Yesterday evening, I had the opportunity to attend a sneak preview of the SANS SEC561 Course on Immersive Hands-On Hacking Techniques.

This is the first time SANS is introducing the course to Australia and hence they are presenting this sneak preview. The sneak preview was only for 4hrs whereas the actual course runs for 6 days.

The main feature of this course is that it is very hands on, about 80% hands on according to them.

The full course content is:

  • Day 1 – Security Platform Analysis
    • Linux Host and Server Analysis
    • Windows Host and Server Analysis
  • Day 2 – Enterprise Security Assessment
    • Network Mapping and Discovery
    • Enterprise Vulnerability Management
    • Network Penetration Testing
    • Password and Authentication Exploitation
  • Day 3 – Web Application Assessment
    • Web App Recon and Mapping
    • Server-Side Web Application Attacks
    • Client-Side Web Application Attacks
    • Web Application Vulnerability Exploitation
  • Day 4 – Mobile Device and Application Analysis
    • Mobile Device Assessment
    • Mobile Device Data Harvesting
    • Mobile Application Analysis
  • Day 5 – Advanced Penetration Testing
    • Anti-Virus Evasion Techniques
    • Advanced Network Pivoting Techniques
    • Exploiting Network Infrastructure Components
  • Day 6 – Capture the Flag Challenge

For this evening’s preview, we only covered two of the many topics:

  • Linux Host and Server Analysis
  • Password and Authentication Exploitation

The way the course was run was that we were all given a xubuntu VM which we ran on VMWare Player and using a web browser, log into netwars. There we created an account each and went through the questions in Level 1 and Level 2.

The questions required us to put our hacking cap on and find ways to retrieve the flag or gain access to certain files that our current logged in user does not have permission to. Whenever you answer a question correctly, you gain points; if you get it wrong, you lose points and there is also the option to ask for hints to assist with answering the question. Each hint reveals a little bit of information and the more hints you request, the more points get deducted from your score.

It’s like a game and on the projectors at the front of the class is a score board to show how everyone is going.

There were about 50 people in the class and when we were doing the Linux Host and Server Analysis topic, I was doing pretty well, ranking around 5th place in the class. However when we got to the Password and Authentication Exploitation topic, I struggled and ended up finishing in 11th Place.

It was a great evening of fun and learning and I’ll definitely be considering doing the full course.

Below is a sample of some the questions that were in Level 1 and Level 2.

Example Level 1 question:

Motivation: File resources we view and access regularly can embed sensitive data that is not immediately accessible. By investigating hidden data within a file resource, we can gain added insight into the structure and use of files.

Question: Find the file /home/shared/PenTestBlog_2.docx. Approximately how many times an hour does the author of this document save their work?

Example Level 2 question:

Motivation: Always crack hashes when you have them, since you are never sure when an where they might be useful. Also, cracking passwords is a good way to verify the target’s password policy and discover where the policy may be lacking.

Question: What is Marvin Kirsch’s (mkirsch) password on