Hacktrix 2007 - International Security Conference

[vineetind]

International Security Conference - Hacktrix 2007

http://www.mkcl.org/hacktrix/


Organized by
Maharashtra Knowledge Corporation Limited, National Anti Hacking Group and Hackers Center.

Pune , Ahmedabad , Mumbai, Thane

HackTrix 2007 aims to focus on "offensive" hacking techniques, as well as defensive security methodologies designed to combat them. The conference will allow attendees to refine their capabilities, potentially leading to awareness of the general skill-level of hackers.


Who Should Attend?

CTOs,Network/System Administrators, Security
Professionals/Analysts and IT Pros.


Why Should I attend?
· To get to know hacker's approaches and get
familiar with the latest threats/vulnerabilities
and how you can secure your Network and Web
Applications.
· Not just to fulfill a requirement by current
employer, as part of your personal career path
and to earn certification for increased
creditability.

What I will get ?
· To stay current with hacking/Security skills and
to increase efficiency/knowledge for your current
project.
· Exclusive study material along with tools/exploits
· Certificate of Attendance


Agenda
Imagine being part of a security revolution and not just as a passive observer, but at the very centre of it all where the action is. If the very thought excites you, then read more...
HackTrix 2007Agenda

15/07/2007
Pre-Conference Workshop (1 day)

16/07/2007 to 18/072007
Conference: System Hacking (3 days)

19/07/2007 to 20/07/2007
Conference: Web Application Hacking (2 days)

Timings
2PM to 7:30 PM

Speakers
1. Armando Romeo (Italy).
2. Jordan Thomas (Chicago)
3. Yash Kadakia (Germany)
4. Vineet Kumar
5. Umesh Tiwari
6. Vipin Kumar
7. Nitin Kumar
Conference Schedule
Pre-Conference (Free for all )
Duration: 1 day

Pre-Conference
Introduction to the Course
Security Awareness
General Introduction to Hacking
What does a hacker do?
Vulnerabilities
Exploits
HTTP Protocol Basic
Legal Perspective


System Hacking
Duration: 3 days


Day 1
Collecting Information on our Target
Time: 45 minutes
Passive and Active methods:
Google, Netcraft, VisualRoute, Scanners, Fingerprinting, Identifying Assets, Footprinting, Competitive Intelligence

Extended Network Mapping
Time: 45 minutes
An analysis of various techniques used for network mapping:
Passive and Active resources, DNS mapping, Spidering Tools, Nmap techniques, Traceroute Hop Mapping

Collecting Information on Old and New Vulnerabilities
Time: 15 minutes
Identify and use various sources of information about new and old vulnerabilities:
Securityfocus, Milw0rm, Securiteam, IRC, etc
Vulnerability Classification

Protecting Anonymity while Hacking
Time: 1 hour 15 minutes
Various techniques for Covert Hacking:
Proxy servers, Socks, Wingate, Shell Accounts, Tor, Anonymizers, SSL Proxy, SSH Tunneling
Analyzing the anonymity of a proxy server, Covering tracks

Vulnerabilities
Time: 2 hours
Encrypted communication lines, Firewalls and Routers, Web servers (Apache/IIS), Applications, Databases, IPSEC, VPN, ACLS, Web server administration systems, Database management systems

Corporate Product Demo/Presentation
30 minutes
Briefing of Day 2
15 minutes

Day 2

The Typical Structure of a Web Site
Time: 30 minutes
Enumeration of the components of a web site and their inherent possible vulnerable points
Using tools such as Wikto, robots.txt etc

Introducing and Exploiting Most Common Linux Vulnerabilities
Time: 1 hour
SSH, SSL, Apache, Bad configurations, MAIL servers, FTP servers, Escalating privileges, Kernel Attacks, Covering tracks

Introducing and Exploiting Most Common Windows Vulnerabilities
Time: 1 hour
FrontPage extensions, Unicode, NetBIOS Hacking, Null Sessions, SQL server, Terminal Server, IIS, WebDAV, RPC Dcom, ASN exploits, ASP Trojans, File System Traversal, Prevention

Buffer Overflows: after decades, still one of the most severe vulnerabilities
Time: 1 hour
Stack Overflow, Heap Overflow, Format Strings Local Buffer Overflow, Remote Buffer Overflow

Man in the Middle: a particular category of attacks
Time: 45 minutes
ARP Poisoning, DNS Poisoning, ICMP Redirect, Man in the middle attacks

Passwords
Time: 30 minutes
Password Security, Hacking tools, Cracking passwords and their countermeasures

Corporate Product Demo/Presentation
30 minutes

Briefing of Day 3
15 minutes


Day 3

Exploiting Database Vulnerabilities
Time: 1 hour
SQL Injection, URL Poisoning, SQL Server vulnerabilities, SQL Database enumeration (MySQL/SQL)

Sniffing For Information
Time: 1 hour
Active sniffing, Passive Sniffing
Denial of Service Attacks
Time: 45 minutes
Types of attacks, Classification of attacks, Tools, DDOS, Prevention
Cross Site Scripting
Time: 30 minutes
Learn the basics of the Cross site scripting vulnerability, one of the most commonly found vulnerabilities

Social Engineering: Techniques and Psychological traps
Time: 15 minutes
Attack Against the User: Malware
Time: 30 minutes

Live Hacking Sessions
Time: 1 hour
Information Gathering Session
System Scanning and Enumeration Session
System Hacking and Backdooring Session
Linux Hacking Session
Black-Box Hacking Session

Corporate Product Demo/Presentation
30 minutes

Briefing of Day 4
15 minutes
Web-Application Hacking
Duration: 2 days

Day 4

Statistics on Web Server Attacks
Time: 15 minutes
Web Server Structure
Time: 15 minutes
Analysis of the structure and configurations of different web servers with relevance to exploitation

Classification of Web Application Attacks
Time: 30 minutes
Authentication, Authorization, Client-side Attacks, Command Execution, Information Disclosure, Logical Attacks

Collecting Information on Our Target: Google Hacking
Time: 15 minutes

Cross Site Scripting in Depth
Time: 45 minutes
Detailed analysis of Cross site scripting vulnerabilities, how they can be discovered, exploited and prevented
Exploiting XSS vulnerabilities to obtain:
Site hijacking, Session hijacking, Reprogramming network components, HTML principles and vulnerabilities

Cookie Manipulation
Time: 15 minutes

Backdoors with JavaScript
Time: 15 minutes
Analysis of JavaScript based backdoors

Remote Files Reading /Inclusion
Time: 15 minutes
Common Errors in PHP Applications
Time: 2 hours
Execution of arbitrary code, Execution of commands, File disclosure

Corporate Product Demo/Presentation
30 minutes

Briefing of Day 5
Time: 15 minutes

Day 5

SQL Injections
Time: 2 hours
Attacking a system using SQL vulnerabilities: Form bypassing, Database dump, Command execution, Gaining root access
Preventing SQL Injections via source code and database planning

Cross Site Request Forgery
Time: 15 minutes
Encoding Attacks
Time: 30 minutes
Bypassing IDS and filtering

Other Vulnerabilities

[bazigaar_no_1]

hey... whats the venue for it in Abad ? and what do I do to register ?
btw: I'm not an IT pro, I'm just a student... will I be allowed?

[vineetind]

Everyone's allowed....It's open for all...For venue details check www.mkcl.org/hacktrix

[24online]

it will be at pune....

http://hacktrix.hackerscenter.com/

More details coming soon...

[bazigaar_no_1]

hmmm... but u said in the post that abad is one of the venues... on the site it's not one of the venues ?

[vineetind]

For any queries you can contact Mr.Umesh Tiwari : 09822494156 or mail at hacktrix[a]mkcl.org with subject line as "Query "