization to minimize, contain, eradicate and recover from the damage a malware incident can cause. Lenny Zeltser’s SANS Security 569: Combating Malware in the Enterprise is an excellent course to help you devise a robust malware incident response plan. It is a 2-day, in-depth course that extensively covers malware. For Lenny’s full course, please read the review for FOR610 right here on EH-Net.
I went into this class having what I thought was an intermediate knowledge of the subject. I was very familiar with some of the topics and knew virtually nothing on others. No matter your knowledge of the subject matter, you will pick up a great deal from this class and definitely won’t feel “out of your league.” The review that follows discusses the course content at a high level and how this content pertained to me and my organization.
Discuss in Forums
Free iPad 2!
From now through June 22, 2011, SANS will send you a free 16GB iPad 2 with Wi-Fi when you register and pay for one of the following vLive! courses:
FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques
Learn how to assess and reverse-engineer malicious software with Lenny Zeltser and Michael Murr. Course starts July 25 and meets Mon./Thu. evenings.
MGT414: SANS® +S™ Training Program for the CISSP® Certification Exam
Study the CISSP®’s 10 Domains and prepare to pass the exam with Ted Demopoulos. Course starts July 25 and meets Mon./Wed .evenings.
FOR408: Computer Forensic Investigations – Windows In-Depth
Learn the fundamental steps of computer forensic methodology with Michael Murr. Course starts August 23 and meets Tue./Thu. evenings.
*NEW COURSE* SEC660: Adv. Penetration Testing, Exploits, and Ethical Hacking
Model and analyze the most prominent and powerful attack vectors with Stephen Sims, Bryce Galbraith, and Joshua Wright. Course starts August 30 and meets Tue./Thu. evenings.
Use Promo Codes 05EH_iPad2BLK (Black iPad) or 05EH_iPad2WHT (White iPad)
Day 1: Discovering and Responding to Malware in the Enterprise
Day 1 started with the obvious question, “What is Malware?” SANS courses do good job of starting at a basic level. The instructors make sure everyone gets on the same page and up-to-speed for the topics discussed during the remainder of the course. This class was no exception. The section was designed for the novice. You could be brand new to the subject matter, and this section got the students to a knowledge level satisfactory for the rest of the course. Malware was defined, a few examples were given, and there was a brief discussion of the different types and forms of malware.
Much of the rest of the morning was devoted to an in-depth discussion of malware functionality and terminology. This was invaluable. Many real-world examples were given and described. Industry “buzzwords” were defined and many malware classifications and attack vectors were explained. What is the difference between a virus and a worm? What is a Trojan? What is a botnet? What are some of the ways they get on a system? These were all discussed in these sections. This was a great foundation and got everyone talking the same language.
A majority of the second half of Day 1 was spent on detection. This was the “Sherlock Holmes” section where you broke out your magnifying glass and started looking for clues many would overlook. Malware is designed to be difficult to detect. You have to know the signs of a compromise. You learned what and where to look for those signs. Some of the topics covered include: The different types, effectiveness and how malware authors avoid detection by various anti-virus programs, what and how to react to user reports of suspected compromises (hint: no questionnaires), what files are most commonly changed, what processes and network traffic abnormalities do you look for, the importance of routine critical file and webserver integrity checks and finally, what specialized malware detection tools are available.
By now you are asking yourself, “So great, I know what malware is and how to look for it. What the heck am I supposed to do with it once I have found it?” The final section of the day, Containment and Eradication, covered this. Students were taught how to figure out the size of the outbreak once discovered and the different techniques used to contain it. This ranged from network isolation to user participation. The different ways of virus eradication were covered and how to restore the network to normal working functionality. Lenny not only taught the various techniques, but used stories and more real-world examples to further help you in understanding the criteria.
Day 2: Resisting Infections and Containing Malware Outbreaks
Day 2 was broken into 6 sections. The first section, Scalable Management Tools, showed various tools one can employ at an organization with hundreds or even thousands of systems. Different anti-virus strategies were discussed, and several third-party programs were introduced. However, a majority of the section focused on how to employ group policy on Windows, because it’s most likely already installed and free in most organizations and “its power is vastly underutilized.”
The second section covered Selecting Malware-Resistant Software. You can’t combat malware, if the software being used doesn’t work or is hard to administer. Lenny went over what considerations you should account for when selecting software… What is your operating system? 32-bit vs. 64-bit? What is the depth of installation? Is it easy to update? How is the anti-virus integration? What are vendor service and support levels?
The third section was Enterprise Patch Management (On a Budget). Every piece of software in your organization, no matter how well written, will most likely have some sort of exploit or vulnerability that will be found somewhere in the future. As a result, this software will need to be occasionally patched or updated. This section went into how to remediate these vulnerabilities. Patch management organization, reasons for test labs, Windows Server Update Services (WSUS), MSI packages and several more topics were discussed.
The fourth section went over restricting user processes. By placing certain restrictions on system, we could hope to block the spawn and spread of attacks. What privileges groups and/or users have and how they work is also covered. Should you whitelist? What are the different strategies to use? They were all discussed in this section.
The fifth section explored how to harden existing applications. This showed exploits and gave recommended settings on software that almost every system in your organization should have. Internet Explorer, Firefox, Adobe Acrobat and Microsoft Office were thoroughly discussed. This section was good in that not only did it show you how to handle these vulnerabilities at a system level, but also Lenny gave tips on how to handle the “political” hurdles of implementing these policies.
The sixth and final section, Restricting Malware-Related Network Traffic, covered network filtering. The first thing that came to mind here was firewalls. That was discussed, but there were so many other elements involved also. The pros, cons and recommendations for intrusion protection systems, proxy servers, DNS domain blocking, remote access gateways, IPsec and the built-in Windows firewall were explored.
A lot was learned in this course over the period of two days. You would definitely come away being more paranoid. Your eyes would be opened to the sheer multitude of vulnerabilities. The greatest thing I took away from it however, was the confidence to tackle the problem. It seemed like a giant insurmountable wall at the beginning. By the end, you’re eager to take it on, because you have the tools and knowledge to attack back. In addition to the knowledge, this course, like many offered by The SANS Institute, kept you engaged and interested.
Information Security Consultant
Article source: http://www.ethicalhacker.net/content/view/369/2/