Black Hat USA 2009 //Training

Caesars Palace Las Vegas, NV • July 25-30


Register Now //all training


Complete List of Black Hat USA 2009 Training Courses

Black Hat USA 2009 brings together the best minds in security to define tomorrow’s information security landscape. Featuring many new tracks and new training sessions, Black Hat USA is the biggest and best conference we've ever presented.

LEGEND :

Weekday Course Weekend Course
4-Day Course Course Cancelled!

( NOTICE: Registrants are notified when courses are chosen for cancellation; this training list reflects all course availabilities and is updated regularly. )




Advanced Database Security Assessment
//NGS Software

Discover flaws in database security and effectively develop strategies to keep attackers out.


Advanced Malware Analysis
//Nick Harbour, Mandiant : 4 Day Course

Students will learn to combat sophisticated malware head-on by studying its anti-analysis techniques.


Advanced Malware Deobfuscation
//Jason Geffner & Scott Lambert

Learn how to manually unpack the most advanced obfuscation protections.


Advanced Memory Forensics in Incident Response
//Jamie Butler & Peter Silberman

Specifically designed for information security professionals and analysts who respond to computer security incidents. It is designed as an operational course, using case studies and hands-on lab exercises to ensure attendees are gaining experience in each topic area.


Advanced Web Application Security Testing
//Aspect Security

Students gain hands-on testing experience with freely available web application security test tools to find and diagnose flaws and learn to identify them in their own projects.


New for 2009

Advanced Windows Exploitation Techniques
//Offensive Security

An in depth, hardcore drilldown into advanced Windows Vulnerability Exploitation techniques.


New for 2009

Analyzing and Securing Enterprise Application Code
//Blueinfy (Shreeraj Shah & Vimal Patel)

The emphasis of the class would be to develop a complete understanding of source code analysis, audit methodologies, techniques and tools. Knowledge gained would help in analyzing and securing enterprise applications at all different stages - architecture, design and/or development.


Application Security: For Hackers and Developers
//Crucial Security

This course will have 4 components: reverse engineering, source code auditing, fuzzing, and exploitation. Each section contains a liberal amount of labs and hands-on exercises.


New for 2009

Assaulting IPS
//Craig Williams, Cisco Systems & Tod Beardsley, BreakingPoint Systems

Learn to be become a skilled and knowledgeable IPS tester.


New for 2009

Attacking Hardware: Unsecuring [once] Secure Devices
//Christopher Tarnovsky

An exciting and very extensive class detailing the microscopic details of silicon devices.


Building a Better Mouse Trap: The Art of Developing Effective Intrusion Detection/Prevention Signatures
//Rohit Dhamankar & Rob King

Learn how to implement effective network intrusion prevention.


Building and Testing Secure Web Applications
//Aspect Security

Hands-on exercises where the students get to perform security analysis and testing on a live web application.


Building Secure Web 2.0 Applications
//Aspect Security

This class will cover common Web 2.0 security threats and vulnerabilities and it will provide specific guidance on how to develop Web 2.0 applications to defend against these threats and vulnerabilities.


Building Secure Web Services
//Aspect Security

This class includes hands-on exercises where the students get to perform security analysis and testing on a live web application.


Certified Ethical Hacker (C|EH) Version 6
//EC-Council

Students will also learn about Intrusion Detection, Policy Creation, Social Engineering, DDoS Attacks, Buffer Overflows and Virus Creation.


New for 2009

CISSP® Boot Camp
//Shon Harris

This Logical Security course trains students in all areas of the security Common Body of Knowledge (CBK). Using this course, students prepare for the exam, while at the same time obtaining essential security knowledge that can be immediately used to improve organizational security.


New for 2009

CISSP® Review Seminar
//Shon Harris

This 1-Day Review Seminar has been designed to provide all the materials needed from our instructor led classroom training.


New for 2009

Computer Hacking Forensic Investigator (CHFI)
//EC-Council

The CHFI course will give participants the necessary skills to identify an intruder's footprints and to properly gather the necessary evidence to prosecute.


New for 2009

Cryptographic Primitives (Symmetric)
//Andrew Lindell    July 27-28 only

In this course, students will gain an in-depth understanding of how cryptographic primitives are constructed and broken.


New for 2009

Detecting & Mitigating Attacks Using Your Network Infrastructure
//Randy Ivener, Cisco Systems, Joseph Karpenko, Cisco Systems & Tim Sammut, Cisco Systems

Learn leading network security practices from experts who develop these techniques and put them to practical use.


New for 2009 ECSA/LPT Certification Preparation
//EC-Council   

The ECSA course equips one with the knowledge and know-hows to become an EC-Council Licensed Penetration Tester.


Effective Fuzzing: Using the Peach Fuzzing Platform
//Michael Eddington, Leviathan and Blake Frantz, Leviathan

The first comprehensive hands-on fuzzing course centered on the industry standard Peach Fuzzing Platform. Learn how to fuzz just about anything with Peach. No coding required, but recommended.


Enterprise Security From Day 1 to Completion:
A Practical Approach to Developing an Information Security Program

//Chris Conacher
July 27-28 only

A practical, step-by-step approach to securing an entire organization.


The Exploit Laboratory
//Saumil Udayan Shah

Learn how to expose the inner mechanisms of exploits and how they work. The class is highly hands-on and very lab intensive.


New for 2009

Finding Security Bugs in Closed-source Software: Beginner
//Halvar Flake
July 25-26 only

Intense course encompassing binary analysis, reverse engineering and bug finding.


New for 2009

Finding Security Bugs in Closed-source Software: Advanced
//Halvar Flake
July 27-28 only

Intense course encompassing binary analysis, reverse engineering and bug finding.


New for 2009

Gray Hat Hacking: Exploit and Metasploit Module Development
//Allen Harper

Working through lab examples and real world vulnerabilities to take you to the next level


Hacking by Numbers: Bootcamp by SensePost

Novice level. A highly practical course that teaches method-based hacker thinking, skills and techniques.


Hacking by Numbers: Cadet
//SensePost

Novice level. A highly practical course that teaches method-based hacker thinking, skills and techniques.


Hacking by Numbers: Combat Training
//SensePost

Advanced level. This course is all hack, no talk.


New for 2009

Hacking by Numbers: PCI Edition - Hack Like You Mean It!
//SensePost

A practical, technical course aimed at beginner penetration testers, that teaches method-based hacker thinking, skills and techniques, specifically focusing on the approach and priorities for penetration testing required by the PCI DSS standard.


Hacking by Numbers: Web 2.0
//SensePost

Web 2.0 is a whole new world and Hacking By Numbers - Web 2.0 Edition is a course designed to prepare you for it.


New for 2009

Hacking Oracle PL/SQL
//Kevin Dunn and Marcus Pinto, NGS software

This course will teach you how to hack into Oracle database servers; only by truly grasping the mechanics of attacks can a complete and effective defense be built.


Hands-On Hardware Hacking and Reverse Engineering Techniques: Black Hat Edition
//Joe Grand

This course is the first of its kind and focuses entirely on hardware hacking.


New for 2009Hands on Penetration Testing with BackTrack 4
//Offensive Security

This is an intensive, hardcore, hands on Security class by the creators of Backtrack especially designed for delivery in BlackHat Trainings.


Incident Response: Black Hat Edition
//Kevin Mandia and Kris Harms, MANDIANT

Specifically designed for information security professionals and analysts who respond to computer security incidents.


Infrastructure Attacktecs™ & Defentecs™: Hacking Cisco Networks
//Steve Dugan

Extremely popular and intense hands-on course.


New for 2009

Intercepting Secure Communications
//Moxie Marlinspike

Attendees will be given advanced copies of exploit tools used to intercept secure email, web, and VPN traffic as well as training and practice in using them covertly and effectively... attendees will walk away with everything they need to intercept several types of secure communication.


Introduction to Malware Analysis
//Jason Geffner & Scott Lambert

No Source? No Symbols? No Problem.


Leading, Planning, and Executing an Application Security Initiative
//Aspect Security

For executives and managers - get the education and practical guidance you need to ensure that your software projects properly address security in this collaborative workshop 2 day session.


Lock Picking and Physical Security: From Beginner to Expert
//Deviant Ollam

Those who attend this session will leave with a full awareness of how to best protect buildings and grounds from unauthorized access.


New for 2009

Mac Hacking Class
//Vincenzo Iozzo

The aim of this class is to provide the student with all the skills needed in order to fully perform research on this OS. Specifically how to write payloads, what are the tools needed to perform research and all the hidden oddities of OS X which other UNIX-based systems don’t have.


Malware Analysis: Black Hat Edition
//MANDIANT

This introductory course is for those interested in entering the field of malicious software analysis.


New for 2009

Mastering the Metasploit Framework
//HD Moore

This course dives into the newest features of the Metasploit Framework and demonstrates how to use these features in every aspect of a penetration test.


header graphic

Microsoft Ninjitsu: Black Belt Edition
//Timothy Mullen, Jim Harrison & Dr. Thomas Shinder

This one-of-a-kind training course will arm attendees with the skills needed to design, deploy, maintain and secure even the most sophisticated Microsoft infrastructures. This "special edition" course will also include the development and design of ISA Server DMZ configurations and deployments to further secure your Microsoft installations


ModSecurity: Deployment and Management
//Ryan Barnett, Breach Security

Designed for those people who want to quickly learn how to build, deploy, and use ModSecurity in the most effective manner possible.


NSA InfoSec Assessment Methodology Course (IAM) - Level 1
//Security Horizon

You will need this course before you can take the IEM course. Earn NSA Certification.


NSA InfoSec Assessment Methodology Course (IEM) - Level 2
//Security Horizon

The follow-up course to the IAM. Earn NSA certification.


Reverse Engineering with IDA Pro
//Chris Eagle

Essential background material for effective reverse engineering.


Reverse Engineering on Windows
//Pedram Amini and Ero Carrera

This class is meant to impart cutting-edge understanding of malicious code analysis upon attendees, ultimately taking them to an advanced level of reverse engineering skills applicable to other security domains.


Reverse Engineering Rootkits and Active Reversing
//Greg Hoglund, HBGary and Rich Cummings, HBGary

This two day class will cover useful techniques and methods for incident response in the field when machines are suspected of intrusion with stealthy malware.


New for 2009

RFID, Access Control & Biometric Systems
//Zac Franken & Adam Laurie

This workshop is geared towards security professionals whose duties and responsibilities include guiding security decisions for whole departments or even entire companies.


SAP (In)security
//Mariano Nuñez Di Croce, CYBSEC July 27-28 only

How to secure an SAP system? How to perform a security assessment of an SAP system? These are two questions that this course will answer.


New for 2009

Secure Coding for Java EE
//Aspect Security

Hands-on exercises where the students get to perform security analysis and testing on a live Java EE web application.


New for 2009Security for Web-Based Database Applications
//Aspect Security

This class includes hands-on exercises where the students get to perform security analysis and testing on a live web application supported by a back end database.


New for 2009Secure the Human
//Lance Spitzner, Honeytech

Everything you need to plan, deploy and maintain a successful awareness and training program.


New for 2009Senior System Manager (CNSS-4012 Certified)
//Information Assurance Associates (IA2)

Very intense, highly concentrated, non-technical professional training necessary to achieve the fundamental knowledge needed to define, design, integrate and manage information system security policies, processes, practices, and procedures within federal interest information systems and networks.


Side Channel Analysis and Countermeasures
//Riscure

Learn how to protect embedded and smart card technology against side channel analysis


New for 2009

Tactical Exploitation
//HD Moore

Using a combination of new tools and lesser-known techniques, attendees will learn how hackers compromise systems without depending on standard exploits.


TCP/IP Weapons School 2.0
//Richard Bejtlich, TaoSecurity New for 2009

Learn how networks can be abused and subverted, while analyzing the attacks, methods, and traffic that make it happen.


Ultimate Hacking: Black Hat Edition
//Foundstone

The definitive training regimen for assessing and securing your networks.


Ultimate Hacking: Expert
//Foundstone

In depth coverage of current security topics. Not for Beginners.


Ultimate Hacking: Wireless
//Foundstone

In depth coverage of current security topics. Not for Beginners.


New for 2009 Understanding and Deploying DNSSEC
//Paul Wouters and Patrick Nauber

This one-of-a-kind training course will arm attendees with the skills needed to design, deploy, maintain and secure even the most sophisticated Microsoft infrastructures. This "special edition" course will also include the development and design of ISA Server DMZ configurations and deployments to further secure your Microsoft installations


Understanding Stealth Malware
//Joanna Rutkowska and Alexander Tereshkin
July 25-26 only

An in-depth understanding of how advanced stealth malware works, how it interacts with the operating system, underlying hardware and network.


New for 2009Virtualization (In)Security
//Rafal Wojtczuk & Joanna Rutkowska July 27-28 only

An unbiased view on the security of recent Xen systems (Xen 3.3 and 3.2), show exemplary attacks and a study of how various technology (e.g. Intel VT-d and TXT) and clever design of the VMM can help to improve security.


Web Application (In)security
//NGS Software

If you are concerned with the security of web applications and the insecurity they introduce to your back end information systems this is the workshop for you.