SYS_13_13 - Pentesting & Security IPv6

Brief Description of Training Class:
This workshop shows you how to perform penetration testing on IPv6 networks locally and remote - in theory and hands-on. It is the only workshop which supplies you with the necessary tools - especially for remote tests - which are nowhere else available.

This training explains the IPv6 issues, concentrating on the security vulnerabilities inherent in the protocol as well as configuration issues and implementation problems. All so far known vulnerabilities are presented and students will be able to try them out themselves with supplied tools on the test network.

Then - switching sides - it is explained how to secure IPv6 systems (Windows, Solaris, Linux, Cisco) and especially large networks including routing and how to solve the difficult firewalling questions which arise with IPv6. Security mechanisms like SEND, IPSEC, as well as tunneling protocol issues are included.

The ratio of pentesting vs. securing is 2:1.

Trainees will not only receive the current unpublished version of the thc-ipv6 protocol attack suite (which has more functionality than the public release) but also receive direct development source code access for the future.

Pre-requisite of Training Class
  • Student: Basic TCP/IP and Linux knowledge, Laptop with Backtrack (or any other Linux)
  • Hardware: The class requires either: native IPv6 internet access OR a way I can tunnel IPv6 (which requires either a public IP address or a DNAT to the private address of my laptop in the training), a switch with cables for all attendees + 2 (not WLAN!)
  • Software
Daily Class Outline
Day 1
  • Introduction to IPv6
  • Vulnerabilities in IPv6
  • How to pentest IPv6 networks from remote
  • How to pentest IPv6 networks locally
  • Vulnerabilities with tunnel and migration issues (e.g. 6to4, Teredo, ISATAP, configuation issues, implementation problems)
  • Includes lots of hands-on time (scanning local and remote networks, performing various man-in-the-middle attacks based on ICMP6, attacking dual stack systems, etc.)
Day 2
  • Secure transition from IPv4 to IPv6
  • DMZ design
  • Firewall configuration
  • Network design
  • Router configuration
  • Client configuration
The training has been performed three times so far: Deepsec 2010, Cansecwest 2011 and Dutch Governmental CERT conference 2011, always with a full course and the very best marks. It is of course always updated to the newest IPv6 developments and issues prior the training.