News/Press
Company
Security Solutions
Security Services
Trainings
   
Trainings Overview
Hacking Extreme
Hacking Extreme Web Applications
Attacks and Countermeasures
Intrusion Detection and Prevention

Hacking Extreme*

Instructors: Marco Lorenz, Tobias Klein and Steffen Tröscher (all consultants at cirosec)

Length: 4 days

Contents:
You can achieve the best level of security if you know the attackers, have mastered their methods and tools and can understand their way of thinking and their motives. Security mechanisms (firewalls, IDS, etc.) are often planned and developed from only the perspective of an administrator or network specialist. However, the way an attacker view things is normally fundamentally different, which is why company networks can be successfully attacked time and time again. This intensive training course will convey in a very practice-oriented style the manner in which attackers proceed as well as well-known and not so well-known techniques of attacking, supplemented by numerous lab exercises. Participants will have access to notebooks with tools and exploits galore, much more than the usual scanner. We will be using Windows and Unix operating systems as platforms and target systems.
The trainers themselves carry out security checks on a regular basis and will pass on their own unfiltered practical experience and insider knowledge obtained on the "scene".

* The training session has been completely revised since September 2003. The contents are 90% different compared with the September 2003 training course.

Examples of topics covered:
• Traditional and advanced scanning techniques
• Firewall and IDS evading
• Load balancer spotting
• Traffic analysis
• Attacks against SSH and SSL
• Recognizing operating systems and architecture (active and passive techniques)
• Reverse engineering
• Collecting and evaluating service-related information
• Spoofing (in a switched environment)
• Sniffing (in a switched environment)
• Hijacking session (in a switched environment)
Man in the middle (in a switched environment)
• Targeted exploitation of badly configured services
• Buffer overflows (causes, functionality and description of concrete exploit examples)
• Format string vulnerabilities (causes, functionality and description of concrete exploit examples)
• Race conditions (causes, functionality and description of concrete exploit examples)
• Password cracking
• Backdoors (remote/local)
• Host hopping
• Website defacements
• Rootkits (traditional, LKMs)
• Logfile manipulation
• IIS-related vulnerabilities
• Win32-API vulnerabilities
• LM, NTLM, NTLMv2 vulnerabilities
• DLL injection
• Named pipe vulnerabilities
• Vulnerabilities in the Windows Message Service
• ...

Operating systems covered: Unix and Windows

Target group:
Administrators and security officers who are not afraid to view security through the eyes of attackers, diving deep into their world.
The training course should be viewed as an "advanced" course. The number of participants is limited to 10 people per course to ensure that learning is as effective and individual as possible.

Prerequisite:
So that all the contents described in the training course are clearly comprehensible, you should be familiar with the basic procedures involved in using and administrating a Windows and Unix system as well as the functionality of the individual communication protocols of the TCP protocol family. Any knowledge of programming would be a plus but is not absolutely necessary.

Maximum number of participants: 13 people

Price: 2.995,– €

Dates:
09 - 12 December 2008 Cologne
05 - 08 May 2009 Cologne
07 - 10 July 2009 Hamburg
06 - 09 October 2009 Stuttgart
10 - 13 November 2009 Hamburg
08 - 11 December 2009 Cologne

Place:
The training course will take place in fine, specially selected hotels:

• Hamburg: East Hotel
• Cologne: Hilton Hotel
• Munich: Novotel München City
• Stuttgart: nestor Hotel Ludwigsburg

We would be happy to reserve a room for you at a special rate in the hotel where the training course will take place.

Online registration

What previous participants say:

"The Hacking Extreme training course satisfied all my expectations. It was managed and held in a professional manner by highly competent individuals."
Tamino Fuchs, Coop Switzerland

"The training course did not promise too much. You got to know the "other" side in a spectacular way. This course is highly recommendable for all administrators, systems managers and security members. It doesn't matter if you come from the world of Unix or Windows, as both operating systems are addressed in detail. The timely topic of exploits and hacks is impressive. Another positive factor is the small number of participants. The instructors had enough time to answer each participant's questions and offer help during the practical exercises. All in all, I fully recommend this training course to others."
Holger Koch, Liebherr Logistik GmbH

"The training course is a must for all security admins. Following the course you hover between "I'll show 'em!" and "Ok - today's the open house." Valerian and schnapps should be handed out in the future. ;) You get great deal of food for thought from the point of view of hackers. No far-fetched attack practices, but rather, efficient procedures are shown."
Volker Kölz, BW Bank AG Stuttgart

"Hacking Extreme - three exciting, intensive days full of déja-vu experiences and surprises. I've been reading about it and suspecting it for a long time: Operating systems are vulnerable and hackers are just waiting to discover more vulnerabilities in the system or with the user. How it works was something I was able to experience directly in the course and try out for myself. The course instructors conveyed some pretty complex material with their great expertise and ability. The many examples and exercises allowed us to immediately comprehend the practical implications. The course offered very good transfer of knowledge and gave me a lot of additional knowedge that I can use sensibly for my company in my position as Information Security Officer."
Urs Schmid, Manor AG

"I liked the Hacking Extreme training course in Hamburg very much. The entire course gave the impression of being well-developed and sophisticated. The examples and exercises were interesting, striking and taken from the network world, and they worked continuously. By that I mean that you come across all the tools and exploits used during the course "in the wild", making them available to all "potential" attackers. The approach made it clear what information is essential for an attacker and how it can be obtained. The speakers were very competent and did not leave any questions open. Overall, a very pleasant, stimulating three-day training course, by all means worthy of a fourth day.“
Torsten Gödicke, Wer liefert was? GmbH

"Hacking Extreme" – a seminar that packs a punch is buried in these 2 words!
" Over these days I received knowledge concentrated at a high level. A splendidly organized seminar, extensive training documents and practical orientation afforded penetrating glimpses of the "other" side of IT. I was especially impressed how intelligent exploits and sound background knowledge – not 'fake' computers and automated 'hacking tools' on the script kiddy level (as we saw on the system in some 'hacking demos') – could be used to outsmart presumably 'secure' IT environments without leaving a trace! It was precisely that, extreme hacking. I fully recommend this seminar to others!"
Marco Marchand, Kommunale Informationsverarbeitung Reutlingen-Ulm (KIRU)

"Hacking Extreme was exactly what the name promised. It went beyond everything that you normally see and know. The topic of hacking IT systems is treated seriously, discussed and demonstrated in a manner that closely resembles reality. Not the usual method of instilling fear that you otherwise find, but rather, existing vulnerabilities and approaches to exploiting them are conveyed in a sound manner. The contents are very up-to-date and the tools used are 'state-of-the-art'. I recommend this course to anyone who deals with IT security in his or her job. He or she can get to know the reality of the otherwise prevailing theory and then be able to reassess the existing risks within his or her IT environment.
Andreas Wuchner, Global IT Security Manager, Novartis Pharma AG

Here's some more praise from me once again: The two-day Hacking Extreme course on IT defense was really great.
Although my many years of work in security have made me familiar with a great number of the products and techniques introduced, it was more than interesting to see both the old and new "hacking techniques", among other things, LIVE in practical demonstrations.
Information and entertainment value: 10 points
Alexander Rosswog, AGIS Allianz Dresdner Informationssysteme GmbH
image