Building Advanced Network Security tools

From OWASP
Jump to: navigation, search

Building Advanced Network Security Tools

Course: Building Advanced Network Security Tools
Course ID: SB2DNST
Instructor: Daniel Mende
CPE Credits: 14 CPE’s
Duration: 2 Days
Date: November 19th - 20th, 2009 (9 AM – 6 PM)

Who should attend?
• Network / system programmers
• Network security Professionals
• Network security Testers

• Data Centre Infrastructure / Telecom Professionals
• Infrastructure Management Professionals
• Any individual who may be interested in these topics

Class Pre-requisite:
• Basic C programming knowledge
• Basic Python programming knowledge
• Some Network knowledge

Class Requirement:
• Students to carry their laptop with at least Windows XP professional SP2
• Students should have Administrative access / Privileges on the laptop for installing software.
• USB or CD / DVD ROM device (N.B for bootable software).
• Vmvare Installed

• Wireless Enabled
• A VMware with all the libs, tools and build environment will be provided before the session.

Course Description:
There are so many Network Security tools around like yersinia, spike, scapy, etc., wouldn't it be nice to build your own tool, customized to your purposes?
This 2 day workshop will demonstrates the usage of the most useful tools and test methodologies, but it goes further. If the tools don't fulfill your testing requirements, you will also learn how to build this kind of tools by yourself. Lesson will be taught with real world examples from our network testing experience and in the end you get tools that break a protocol flaw in 120 lines of code.
Day One
• Why do we want to break networks?
• Overview about available Tools
• Introduction to the protocol fuzzer spike
• Writing yor own spike protocol definitions
• Practical fuzzing exercises
• Usage of scapy to build your own packets
• Visual network discovery with scapy
Day Two
• Introduction to our MPLS tool suite from the code side
• Network programming basics
• Getting into the libs (Libpcap, Libdnet)
• Useful and mandatory API functions
• Building real test tools easily with Libpcap und Libdnet
• Exercise: Building a basic protocol cli