Consulting & Training - Nethemba

Security Services

Consulting & Training

01

Consulting & Training – we offer the following courses:

Basics of encryption technologies and their implementation

TRAINING DESCRIPTION

The “Basics of encryption technologies and their implementation” course is suitable for the technical staff of a company. The main goal is to become familiar with the basic understanding for the proper deployment of technologies utilizing cryptography. In the world of digital communications and the need for privacy, it is necessary to have available experts controlling interactions and context. By using incorrect method, security will be weakened – It allows for reading or modification of transmitted data and could reduce the speed. This would cause infrastructure investments to be squandered. It is necessary to realize that your data or your customers’ data are transmitted over a public space, so the only real protection is suitably selected cryptography. This course also provides appropriate training for engineers and the requirements imposed by law for cyber-security.

Training language: English or Czech
Suitable for: technical staff of a company
Time range: 1-2 days

MAIN TOPICS

* Basic terminology
* Relationship between open text, encrypted text, hashes, compressed text, used combinations and random text, mistakes in implementation and leakage in previous categories
* Random number generators, symmetric and asymmetric algorithms, hash function, use and errors in implementation
* Main standards and their importance
* Implementation of cryptography (ASIC, FPGA, specialized chipsets…), throughput and normalization
* Cryptography in SSL/TLS – server/client, browser and platform support
* Results for testing SSL/TLS
* Analysis of different VPN technologies
* Hardening – examples, performance, recommendation
* Technology in real life

Digital Privacy Protection, Security Basics for Managers and Company Owners

TRAINING DESCRIPTION

Digital privacy protection course is suitable for all managers and company
owners who care about digital privacy and do not want to rely on easily
exploitable communication, e.g. unencrypted email communication or vulnerable
GSM calls.

Course participants learn how they can easily protect their private or
business sensitive informations against third parties using strong
encryption of their devices (PC, smartphones, tablets) and their communication
(encrypted emails, instant messaging, voice).

The inevitable part of this training is also a practical demonstration
how to deploy all mentioned privacy technologies and start to use them
immediately.

MAIN TOPICS

Hardening of operating system (Windows / Linux)
* full disk encryption
* security updates
* firewall, antivirus, antispam configuration

Data encryption
* filesystem / file encryption, using hidden volumes
* how to delete files / format disk in secure way

Hardening of mobile platforms (iOS / Android )
* full disk encryption
* installation of privacy-aware and verified applications
* security updates
* firewall, antivirus configuration

Communication encryption
* email encryption using PGP a S/MIME
* instant communication encryption using Jabber / OTR
* voice encryption using SRTP/ZRTP a SIP/TLS
* encryption of all traffic using VPN

Secure and privacy-aware browsing
* using various security plugins (https everywhere, adblocks etc)
* validation and interpretation of HTTPS signatures
* alternatives search engine to Google
* privacy protection on social networks

Secure privacy-aware webmails
* using secure privacy aware email servers

Anonymization techniques
* anonymous access to Internet using Tor and I2P
* pseudo-anonymous payments using cryptocurrencies (like Bitcoin or Litecoin)

1-day MobileAppSec Training

This training is primarily targeted at security of iOS and Android applications and web services.

Main Topics
* introduction to iOS and Android platforms, platform security model
* anatomy of applications
* setting up a test environment, jailbreak, root, emulator
* tools and applications
* decompilation, class-dump, sensitive information in the source code and application archive
* file system, data storage, used file types, SQLite
* Keychain – problems, data dumping
* runtime analysis and modifying of iOS applications using cycript
* detection of jailbreak and root and evasion techniques
* runtime analysis using tools such as Snoop-it, Introspy, iNalyzer, DroidBox, Drozer
* analysis of network traffic, proxy settings, certificate pinning
* web services, architecture and data formats (REST, SOAP, XML, JSON)
* vulnerabilities specific for a web services (parser attacks, replay attacks, injection attacks)
* problems with cryptography
* problems with URI schemas
* using GDB
* demo: Damm Vulnerable iOS Application, GoatDroid

1-day Network Security Training (IPS, Firewalls, Honeypots)

Firewall and ISP is now standard equipment for perimeter of network infrastructure protection. The goal of the course is describe the types of firewalls and their use, IDS / IPS technology of used systems, methods of detection and their options. Furthermore a variety of ways of circumventing and tunneling, such as fragmentation attack, tear drop, SSL encryption, IPv6, Teredo IPv6, TCP cheksum forgery, but also obfuscation and also skype and DNS tunnel are discussed. Another related issue is IPsec VPN, IKE phase and use of weaknesses of aggressive VPN mode negotiation to obtain the encrypted key. In the chapter on honeypots their role in detecting intrusion attempts is mentioned. Possible measures are outlined at the end.

1-day “Wifi” Security Training

The course describes the most widely used wireless technology, a description of all the common mistakes and attacks, as well as practical demonstrations of the most used applications and recommendations ensuring wireless networks.
The training consists of two parts – the first is theoretical, the other is mostly practical, which includes the description of attacks and practical demonstrations.
The course covers most of the known vulnerabilities and attacks they describe.

TRAINING DESCRIPTION

Wireless connectivity and communications are an integral part of communication. Wireless networks are becoming a challenge for hackers who use bugs and vulnerabilities to gain access to the wireless network infrastructure. Wireless Hacking helps IT professionals to test, develop and implement a secure network to understand the current security vulnerabilities and understand the planning and execution of attacks by hackers in their favor. This course will help participants understand how to improve the security of WLAN referencing attack methodology and also to understand the importance of penetration testing as a first defense. The course focuses on the description of the standard and its essential elements and in terms of safety, security vulnerabilities 802.11 description, methods of abuse and hardware and tools to be used in Windows and Linux environments. The fly in the post options are passed to the VPN option attack, attack option for the management of AP itself and the possibility of tunneling. Finally, the possibility of detection, recommendations and countermeasures are discussed.

MAIN TOPICS

802.11 a / b / g / n – Description of specific layers, physical, line, the task description frameworks. The overlap of other technologies.

SSID – Its purpose, parameters, options in the security.

Authentication and its species. Open network authentication architecture, PSK, 802.1X authentication (Cisco LEAP, PEAP, EAP-TLS, EAP-FAST) and 802.11i

Encryption – Description of open networks and WEP, WPA, WPA2. Description VPN.

Filtering – MAC filtering, its role and capabilities.

Attacks

Passive attacks – network monitoring, interception and analysis tools for data transfer

Attacks on authentication-attacks on encryption, DoS attacks, false wireless network

Principle MITM fake AP, attack on authentication (LEAP), Assault (WEP IV and PTW), WPA (2), WPS, Tools for breaking ciphers

Testing security management used AP

Tunneling Connection

PRACTICAL PART

This section will cover all known attacks and a practical demonstration of the use of vulnerabilities will be made.

Aircrack http://www.aircrack-ng.org/

Kismet http://www.kismetwireless.net/

Cain http://www.oxid.it/

coWPAtty http://wirelessdefence.org/Contents/coWPAttyMain.htm

BurpSuite http://portswigger.net/burp/

EWSA http://www.elcomsoft.com/ewsa.html

OCLHASHCAT http://hashcat.net/oclhashcat-plus/

2-days Web Application Security Training

Our 2-days intensive Web Application Security training includes Web Application Security basics, description of all known web vulnerabilities and a practical demonstration of their exploitation. It also covers more advanced techniques like Javascript/SQL code obfuscation, advanced web server hardening and the real attack scenario – from the attacker’s anonymization, through dumping and cracking password hashes to the cleaning logs and backdooring operating systems.
The training consists of two days – the first one is more theoretical, the second one is mostly practical where the practical exploitation of the already described vulnerabilities is demonstrated. The course covers OWASP Top Ten and even more vulnerabilities and attacks that are described in the recent OWASP Testing Guide, including the new ones discovered in the recent months (e.g. HTTP pollution attacks).

Training language: English or Slovak
Suitable for: Web application developers, system administrators

The scope of the course – the first (theoretical) day

Web Application Security basics – SOP (Same Origin Policy), whitelisting, blacklisting, least-privilege concepts, input/output validation, DNS pinning, browser security principles, etc.
1 Injection Flaws
Comprehensive description of common injection vulnerabilities focused on XSS (reflective /persistent / dom-based / universal) and SQL injections (normal, blind, time-based).
LDAP/XPath/XML injection, HTTP Splitting/Smuggling/Cache poisoning, second-order injection vulnerabilities and HTTP pollution attacks.
Misuse of injection flaws – how these vulnerabilities can be practically exploited and how the targeted application and its users are affected.
Brief description of classical overflow attacks (heap, stack, format).
Fixing injection flaws in the most popular programming languages (Java, Ruby, C#, PHP, Perl) – prepared statements, HTML quoting, filtering, 3rd-database layer architecture, whitelisting, using Web Application Firewalls (WAF).
2 Authentication, Authorization and Session Management Vulnerabilities
Asymmetric cryptography / SSL basics.
How it is possible to sniff unencrypted credentials, ARP cache/poisoning basics.
HTTP Basic / Digest, using SSL client certificates.
Methods for user enumeration (remember password functionality, registration form, ..) and how to implement securely these forms..
Analysis of CAPTCHA effectiveness and its security (description of replaying attacks).
Common problems of Multiple Factors Authentications.
Brute force attacks (using wordlist / incremental) against authentication and session management.
Bypassing authorization schema, privilege escalation, path traversal.
Session Management vulnerabilities, logout and browser cache issues, using simultaneous connections.
Analysis of cookies entropy, cookies flags. Cross Site Tracing (XST) attacks.
Comprehensive description of Cross Site Request Forgery (CSRF) attacks including ways how
exactly to perform these attacks. Analysis of various anti-CSRF solutions – their advantages
and disadvantages. Session Fixation attacks.
How to implement secure authentication, authorization and session management.
3 Business Logic
Typical security issues and weaknesses in the business logic of the application.
4 AJAX and Web Services
Dom-based XSS vulnerabilities, XMLHttpRequest cloning/MITM attacks. XML/JSON injections.
5 Denial of Service
Network and HTTP protocol specific denial of service attacks.
Web Application denial attacks including locking of customer accounts, spidering and measuring the slowest part of the application, flooding with “remember password fuctionality” emails, SMS messages, etc.
6 Advanced Web Server hardening
Description of Web Application Firewalls (including the open-source ones like mod_security for Apache, Web Knight for IIS).
OS hardening – using SELinux, file system encryption, logging.
Web server hardening – web server chrooting, PHP/Java hardening, disabling weak SSL ciphers and algorithms, enabling SSL client certificates.
7 The most common vulnerabilities in modern web applications
Description of most common vulnerabilities and security issues we revealed during recent 3 years in our penetration tests and comprehensive security audits.
8 Code Obfuscation (special bonus)
Javascript and SQL code obfuscation techniques.
Practical demonstration how to create obfuscated nonalphanumeric javascript code.

The scope of the course – the second (practical) day
In this day we practically demonstrate the exploitation of the previously described vulnerabilities.

1 Injection Flaws
Blind, time-based, numeric and string SQL injections, reflective, persistent, dom-based XSS vulnerabilities.
2 Authentication, Authorization and Session Management Vulnerabilities
Bypassing Path Based Access Control Scheme, Data Layer Access Control and Business Layer Access Control.
Spoofing of an authentication cookie.
Exploiting weak session management and hijacking a session.
CSRF attacks in practice – sending arbitrary GET/POST request using HTML elements,
HTML POSTs in hidden iframes.
Exploiting improper error handling.
3 AJAX
Client Side Filtering, XML and JSON Injection. Dangerous Use of Eval function.
4 Web Application Attacks in practice
How the common real application attack looks like including achieving the attacker’s anonymity, looking for SQL/XSS injections, SQL code obfuscation, cracking the hashes, various ways of exploiting admin web interface, local root escalation, cleaning the traces, backdooring.
5 Used tools and frameworks
OWASP WebGoathttp://www.owasp.org/index.php/Category:OWASP_WebGoat_Project
Damn Vulnerable Web Application http://www.dvwa.co.uk
BurpSuite http://portswigger.net/burp/
WebScarab http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project
Tamperdata http://tamperdata.mozdev.org/
Firebug http://getfirebug.com
FoxyProxy https://addons.mozilla.org/en-US/firefox/addon/foxyproxy-standard/
For the complete list of testing tools seehttp://www.owasp.org/index.php/Phoenix/Tools

Penetration testing course using Metasploit Framework

Very unique penetration testing course that demonstrates advanced features of the Metasploit Framework

Material: Metasploit exploitation

SELinux course

Advanced SELinux training from SELinux basics to advanced administration, SELinux policy creation, practical demonstration on RH EL

Material: SELinux course slides for download

Training time: 2 days

Web Application Vulnerabilities and Attacks

Theoretical presentation of new web application attacks, vulnerabilities in new web application, rules of secure web application programming, securing PHP.

Material: How the Common Real Application Attack Looks Like

New Web Application Attacks

Vulnerabilities in New Web Applications

Securing PHP (in Slovak language)

Training time: 1-3 days

Practical Web Attacks

Practical demonstration of most common web application vulnerabilities.

Material:Practical Web Attacks

Training time: 1 day

Others

In addition to the above trainings, we are able to prepare any training in security technology according to the customer wishes in the following areas:

  • Footprinting
  • Scanning
  • Enumeration
  • System Hacking
  • Trojans and Backdoors
  • Sniffers
  • Denial of Service
  • Social Engineering
  • Session Hijacking
  • Hacking Web Servers
  • Web Application Vulnerabilities
  • Web-based Password Cracking Techniques
  • SQL Injection
  • Hacking Wireless Networks
  • Virus and Worms
  • Linux Hacking
  • Evading IDS, Firewalls, and Honeypots
  • Buffer Overflows
  • Cryptography
  • Penetration Testing