Please click on any Training title below to see pricing and full description.
Note: Please read all Registration Terms and Conditions carefully. Training courses include full access to the Business Hall, Sponsor Workshops, Sponsor Sessions, and Arsenal. Briefings are not included with the purchase of a Training pass; however, you may purchase a Briefings pass to complement your Training course/s once you register. All Briefings and Trainings will be presented in English.
The fast-paced course teaches the audience a wealth of hacking techniques to compromise various operating systems and networking devices. The course will cover advanced penetration techniques to achieve exploitation against these platforms:
Do your security tools work? Are you sure? How easy is it to bypass your AV? Is your firewall or Managed Security Service Provider (MSSP) catching Command and Control (C2) traffic? Does your Data Loss Prevention (DLP) product actually prevent data loss?
Come to this hands-on class to learn how to test these products and have fun doing it!
Participants in this class will learn how to easily bypass leading AV products, create C2 channels to sneak by DLP and Firewalls, get around Application Whitelisting, and make security vendors cry. This class will also walk participants through creating custom malware on a step-by-step basis in a variety of languages.
Adversary Hunting and Incident Response: Network Edition offers practical experience for an often underutilized incident response practice-- hunting. Hunting is the proactive search of a network for threats that may go unidentified by intrusion detection, AV, and other security systems. Hunting provides opportunities for organizations to find unknown threats while gaining deeper understanding of their networks. This course will teach you how to hunt through network data and identify threats commonly seen from nation-state adversaries, organized criminal syndicates, and hacktivists using a variety of free and open source tools.
This course will focus on the techniques and tools for testing the security of Android mobile applications. During this course the students will learn about important topics such as the Android Security model, the Android runtime, how to perform static analysis, traffic manipulation, memory dumps, debugging , code modification and dynamic analysis from zero knowledge of the APK to full exploitation. Students of this course will learn how to operate and make the best of the AppUse custom VM for Android application penetration testing, from its own creators.
By taking this course you will be able to perform penetration testing on Android mobile applications and expose potential vulnerabilities in the tested application such as insecure storage, traffic manipulation, malicious intents, authentication and authorization problems, client side SQLi, bad cryptography, and more.
Hackers hackers hackers, seems you can't read the news today without hearing about some company getting hacked, or private data being leaked.
Thing is, how exactly are these hacks done?
This course delves into network, application and wireless hacking from the beginning. Perfect for those beginning a career in infosec or those in other areas that need a deeper understanding of the mind-set attackers have when targeting individuals and companies. From reconnaissance, understanding common hacking tools, discovering vulnerabilities and exploiting them, this course is very hands on.
This gets you into the mind-set of a hacker and by exploiting real-world vulnerabilities yourselves, you start to see how attackers operate. Students have access to the SensePost learning portal 2 weeks before the course starts and also one week after the course has finished. This means you can continue learning and attacking the targets when you get home.
Dark Side Ops: Custom Penetration Testing focuses on using stealthy techniques, advanced attacks, and custom malware to conduct realistic, targeted penetration tests. Intensive, hands-on labs provides even intermediate participants with a structured and challenging approach to write custom code and bypass the very latest in offensive countermeasures. Participants will also receive and compile source code to create several custom backdoors, RATs, and persistence and privilege escalation techniques as they learn to plan, exploit, pivot, persist, and evade detection in even the most secure networks. The content, backdoors, and techniques provided in the course are constantly updated to reflect the latest in attacker methodologies.
The training covers reverse engineering and exploitation of the modern IoT/embedded/car/ICS/whatever applications that runs inside of AVR, PIC, STM8 and other microcontrollers (MCUs). Most of such MCUs are based on the Harvard architecture in which data is separated from the instruction memory, making useless traditional memory exploitation techniques. However, there are many methods and tricks to overcome such a limitation and this is the topic of the training. The course is highly practical and includes many examples and exercises on real hardware and on emulated environments.
Hunting for zero-day malware is difficult enough when looking at one system that you have physically sitting in front of you. It is more challenging to find threats across an enterprise network at scale. In this course we will cover first how to hunt of undetected malware on a single system, and then how to script that so that you can remotely hunt across large numbers of computers. This course will be based on employing built-in OS and freeware tools and scripting in batch and powershell.
For the first time at Black Hat Asia, we are offering an Internet of Things (IoT) Exploitation class. It's a two-day action packed course full of hands-on exercises and labs on both simulated and real environments.
You'll get to play with some real devices, find vulnerabilities and write exploits for them using some cutting edge techniques and tools. Some of the things that we will cover in the class are:
Attify Mobile and IoT Security and Payatu Technologies