I just returned to work following a two-week hacking class. Called "The Art of Exploitation: Bootcamp Edition", this class has pushed me through to the "aha" (I really got it) stage of what hacking really is and how it works. Definitely in the "red team" (attack) camp, this high intensity, short time frame "bootcamp" class went from basics to realistic, seriously complicated hacking within its modest two week time frame.
The two weeks started with a class intro and an overview of the hacking methodology -- getting to know your target, fleshing out the target's network and resources, collecting version information, identifying exploits etc. We began our extensive series of simulated labs with open source collection, proceeded through various forms of target "discovery", began identifying and exploiting vulnerabilities and tracking down the goods -- all the while focussed on the kind of discipline that would keep us stealthy and likely enable us to come back more easily to the target a second or third time.
One of the key strengths of the class is its focus on the basic techniques of exploitation. After all, known vulnerabilities will come and go, but the basic techniques (e.g., identifying targets, weaknesses and exploits, etc.) will remain the same for some time to come. So, better to learn the art than master a single tool.
We also learned that the difference between a low class hacker -- one that acts like a bull in a china shop -- and a professional is that the latter knows how to be stealthy, remain constantly vigilant about the conditions on the system on which he is working (lest they change) and causes no peripheral damage to the system. He gets in, gets out, gets what he needs and leaves quietly. He cleans up after himself and only leaves himself an easy way back in if he might need to return.
We did our share of cracking passwords, noticing the startling differences in the time required to perform basic cracks, use "rainbow tables" and attempt "brute force" methods. We tried some known exploits and found ourselves, almost in shock at the simplicity of it, sitting at root prompts. We drew diagrams to annotate how much we had discovered about each system we uncovered and/or compromised and to ensure that we didn't get confused about the mosre complicated connections we were using in our exploits.
New for me were many of the windows commands -- the nbstat, attrib, cacls and net view type commands that I might have never used. A brief "Oh, I didn't know Windows could do that ..." and I was moving on to more serious commands for mapping out a Windows domain, identifying domain controllers and getting a heavy dose of what can be discovered with just a handful of commands and tools.
The suite of tools we used in lab (too many to menion here) kept us busy and intrigued through a series of daily labs and hard hitting instruction.
Having gotten lost on to the way to class the first day (my Magellan couldn't locate the address I was given), I missed the intro that would have told me that keeping pace with this class was going to require more than just my attendance and daily participation, but also preparation and review outside of class hours. By the end of the two weeks, I was exhausted, but felt that I had, realistically, just completed Basic Training of the cyber kind.
The Art of Exploitation: Bootcamp Edition is highly recommended training for anyone who needs to understand how to penetrate systems and networks or hopes to stand a chance of protecting their digital assets against those who do.
You can find out more about The Art of Exploitation: Bootcamp Edition by visiting the new AOE University web site: