Total System Compromise
Total System Compromise (TSC) takes participants with no or little previous offensive security (hacking) skills and turns them into competent ethical hackers to target networks, web applications, software packages, and end users. The course focuses on the proper use of tools and techniques that provide the student with a comprehensive overview of offensive security. The class make no assumption of prior knowledge but moves quickly from the proper use of fundamental tools to advanced hacking techniques including fuzzing, shellcode creation, and manual exploitation through discovery and weaponization of buffer overflows.
TSC teaches current hacking techniques through a series of intense hands-on exercises, group discussions, tool exploration, and guided walk-throughs. The class covers modern attacks for both network and web systems. Given the "zero entry" starting point and amount of material covered, TSC can be taken as a comprehensive stand-alone course or utilized as a solid foundation for any advanced security training.
TSC utilizes a structured approach to assessing the security by employing a three phase, tool-driven methodology composed of: 1) Information Gathering; 2) Scanning; and 3) Exploitation. Each phase will include best practices and detailed instructions covering the seminal tools required to complete the attack. Utilizing this methodology to explore both network and web-based attacks students are armed with the knowledge required for Total System Compromise.
- Information Gathering with Google Fu, MetaGooFil, the Harvester and Maltego
- Network Port Scanning with Nmap including advanced techniques utilizing the Nmap Scripting Engine
- Network Vulnerability Scanning with Nessus
- Local and remote password cracking with John the Ripper, Hydra, Medusa, and Rainbow tables
- Network Exploitation with Metasploit and the ExploitDB
- Web Application Scanning with Zed Attack Proxy (ZAP)
- Web Application Exploitation with Burp Suite, sqlmap, and cURL
- Software exploitation and buffer overflow weaponization with fuzzing, shellcode, and payload delivery
- End user hacking with the Social Engineering Toolkit (SET)
SANS Hosted are a Series of Classes Presented by Other Educational Providers to Complement Your Needs for Training Outside of our Current Course Offerings.
If you have additional questions about the laptop specifications, please contact firstname.lastname@example.org.
|Who Should Attend|
This course gives every participant a strong skill set in several attack vectors. It doesn't matter what area of technology or security you are in, you will surely find something new and exciting in this course! Upon completion, students are well positioned to hack live targets and take on even more demanding trainings.
Basic Linux abilities are ideal, but everything will be covered in class. An understanding of TCP is good, too, but not a deal breaker. It's also a good idea if you understand how HTTP works, but we will cover that too. So if you're interested in learning about a wide range of attack tools and techniques, then jump in!
*CPE/CMU credits not offered for the SelfStudy delivery method