CHASE-2007 Conference on Hacking and Security
Home | Talks | Training | Register | Contests | Venue | Sponsors | Team | Archives | Press | Contact Us |
English | اردو

Call for Papers
Call for papers for CHASE-2009 is open. Please submit your papers as early as possible. Deadline is Friday September 04, 2009.

Training
There are four tracks of training available in CHASE-2009. Discount applicable if you register early. Please see details here.

International Participants
Partial or full travel funding is available for speakers coming from outside of Pakistan. FREE boarding and lodging for all the international participants. Please see details here.

Registration
If you wish to attend the talks or would like to attend the trainings, please register here as early as possible. Discount applicable if you register early.

Free Internet and Gaming
Free access to the Internet will be provided during the event. Further, there is an arrangement of bzflag gaming competition among the interested participants.

Sponsors
Open Source Resource Center - PSEB
ESecurity
Netmag
Nexlinx

Would like to sponsor?
Please click here

Mailing List
Please join our mailing list to get latest updates and information
groups.yahoo.com/group/ChaseMela/
Takhtee
An education and social project that we endorse. Please visit the page for more information.

CHASE-2009 | Conference On Hacking And Security
Friday-Tuesday, November 06-10, 2009, Lahore.

Training Track-2: Hacking 101

Training: Hacking 101
Trainer: To Be Decided - Esecurity
Duration: Two Days - Saturday and Sunday November 07 - 08, 2009.
Cost: See below. Discount applicable if you register early.

Early
Before September 25, 2009		 Regular 
Before October 23, 2009		 Late
After October 23, 2009.
Rs. 15,000/- Rs. 20,000/- Rs. 25,000/-

  • Lunch and two tea breaks are included.
  • At the end of training you will get:
    • Certificate of completion of training.
    • CD with all the programs and tools.
  • FREE boarding and lodging for all foreign participants.
  • Please bring your laptop when you come to attend the training session. Limited number of computers are available for those who cannot bring a laptop.
  • It would be preferable if you have linux on your laptop but it is not required.
 How To Register
Please download and fill Training Registration Form and post along with payment to the address given in the form.

After you have posted the registration form, please send an electronic copy to the email address given below:

register AT chase DOT org DOT pk

A confirmation email will be sent once the post has been received. After the payment has been successfully transferred, a receipt will also be posted to your address as well which you should produce at the time of the event.

Training Overview
The perception of a hacker or an information security professional in the eyes of general public and even the learned is that of an individual who has a collection of some secret tools and hacks computers and networks sitting on his computer and that this can be learnt easily practising the tools.

However, there is more to hacking and information security. Apart from knowing the right tools for the job, it involves the right thinking and the right mindset. Also, one needs to learn and master the steps involved in a penetration testing scenario. Each job presents a unique scenario and one must adopt one's thinking choosing the right tools for the job.

Like all other professions, there are various skill levels of hackers and information security professionals. If a hacker is expert in network penetration testing, the other may be an expert in web application assessment. Expertise in any particular area, however, requires, knowledge of some fundamentals. This training package is meant to walk the participants through these essentials and basics of hacking and information security so as to form the basis of their later development in specialized areas.

This hands-on training is meant for computer science and engineering students, professionals and researchers. A little knowledge of network protocols and programming is desired.

The training will include practical demonstration with hands-on sessions with many well-known and less-known programs used for the job. This also includes programs developed by the trainer himself.

Training Content

A broad outline of the training is given below:

Module 1: Penetration Testing Methodologies

  • Open Source Security Testing Methodology (OSSTMM)
  • Key elements of OSSTMM
  • Other penetration testing methodologies (i.e. CHECK, OWASP)

Module 2: Footprinting

  • Defining Footprinting
  • Information Gathering Methodology
  • Google Search for Company’s Info
  • Footprinting Through Job Sites
  • Name Lookup
  • Gathering DNS Information
  • Gathering Website Information

Module 3: Scanning

  • Definition of Scanning
  • Types of Scanning
    • Port Scanning
    • Vulnerability Scanning
  • Objectives of Scanning
    • Check for live systems
      • How to do it with a number of tools
    • Check for open ports
      • Nmap a host with variety of scan types
      • TCP Communication Flags
      • Three Way Handshake
      • SYN Stealth / Half Open Scan
      • Stealth Scan
      • Xmas Scan
      • FIN Scan
      • NULL Scan
      • IDLE Scan
      • ICMP Echo Scanning/List Scan
      • TCP Connect / Full Open Scan
      • UDP Scanning
      • THC Scan
      • SandTrap Tool
    • Banner grabbing/OS Fingerprinting
      • OS Fingerprinting
      • Active Stack Fingerprinting
      • Passive Fingerprinting
      • Active Banner Grabbing Using Telnet
    • Identify Service
    • Scan for Vulnerabilities
      • How to do it with a number of tools
    • HTTP Tunneling Techniques

Module 4: Enumeration

  • What is Enumeration
  • Techniques for Enumeration
  • Netbios Null Sessions
  • Enumerating and exploiting NetBIOS with tools for the job
  • SNMP Enumeration

Module 5: System Penetration

  • Cracking Passwords
    • Password Types
    • Types of Password Attacks
    • Passive Online - Wire Sniffing
    • Offline attacks and tools for the job
    • Microsoft Authentication - LM, NTLMv1, and NTLMv2
    • Kerberos Authentication
    • What is LAN Manager Hash?
    • Salting
    • Tools for the job
    • Password Sniffing
    • How to Sniff SMB Credentials?
    • Sniffing Hashes Using LophtCrack
    • SMBRelay Weaknesses & Countermeasures

Module 6: Sniffers

  • Definition of Sniffing
  • Protocols Vulnerable to Sniffing
  • Sniffing Tools
  • Types of Sniffing
    • Passive Sniffing
    • Active sniffing
  • ARP - What is Address Resolution Protocol?
  • ARP Spoofing Attack
  • How Does ARP Spoofing Work?
  • ARP Poisoning
  • Mac Duplicating Attack
  • Tools for ARP Spoofing
  • MAC Flooding
  • Tools for MAC Flooding
  • Threats of ARP Poisoning
  • Sniffer Hacking Tools (dsniff package)
  • DNS Poisoning Techniques
  • Types of DNS Poisoning
    • Intranet DNS Spoofing (Local network)
    • Internet DNS Spoofing (Remote network)
    • Proxy Server DNS Poisoning
    • DNS Cache Poisoning
  • Interactive TCP Relay
  • Various types of sniffers for different jobs and their demonstration
Trainer: Muhammad Farooq-i-Azam
Mr. Muhammad Farooq-i-Azam has a degree in electrical engineering from the University of Engineering and Technology Lahore [He studied at the constituent college at Taxila which is now University of Engineering And Technology Taxila] and then a M.Sc. in Computer Science from the Punjab University College of Information Technology, University of the Punjab, Lahore. He has served in Pakistan Atomic Energy Commission for some years where he was in-charge of the Computer Center at the head office and had a chance to work with some of the most state of the art computers and machines. Apart from this he was also associated with a classified ;-) project to get the nuclear touch.

Mr. Muhammad Farooq-i-Azam has been working with computers since they appeared in Pakistan. He has extensive work experience with computer networks and Unix based systems, Solaris, VAX/VMS machines and various distributions of Linux. He also designed and developed his own Intel 8086/8088 based Single Board Computer while at Pakistan Atomic Energy Commission for which he wrote its own operating system entirely in assembly language.

Lately he has been working on the development of packet sniffers, which are low level tools, used to capture and dissect packets off the wire. He is also a member and project admin of the IPGRAB project, which is a respected packet sniffer, distributed with Debian Linux originally authored by Mike Borella. IPGRAB can decode a large number of protocols and can sniff packets in promiscuous mode. It is one of quite few projects distributed with a Linux distribution for which source code contribution is made by Pakistan as well.

http://sourceforge.net/projects/ipgrab/

He is also an active supporter of Free and Open Source Software and believes in FOSS philosophy for Pakistan. He has conducted numerous trainings on computer and Internet security.




Main Sponsor

Sponsor     Sponsor

Sponsor     Sponsor
  © CHASE 2006-2009,