SEARCH
TOOLBOX
LANGUAGES
Difference between revisions of "Training"

Difference between revisions of "Training"

From BruCON 2017

Jump to: navigation, search
(Training (2-4 October))
 
(217 intermediate revisions by 7 users not shown)
Line 1: Line 1:
__NOTOC__
+
<div style="text-align: left;">
 +
Immerse yourself into the world of pen testing and application security by attending the BruCON Training.
 +
Spring training is held between 19 and 21 of April and fall training between 2 and 4 October (before the conference) offering world-class, deep-dive technical training given by '''the most recognised experts''' with huge industry experience in their domain!
  
 +
== Training (2-4 October) ==
 +
For the BruCON 0x09 edition, we are bringing you no less than 8(!) courses to choice from !
  
'''BruCON 2009 is over. Check the following if you missed it:'''
+
The Line-Up:
 +
* '''[[Training 2017 - Corelan Advanced|Corelan Advanced by Peter Van Eeckhoutte]] '''(3-day training) - The Corelan “ADVANCED” exploit development class is a fast-paced, mind-bending, hands-on course where you will learn advanced exploit development techniques from an experienced exploit developer. Only limited seats available so get them while you can.
 +
* '''[[Training 2017 - Exploiting Websites by using offensive HTML, SVG, CSS and other Browser-Evil|Exploiting Websites by using offensive HTML, SVG, CSS and other Browser-Evil by Mario Heiderich]] '''(3-day training) - Probably one of the best courses when it comes to exploiting websites and application returns to BruCON once more. Mario of Cure53 will host this 3-day course and will guide you through the latest and greatest in offensive website security for you to adsorb and put to concrete use!
 +
* <strike> '''[[Training 2017 - SensePost OSINT: Stalk like a boss|SensePost OSINT: Stalk like a boss by Daniel Cuthbert and Jonathan Hargreaves]] '''(2-day training) - A course which needs no introduction (and yet we bothered to write one). This course, by SensePost COO Daniel Cuthbert and Jonathan Hargreaves teaches you how to harness information online to build up a solid dossier of intel and gives you the confidence, as an investigator, to research individuals, companies, organisations and internet traffic. </strike> CANCELLED
 +
* '''[[Training 2017 - Offensive PowerShell for Red and Blue Teams|Offensive PowerShell for Red and Blue Teams by Nikhil Mittal]] '''(3-day training) - After the great success last year (+30 students), we are bringing this back to you ! In this course, you'll learn how to attack Windows network using PowerShell, based on real world Red team assessments. The course runs on a lab network with multiple active directory forests to which attendees will have free access for one month after the raining. The class consists of hands-on, challenges and demonstrations.
 +
* '''[[Training 2017 - Pentesting the Modern Application Stack|Pentesting the Modern Application Stack by Bharadwaj Machiraju and Francis Alexander]] '''(2-day training) - Pentesting the Modern Application Stack is a unique course that covers red team tactics for pentesting modern day application stack. Attendees will learn to identify, exploit and exfiltrate data from Database Servers, Software Collaboration tools, CI tools, Distributed Configuration & Resource management tools, Containers, Big Data Environments, Search Technologies and Message Brokers. The 2 days course is a fast paced and completely hands on program that aims to impart the technical know-how methodology and tools of trade for testing these systems. Real world corporate stacks are emulated in the form of containerised challenges to prepare students for real world scenarios.
 +
* '''[[Training 2017 - Modern Red Team Immersion Bootcamp|Modern Red Team Immersion Bootcamp by Josh Schwartz (aka FuzzyNop)]] '''(2-day training) - The Modern Red Team Immersion Bootcamp is designed to expose students to the types of attacks that long term persistent Red Teams have deployed against modern organizations. The first day includes a deep dive of recon techniques and approaches where students will plan an attack against a target of their choosing. The second day focuses on post exploitation, lateral movement, and escalation techniques within modern environments comprised of OSX, Linux, Continuous Integration Systems, and elastic compute services.
 +
* '''[[Training 2017 - Windows Kernel Exploitation|Windows Kernel Exploitation by Ashfaq Ansari]] '''(3-day training) - This is the most requested training according to our previous students, so we had to bring him back ! The devil is in details, and for Windows, it's Kernel remains the most devilish part and the most important target from the point of view of exploitation these days. This course of Windows Kernel Exploitation, is unique course by Ashfaq which is fast winning over the world. Ashfaq has delivered this course on all the 3 major continents in short span of a year along with disclosing many CVEs on regular basis.
 +
* '''[[Training 2017 - Smashing the SSL/TLS protocol with practical crypto attacks|Smashing the SSL/TLS protocol with practical crypto attacks by Marco Ortisi]] '''(3-day training) - Smashing the SSL/TLS protocol with practical crypto attacks is a 3-days long course dedicated for professionals and students eager to keep pace with latest crypto attacks affecting SSL/TLS services and learn the relative defensive countermeasures. This is a completely hands-on course, because there is no better way to understand crypto theory than put into practice attacks and techniques to defeat crypto algorithms. The course is also one of a kind. The practical part is based on a new framework called cryptosploit (code will be released for free as part of class materials).
  
* [[Presentations]]
+
The "Modern Red Team Immersion Bootcamp" and "SensePost OSINT: Stalk like a boss course" will be hosted at the NH Gent Belfort hotel which is less than one minute away from the Novotel.
* [[Video]]
 
* [[Weblogs]]
 
* [[Press Review]]
 
* [[Photo Documentation]]
 
  
Keep yourself subscribed to our [http://feeds2.feedburner.com/~r/Brucon/~6/2  RSS feed] or [http://mailman.brucon.org/mailman/listinfo/  Announcement mailinglist] to stay informed.
+
== Spring Training (19-21 April) ==
 +
'''Spring Training is over.'''
 +
We would like to thank all students and trainers for another successful training.  
  
<strike>There will be trainings in the days prior to BruCON (16-17 Sept) , by internationally renowned trainers and at good prices. If you were looking for the conference presentations, see the [[Schedule]].</strike>
+
The Line-Up:
 +
* '''Malicious Documents for Blue and Red Teams by Didier Stevens'''(3-day training)
 +
* '''Corelan Bootcamp by Peter Van Eeckhoutte'''(3-day training)
 +
* '''Mobile Application Exploitation (iOS and Android) by Prateek Gianchandani'''(3-day training)  
 +
* '''Windows Breakout and Privilege Escalation by Jason Cook and Francesco Mifsud'''(3-day training)
 +
* '''Open Source Defensive Security Training by Leszek Mis'''(3-day training)
  
 
==Registration details==
 
==Registration details==
 +
The price for 2-day courses is 1100 Euro early bird (+ VAT) per attendee. <br>
 +
The price for 3-day courses is 1400 Euro early bird (+ VAT) per attendee. <br>
  
 +
'''As of the 1st of July 2017''' this will become 1200 Euro (2-day) / 1500 Euro (3-day) (+ VAT) per attendee.<br>
 +
(*) The Corelan trainings are a little bit more expensive but consist of 3 long days (+  10 hours) including dinner.
  
The price for the 2 day courses is € 900 (+ VAT) per attendee.
+
Registration for Trainings:
  
Please send an e-mail to '''registrations at brucon.org''' with the following information:
+
[[File:Register.jpg||link=https://registration.brucon.org/training-registration/]]
  
* Name:
+
The training price does not include travel, accommodation or computer material for the training unless otherwise stated in the training description or preparation material provided after registration.  Please read carefully any communication that will be sent to you in regard to the training you've registered for because they will outline what you need to bring to get the most out of each training.
* E-mail:
 
* The course name:
 
  
You will receive a mail with your registration number and payment instructions (bank wire or PayPal). Upon reception of your payment, you will get your final registration confirmation. If you don't receive your payment instructions within 48h, please contact us at  '''helpdesk (at) brucon.org'''
+
==Location and dates==
 +
Courses are held at the '''Hotel Novotel Gent Centrum, Goudenleeuwplein 5''' and '''NH Gent Belfort, Hoogpoort 63, B-9000 Ghent'''. Both hotels are within walking distance of each other (<1 minute). The Novotel hotel is still recommended for accommodation (see [http://2017.brucon.org/index.php/Travel#Accommodation here] for more info) and will be hosting the student social event on Tuesday evening<br>
  
==Location & Date==
+
Spring Training is held between 19 and 21 April and fall training between 2 and 4 October 2017.
  
The courses will be given on 16 & 17 September in Belgacom University (BCU), Carlistraat 2, B-1140 Evere. ([http://maps.google.be/maps?f=q&source=s_q&hl=nl&geocode=&q=Carlistraat+2+B-1140+Evere&sll=50.805935,4.432983&sspn=5.075643,11.195068&ie=UTF8&z=16&iwloc=A Google Maps Link])
+
The courses '''begin promptly at 09h00''' and '''end at 17h00''' (Except Corelan trainings). Out of consideration for your instructor(s) and fellow students, please try to be seated and ready to go by 08h45.
  
The courses start at 9h00 and end at 17h00.
+
Lunch is included in the training fee. During the registration you can specify a regular, vegetarian or vegan mail. We will do our best to accommodate according to your requirements.
  
==Overview of the courses==
+
==Contact==
===Crash course in Penetration Testing===
+
If you need more information or have a specific request, you can reach out to use on Twitter (@BruCON) or via email training@brucon.org
 
 
 
 
====Instructors====
 
[[Training_1| Joe McCray and Chris Gates]]
 
 
 
====Description====
 
This course will cover some of the newer aspects of penetration testing
 
such as Open Source Intelligence Gathering with Maltego and other Open
 
Source tools.
 
 
 
Advanced Scanning, Enumeration, Exploitation (remote and client-side),
 
and Post-Exploitation relying heavily on the features included in the
 
Metasploit Framework will also be covered.
 
 
 
Emphasis throughout the entire workshop will be placed on being as
 
stealthy as possible, and dealing with popular defensive technologies
 
such as:
 
 
 
*Network Intrusion Detection/Prevention Systems
 
*Host-Based Intrusion Detection/Prevention Systems
 
*Web Application Firewalls
 
*Anti-Virus
 
*Content-Filtering Proxies
 
 
 
Web Application penetration testing will be covered as well with focus
 
on practical exploitation of cross-site scripting (XSS), cross-site
 
request forgery (CSRF), local/remote file includes, and SQL Injection.
 
 
 
'''For more details see [[Training 1| Crash Course in Penetration Testing]]'''
 
 
 
==== Pricing====
 
The price for this 2 day course is € 900 (+ VAT).
 
 
 
===Web 2.0 Hacking – Attacks and Defense ===
 
====Instructor====
 
[[Training_2#About_course_designer_and_instructor | Shreeraj Shah]]
 
 
 
====Description====
 
Introduction and adaptation of new technologies like Ajax, Rich Internet Applications and Web Services has changed the dimension of Application Hacking. We are witnessing new ways of hacking web based applications and it needs better understanding of technologies to secure applications. The only constant in this space is change. In this dynamically changing scenario in the era of Web 2.0 it is important to understand new threats that emerge in order to build constructive strategies to protect corporate application assets. Application layers are evolving and lot of client side attack vectors are on the rise like Ajax based XSS, CSRF, Widget injections, RSS exploits, Mashup manipulations and client side logic exploitations. At the same time various new attack vectors are evolving around SOA by attacking SOAP, XML-RPC and REST. It is time to understand these advanced attack vectors and defense strategies.
 
 
 
The course is designed by the author of "Web Hacking: Attacks and Defense", “Hacking Web Services” and “Web 2.0 Security – Defending Ajax, RIA and SOA” bringing his experience in application security and research as part of curriculum to address new challenges. Application Hacking 2.0 is hands-on class. The class features real life cases, hands one exercises, new scanning tools and defense mechanisms. Participants would be methodically exposed to various different attack vectors and exploits. In the class instructor will explain new tools like wsScanner, scanweb2.0, AppMap, AppCodeScan etc. for better pen-testing and application audits.
 
 
 
'''For more details see [[Training 2| Web 2.0 Hacking – Attacks and Defense]]'''
 
 
 
==== Pricing====
 
The price for this 2 day course is € 900 (+ VAT).
 
 
 
 
 
===Social Engineering testing for IT Security professionals===
 
====Instructors====
 
[[Training_3| Sharon Conheady and Martin Law]]
 
 
 
====Description====
 
 
 
 
Social engineering is the use of deception or impersonation to gain unauthorised access to sensitive information or facilities. Because computer security is becoming more sophisticated, hackers are combining their technical expertise with social engineering to gain access to sensitive information or valuable resources in your organisation.
 
 
 
Social engineering attacks can have disastrous consequences, both financially and reputationally. You can have the best technical security controls in the world, from the most expensive firewall to the most sophisticated biometrics, but they will not protect you from a social engineering attack. In any security programme people are the weakest link. Social engineering tests can be used to evaluate and strengthen this link.
 
 
 
Like any penetration test, social engineering tests can help to identify security weaknesses that could allow your information to be compromised. Such tests can:
 
 
 
* Give a good indication of and even improve your staff’s level of security awareness
 
* Teach your staff how to identify and deal with social engineering situations
 
* Provide valuable recommendations on both security awareness and physical security
 
 
 
'''For more details see [[Training 3| Social Engineering testing for IT Security professionals]]'''
 
 
 
==== Pricing====
 
The price for this 2 day course is € 900 (+ VAT).
 

Latest revision as of 12:41, 18 August 2017

Immerse yourself into the world of pen testing and application security by attending the BruCON Training. Spring training is held between 19 and 21 of April and fall training between 2 and 4 October (before the conference) offering world-class, deep-dive technical training given by the most recognised experts with huge industry experience in their domain!

Training (2-4 October)

For the BruCON 0x09 edition, we are bringing you no less than 8(!) courses to choice from !

The Line-Up:

  • Corelan Advanced by Peter Van Eeckhoutte (3-day training) - The Corelan “ADVANCED” exploit development class is a fast-paced, mind-bending, hands-on course where you will learn advanced exploit development techniques from an experienced exploit developer. Only limited seats available so get them while you can.
  • Exploiting Websites by using offensive HTML, SVG, CSS and other Browser-Evil by Mario Heiderich (3-day training) - Probably one of the best courses when it comes to exploiting websites and application returns to BruCON once more. Mario of Cure53 will host this 3-day course and will guide you through the latest and greatest in offensive website security for you to adsorb and put to concrete use!
  • SensePost OSINT: Stalk like a boss by Daniel Cuthbert and Jonathan Hargreaves (2-day training) - A course which needs no introduction (and yet we bothered to write one). This course, by SensePost COO Daniel Cuthbert and Jonathan Hargreaves teaches you how to harness information online to build up a solid dossier of intel and gives you the confidence, as an investigator, to research individuals, companies, organisations and internet traffic. CANCELLED
  • Offensive PowerShell for Red and Blue Teams by Nikhil Mittal (3-day training) - After the great success last year (+30 students), we are bringing this back to you ! In this course, you'll learn how to attack Windows network using PowerShell, based on real world Red team assessments. The course runs on a lab network with multiple active directory forests to which attendees will have free access for one month after the raining. The class consists of hands-on, challenges and demonstrations.
  • Pentesting the Modern Application Stack by Bharadwaj Machiraju and Francis Alexander (2-day training) - Pentesting the Modern Application Stack is a unique course that covers red team tactics for pentesting modern day application stack. Attendees will learn to identify, exploit and exfiltrate data from Database Servers, Software Collaboration tools, CI tools, Distributed Configuration & Resource management tools, Containers, Big Data Environments, Search Technologies and Message Brokers. The 2 days course is a fast paced and completely hands on program that aims to impart the technical know-how methodology and tools of trade for testing these systems. Real world corporate stacks are emulated in the form of containerised challenges to prepare students for real world scenarios.
  • Modern Red Team Immersion Bootcamp by Josh Schwartz (aka FuzzyNop) (2-day training) - The Modern Red Team Immersion Bootcamp is designed to expose students to the types of attacks that long term persistent Red Teams have deployed against modern organizations. The first day includes a deep dive of recon techniques and approaches where students will plan an attack against a target of their choosing. The second day focuses on post exploitation, lateral movement, and escalation techniques within modern environments comprised of OSX, Linux, Continuous Integration Systems, and elastic compute services.
  • Windows Kernel Exploitation by Ashfaq Ansari (3-day training) - This is the most requested training according to our previous students, so we had to bring him back ! The devil is in details, and for Windows, it's Kernel remains the most devilish part and the most important target from the point of view of exploitation these days. This course of Windows Kernel Exploitation, is unique course by Ashfaq which is fast winning over the world. Ashfaq has delivered this course on all the 3 major continents in short span of a year along with disclosing many CVEs on regular basis.
  • Smashing the SSL/TLS protocol with practical crypto attacks by Marco Ortisi (3-day training) - Smashing the SSL/TLS protocol with practical crypto attacks is a 3-days long course dedicated for professionals and students eager to keep pace with latest crypto attacks affecting SSL/TLS services and learn the relative defensive countermeasures. This is a completely hands-on course, because there is no better way to understand crypto theory than put into practice attacks and techniques to defeat crypto algorithms. The course is also one of a kind. The practical part is based on a new framework called cryptosploit (code will be released for free as part of class materials).

The "Modern Red Team Immersion Bootcamp" and "SensePost OSINT: Stalk like a boss course" will be hosted at the NH Gent Belfort hotel which is less than one minute away from the Novotel.

Spring Training (19-21 April)

Spring Training is over. We would like to thank all students and trainers for another successful training.

The Line-Up:

  • Malicious Documents for Blue and Red Teams by Didier Stevens(3-day training)
  • Corelan Bootcamp by Peter Van Eeckhoutte(3-day training)
  • Mobile Application Exploitation (iOS and Android) by Prateek Gianchandani(3-day training)
  • Windows Breakout and Privilege Escalation by Jason Cook and Francesco Mifsud(3-day training)
  • Open Source Defensive Security Training by Leszek Mis(3-day training)

Registration details

The price for 2-day courses is 1100 Euro early bird (+ VAT) per attendee.
The price for 3-day courses is 1400 Euro early bird (+ VAT) per attendee.

As of the 1st of July 2017 this will become 1200 Euro (2-day) / 1500 Euro (3-day) (+ VAT) per attendee.
(*) The Corelan trainings are a little bit more expensive but consist of 3 long days (+ 10 hours) including dinner.

Registration for Trainings:

Register.jpg

The training price does not include travel, accommodation or computer material for the training unless otherwise stated in the training description or preparation material provided after registration. Please read carefully any communication that will be sent to you in regard to the training you've registered for because they will outline what you need to bring to get the most out of each training.

Location and dates

Courses are held at the Hotel Novotel Gent Centrum, Goudenleeuwplein 5 and NH Gent Belfort, Hoogpoort 63, B-9000 Ghent. Both hotels are within walking distance of each other (<1 minute). The Novotel hotel is still recommended for accommodation (see here for more info) and will be hosting the student social event on Tuesday evening

Spring Training is held between 19 and 21 April and fall training between 2 and 4 October 2017.

The courses begin promptly at 09h00 and end at 17h00 (Except Corelan trainings). Out of consideration for your instructor(s) and fellow students, please try to be seated and ready to go by 08h45.

Lunch is included in the training fee. During the registration you can specify a regular, vegetarian or vegan mail. We will do our best to accommodate according to your requirements.

Contact

If you need more information or have a specific request, you can reach out to use on Twitter (@BruCON) or via email training@brucon.org