PRICE: EUR1599 (early bird) / EUR1999 (non-early bird)
TRAINER: Mark 'van Hauser' Heuse (Founder, THC.org)
CAPACITY: 25 pax
COURSE DURATION: 2 days
This training course shows you how to perform penetration testing on IPv6 networks locally and remote - in theory and hands-on. Learn first hand from the developer of the tools and techniques that are specific for IPv6. Additionally, security in deploying IPv6 is teached from network design to firewall, router and system configuration hardening.
Today IPv6 is available on every desktop and every server, as all operating systems support IPv6. Most ISPs have started to make IPv6 available and on several continents you dont get additional IPv4 addresses unless you have an IPv6 rollout started.
This training explains the IPv6 issues, concentrating on the security vulnerabilities inherent in the protocol as well as configuration issues and implementation problems. Many known vulnerabilities are presented and students will be able to try them out themselves with supplied tools on the test network.
Then - switching sides - it is explained how to secure IPv6 systems (Windows, Linux, Cisco routers, Netscreen & Fortinet & ASA firewalls) and especially large networks including routing and how to solve the difficult firewalling questions which arise with IPv6. New advances like SEND, new DHCP6 developments etc. are included. The ratio of hacking vs. securing is 3:1.
Trainees will receive the current unpublished version of the thc-ipv6 protocol attack suite (which has more functionality than the public release). Because of the huge amount content, the training on the first day will be longer, and in the evening enjoy a free beer with the trainer and the rest of the group - so don’t plan anything else for the first training evening.
Who Should Attend
Every security/hacker person as the global IPv6 roleout is immanent.
Key Learning Objectives
Everything about IPv6 security issues - learned hands-on, and also how to cope with them.
Trainees must have basic knowledge in Linux, TCP/IP, penetration testing and IT security - the more the better. Trainees must bring a Laptop with Ethernet adapter and Linux installed (native or VM. Using Kali Linux is recommended)
Course Agenda - Day 1
* Introduction to IPv6 (the mindset behind IPv6, how does it work, what is different to IPv4, new features)
* Pentesting IPv6 (the changes and the challenges)
* How to pentest IPv6 networks remotely
* Remote protocol issues and attacks in IPv6 (NDP exhaustion, attacks on tunnels, ICMPv6 issues, etc.)
* Vulnerabilities in IPv6 (problems in IP6, problems in ICMP6, mobile IPv6
* How to pentest IPv6 networks locally
* Local IPv6 vulnerabilities (NDP security issues, multicast MAC misuses, local ICMPv6 issues, etc.)
Course Agenda - Day 2
Continued topic from first day
* Secure transition from IPv4 to IPv6
* DMZ design
* Firewall issues & configuration (Cisco ASA, Juniper Netscreen, Fortinet)
* Network design
* Hardening Router configuration (Cisco)
* Hardening Client configuration (Windows, Linux)
About the Trainer
Marc "van Hauser" Heuse started about 20 years ago with security/hacking. He is the author of the famous IPv6 security toolkit thc-ipv6 and was the first to present exploitation of IPv6 security issues in 2006. Marc founded the oldest, still active Hacking group today: The Hacker's Choice (www.thc.org). Among the many tools he published are: Hydra, THC-Scan, amap, thc-ipv6, secure_delete, SuSEfirewall and many more. Today he works as an independant security consultant and researcher, enjoying what he loves to do, and most of the time even getting paid doing it.
Early Bird Registration Ends on Feb 1st 2014