From BruCON 2017
- 1 Metasploit for Penetration Testing by Georgia Weidman
- 2 Cyberwar: using the techniques and tactics of APT's in Penetration Tests by Joe McCray
- 3 Corelan Live! by Peter Van Eeckhoutte
- 4 Visual Analytics - Delivering Actionable Security Intelligence by Raffael Marty
- 5 Hacking IPv6 Network by Fernando Gont
- 6 Red Team Testing by Ian Amit and Chris Nickerson
- 7 Assessing and Exploiting Web Applications with Samurai-WTF by Raul Siles
- 8 Elite Web Application Defense by Eoin Keary and Jim Manico
- 9 Advanced Wi-Fi Penetration Testing and Hacking by Vivek Ramachandran
- 10 Registration details
- 11 Location and dates
Metasploit for Penetration Testing by Georgia Weidman
The class will begin with the basics of using the Metasploit Framework. We will continue on following the penetration test methodology to use Metasploit to exploit vulnerable systems in a lab. Jumping off from basic concepts we will move into advanced topics such as writing your own Metasploit modules and creating sophisticated client side attacks with Metasploit and the Social Engineering Toolkit. This class is suitable for those with no background in Metasploit or penetration testing as well as penetration testers who want to add the Metasploit Framework to their arsenal.
Cyberwar: using the techniques and tactics of APT's in Penetration Tests by Joe McCray
Google, Sony, Lockheed Martin, several large financial institutions, several large oil companies, the stock market, and countless other large organizations have all targeted and systematically compromised by hackers commonly referred to as Advanced Persistent Threat (APT). These hackers, use an attack methodology focused on stealth, data collection, and persistence.
This course picks up where the wildly successful "Advanced Penetration Tester: Pentesting High Security Environments" left off. Taking Intrusion Detection System (IDS) evasion, and Anti-virus bypass to the next level.
There are a few things to note that will be different from the "Advanced Penetration Tester: Pentesting High Security Environments" and from any other hacking course for that matter:
1. Per student request there will be NO Windows XP, or Vista in the course. Only Windows 7, and Server 2008 RC2, and new Linux distributions as the targets for students to go after.
2. Students attack a network of fully patched, and hardened Windows 7, Server 2008 RC2 hosts. Each target computer will be running a Host-Based Intrusion Detection System (HIDS), updated Anti-Virus, and a logging agent that reports to a Security Information and Event Management (SIEM) solution.
3. There will also be a Network Intrusion Detection System (NIDS), a web content filtering proxy, and a stateful inspection firewall as well.
4. The classroom will have 4 projectors running to show in real time the events triggered by the HIDS, NIDS, Proxy, and the logs so the student can learn exactly what attacks and defenses really work in today's high security environment.
Students that are Network/System Administrators with three or more years experience working in environments such as financial institutions, DoD networks, or similar high security environments will benefit greatly from this course.
It is however primarily designed for Network/Web Application Penetration testers that are looking for the little tips and tricks that will help them better attack high security environments.
Corelan Live! by Peter Van Eeckhoutte
The Corelan Live Bootcamp is a truly unique opportunity to learn both basic & advanced techniques from an experienced exploit developer. During this 2 day course, students will be able to learn all ins and outs about writing reliable exploits for the Win32 platform. The trainer will share his “notes from the field” and various tips & tricks to become more effective at writing exploits.
We believe it is important to explain the basics of buffer overflows and exploit writing, but this is not “your average” entry level course. In fact, this is one of the finest and most advanced courses you will find on Win32 stack based exploit development.
This hardcore hands-on course will provide students with solid understanding of current Win32 (stack based) exploitation techniques and memory protection bypass techniques. We make sure the course material is kept updated with current techniques, includes previously undocumented tricks and techniques, and details about research we performed ourselves. Combined with the way the course is built up, this will turn these 2 days into a truly unique experience.
During the course, we not only share techniques and mechanics, but we also want to make sure you understand why a given technique is used, why something works and why something doesn’t work.
Finally, we offer you post-training support as well. If you have taken the course and you still have questions, we will help.
Visual Analytics - Delivering Actionable Security Intelligence by Raffael Marty
This workshop takes the audience on a fascinating journey of data analytics and visualization. The students will learn how to process data (log files), visualize them through actionable graphs, and analyze security related data. Past training attendees included employees of various Nation's secret services, large security vendors, and security analysts from all over the world. All of them attended to learn how to deal with the flood of security related data in an efficient way. The in-depth technical content is backed up and emphasized by numerous hands-on exercises, some of them utilizing a private extension of the DAVIX live CD.
Hacking IPv6 Network by Fernando Gont
The IPv6 protocol suite was designed to accommodate the present and future growth of the Internet by providing a much larger address space than that of its IPv4 counterpart, and is expected to be the successor of the original IPv4 protocol suite. The imminent exhaustion of the IPv4 address space has resulted in the deployment of IPv6 in a number of production environments, with many other organizations planning to deploy IPv6 in the short or near term. Additionally, a number of activities such as the World IPv6 Day in 2011 and the upcoming World IPv6 Launch Day (scheduled for June 2012) have led to an improvement in the awareness about IPv6 and an increase in the number of IPv6 deployments.
There are a number of factors that make the IPv6 protocol suite interesting from a security standpoint. Firstly, being a new technology, technical personnel has much less confidence with the IPv6 protocols than with their IPv4 counterpart, and thus it is more likely that the security implications of the protocols be overlooked when the protocols are deployed. Secondly, IPv6 implementations are much less mature than their IPv4 counterparts, and thus it is very likely that a number of vulnerabilities will be discovered in them before their robustness matches that of the existing IPv4 implementations. Thirdly, security products such as firewalls and NIDS’s (Network Intrusion Detection Systems) usually have less support for the IPv6 protocols than for their IPv4 counterparts, either in terms of features or in terms of performance. Fourthly, the security implications of IPv6 transition/co-existence technologies on existing IPv4 networks are usually overlooked, potentially enabling attackers to leverage these technologies to circumvent IPv4 security measures in unexpected ways.
The imminent global deployment of IPv6 has created a global need for security professionals with expertise in the field of IPv6 security, such that the aforementioned security issues can be mitigated. While there exist a number of courses and trainings about IPv6 security, they either limit themselves to a high-level overview of IPv6 security, and/or fail to cover a number of key IPv6 technologies (such as transition/co-existence mechanisms) that are vital in all real IPv6 deployment scenarios.
Fernando Gont, a well-known IPv6 security researcher will deliver a comprehensive IPv6 hacking training covering real-world IPv6 attacks along with real-world mitigations, thus preparing the attendees for deploying the IPv6 protocols in a secure manner.
Red Team Testing by Ian Amit and Chris Nickerson
Red Team testing is the pinnacle of security simulations. It is the most accurate and realistic scenario an organization can use to see how it really fares up against a real-world attacker, without taking the risk of an actual breach or loss.
In this training, you will learn how Red Team (or full scope) testing works, how to create a methodology for using a red team test not just as a one-off "see how I got in" case, but as a repeatable test with metrics and actionable results. We will go through all elements of a red team test, from planning and scoping, intelligence gathering, target selection, vulnerability analysis, risk analysis, exploitation and execution, resource usage and ad-hoc agent deployment, post-exploitation, documentation and recording of evidence, damage analysis, and reporting.
The training will arm you with not just tools and techniques, but a sustainable methodology which you could update as new tools and techniques are introduced.
Assessing and Exploiting Web Applications with Samurai-WTF by Raul Siles
This course takes attendees through the process of web application assessment using the open source tools included in the Samurai Web Testing Framework Live DVD (Samurai-WTF). The course follows a probed 4-step methodology (Reconnaissance, Mapping, Discovery & Exploitation), and various scenarios against vulnerable target web applications. The latest tools and techniques will be use throughout the course, and primary emphasis of the instructor lead exercises is how to integrate these tools into your own manual testing procedures to improve your overall workflow.
Come take the official Samurai-WTF training course given by one of the course co-authors and lead developer of the project! You will learn the latest Samurai-WTF open source tools as well as the latest techniques to perform web application penetration tests. After a quick overview of pen testing methodology, the instructor will lead you through the penetration and exploitation of various web applications, including client side attacks using flaws within the application. Different sets of open source tools will be used on each web application, allowing you to learn first hand the pros and cons of each tool. After you have gained experience with the Samurai-WTF tools, you will be challenged with a capture the flag event. This final challenge will give you time to practice your new skills at your own pace and experiment with your favorite new tools. This experience will help you gain the confidence and knowledge necessary to perform web application assessments and expose you to the wealth of freely available, open source tools.
Elite Web Application Defense by Eoin Keary and Jim Manico
Writing Secure code is the most effective method to securing your web applications. Writing secure code takes skill and know-how but results in a more stable and robust application and assists in protecting an organisations brand. Application security is not commonly a part of many computer science curricula today and most organizations have not focused on instituting a culture that includes application security as a core part of their software development training efforts.
This intensive 2-day course focuses on the most common web application security problems, including aspects of both the OWASP Top Ten (2010) and the MITRE Top 25. The course will introduce and demonstrate application assessment techniques, illustrating how application vulnerabilities can be exploited so students really understand how to avoid introducing such vulnerabilities in their code. Students get experience via doing, both in terms of exploitation but also the latest defences against common and advanced attacks covering both traditional and RIA applications.
Advanced Wi-Fi Penetration Testing and Hacking by Vivek Ramachandran
This is an extremely practical and advanced course in Wi-Fi penetration testing. The course is based on the book "Backtrack 5 Wireless Penetration Testing" and the online certification "SecurityTube Wi-Fi Security Expert" (SWSE), which is currently taken by students from over 40+ countries around the world.
A non-exhaustive list of topics to be covered include:
- Bypassing WLAN Authentication – Shared Key, MAC Filtering, Hidden SSIDs
- Cracking WLAN Encryption – WEP, WPA/WPA2 Personal and Enterprise, Understanding encryption based flaws (WEP,TKIP,CCMP)
- Attacking the WLAN Infrastructure – Rogues Devices, Evil Twins, DoS Attacks, MITM, Wi-Fi Protected Setup
- Advanced Enterprise Attacks – 802.1x, EAP, LEAP, PEAP, EAP-TTLS
- Attacking the Wireless Client – Honeypots and Hotspot attacks, Caffe-Latte, Hirte, Ad-Hoc Networks and Viral SSIDs, WiFishing
- Breaking into the Client – Metasploit, SET, Social Engineering
- Enterprise Wi-Fi Worms, Backdoors and Botnets
- Cracking WPS and other newer schemas
- Custom Building Wireless Routers
- Scripting Wi-Fi attack tools (sniffers, injectors, fuzzers)
Each participant will get:
- An ALFA Wi-Fi card
- DVD with 12 hours of video lectures
- A copy of the book "Backtrack 5 Wireless Penetration Testing"
- A 30% discount voucher for the SecurityTube Wi-Fi Security Expert certification
The price for the 2 day courses is 945 Euro early bird (+ VAT) per attendee. After 1st of June this will become 1045 Euro (+ VAT) per attendee.
Registration for Trainings:
The training price does not include travel, accomodation or computer material for the training unless otherwise stated in the training description or preparation material provided after registration. Please read carefully any communication that will be sent to you in regard to the training you've registered for because they will outline what you need to bring to get the most out of each training.
Location and dates
The courses will be given on 24 & 25 September in Ghent
The courses begin promptly at 09h00 and end at 17h00. Out of consideration for your instructor(s) and fellow students, please try to be seated and ready to go by 08h45.
Lunch is included in the training fee.