Black Hat USA Registration Black Hat USA Registration Black Hat USA Briefings Black Hat USA Briefings Black Hat USA Training Black Hat USA Training Black Hat USA Schedule Black Hat USA Schedule Black Hat USA Sponsors Black Hat USA Sponsors Black Hat  USA Special Events Black Hat  USA Special Events Black Hat USA Venue Black Hat USA Venue

On This Page

Bypassing Security Defenses – Secret Penetration Testing Techniques

David Kennedy & Valerie Thomas | July 27-28 & 29-30



Ends May 31



Ends July 24



Ends July 30


It is continuously becoming harder to circumvent the security controls on externally facing systems and gain full access to the internal network. With the different types of technologies, hardening techniques, and detection; the job of a penetration tester continues to get more advanced. This course is designed to teach advanced techniques in order to bypass security defenses, gain access to an organization, and further penetrate into the network. Learn the techniques, tricks, and secrets from the author of the Social-Engineer Toolkit (SET) and one of the top penetration testers. What you’ll learn in this course:


The course is designed for beginner and intermediate levels. Basic concepts of Linux and maneuvering in Back|Track Linux is required.

What Students Will Be Given

Code samples, vulnerable applications, copy of the Metasploit: The Penetration Testers Guide book, anti-virus safe payloads, custom tools, and more.

What Students Need To Bring

The student must have a working machine with Back|Track Linux as well as a Windows machine with Java loaded. These can be virtualized and one can be the primary. No anti-virus on the Windows machine (we will need to write bypass payloads first to evade). Ensure connectivity between the two virtual machines and that networking is working properly.


Dave Kennedy is founder and principal security consultant of TrustedSec, LLC - An information security consulting firm located in Cleveland Ohio. David was the former Chief Security Officer (CSO) for a Fortune 1000 where he ran the entire information security program. Kennedy is a co-author of the book "Metasploit: The Penetration Testers Guide," the creator of the Social-Engineer Toolkit (SET), and the creator of Artillery. Kennedy has presented on a number of occasions at Black Hat, Defcon, ShmooCon, BSIDES, Infosec World, Notacon, AIDE, ISACA, ISSA, Infragard, Infosec Summit, and a number of other security-related conferences. Kennedy has been interviewed by several news organizations including BBC World News. Kennedy is on the Back|Track and Exploit-DB development team and co-host of the podcast and regular on ISDPodcast. Kennedy is one of the co-authors of the Penetration Testing Execution Standard (PTES); a framework designed to fix the penetration testing industry. Kennedy is the co-founder of DerbyCon, a large-scale conference in Louisville Kentucky. Prior to Diebold, Kennedy was a VP of Consulting and Partner of a mid-size information security consulting company running the security consulting practice. Prior to the private sector, Kennedy worked for the three letter agencies and deployed to Iraq twice for intelligence related missions.

Valerie Thomas is a Senior Information Security Consultant for Securicon LLC that specializes in social engineering and physical penetration testing. After obtaining her bachelor's degree in Electronic Engineering, Valerie led information security assessments for the Defense Information Systems Agency (DISA) before joining private industry. Throughout her career, Valerie has conducted penetration tests, vulnerability assessments, compliance audits, and technical security training for executives, developers, and other security professionals.