The following training classes will be available before SyScAN’05:
Attacking and Defending Web Application by Shreeraj - NetSquare
Windows Overflow by Dave Aitel – Immunity
Auditing Microsoft RPC by Dave Aitel – Immunity
Digital Forensic by The Grugq
Attacking and Defending Web Application
| Title: | Attacking and Defending Web Application |
| Duration: | 2 days |
| Trainer: | Shreeraj from NetSquare |
| Training Fee: | US$500 per student including lunches and tea-breaks |
| Requirement: | Students with laptops if wanted to make interactive Hands on training. |
| Content: | Beginning with an introduction to Web applications, the participants will be offered an insight into web hacks and their resulting effects, followed by thorough assessment methodologies and defense strategies for varying environments. |
Introduction to web applications
• Components of a web application
• Basics of web technologies and protocol information
• Evolution of technologies and impact on security
• Understanding other basic web security-related concepts
• Learning tools like netcat, achilles etc. to understand its usage and
• application. (Hands on for the group)
Web Hacking – Areas of attack
Various attacks will be covered in detail with demonstration followed by hands on exercises. Following is a brief list of attacks.
• Cross-site scripting attacks
• SQL Query Injection
• Session Hijacking
• Buffer Overflows
• Java Decompilation
• HTTP brute forcing
• Trojan Horses and Malware products
• Form Manipulation, Query Poisoning
• Input Validation,Parameter Tampering
• Authentication
• Information leakage
• File operations
• Client-side manipulations
• Cryptography
• Error/Exception handling
Attack and Defense strategies
• Impact of attacks
• Risk analysis
• Countermeasures
• Defense strategies and methods
• Assessment Methodology and Defending Applications
• Reconnaissance – Profiling a web application
• Black-box and White-box testing
• Exploiting vulnerabilities
• Defending applications
• Secure coding strategies
Web Services Assessment
• Footprinting
• Discovery
• Technology Identification
• Attack vector for web services
• Defense methods
Hands-on:
The training program will end with an “assessment challenge” – a live Web Application.
Working with time constraints, participants are expected to analyze the application, identify and exploit
loopholes and apply all defense strategies learnt, to secure the application.
Digital Forensic
| Title: | Digital Forensic - Windows |
| Duration: | 2 days |
| Trainer: | The Grugq |
| Training Fee: | US$500 per student including lunches and tea-breaks |
| Requirement: | Students with laptops. Forensic software will be provided. |
| Content: | Using a task oriented approach; students will learn digital forensic analysis techniques and methodologies that can be applied immediately. During the course, strong emphasis is placed on technical understanding and skills. |
The first day focuses on a thorough examination of the digital forensic analysis process.
Centered around this process, and using extensive laboratory exercises, the class will learn how to:
• Acquire digital evidence
• Perform systems analysis
• Extract digital artifacts
• Build a case
• Present findings
The second and third day is dedicated to deep level knowledge training. During hands on “File System Intensives”, students will learn the on-disk structures of several file systems, including NTFS and FAT. Students will learn how perform a digital forensic investigation, picking the right tools at each phase with complete knowledge of how those tools operate.