Think Like a Black Hat With Offensive Security 101
There are plenty of malicious hackers out there, so what makes you think you know enough to stop them? Unless you understand – really understand – how malicious hackers think and how their attacks work, how can you defend your network? How do you protect yourself against the unknown?
It's this line of thinking that's prompted the creation of Offensive Security 101, a course that teaches network administrators how to act and think like a hacker. It's run by the people behind Remote Exploit, the group responsible for BackTrack 2, a Linux security distro much favored by security professionals, penetration testers, and - how's this for irony? - blackhat hackers.
Mati Aharoni, Offensive Security's trainer, has been teaching security courses for over ten years. He also works for various Israeli military and government agencies on the side. "There are plenty of security courses out there, but what we have found is that people who have done them still lack practical knowledge," he says. "You can pass some exams like CEH (Certified Ethical Hacker) without ever having hacked a machine in your life. Seasoned network administrators know about risks like buffer overflows, but when push comes to shove they don't know how to do an attack based on one. And if you don't know how to work an attack you can't take appropriate measures to prevent them."
The course is delivered as three packages which are used concurrently. The first is a series of Flash files containing the course lectures themselves. Each one, lasting about five minutes, consists of a video of Aharoni's BackTrack 2 desktop as he explains and demonstrates various hacking concepts and exploits. Students are referred to external Web sites where detailed background information is available, although these should not be necessary if you're a network admin and have basic Linux skills. Accompanying these videos is a PDF containing course notes – essentially a written version of the lectures - and access credentials to the Offensive Security labs, of which more in a minute.
So what do you learn on the course? The best way to answer that question is to list the 16 modules that are covered. These are:
- Introduction to Backtrack 2's tools
- Google Enumeration
- Service Enumeration
- Port Scanning
- ARP Spoofing
- Buffer Overflows
- Using Exploits
- File Transfers
- Exploit Frameworks
- Client Side Attacks
- Port Fun
- Password Attacks
- Web Applications, including SQL injection
- Trojan Horses
- Windows Oddities
Amongst other things you'll learn how to discover machines on a network, identify what OSes they are running and how to find the vast amounts of information they are leaking to the world. You'll learn how to use a fuzzer and a debugger to discover buffer overflow vulnerabilities, and how to build payloads to exploit them. You'll learn how to create Trojans and upload backdoors to remote machines, how to download SAM databases from Windows servers, and how to use the Metasploit framework to own the machines on a network automatically.
It has to be said that teaching using a combination of video lectures and course notes is extremely effective. Aharoni is an excellent communicator, and he holds your attention while explaining difficult concepts. The video control interface is also very easy to use, so it's a simple matter to rewind a lecture and replay a particular point until the message is well and truly understood. The only drawback is that, as with any remote learning system, it's clearly not possible to raise a hand and ask a question as it would be in a real lecture room. If you do have particular questions, Offensive Security has its own IRC channel and forum, and Aharoni and other Offensive Security staffers are generally available to answer them, either on the forum or IRC channel, or by IRC private message. On the whole it's an adequate way of getting personal attention from the trainer.
As mentioned earlier, you also get access to the Offensive Security labs, and this is one of the most valuable parts of the course. The labs consists of a network of mystery machines, both Windows and Linux. (In fact this is not quite true - the labs actually consist of a number of virtual servers running in a cluster under VMWare so they can be restored in a matter of seconds if they are crashed or trashed by other students during the course of an exploit.) As you learn new hacking techniques, you can put them to the test legally on the lab machines, and you are expected to identify, hack and gain administrator privileges to as many of these as possible as the course progresses.
What's really interesting about Offensive Security 101 is that it is not just a matter of learning things and then sitting a multiple choice examination. It's actually much more like a puzzle. At the end of each module you're set a task – from compromising a machine, to infecting it with a Trojan to cracking the administrator password. Hacking some to the harder systems takes a great deal of thought and creativity to figure out where a vulnerability may exist, and how to take advantage of the vulnerability to exploit it. You're not told how to do it – you're just given the skills you'll need to figure it out ...
If you put in several hours a day the course is likely to take you three to four weeks to complete, and possibly several more if you find some of the tasks particularly tricky. You may plan to spend an hour or so a day studying, but be warned – the course is seriously addictive. When you are trying to attack a particular machine you'll find hours zipping by, and as new avenues of attack occur to you the last thing you'll want to do is get back to your normal work or switch off and go to bed. You can see – dare I say it – what the attraction of hacking must be to those who want to break in to systems just for the intellectual challenge of it.
What you can expect when you emerge, blinking, into the sunlight after solving the final tasks, is a far better understanding of network security than you had before. If someone asked you to hack a machine on an unknown network today, would you know where to start? Probably not. But do this course, and you'll be full of ideas, backed by the confidence that comes with many hours of experience.
Which brings us back to the point of the course, which is not hacking other people's networks, but securing your own. "There are many courses on network hardening. This is different," says Aharoni. "I believe that by viewing and experiencing the offensive side, the best way to defend your network becomes clear."
Conclusion: A very effective course which gives you practical knowledge and skills, and a good understanding of what hackers can do and what can be done to thwart them. At $400 including training videos, course materials, lab access and certification, it's also exceptionally good value for money.
For more information visit Offensive Security: http://www.offensive-security.com/training.php