If you are responsible to answer this question, you are engaged in the security of your company and therefore supposed to use hacking techniques to achieve realistic results. Break through the firewall, access the DMZ and the internal LAN network. Get yourself access to the Windows domain and administrator accounts. Access the ERP servers and the different VLAN’s and so on. You know how to do this, right? Don’t worry, Caribou360 is here to help!
It is quite important to know how you might get hacked instead of just updating your software and hope for the best or that your hosting provider knows what to do. Caribou360 offers awesome and fast web hosting too – just for the records. If you want to become the next “l33th4x0r”, you might want to take a look at the following courses:
c360sec.advanced
Footprinting
Which information is publicly available on the Net?
Hacking Tools
All about Kali Linux – Identify targets on the web.
Port Scanning
Find vulnerable targets.
Google Hacking
Use Google to find live targets.
WLAN
Learn how to hack a WPA2 secured network.
Exploits
How they work and the risks.
Mobile Security
Hacking Android and iOS.
Attacking Virtual Server
Man-in-the-Middle sniffing in a switched network.
DNS-Hacking
Redirect a website to another.
VPN-Hacking
Analyze the VPN Gateway for vulnerabilities and learn how to hack active connections to retrieve domain passwords.
SSL Hacking
Monitor and manipulate connections.
Website Hacking
SQL Injection, XSS / Cross Site Scripting.
Tunneling
Dodge Firewalls and Proxies and break out of a secured Network known as Calling home / Backchannel.
VoIP
Learn how to monitor (and secure) phone calls between VoIP clients and server.
Password Hacking
Hack Windows passwords via Rainbow Tables and decrypt website passwords.
Biometry
Learn how to fake Fingerprints to sign in on a Windows system.
Penetration Testing
Security Audits.
Forensic
Trace Hackers.
c360sec.professional
Web- and Firewall Hacking, Social Engineering
Current hacking software at a glance. Which information about users and administrators are important to the attacker?
• Automated information search of your company
• Information Gathering
• Personalize password lists using social engineering
• Automated web security scanner
• DNS Zone Stealing
• Identify vulnerabilities in the server and firewall by extended vulnerability scans
• Pivoting – access to the DMZ
Exploiting
• Windows, Windows Server
• DMZ Server
• Metasploit – important functions and access options
• Armitage
• Access to FTP server using Exploiting technology
• Password Stealing & cracking from the Windows Active Directory
Internal System
• Attacking ERP systems
• Access from the Internet, via the DMZ to the internal LAN – Reverse Proxy Chains
• Privilege Escalation – get extended admin privileges with normal user privileges
• Pass the Hash – Access a Windows system without cracking the password hash
• Advanced man in the middle attacks
• Bruteforce attack on terminal server
• Browser Hijacking
Even more
• VLAN Hacking – access other VLANs
• WLAN hacking using Rogue Access points
• Keylogger practice
• Listening to DECT calls
• Mobile Hacking Devices
Java, PHP, HTML 5 Security
• Identify and evaluate threats:
Who is attacking? Where does the attack come from? What are worthwhile goals?
• Burp Suite, Arachni, NetSparker, Nikto, Skipfish, ZAP and others
• Top 10 security risks for web applications
• HTML5 Security Practice
• SQL Injection, LDAP Injection, Command Injection
• Cross Site Scripting / XSS
• Spying on and manipulating users, taking over web pages
Web Application Firewall Hacking
Analyze sessions and find authentication and session management vulnerabilities
Direct access to sensitive Data
Read secret messages of the community management
Cross Site Request Forgery / CSRF
Force attackers to run your manipulated scripts
Configuration errors
Exploit open ports, unused services and typically misconfigured software
Vulnerable despite Encryption
SSL, md5, DES, SHA, Rainbow Tables
Access to privileged pages
• Are transmission paths really protected?
• Redirects and redirect supported phishing and other attacks
• Reviewing pitfalls, UTF-8 and other encodings, regular expressions
• Are your vulnerabilities already known to the attackers?
Google Hacking, Frameworks, Social Networks
Minimize risks
Regression tests
Create automated tasks to search for already known security issues.
c360sec.mobile
Spy software and how to protect yourself
Mobile Device Policy, BYOD
• Mobile Device Management Systems
• Identify unwanted systems and how to block them
• Apps as an attack vector
• Mobile Hotspot attacks
• Jailbreaks
• GSM attacks
• Forensically read data and secure it
• Skip local passwords
• Backdoors
• Fake SMS messages
• Web and SSL attacks
• Identify theft
Notebook Security
• BitLocker and Notebook Encryption hacking
• Hotel WLAN risks
c360sec.forensic
• Forensic today – numbers and facts
• Analysis of external and internal offenders
• Expiration of an attack from the perspective of the hacker
• Incident Detection Hacker
• Response: Forensic or system recovery?
• Incident Response: Procedure in case of suspicion
• Forensic Tools – commercial and open source
• Analysis of running systems
• Create forensic duplicates yourself
• Post Mortem Offline Analysis
• Forensic and virtual Server
• Mobile Devices
• Recovery of deleted or manipulated files
• Anti-Forensic: How to obscure attacks
Experts should take a closer look at https://www.enigmagroup.org/ to improve their skills even more. The Enigma Group offers more than 300 challenges and it is a great place to learn everything about hacking at your very own pace.
Caribou360 also offers remote Web- and IT-Security services!
Get in touch!