"BackTrack to the Max" is a course designed for seasoned security professionals who want to learn about the inner workings of BackTrack. Topics such as offensive scripting, VPN auditing, Software Exploitation, Web Application Auditing and more are discussed. This course gives an advanced understanding of the penetration testing process -using BackTrack - and is a highly recommended course for security auditors.
 
What Is BackTrack?

BackTrack is the result of the merging of two Innovative Penetration Testing live Linux distributions - Whax and Auditor. BackTrack has been dubbed as the best Security Live CD today, and has been rated 1st in its category, and 32nd overall in Insecure.org. Based on SLAX (Slackware), BackTrack provides user modularity. This means the distribution can be easily customised by the user to include personal scripts, additional tools, customised kernels, etc.

This course will be taught using BackTrack 3 which has yet to be released as a stable version. Until then try the Ethical Hacker Network's version of BackTrack 2, the only official version of BT with Metasploit 3. It is also packaged as a VMware Virtual Appliance for the ultimate in learning convenience.

Certification Information

Students attending this class will be able to take the 'BackTrack to the Max' certification Challenge online after the course ends. The challenge can be scheduled up to the end of Aug 2008.

---

Overview:

The first real hurdle during an external pentest is cracking the organizational perimeter. Back in 2003, the average RPC remote exploit would do the job, however this is not the case anymore. Defensive security technologies have adapted themselves to the harsh reality of the internet, and security awareness is on the steady increase. “Cracking” the organizational perimeter is getting harder and harder as time goes on.

“BackTrack to the Max” is an intensive, hardcore, hands on Security class by the creators of Backtrack designed to take you through advanced, modern day “Perimeter Cracking” scenarios ‐ all based on the award winning live Distribution ‐ BackTrack 3. The course is composed of several "hardcore drilldowns", such as bypassing ASLR during exploit development, injecting malicious code into files under Windows Vista, bypassing Antivirus systems, practical Cisco GRE sniffing attacks, VPN attacks, etc ‐ all based on the award winning live Distribution‐ BackTrack 3.

The course is heavily laced with the “do it yourself” approach, and will expose you to the raw underlying mechanisms of the various attack vectors, enhancing your skills in these areas significantly.

Topics Covered:

• The 0day angle:

     o Fuzzing with spike

     o Basic shellcode development

     o Working in limited buffer spaces Egghunters

     o Practical exploitation methods (under Vista)

     o Developing client side attacks

• The Web Application angle:

     o Code analysis to pwnage – PHP based analysis

     o SQL Injection revisited – ASP based analysis

• The Network Infrastructure angle:

     o Bypassing ACL’s using spoofed SNMP packets

     o Common VPN attacks

     o Remote packet sniffing over GRE tunnels (demo)

• Trojan Horses:

     o Backdooring PE files under Windows Vista

     o Simple “Super Trojans” – Bypassing Personal Firewalls with 15 lines of code

     o Antivirus Avoidance

Course Prerequisites:

o Students need to be comfortable in Linux ‐ We'll be using BackTrack during the whole course as our attacking platform. Navigating through directories, executing scripts and tools and writing basic bash scripts are the basic skills expected from the student.

o A solid understanding of TCP/IP and various network services (DNS, DHCP, etc).

o A fair understanding of penetration testing methodology and familiarity with common tools of the trade and attack vectors (basic SQL injection, password attacks, etc).

o An understanding of the mechanisms behind Win32 Buffer Overflows.

o Knowledge of a scripting language (Perl, Python, Ruby) is recommended, but not required.

Who should attend?

“BackTrack to the Max” is a highly technical course aimed at security professionals. People with entry level “hacking” security certifications in need of modern and practical real world penetration testing experience and insights should attend. This is not an entry level course. Students are expected to be familiar with the basic methods and methodologies of an attack as a prerequisite.

Lab Description

This course includes complex hands on labs throughout the training. All students will be provided with pre‐configured VMware machines for the duration of the course for a personal and in depth learning experience. We will break Windows 2000, XP SP2, Vista and Cisco – all using a special version of BackTrack 3 specially designed for this course.