Blogger Widgets

About Ash Hacker

My photo
I am a social-techno-learner which believes in its own efficiency first and then implements with the suggestions of my strong and enthusiastic Team which helps me takes everything into its perfection level.

Thursday, 17 May 2012

How to hack?, This is the same question that is asked to me every single day. Infact it's one of the most searched and widely spoken topics on the internet. There are tons and tons of guides and how to's available on the internet related to hacking and pentration testing. However, the problem is that unless you can't learn how to hack unless you don't practice the stuff you learned.  Which brings us to the next question, Where do I practice what I learn?

Another problem with today's Ethical hacking and penetration testing courses is that they fail to offer real world attack scenario in order for the students to practice and learn in a much better way. Most of the courses you would find on the internet would commonly suggest you the following for the lab.

1. Backtrack (Attacker)
2. Windows Xp (Victim)

And you would end up practicing on a vulnerable target of your choice, However penetration testing in the real world is extremely difficult and require creative thinking and you are faced up against lot of different security mechanisms such as Firewalls, IDS, IPS etc.
Recently this week I came across a Penetration testing course that gravitated my attention in the first look. The name of the course is "Codename: Samurai Skills".

"Codename: Samurai Skills" by ninja sec team is a medium level penetration testing course which provides students with a good base of both theoretical and practical knowledge. The approach of this course is similar to elearnsecurity and offensive security.

The whole course is divided into eight different modules. Each of the modules contains a PDF material along with the videos related to the topic. The course starts by giving a solid introduction related to Penetration testing, different types of approaches and methodology. The next chapter directly dive into the practical demonstrations of various penetration testing tools on backtrack related to information gathering.

Module 3: Scanning and Assessment

the author does not only introduces you to different types of scanning tools and methodologies but also provides handy tips in order to bypass different types of protections such as firewalls, IDS etc.

Module 4: Network Attacking Techniques

 In this module author introduces the students to various types of different network attacking and exploitation techniques. Going beyond just using ms08_067_netapi exploits which is a common exploit used in almost every training.  The module also covers topics like network password cracking, man-in-the-middle, ARP spoofing, password sniffing and common targeted protocols.

Module 5: Windows & UNIX Attacking Techniques 

This module introduces the student to various types of vulnerabilities inside windows xp found inside windows Xp hashing mechanism. The module also talks about unix attacking techniques. However, I was expecting a bit more of material related to UNIX attacking techniques.

Module 6: Windows & UNIX Post-Exploitation Techniques 

This module covers Windows and Unix post exploitation techniques in depth introducing the student to various topics such as meterpreter, privilege escalation, local password cracking, impersonation, routing / pivoting and other topics, for both Windows and UNIX.

Module 7: Web Exploitation Techniques  

This module is the longest module of all with around 5 hours of practical demonstrations. The module starts by   explaining various scanning and application footprinting techniques. Right after the scanning part the author directly dives the students inside web application exploitation techniques such as SQL injection and Blind SQLi, File Upload and Remote File Include (RFI) vulnerabilities, Command Injection, Cross Site Scripting (XSS) (both reflected and stored), and Cross-Site Request Forgery (CSRF).

Module 8: Windows Exploit Development

This module was by far my favorite as the instructor has done tremendous job in explaining the windows exploit development process.  The module covers a step by step process of development of a buffer overflow exploit.  The instructor has made the complex exploit development process look so easy for the students that even script kiddies can learn it with a little bit of effort.

The ninja-sec team also offers a certificate for any one who completes the following lab challenges:

The end goal is to collect a key.txt file inside of impossible network.


No comments:

Post a Comment


You Are Welcome Heartly.......
Blogger Widgets