Catégorie : Technique et réseau

Durée : 3 jours

Lieu de la formation : La Maison de la Chimie

Détails de la formation

Every day more and more systems and networks become connected to the IPv6 Internet, not without a fair share of security implications. Learn from the very same folks that have broken and patched the IPv6 protocols how to pentest and defend your IPv6 systems and networks before the bad guys do!


The IPv6 protocol suite has been designed to accommodate the present and future growth of the Internet, by providing a much larger address space than that of its IPv4 counterpart, and is expected to be the successor of the original IPv4 protocol suite. The imminent exhaustion of the IPv4 address space has resulted in the deployment of IPv6 in a number of production environments, with many other organizations planning to deploy IPv6 in the short or near term.

There are a number of factors that make the IPv6 protocol suite interesting from a security standpoint. Firstly, being a new technology, technical personnel has much less confidence with the IPv6 protocols than with their IPv4 counterparts, and thus it is likely that the security implications of the protocols be overlooked when they are deployed on production networks. Secondly, IPv6 implementations are much less mature than their IPv4 counterparts, and thus it is very likely that a number of vulnerabilities will be discovered in them before their robustness matches that of the existing IPv4 implementations. Thirdly, security products such as firewalls and NIDS’s (Network Intrusion Detection Systems) usually have less support for the IPv6 protocols than for their IPv4 counterparts. Fourthly, the security implications of IPv6 transition/co-existence technologies on existing IPv4 networks are usually overlooked, potentially enabling attackers to leverage these technologies to circumvent IPv4 security controls in unexpected ways.

The imminent global deployment of IPv6 has created a global need for security professionals with expertise in the field of IPv6 security, such that the aforementioned security issues can be mitigated.

While there exist a number of training courses about IPv6 security, they either limit themselves to a high-level overview of IPv6 security, and/or fail to cover a number of key IPv6 technologies that are vital in all real IPv6 deployment scenarios. During the last few years, SI6 Networks has offered its flagship course “Hacking IPv6 Networks”, providing in-depth hands-on IPv6 security training to networking and security professionals around the world.

Hacking IPv6 Networks (version 5.0) is a renewed edition of SI6 Networks’ IPv6 security training course, with an a tremendous increase in hands-on exercises, and newly incorporated materials based on recent developments in the area of IPv6 security. The training is carried out by Fernando Gont, a renowned IPv6 security researcher.

Learning Objectives

This course will provide the attendee with in-depth knowledge about IPv6 security, such that the attendee is able to evaluate and mitigate the security implications of IPv6 in production environments.

The attendee will be given an in-depth explanation of each topic covered in this course, and will learn – through hands-on exercises – how each feature can be exploited for malicious purposes. Subsequently, the attendee will be presented with a number of alternatives to mitigate each of the identified vulnerabilities.

This course will employ a range of open source tools to evaluate the security of IPv6 networks, and to reproduce a number of IPv6-based attacks. During the course, the attendee will perform a large number of exercises in a network laboratory (with the assistance of the trainer), such that the concepts and techniques learned during this course are reinforced with hands-on exercises. The attendee will be required to perform a large number of IPv6 attacks, and to envision mitigation techniques for the corresponding vulnerabilities.

Who Should Attend

Network Engineers, Network Administrators, Security Administrators, Penetration Testers, and Security Professionals in general.

Participants Are Required To

Participants are required to have a good understanding of the IPv4 protocol suite (IPv4, ICMP, ARP, etc.) and of related components (routers, firewalls, etc.). Additionally, the attendee is expected to knowledge about basic IPv4 troubleshooting tools, such as: ping, traceroute, and network protocol analyzers (e.g., tcpdump). Basic knowledge of IPv6 is desirable, but not required.

What to bring

Attendees willing to perform the hands-on exercises are expected to bring a laptop with VirtualBox already installed, and an empty memory stick (of at least 8 GB) or a DVD drive. The minimum requirements for the laptop are: Intel Core Duo, 1.66 GHz. 4GB of RAM. Ethernet and WI-FI network interface cards.

Topics covered by this course

Introduction to IPv6

– IPv4 address exhaustion

– IPv6 service

– IPv6 transition/deployment mechanisms

– IPv6: current state of affairs

– Brief comparison between IPv6 and IPv4

– IPv6 security overview

IPv6 Addressing Architecture

– IPv6 address types

– IPv6 address analysis

– Implications for address scanning attacks & possible mitigations

– Privacy implications & possible mitigations

– Implications for end-to-end connectivity

IPv6 Header Fields

– IPv6 header overview

– Basic header fields

– Security assessment

IPv6 Extension Headers (EHs)

– General implications of EHs

– Security implications of specific IPv6 EHs

– Security implications of specific IPv6 options

– IPv6 EHs in the real world

– Exploitation of IPv6 EHs

– Troubleshooting IPv6 EHs

– Network reconnaissance with IPv6 EHs

– Recent advances


– Virtual Private Network (VPN) traffic leakages

Internet Control Message Protocol version 6 (ICMPv6)

– ICMPv6 error messages

– ICMPv6 informational messages

– Network reconnaissance with ICMPv6

Neighbor Discovery for IPv6

– Address resolution in IPv6

– Address resolution messages and options

– Neighbor Discovery cache

– Neighbor Discovery attacks

– Neighbor Discovery security controls

– Evasion of Neighbor Discovery security controls

– System configuration options

Stateless Address Auto-configuration (SLAAC)

– SLAAC operation

– SLAAC messages and options

– Duplicate Address Detection (DAD)

– Troubleshoting SLAAC

– SLAAC attacks

– DAD attacks

– SLAAC security controls

– Evasion of SLAAC security controls

– System configuration options

Dynamic Host Configuration Protocol version 6 (DHCPv6)

– Sample DHCPv6 traffic

– Security implications of DHCPv6

– DHCPv6 attacks

– DHCPv6 security controls

Multicast Listener Discovery (MLD)

– Sample MLD traffic

– Security implications of MLD

– MLD attacks

– MLD security controls

Securing Routing Protocols for IPv6

– Border Gateway Protocol (BGP)

– RIPng



– OSPFv3

Upper-Layer Attacks

– TCP-based attacks

– UDP-based attacks

– Possible mitigations

DNS Support for IPv6

– Network reconnaissance

– Exploiting DNS reverse mappings

IPv6 Firewalls

– Known limitations

– Evasion of IPv6 firewalls

Security Implications of IPv6 for IPv4-only Networks

– IPv6 attacks on IPv4-only networks

– Mitigating IPv6 attacks on IPv4-only networks

Transition/Co-existence Technologies

– Automatic tunneling mechanisms

– Attacks on automatic tunneling mechanisms

– Mitigations

Network Reconnaissance in IPv6

– Host scanning in IPv6

– Port scanning in IPv6

IPv6 Deployment Considerations

– Designing an IPv6 address plan

– Operating System hardening

– Other considerations

Lien vers la description de la formation : https://hackinparis.com/trainings/#training-2019-hacking-ipv6-networks-v5-0-3-days


Prix de la formation : 2100 € HT

Informations complémentaires

Détail des supports remis au participant : https://hackinparis.com/trainings/#training-2019-hacking-ipv6-networks-v5-0-3-days

En intra : non En inter : non

Conditions repas et hébergement : repas inclus