Hacking Hands-on

In this IT security workshop the participants will change ends and take the role of a hacker attacking servers and services within a prepared environment.

During the workshop we will play with different web applications waiting to be hacked. Many web apps have striking bugs that threaten the data of millions of users. You will learn about SQL injection, scripting issues, request forgery and more. We will also explore and use the Metasploit Framework, a tool that aids hackers at choosing and running exploits against one or many targets.

Every part of the workshop starts with a condensed introduction of the basics of the topic. After that, it's your turn! You have the opportunity to replay the demos and explore further techniques and possibilities of the exploit tools. Finally, you can attack and try to "pwn" servers with varying levels of difficulty in the lab environment. At the end of every unit we will discuss your findings and experiences together.

Requirements for participants[edit source]

You should be familiar with the Unix command line and the concept of manpages. A basic understanding of common web technologies and the ability to read scripting languages is helpful. Knowledge of TCP/IP and network services is also recommended.

Please have an SSH client (OpenSSH, PuTTY, MobaXterm, ...) ready on your laptop to connect to the lab environment. The operating system of your laptop does not matter. All necessary tools will be provided but you can of coure install additional software tools you want to play with.