Install Snort by yourself and make sure of detecting basic attacks.
Configure and run open-source Snort and write Snort signatures
Configure and run open-source Bro to provide a hybrid traffic analysis framework
Use open-source traffic analysis tools to identify signs of an intrusion
Write your own rule for detecting concrete signatures in network traffic in SnortIDS or SurricataIDS.
Test anomaly detection preprocessor for Snort – PHAD.
Install OSSIM (opensource SIEM) and setup it to collect events. Setup event correlation.
Write tcpdump filters to selectively examine a particular traffic trait.
Use the open-source network flow tool SiLK to find network behavior anomalies
Use your knowledge of network architecture and hardware to customize placement of IDS sensors and sniff traffic off the wire.

1) Introduction to intrusion detection systems (IDS).

Common theory on network attacks
Classifying attacks
First generation of IDS – history of creating and capabilities
Current generation IDS – capabilities and setup
Test – Try to install Snort by yourself and make sure of detecting basic attacks

2) Signature-based IDS algorithms.

Purpose of creating signature-based algorithms
Understanding of detection process
Signature-based algorithms benefits
Signature-based algorithms restrictions
Typical application for such algorithms
Test – Try to write your own rule for detecting concrete signatures in network traffic in SnortIDS or SurricataIDS

3) Statistical anomaly-based IDS algorithms.

Purpose of creating anomaly-based algorithms
Understanding of detection process
Anomaly-based algorithms benefits
Anomaly-based algorithms restrictions
Typical application for such algorithms
Test – Try to setup and test anomaly detection preprocessor for Snort – PHAD

4) IDS with artificial intelligence anomaly detection.

Purpose of creating AI-based algorithms
Understanding of detection process
AI-based algorithms benefits
AI-based algorithms restrictions
Typical application for such algorithms
Methods of bypassing IDS with anomaly-based IDS

5) Typical methods of bypassing IDS.

Methods of bypassing IDS with signature-based IDS
Methods of bypassing IDS with anomaly-based IDS
Methods of bypassing IDS with AI-based IDS
Test – Try to bypass SnortIDS with one of methods described

6) Understanding SIEM-systems underlying principles and event correlation.

Mission of SIEMs
Understanding SIEM architecture
Event correlation algorithms
Benefits SIEM gives
Restrictions and typical problems with SIEM systems
Comparison of currently presented SIEMs on market
Future of SIEM and IDS development
Test – Try to install OSSIM (opensource SIEM) and setup it to collect events. Setup event correlation

Exploiting VoIP Systems WORKSHOP

This workshop will introduce the VoIP world to the reader, with a particular focus on the network protocols used by VoIP systems and the security holes belonging to them.
The reader will see both theoretical and practical aspects about VoIP attacks and relatives countermeasures. Several activities will be explained step by step in the following lessons. In particular, after this workshop the reader will be able to:
– setting up a Private Branch eXchange (PBX) – such as Asterisk – and softphones – such as ZoIPer and X-Lite -, in order to set up a basic VoIP telephone call between two end points;
– understanding the Session Initiation Protocol (SIP) and Real Time Protocol (RTP). These are the two main network protocol and they’re used by all VoIP systems;
– knowing about several VoIP attacks and performing some of that.

1) Introduction to VoIP and its protocols:

In this lesson the author will accomplish an easy introduction to the most used VoIP protocols: SIP and RTP. The first one is used in order to set up a call, it’s a telephone signaling protocol. With SIP a caller can make a call to a called by mean of a PBX. The latter is RTP, it’s a protocol used by a VoIP bearer which is in charge of audio/video signal transport from caller to called.

2) Test Plant activities:

In this lesson the author will explain to he radear how to accomplish the installation and configuration of Asterisk, which is one of the most used free PBX. Moreover the author will explain to the reader also how to install and configure free softphones. At the end of this lessons the reader will be able to set up a basic call between two end points.

3) Footprinting, Scanning and Enumeration:

In this lesson the reader will learn how to look for a target VoIP network and then how to scan (with several techniques) it, in order to find out exploitable devices. Furthermore, the lesson will threat all that activities that should be done in order to discover the different typology of devices belonging to a VoIP network.

4) DoS attacks:

In this lesson the reader will learn about DoS methods applied to VoIP systems. At the end of the lesson the reader will know the most used techniques and tools used in order to accomplish these kinds attacks.

5) Flooding attack:

This lesson is focused on those methods used in order to disturb a VoIP network by mean of a wide number of packets which have the goal to avoid that the targeted network works fine.

6) Telephone Tapping:

This lesson will explain to the reader how to listen a call between two VoIP end points. This kind of attacks are really important, since by mean of them the privacy of the telephone call could be violated by the attacker.

7) Telephone Tampering:

This lesson will threat the methods used in order to inject malicious signal into the RTP altering the telephone conversation. The author will show how to accomplish this attack to the reader.

8) Fuzzing:

This lesson will do an overview about fuzzy techniques used in order to test the robustness of a VoIP network. Some tools will be reported by the author in order to introduce them to the reader.
The previous lesson titles and their topics here reported could be slightly modified by the author during the workshop.
Finally, the author discharges each responsability about an inappropriate use of the informations here reported.

Journey In The World of The XSS WORKSHOP

Detect and exploit XSS vulnerability;
Understand the real risk behind this kind of of vulnerability;
Impress your customers with awesome Proof of Concept far beyond the classic pop-up.
Useful Javascript functions to exploit XSS.
Write your first XSS exploit.
Detect the vulnerabilities that allow you to perform XPS attacks.
Common tools useful during a pentest to perform XSS attacks.

1) XSS Attacks

Introduction to web application security
Introduction to XSS Attacks
Types of XSS
Causes of XSS
Risks that result from XSS attacks
Useful Javascript functions to exploit XSS
Test

2) Detect the vulnerabilities that allow you to perform XSS attacks

Detect the vulnerabilities that allow you to perform XSS attacks
XSS Attack Vectors (HTTPWEB Based)
XSS Reflected VS Stored
DOM based XSS
How to trick users
Write your first XSS exploit
Test

3) XPS practical example

Introduction to XPS Attacks (Cross Protocol Scripting)
XPS Attack Vectors
Introduction to scapy
Network Packet manipulation with scapy
Detect the vulnerabilities that allow you to perform XPS attacks
XPS practical example: linksys 0day introduction
Test

4) XSS Filter evasion

Introduction to XSS Filter evasion
Filter evasion via “unusual” attack vector
Filter evasion via character encoding
Example of filter evasion
Common tools useful during a pentest to perform XSS attacks
Test

Metasploit Framework WORKSHOP

How to apply the incredible capabilities of the Metasploit Framework in a comprehensive penetration testing and vulnerability assessment regimen, according to a thorough methodology for performing effective tests.

Deploy a fully sand boxed network running on Virtualbox to do all the testing you need.
Using Metasploit to gather information than you can use in your advantage.
Run a fully functional lab environment for your penetration testing
Real life example on how to create a back door.
Use auxiliary exploits to get credentials from our target.
Create, manage and connect your Metasploit to multiple databases.

1) Recreate a fully functional network for present and future testing

Deploy a fully sand boxed network running on Virtualbox to do all the testing you need;
Have a fully exploitable server at your disposal;
Configure and use a full functional Checkpoint firewall;
Deploy your Metasploit framework with Kali Linux;
Configure and deploy a fully working Cisco Router;
Grasp basic navigation concepts and commands of the Metasploit Framework;
Recreate a fully functional network for present and future testing.

2) Scanning

Using Metasploit to gather information than you can use in your advantage;
Advance scan techniques using specific Metasploit modules and leverage that with the use of our database;
Scanning: how to use some of the auxiliary scanning modules existing already on the Metasploit Framework.

3) Create, manage and connect your Metasploit to multiple databases

Run a fully functional lab environment for your penetration testing;
Work your way around Metasploit cli;
Create, manage and connect your Metasploit to multiple databases;
Work with Workspaces;
Use some of the auxiliary exploits in the discovery process;
Run network scans from inside Metasploit;
Save results inside a workspace;
Use auxiliary exploits to get credentials from our target.

4) Building a Windows 7 machine

Real life example on how to create a back door;
Building a Windows 7 machine;
Coding fundamentals.

There are 3 Metasploit tools you need to became familiar with:

msfpayload – This is a command-line instance of Metasploit used to generate and output all of the various types of shell code available in Metasploit. This is mainly used for the generation of shell code for an exploit not found in Metasploit or for testing different types of shell code and options before finalizing a module. It is an excellent mix of different options and variables.

msfencode: This is another great tool in the Metasploit kit for exploit development. Its main use is to encode the shell code generated by msfpayload. This is done to suit the target in order to function properly. It may involve transforming the shell code into pure alphanumeric and getting rid of bad characters and encoding it for 64-bit targets. This can be used to encode the shell code multiple times; output it in various formats such as C, Perl, and Ruby; and even merge it to an existing executable file.

msfvenom: Technically speaking, msfvenom is a combination of msfpayload and msfencode. The advantages of msfvenom include a number of standardized command-line options, a single tool, and increased speed.