SEARCH
TOOLBOX
LANGUAGES
Training 2017 - Pentesting the Modern Application Stack

Training 2017 - Pentesting the Modern Application Stack

From BruCON 2017

Revision as of 14:50, 6 June 2017 by Tom.Gilis (talk | contribs)

Jump to: navigation, search

Pentesting the Modern Application Stack

Pentesting the Modern Application Stack is a unique course that covers red team tactics for pentesting modern day application stack. Attendees will learn to identify, exploit and exfiltrate data from Database Servers, Software Collaboration tools, CI tools, Distributed Configuration & Resource management tools, Containers, Big Data Environments, Search Technologies and Message Brokers. The 2 days course is a fast paced and completely hands on program that aims to impart the technical know-how methodology and tools of trade for testing these systems. Real world corporate stacks are emulated in the form of containerised challenges to prepare students for real world scenarios.

Course Description

Continuous Build & Deployment tools, Message brokers, Configuration Management systems, Resource Management systems and Distributed file systems are some of the most common systems deployed in modern cloud infrastructures thanks to the increase in the distributed nature of software. Modern day pentesting is no more limited to remote command execution from an exposed web application. In present day scenario, all these applications open up multiple doors into a company’s infrastructure. One must be able to effectively find and compromise these systems for a better foothold on the infrastructure which is evident through the recent attacks on the application stack through platforms like Shodan paving way for a full compromise on corporate infrastructures.

In this 2 day course we start by looking into red team tactics for pentesting modern application stack consisting of Databases,CI tools, Distributed Configuration & Resource management tools, Containers, Big Data Environments, Search technologies and Message Brokers.

Along with the training knowledge, the course also aims to impart the technical know-how methodology of testing these systems. This course is meant for anyone who would like to know, attack or secure the modern day stack. The students are bound to have some real fun and entirely new experience through this unique course, as we go through multiple challenging scenarios one might not have come across.

During the entire duration of the course, the students are expected to learn the following

  • Look for vulnerabilities within the application stack.
  • Gain in depth knowledge on how to pentest the modern stack consisting of Continuous Build & Deployment tools, Message broker's, Configuration Management systems, Resource Management systems and Distributed file systems.
  • Security testing of an entire application stack from an end-to-end perspective.

Course Contents

Target audience

Requirements

Students should have :


Hardware/software Requirements

Testimonials

Trainer Biography

Heiderich.jpg

Dr.-Ing. Mario Heiderich, Director of Cure53, handsome heart-breaker, bon-vivant and (as he loves to call himself) “security researcher” is from Berlin, likes everything between lesser- and greater-than and leads a small yet exquisite pen-test company. He commonly pesters peaceful attendees on various capitalist conferences with powerpoint-slides and profanities. Wherever Mario goes, bad weather and thunderstorms follow him. Doctors worldwide are clueless about this extraordinary condition of his.


300px-twitter-icon.jpg @0x6D6172696F

Links :

Mon. 2 - 4 October 2017 (09:00 - 17:00) (3-day) - Novotel Ghent Centrum

Register.jpg

Back to Training Overview