Hackveda Summer Training 2014 - Ethical Hacking, Networking & Security

Day1: Hacking windows 7 / 8 system and security Part1

a.)
b.)
c.)
d.)

Windows Login Password Bypass manually without CD / DVD

Windows Login Password Bypass with Installation Media
Windows Login Password Bypass manually by Windows Misconfiguration
Hacking windows passwords in Plaintext using DLL Injection Attack
Day2: Hacking windows system and security Part2
a.)
b.)
c.)
d.)
e.)

Understanding NTFS filesystem and implementation

Hacking Driver Signatures Check
Manual Bypass NTFS filesystem permissions to access every file
Privilege escalation attacks on Windows Accounts
Hacking Netbios to hack RPC and IPC protocols to access all

Day3: Hacking windows system and security Part3

a.)
b.)
c.)
d.)

Creating antivirus-proof virus program to hack windows systems

What hackers look for after a successful hack
Access violation attacks and management
Implement: Security policy and logging to prevent hacks

Day4: Memory Hacking and Analysis Part 1

a.)
b.)
c.)
d.)
e.)
f.)

Basics of RAM, ROM, Flash Memory, Hex-Binary & more

Convert windows files from binary to hexadecimal
Capture file-signatures and convert to Original Binary file
Make memory dump of RAM manually on windows system
Make memory dump of ROM, hard-disk & USB manually on windows
Analyze memory dump in hex editor and manually recover original files

Day5: Memory Hacking and Analysis Part 2

a.)
b.)
c.)
d.)
e.)
f.)

Recover all processes, commands executed on windows to identify attacker

Recover all kernel memory and objects: drivers, mutants, files & modules
Recover all network connection info to identify attacker- who, when, how?
Recover information stored in registry: passwords, hashes and much more
Recover system crashes and identify problem and solution
Manually recover all deleted and formatted data from disk drives for evidence

Day6: Linux Hacking and Security

a.)
b.)
c.)
d.)
e.)
f.)
g.)

Hacking Linux login accounts manually

Privilege escalation attacks on Linux
Manually sharing files between Linux / windows machines
Understand block devices and filesystem of Linux
Making memory dump of RAM / ROM of Linux machines
Hack Linux Processes, Kernel memory and objects
Hack networking & system information of Linux machines

Day7: Malware Analysis on Windows / Linux System

a.)
b.)
c.)
d.)
e.)
f.)
g.)

Find hidden, injected malicious malware codes in memory

Understand Pool Tag, Regular Expression, ANSI & Unicode Strings
Scan tag, regular expression, strings in memory bytes of user & kernel
Scan user and kernel services to identify virus, Trojans and malwares
Identify hidden virus DLL files using virtual address descriptor technology
Reverse engineer malware code from memory & get executed functions
Identify api-hooks in user and kernel mode

Day8: Basics of Practical Networking Part 1

a.)
b.)
c.)
d.)
e.)
f.)
g.)
h.)
i.)
j.)

Basics of networking Hardware: Cables, Switches, Routers

Basics of collision domains in networks
IP Addressing basics: IPv4 vs IPv6
Mathematical conversion for networking: Binary <-> Digital
Class based IP Addressing & Classless inter domain routing
Understand why subnet mask is used in networking
Understand OSI, TCP/IP & Four Layer Model in Networking
How packet travels in LAN. Why switch? Concepts of ARP & TCP
How packet travels in WAN. Why router? Concepts of ARP & TCP
Capture Network Packets and Analyze using Wireshark.

Day9: Basics of Practical Networking Part 2

a.)
b.)
c.)
d.)
e.)
f.)
g.)
h.)
i.)

Create a New Custom Network using Virtual Network Adapter

Create a New Virtual User Machine and connect to network.
Create a Mac table manually in Windows and Develop Switch and switching.
Create a Linux Router / CISCO router and connect to custom network
Add internet connectivity to router and set a default gateway.
Add new network adapter to router.
Setup NAT on the router
Setup router as a DHCP Server for allocating IP addresses in Custom Network
Provide internet to internal network machines using our own created router

Day10 Network hacking Day 1

a.) Setup a Client Server architecture on IPv4 Between Windows/ Linux
/ Android
b.) Setup a basic chat system with TCP packets containing Text Data
c.) Implement Bind Shell and Reverse Shell concept of Hacking over
Networks
d.) Create your own virus reverse shell program in C and have fun with
others PCs
e.) Create a reverse shell payload using Metasploit
f.) Create an antivirus-proof meterpreter virus and hack computers on
lan & internet
Day11 Network Hacking Day 2
a.) Eavesdropping attack to re-route packets and capture
to get HTTP / HTTPS passwords from Facebook, Gmail and other websites.
b.) Capture packets and Data Modification attack on Networks
c.) Manual IP Address spoofing attack to hide Attacker Identity
Day12 Network Hacking Day 3
a.)
b.)
c.)
d.)
e.)
f.)

Manual Denial of Service and Distributed attacks over Websites and Servers
Create Application Layer attacks : Terminate Apps and Operating Systems
Create and Copy Viruses throughout network using compromised machine
Create your own Network Simulation
Create a Router Forgery Attacks using fake router reply
Create a IP delay, IP dropping attack to slow down a Big Network

Day13 Mobile Hacking

a.)
b.)
c.)
d.)

Create a virus program for Android Mobile over Internet

Hack Calls, Contacts, Sms, Facebook, Whatsapp, Gmail and other important database
Learn Concept of Memory Technology Devices in New Generation Mobile Devices
Generate Memory dump of MTD Devices and export for Analysis using Hex editor and recover
all files, images, media, databases , passwords, pins, patterns and others
e.) Bypass pattern lock, pins and passwords on mobile devices
f.) Privilege escalation attack on Android mobile devices
Day14- Exploitation and Shell-coding Techniques Part 1
a.)
b.)
c.)
d.)

Understand stack, buffer and overflow conditions

Buffer overflow attacks over programs
How to construct Shell-codes and use for buffer overflow attacks
Shellcode execution and get root on compromised machine

a. Learn address randomization and Return Oriented programming

b. Create printable shell-codes
c. Stack Heap Collision attack over programs
Day15 Advanced Metasploit Techniques Part 1
a.)
b.)
c.)
d.)
e.)

Understanding Metasploit code writing and execution architecture

Identify a vulnerability in a program
Create custom exploits for Metasploit and execute successful exploitation
Create a Mediocre Custom Exploit for exploitation and add to Metasploit
Understanding Advanced Custom Exploit Writing Techniques

Day16 - Exploitation and Shell-coding Techniques Part 2

a.)
b.)
c.)
d.)
e.)
f.)
g.)

Heap Exploitation attacks on New Generation Programs

Exploiting malloc() memory function
Exploiting free() memory function
Understand and overwrite PLT entries
Understand adapted shell-coding
Difference between Old and New glibc improved versions
Bypass DEP and ASLR on latest glibc versions available

Day 17 Website / Web Application Hacking and Security

a.) Understand website and web app architectures
b.) Database concepts and practical sql injection
c.) PHP architecture and exploitation, upload shell and Enjoy
Day18- Website / Web Application Hacking and Security
a. ASP architecture and exploitation , upload shell and Enjoy
b. JavaScript based exploitation, upload shell and Enjoy
c. Understanding other advanced attack vectors possible
Day19 Web Server Hacking and Security
a.) Windows Server Exploitation, Compromise, Privilege Escalation and Persistence
b.) Linux Server Exploitation, Compromise, Privilege Escalation and Persistence
c.) Understand other available web servers and there attack vectors
Day 20 Tracking Hackers on Websites / Web Server and Security
a.)
b.)
c.)
d.)

Tracking Hackers live on website and web server using advanced techniques
Create an application to implement persistence cookies and script injection
Advanced security logging on web server for security
Advanced Log analysis for attacker identification using: Logparser and Highlighter

1 August 2014 - Certificate Distribution Program-2014

Best Ethical Hacker Position (1-3) | Best Presentation | Best Application | Best group
Wining Prize: Android Tablet for the following Categories
A.) Best Ethical Hacker of Hackveda ST-2014 Position 1
B.) Best Application of Hackveda ST-2014
Other Prizes: Digital Goodies
A.) Will be provided to all winners of the Hackveda ST-2014