I've a new lab and some students and I'm looking for serious and good hacking scenarios. (must be impressive, this gonna be my first session with these guys)
Linux and Windows, Do you have any good reasource or what's your recommendations ?
Thanks;
Full Version: Hacking Scnearios ?
the best resource for smth like this are either real-life scenarios encountered while pentesting or plain and simple your brain.... just think about it some time (uh well, actually more than a minute or two 
) and youŽll come to some kinda impressive and really b*tchy scenarios =) (at least i do) 
) and youŽll come to some kinda impressive and really b*tchy scenarios =) (at least i do)
What kind of scenarios?
Are you going to set up a box, forget to patch a few services and let them search the net for the exploits to crack in, make it even harder, make a few services vuln and then let the person who gets in secure the box.
Or you could consider giving each student the same base machine setup and say you've got an hour to go. The individuals have to choose between attack and leaving their own box secure or a mix etc, for more fun make the goal to totally disable the other users ability to get into their computer or something.
A thing I also just thought of was - give them a gateway machine or something, send thro traffic and let them see what they can do with it, tho this would be very hard to set up
Analysis of a hack you did via logs also seems to be a good one.
But realistically it depends on their level of skill, how much time you have, and also what you want out of it. Looking at real life famous hacks could be useful for ideas. Ones that come to mind are:
Kevin Mitnick
The guy who broke into the new york times (thro a badly configured proxy)
The ircbot idiots who crack into computers
Any multi level hack, so like sniff a password, use that to get a lower class level access on a box and then use an exploit to get root (similar to the one on was it debian, one of the linux distros who got hit this way a few months ago)
Consider the possibilities, hundreds oif em
Are you going to set up a box, forget to patch a few services and let them search the net for the exploits to crack in, make it even harder, make a few services vuln and then let the person who gets in secure the box.
Or you could consider giving each student the same base machine setup and say you've got an hour to go. The individuals have to choose between attack and leaving their own box secure or a mix etc, for more fun make the goal to totally disable the other users ability to get into their computer or something.
A thing I also just thought of was - give them a gateway machine or something, send thro traffic and let them see what they can do with it, tho this would be very hard to set up
Analysis of a hack you did via logs also seems to be a good one.
But realistically it depends on their level of skill, how much time you have, and also what you want out of it. Looking at real life famous hacks could be useful for ideas. Ones that come to mind are:
Kevin Mitnick
The guy who broke into the new york times (thro a badly configured proxy)
The ircbot idiots who crack into computers
Any multi level hack, so like sniff a password, use that to get a lower class level access on a box and then use an exploit to get root (similar to the one on was it debian, one of the linux distros who got hit this way a few months ago)
Consider the possibilities, hundreds oif em
Really good advices, Thanks...
Also I' going to read "Counter Hack: A Step-by-Step Guide to Computer Attacks and Effective Defenses", It seems good.
Real-Life examples are really great but most of them is not so exiting
Sessions will be long, I've enough time to do all of them.
Students are very good in programming area and they want to learn security. But I hope that they're good.
I'm planing to some scenarios;
1. Man in the Middle Attack (sniffing SSL and Proxy)
2. Compiling a well known exploit and entering a Win / Linux box, Also after enter how they can go out, transferring files basic usage of netcat etc.
3. SQL Injections and Web Security (Small demonstration of exploiting complicated login forms, switching users), May after this session I can show them how can they manipulate queries dump all data, Union samples
4. Sniffing in switched enviroments, Filtering data that you want
I know that most of them is pretty generic, so I'm lo oking for more.
Thanks and replys are welcome
Also I' going to read "Counter Hack: A Step-by-Step Guide to Computer Attacks and Effective Defenses", It seems good.
Real-Life examples are really great but most of them is not so exiting
Sessions will be long, I've enough time to do all of them.
Students are very good in programming area and they want to learn security. But I hope that they're good.
I'm planing to some scenarios;
1. Man in the Middle Attack (sniffing SSL and Proxy)
2. Compiling a well known exploit and entering a Win / Linux box, Also after enter how they can go out, transferring files basic usage of netcat etc.
3. SQL Injections and Web Security (Small demonstration of exploiting complicated login forms, switching users), May after this session I can show them how can they manipulate queries dump all data, Union samples
4. Sniffing in switched enviroments, Filtering data that you want
I know that most of them is pretty generic, so I'm lo oking for more.
Thanks and replys are welcome
You could also show your students how simple it is to prevent most of these attacks.
For example an simple exploitation on a windows box without firewall and the same thing with a firewall.
Your students could take a look through the firewall logs and learn how to identify an attack attempt.
For example an simple exploitation on a windows box without firewall and the same thing with a firewall.
Your students could take a look through the firewall logs and learn how to identify an attack attempt.
Even better: Set up a target box/network somewhere. Give somebody control of it, and it is the target for the other guys. The 'contest' runs for a week... And the defender can defend it however he chooses - in person whenever he has physical access to it [he can't take it home, etc] and/or giving Remote Admin devices etc his choice
that way it gives the attackers the more realistic option of any time within the week... day or night... to attack. think about it...
his choicethat way it gives the attackers the more realistic option of any time within the week... day or night... to attack. think about it...
Try these books mate
for both scenario and good explanation of tools/methos used/how to fix or defence
Hackers Challenge 1 & 2
Stealing the Network How to Own the Box
there are MANY other writen books like these but
as other friends mentioned before ,
the best one , is our ( your ) own scenatos
I had such camps before , in my country .
the most favor scenarios where those I did myself and explained them
for students...
why ? cus you can explain your works better than anyone else IMO
well , finally I`ve little experience of manageing such camps.
I would be glad to share , if u like...
for both scenario and good explanation of tools/methos used/how to fix or defence
Hackers Challenge 1 & 2
Stealing the Network How to Own the Box
there are MANY other writen books like these but
as other friends mentioned before ,
the best one , is our ( your ) own scenatos
I had such camps before , in my country .
the most favor scenarios where those I did myself and explained them
for students...
why ? cus you can explain your works better than anyone else IMO
well , finally I`ve little experience of manageing such camps.
I would be glad to share , if u like...
ask MsMittens 
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
