Black Hat USA 2012 //Training

LEGEND:

Weekday Course	Weekend Course	4-Day Course
3-Day Course	1-Day Course	Virtual

(

NOTICE: Registrants are notified when courses are chosen for cancellation; this training list reflects all course availabilities and is updated regularly.

)

---

---

Advanced Memory Forensics in Incident Response
//Jamie Butler & Peter Silberman

Specifically designed for information security professionals and analysts who respond to computer security incidents. It is designed as an operational course, using case studies and hands-on lab exercises to ensure attendees are gaining experience in each topic area.

---

Advanced Web Attacks and Exploitation
//Offensive Security (Mati Aharoni & Devon Kearns) - Four Day Course

From mind-bending XSS attacks, to exploiting race conditions, to advanced SQL injection attacks, Advanced Web Attacks and Exploitation will deepen and broaden your knowledge of web application hacking, as well as help you identify and circumvent various protection mechanisms in use on the web today.

---

Advanced Windows Exploitation Techniques
//Offensive Security (Matteo Memelli & Jim O'Gorman) - Four Day Course

Advanced Windows Exploitation provides an in-depth and hardcore drilldown into topics ranging from precision heap spraying to DEP & ASLR bypass techniques to real-world 64-bit kernel exploitation. This course is extremely hands-on and includes a lab environment, which is tailored to bringing the most out of you.

---

An Introduction to More Advanced Steganography
//John A. Ortiz

Steganography has advanced tremendously over the last few years, with simple concepts sensationalized on mainstream TV. However, more sophisticated techniques are less well-known and may be overlooked by forensic analysts and popular Steganalysis software.

---

Application Security: For Hackers and Developers
//Jared DeMott

This course will have 4 components: reverse engineering, source code auditing, fuzzing and exploitation. Each section contains a liberal amount of labs and hands-on exercises.

---

Assessing and Exploiting Web Applications with Samurai-WTF
//Justin Searle and Kevin Johnson

Using open source tools to perform web application assessments, this course will take attendees through the process of application assessment using the open source tools included in the Samurai Web Testing Framework Live CD (Samurai-WTF).

---

---

CNSS-4012 Senior System Manager/CNSS-4015 System Certifier
//Information Assurance Associates (IA2) - Four Day Course

Very focused, highly concentrated, non-technical professional training necessary to achieve the fundamental knowledge needed to define, design, integrate and manage information system security policies, processes, practices, and procedures within federal interest information systems and networks.

---

CNSS-4016 Risk Analyst
//Information Assurance Associates (IA2) - Four Day Course

This workshop is geared towards security professionals whose duties and responsibilities include guiding security decisions for whole departments or even entire companies.

---

Crisis Management
//Peak Security, INC

Covering everything necessary to successfully manage an incident, students will work through various scenarios building response plans for each situation. From what should be in place prior to an incident, to knowing when to trust your network again, this practical course will teach you how to appropriately respond in real world incidents.

---

---

Designing Secure Protocols and Intercepting Secure Communication
// Moxie Marlinspike

This is a new and special training that covers both designing and attacking secure protocols. Attendees will learn the fundamentals of how to design a secure protocol, and be armed with the knowledge of how to evaluate the security of and discover weaknesses in existing protocols.

---

Detecting & Mitigating Attacks Using Your Network Infrastructure
// Cisco Systems (Randy Ivener, Joseph Karpenko & John Stuppi)

Learn leading network security practices from experts who develop these techniques and put them to practical use.

---

Digital Forensics and Incident Response
// Andrew Case and Jamie Levy

Digital forensics and incident response are two of the most critical fields in all of information security. The staggering number of reported breaches in the last year has shown that the ability to rapidly respond to attacks is a vital capability for all organizations. 

---

---

Effective Fuzzing: Using the Peach Fuzzing Platform
//Deja Vu Security (Michael Eddington & Adam Cecchetti)

The first comprehensive hands-on fuzzing course centered on the industry standard Peach Fuzzing Platform. Learn how to fuzz just about anything with Peach. No coding required, but recommended.

---

The Exploit Laboratory
//Saumil Udayan Shah & S.K. Chong

Learn how to expose the inner mechanisms of exploits and how they work. The class is highly hands-on and very lab intensive.

---

The Exploit Laboratory: Black Belt Edition
//Saumil Udayan Shah & S.K. Chong

Black Belt is a new and advanced class continuing from where The Exploit Laboratory left off. This class is for those curious to dig deeper into the art and craft of software exploitation.

---

Hacking by Numbers: BlackOps
//SensePost

Your final course in the HBN series before being deployed into "Combat"

---

Hacking by Numbers: Bootcamp
//SensePost

This course follows directly on from 'Cadet Edition' and serves as a prerequisite for the 'BlackOps Edition'. As always, the course can also be taken without any of the others. Bootcamp Edition can be taken back-to-back with either Cadet Edition (for beginners) or BlackOps Edition for more advanced students.

---

Hacking by Numbers: Cadet
//SensePost

Beginner level. An introduction to the art and science of computer hacking.

---

Hacking by Numbers: Cheif of Staff
//SensePost

A security course aimed at technical and business leaders. The latest offering in SensePost’s acclaimed ‘Hacking By Numbers’, series this course brings IT and IT Security managers real technical information in a language they can relate to. No technical jargon, no acronyms or techno-speak, just good, solid information presented in a way that managers can apply to make better decisions. This course is designed to empower managers by cutting through the technical barriers and presenting them with useful facts and decision-making skills.

---

Hacking by Numbers: Combat
//SensePost

This course follows directly on from 'BlackOps Edition' However, the course can also be taken without any of the others.

---

Hacking by Numbers: Unplugged
//SensePost

The ultimate wi-fi hacking course

---

Hacking by Numbers: W^3
//SensePost

Hacking by Numbers - W^3 Edition is an intermediate web application hacking course for people with some experience in penetration testing.

---

---

IDA Pro Class: Reverse Engineering with IDA Pro
//Chris Eagle

Essential background material for effective reverse engineering.

---

---

Infrastructure Attacktecs™ & Defentecs™: Hacking Cisco Networks
//Steve Dugan

Extremely popular and intense hands-on course.

---

Inside and Out of the Social-Engineer Toolkit (SET)
//David Kennedy

This course will cover the social-engineer toolkit and how to leverage it during penetration tests.

---

Malware Analysis: Black Hat Edition by MANDIANT
//MANDIANT

This introductory course is for those interested in entering the field of malicious software analysis.

---

Mobile Hacking II
//HotWAN

Brand new, never before seen mobile hacking course that will cover multiple smartphone technologies and development environments.

---

Modern Botnets
//Ken Baylor Ph.D.

Master financial botnets in a day. Thoroughly understand their threats to your network and how they work by building and configuring your own.

---

Network Forensics: Black Hat Release
//Jonathan Ham and Sherri Davidoff

This fast-paced class includes packet analysis, statistical flow record analysis, wireless forensics, intrusion detection and analysis, network tunneling, malware network behavior—all packed into 4 days of hands on intensives.

---

Offensive Countermeasures: Defensive Tactics that Actually Work
//PaulDotCom

Learn to become more offensive in your defensive tactics against attackers.

---

Pentesting with BackTrack
//Offensive Security (Johnny Long, Paul Hand) - Four Day Course

This is an intensive, hands-on security class by Offensive Security, the creators of Backtrack. "Pentesting with BackTrack" is targeted towards network administrators and security professionals who need to get acquainted with the latest hacking tools and techniques available with the world-renowned BackTrack 5.

---

Pentesting with Perl
//Joshua Abraham

Utilize Perl to streamline the tedious aspects of pentesting.

---

Physical Penetration Testing (Introduction)
//The CORE Group

Those who attend this session will leave with a full awareness of how to best protect buildings and grounds from unauthorized access, as well as how to compromise most existing physical security in order to gain access themselves. Distinguish good locks and access control from poor ones and become well-versed in picking and bypassing in order to assess your own company's security posture or augment your career as a penetration tester.

---

Physical Penetration Testing (Advanced)
//The CORE Group

Individuals with an established understanding of the mechanics of locks and the basic ways in which they can be compromised will learn highly advanced and specialized techniques in this course. Impressioning fully-functioning keys for unknown locks, manipulating the dials of safes, and advanced picking and bumping techniques for higher security locks will be covered in great detail. [Restricted to Law Enforcement Officers, Government Personnel, and Properly-Credentialed Established Security Professionals only.]

---

Practical ARM Exploitation
//Stephen A. Ridley + Stephen C. Lawler

Intensive lab-based course aiming to expand your exploitation ability to include the ARM processor architecture. Students will learn under "real world" circumstances through multiple lab exercises and challenges covering code auditing, advanced heap exploitation and more.

---

Real World Security: Attack, Defend, Repel
//Peak Security

An intensive 2 day course/exercise for the security professional that wants to up the ante on their current skill sets in offensive and defensive security. Learn new tactics and receive guidance from expert instructors while you test yourself in a team vs team environment. Hands on and technical.

---

---

---

Social Engineering for Penetration Testers
//White Hat Defense

Social Engineering Penetration Testers program is a weeklong immersion into the world of a professional social engineer.

---

Tactical Exploitation
//Attack Research

Using a combination of new tools and lesser-known techniques, attendees will learn how hackers compromise systems without depending on standard exploits.

---

---

TCP/IP Weapons School 3.0
//Richard Bejtlich, TaoSecurity

Learn how networks can be abused and subverted, while analyzing the attacks, methods, and traffic that make it happen.

---

The Art of Exploiting SQL Injection
//Sumit Siddharth

This is a full day hands on training course which will typically target penetration testers, security auditors/administrators and web developers to learn advanced exploitation techniques. SQL Injection, although now nearly 15 years old, still exists in over 30% of the web applications.

---

---

Ultimate Hacking: Malware Forensics & Incident Response
//Foundstone

McAfee's Malware Forensics & Incident Response Education (MFIRE) workshop is a proactive weapon to help you normalize your environment after a negative event has occurred.

---

---

Uses and Misuses of Cryptography: How to Use Crypto Properly and Attack Those That Don’t
//Andrew Lindell - Three Day Course

Even when crypto is correctly implemented, it is notoriously difficult to use correctly. In this course we study how crypto works, how to use it properly, and how to stay clear of crypto misuses that will leave you wide open to attack.

---

The Web Application Hacker's Handbook, 2nd Edition: LIVE!
//Dafydd Stuttard & Marcus Pinto

This course is a one-off 2nd Edition preview delivered by the authors of the Web Application Hacker's Handbook, and the author of Burp Suite. It features hands-on hacking with 150+ examples including a CTF contest