Who am I?
I've been working as a Security Operations Center (SOC) manager for a famous worldwide company and do research in the realm of security (malware analysis, network forensics, writing tools, …) during my spare time. I regularly publish tools reviews and posts about web hacking, penetration testing, network forensics, and network on aldeid.com and love to share ideas and research results with people like me all over the world. I’m also contributor to Backtrack (I’m the author of pytbull, an IDS/IPS testing framework).
How I came to the course?
Mohamed Ramadan is member of my community (http://www.aldeid.com/wiki/Community) and we've been in touch for more than 1 year. When he told me about his Samurai Skills Course, I have decided to attend it. I must confess I was immediately impressed by the consistency of this training and the amount of interesting things we can learn. I appreciated the educational approach where theory and practice are balanced in a suitable way. Moreover, Mohamed has excellent knowledges in network and penetration testing, what gives him an excellent credibility as instructor for this course. In addition, he knows BackTrack as his primary operating system. This training is covering all steps of a real-world penetration testing scenario and provides strong skills for anyone interested in becoming a Ninja penetration tester.
The material used for this course is a HTML/Flash based package containing embedded watermarked videos (to prevent from copy) in a Flash player. It should be compatible with any operating system. Each module contains a table of content on the left hand side that enables an easy navigation on the video, an appreciable feature (supports resume) when the course lasts many hours and that you don’t have the possibility to attend in one shot. I first thought that it would be nice to have a live session with every student in a room, but the material provides the great advantage of being able to view and review the course as many times as needed.
The training course is very well organized, covering all steps of a penetration testing campaign.
Module 1 - Solid Introduction to penetration testing
Module #1 is an excellent introduction to penetration testing, covering every basics a security professional should know before conducting a penetration campaign. In this module, you will learn what penetration testing is, what testing services means. It is also explained pentest types (white, black and crystal box), what fields pentest applies to (network, wireless, web applications, social engineering, mobile applications, …), the objectives of a pentest, types of vulnerabilities and exploits. Some online vulnerability resources are provided, tools (commercial and open source) are presented, as well as pentest methodologies and pentest reports.
Module 2 - Real World Information Intelligence Techniques
Module #2, about information gathering, provides social engineering techniques, a crucial step in a black box campaign. Mohamed not only introduces tools included in Backtrack, but also details online resources. During 2.5 hours you will learn a lot of things... To provide only an extract, this module is covering information intelligence techniques, explains how to organize gathered information (from tools and online resources), how to copy a company website, how to find relevant information from social networks, how to generate custom password files, how to map a company network, how to fingerprint applications, how to determine supported SSL ciphers, … At last but not least, there is an excellent explanation about DNS (terms, record types, DNS zone transfer, forward and reverse DNS, DNS attacks, …).
Module 3 - Scanning and vulnerability Assessment
Modules #3 is a very important module about Scanning and Vulnerability Assessment. Mohamed not only mentions appropriate tools and options, but also gives very detailed and appropriate examples with Scapy and Nmap. He also explains network basics that are useful to understand how scanning tools work and how to interpret results. It’s very smart to start wireshark or tcpdump while using the tools to analyze payloads that are sent as well as the responses. Also the examples of Nmap Scripts (NSE) are very relevant and explained with clarity.
Module 4 - Network Attacking Techniques
In module #4, you will learn some network attack techniques. It is explained how to use network password crackers, what tools to use for specific network protocols. Then, you will be provided with a very detailed explanation about ARP cache poisoning and Man In The Middle (MITM) attacks. A lot of real world scenarios are shown, including standard HTTP traffic, HTTPS traffic as well as RDP sniffing.
Module 5 - Windows and Unix Attacking Techniques
Module #5 is just incredible and passionating. Mohamed is reviewing all versions of Windows operating system from a security perspective, explaining pros and cons of each of these versions. He explains the evolution of these operating systems along with the protection mechanisms, basic command lines in Windows, the password manager system and storage mechanisms (LM, NTLM in different versions). Then you will learn how to take over a Windows machine by exploiting vulnerabilities, based on Nessus, Metasploit and the Social Engineering Toolkit. The examples are really relevant and appropriate because they are based on real world scenarios (e.g. browser exploit through malicious links posted on facebook). Then, Unix based systems are also reviewed. You will learn about the file structure, password storage, services, authentication mechanisms. Then Mohamed is explaining how to discover vulnerabilities on a Linux machine (based on Metasploitable) and take over the machine by exploiting the vulnerabilities. It’s certainly one of my favorites modules.
Module 6 - Windows and Unix Post Exploitation Techniques
Module #6 is focused on actions that an attacker is likely to do once he/she has successfully taken over a machine. Command line based tools are sequentially reviewed for Windows and Linux systems. It is also explained how attackers generally interact with the network to discover other hosts from the same domain, escalate privileges and gather data from the discovered exploited hosts. The examples are widely based on Metasploit and Armitage.
Module 7 - Web Exploitation Techniques
Module #7 is 5 hours session where Mohamed introduces some of the most common web applications vulnerabilities. It starts with an introduction about web application basics (client/server, HTTP protocol, request methods, status codes, tampering) and web application scanning and mapping tools and techniques. Mohamed gives some real examples of misconfigured servers (e.g. default installations) that disclose such information. Some web application scanners (open source and commercial) are also reviewed. After this very good introduction, we go in the heart of the module. While demos are too often limited to basic exploitations (e.g. reverse engineering of a database from a SQL injection), this course is a real *Ninja* training and Mohamed shows how to take over a machine, based on each of these vulnerabilities:
- SQL injection: real examples of misconfigured web servers, brief review of the SQL syntax, data retrieval based on a complete manual process as well as on automatic tools (havij, sqlmap), reading and writing files, executing system commands.
- File uploads: based on many examples (Damn Vulnerable Web Application, WackoPicko, ...)
- Remote and Local File Inclusions
- Command Injection
- Cross Site Scripting (reflected, stored): based on Social Engineering Toolkit, Metasploit and Armitage
- Cross Site Request Forgeries: based on BEEF
Module 8 - Windows exploit development
Module #8 about Windows exploits is a very detailed module, starting with an introduction about the basics (memory corruption, classes, exploits as well as an excellent explanation about exploit development, fuzzing techniques, …). Mohamed did an excellent job by detailing all steps to discover vulnerabilities in an executable file (identify vulnerability, offset, usable characters, …), write an exploit (fill in memory address, identify usable space, drop in payload, metasploit) and finally run it. You will also have more than a good understanding of tools like OllyDbg, WinDbg and Immunity Debugger.
My final word
This course is a fascinating adventure in real world penetration. The instructor has excellent knowledges and the examples are really well chosen. At the end of some of the modules, I was just like “wow, so good, I’m going to watch it again”.
I highly recommend this training to any one, being beginner in penetration testing and willing to improve its skills or already being aware of penetration testing techniques and willing to consolidate its skills (e.g. in the objective of a certification).
Congratulations to Mohamed for this excellent job.