Hacking by Numbers: Cadet Edition Course FAQ

SensePost



USA 2011 Virtual Training Session //June 13-16


Q. What is "Hacking By Numbers"?

A. 'Hacking By Numbers' is a series of hacking and security assessment courses offered by SensePost. As SensePost is fundamentally a penetration testing services company all our courses explore some or aspect of penetration testing and related skills. The Hacking By Numbers courses can roughly be broken up into two groups.:

  • The first group consists of straight penetration testing courses. These courses all explore the same sets of knowledge and skills, but at increasing levels of intensity and complexity. Although a student can begin with any of the courses that's suitable, the courses compliment each other lead into each other smoothly so that a student can progress comfortably from one to the other. The courses, in order of complexity, are 'Cadet Edition', 'Bootcamp Edition', 'BlackOps Edition' and 'Combat Edition'.
  • The second group of courses in the Hacking By Numbers series is the specialist courses. These are also fundamentally hacking and penetration testing courses but each is designed to explore a very specific skill or facet of hacking. The courses in this group are 'W^3 Edition' - a course focused on hacking web applications and related technologies, 'Developer Edition' - a course focused on teaching programmers about hacker techniques, and 'Unplugged Edition' - a course focused on teaching wireless hacking.

Q. What is "Cadet Edition"?

A. Cadet Edition is an introductory course for technical people with no previous experience in the world of hacking. The course will present you with background information, technical skills and basic concepts required to get you going. This includes some coding and scripting, networking and Internet technologies, basic methodologies, essential thinking skills, tools and current hacking techniques. The course is continuously updated to accommodate the latest technologies and trends. Cadet Edition is the ideal training ground to prepare you for the HBN Bootcamp, further self-study or other hacking courses.

Q. What is "Online Edition"?

A. Our goal with this 'online' course is to make the entire training experience available to you from the comfort of your own desk - at home or at work. The idea is to maintain the full set of labs and technical work, maintain the high standard of trainers and materials, but make the training available via the internet to people at various diverse locations.

Q. How does it work?

A. The online training model works like this:

  1. Our slide decks have been ported to a Flash format with voice-overs blended in. This allows the students to browse through the materials, pause the presentation and move forward and backward as they please. The voice-over is by an experienced trainer and is presented in the same anecdotal style we use in our regular courses. There's also a transcript of the speaker's presentation that ensures students understand the trainer and allows them to copy and reuse text from the dialog.
  2. The Flash slides are accompanied by the same lab sheets and accompanying answer sheets that are used in our regular training.
  3. In order to complete the labs students connect to a Microsoft Terminal Server over the Internet. Each student has their own desktop that's pre-installed and configured with everything they'll need, including an SSH session to the Linux box that's needed for some of the labs. In this way the student walks right into a clean pre-configured environment with a full Windows and Linux toolset. All the targets, along with the classroom infrastructure like web and DNS servers, are available on virtual networks attached to the Terminal Server.
  4. The course is broken up into a series of ‘modules', where a module corresponds to a number of slides from the deck, followed by a lab exercise from the lab sheets. The students can work their way through the slides in the module then tackle the corresponding labs by logging onto the Terminal Server.
  5. Although students work their way through the materials and labs on their own time, they are expected to complete each module within a certain amount of time. At the start and end of each module there is a trainer briefing that occurs via Skype. Students are given an overview of the materials and labs to follow and are given the opportunity to ask questions and make comments.
  6. There is also an interim Skype briefing at fixed times at the start and end of each day. Finally, students have the opportunity to submit questions via email during the course of the day that will be dealt with by the trainer at the next briefing. In this manner we envisage a two-day classroom being spread over a five-day period.

Q. How much time will I require?

A. The total course curriculum spans about 12 hours, including the lectures and the labs. The online course should take the same amount of time in total, depending how quickly one can complete the labs. Spread over five days, this amounts to about 2.5 hours per day that you'll need to invest.

Q. How does it compare with a normal training course?

A. Obviously nothing can ever replace the experience of being in a classroom, but in our experience the 'Cadet Online' approach comes pretty close. The lectures you receive are near to identical. The labs and technical exercises really are identical. We use the same trainers for the Online Edition that we use for the regular courses. All of your questions will get answered and you get to speak directly to the trainer at least twice per module. We've also noticed that students tend to stick around on Skype after the course briefings - sharing ideas and collaborating on the exercises. In this way you're not just working alone and there is a feeling of being in a 'classroom' with others.

Q. How well does it work?

A. Online training is a relatively new concept for us and so there can still be glitches. However, the feedback we've received on courses so far has all been positive. The online model can't work for all forms of training, but for the less advanced method-based courses our feeling is that it works very well. We envisage this kind of online training becoming the standard in the near future.

Q. What are the advantages and disadvantages of doing training online?

A. The disadvantages of this approach should be apparent: Firstly you miss-out on being in the classroom with others. You miss-out on being face-to-face with the trainer and hearing all his corny jokes, and you miss-out on being in Vegas, or Barcelona or Pretoria or some other exotic city. But the advantages should be apparent also: As there is less infrastructure for us to consider and the logistics are simpler we can keep the price down a little. You in turn don't have to travel and so you can save additional money and time. Finally, what we're most excited about, is that online training allows you to maximize the value you get for your time in Vegas. Instead of two courses over four days, you can now get the Cadet introductory course behind you before you arrive at the event, and spend your available time at Black Hat focusing on more advanced topics like Bootcamp, Unplugged or others.

Q. When will it happen?

A. We're planning to run two courses shortly before the Black Hat event in Las Vegas in July 2011. The dates for the first course are 13-17 June and the dates for the second course (which we will open only if there's sufficient demand) is 20-24 June. The plan is that this will give participants enough time to complete the courses and absorb the materials before departing for Black Hat Las Vegas, which commences July 30th.

Q. What will I need?

A. Everything you need for the training will be provided to you within the online environment, including a pre-configured Windows™ desktop and all the required tools and utilities. What you will need is a decent PC with broadband internet connection with which to connect to the environment. The software you'll need to do this should be part of any modern desktop installation:

  • A Windows 'Remote Desktop Protocol' (RDP) client
  • A modern browser that supports Flash
  • A current installation of Skype

Q. Who are the trainers?

A. We use the same trainers for the Online Edition as we do for our classroom training at Vegas. Here are the trainer bios:

Charl van der Walt (course developer) is a founding member and managing director of SensePost, a leading international information security services provider. Pretoria-based Charl regularly presents courses and lectures for companies, conferences and universities around the world. He is frequently published and has co-authored four books on information security and computer hacking.

Dominic White (primary trainer) is currently a Senior Security Consultant working for SensePost. He was previously a manager in the Deloitte Security & Privacy group in South AfricA. Previously, Dominic graduated from Rhodes University with a Master’s degree in Computer Science, specialising in information security. Dominic has given SensePost training at BlackHat 2010, and was one of the creators of the unplugged course.

Jurgens van der Merwe (secondary trainer) is a Lead Security Analyst with SensePost. His focus is that of penetration testing large network infrastructures, thick applications, web applications and platforms. His enthusiasm for all aspects of information security ensures he is also involved in various research projects in these areas. Jurgens is a regular member on teams delivering the Hacking by Numbers training courses at Black Hat and elsewhere.

Q. How big are the classes?

A. We successfully run courses of up to 10 students, and so we're making place for a maximum of 15 students per course.

Q. What do I get for the course fee?

A. For the course fee you pay you will receive the following:

  • The full course presentation including slide deck, voice recorded presentation, course notes, lab sheets and answers
  • Access to the online lab environment for the 5-day duration of the event
  • Access to the daily briefings and debriefings via Skype
  • Unlimited Q&A via email, during the course and afterwards
  • A CD booklet containing a CD with course materials and tools, as well as a printed SensePost training booklet, to be posted to you
  • A $200 discount voucher for any other SensePost course you may chose to take at Black Hat Las Vegas 2011

...back to course curriculum »