Please click on any Training title below to see pricing and full description.
Note: Please read all Registration Terms and Conditions carefully. Training courses include full access to the Business Hall, Sponsored Workshops, Sponsored Sessions, and Arsenal. Briefings are not included with the purchase of a Training pass; however, you may purchase a Briefings pass to complement your Training course/s once you register. All Briefings and Trainings will be presented in English.
This hands-on training teaches concepts, techniques and tools to understand the behavior and characteristics of malware by combining two powerful techniques, malware analysis and memory forensics.This course will introduce attendees to basics of malware analysis, Windows internals and memory forensics, it then gradually progresses deep into more advanced concepts of memory forensics. This course uses hands-on labs using real world malware samples and infected memory images (crimewares, APT malwares, Rootkits etc) to help attendees gain better understanding of the subject. The training also shows how these techniques can be incorporated in a sandbox to automate malware analysis. After taking this course attendees will be equipped with skill to analyze, investigate and respond to malware related incidents.
Challenge yourself in a fully simulated enterprise environment, complete with domain services, security controls, misconfigurations, and vulnerable applications. You will learn to effectively create devastating attack paths to gain access to the crown jewels and demonstrate risk posed to the organization. This fast-paced course will teach you how to leverage penetration testing toolsets developed from our tester's experience on hundreds of engagements. You will learn how to conduct effective, in-depth penetration tests, focused on demonstrating the business impact of a breach.
In this course you will:
There are almost always bugs in code. We find them by auditing code, fuzzing, and reversing. Then we crafted exploits. To counter this reality, vendors have developed a variety of protections.
Day 1: Browser Exploitation
In this class we continue the battle. We describe a number of modern day protections: things like EMET, Isolated Heap, and CFG. We then perform hands-on lab work to show how bypasses can be constructed. This build-and-break teaching style provides the tools for vulnerability researchers, security engineers, and developers to perform cutting edge research of their own.
Day 2: Kernel Exploitation
The second half of the class is all about the kernel. You will learn how to debug, audit, fuzz, and exploit kernel code. The class is fast pasted, but low stress and fun. Prepare to learn!
The fast-paced course teaches the audience a wealth of hacking techniques to compromise various operating systems and networking devices. The course will cover advanced penetration techniques to achieve exploitation against these platforms:
More frequently attacks against telecommunication networks are published, just as new malware samples in all major operating systems appear every day. This course digs into how to break the entire mobile chain covering the infrastructure, smartphones and Apps by using real and modern attacks and reversing techniques.
A very unique and hands-on course on mobile hacking where students will learn and practice:
Problem solving and non-linear thinking are critical skills in the network security profession. These skills are hard learned, and often even more difficult to practice. This course will provide you with an opportunity to carry out a variety of attacks on a controlled system. You will solve problems through a collection of hands-on "capture-the-flag" scenarios with built-in challenges designed to test and expand your thought process. You will learn how to tackle these challenges from a practical problem-solving standpoint. Along the way we will discuss real life scenarios and dissect the thought processes required to achieve success in even the most daunting situations. Students will walk away with over $200 worth of tools utilized during the course.
From the start of the course, a set of challenges will be available for the students to participate in and solve. The practical application portion of this course will provide students with time to work on these challenges with the help of the instructors. These challenges will be in the form of a multistage challenge box that will require students to leverage the techniques and skills learned over the previous day. This could include physical locks, RFID replays gathered from around the conference, SCADA/ICS devices to hack and manipulate, etc. Challenges will be diverse and designed to stretch students to work together to leverage each others strengths in order to be successful.
Dark Side Ops: Custom Penetration Testing focuses on using stealthy techniques, advanced attacks, and custom malware to conduct realistic, targeted penetration tests. An intensive, hands-on lab environment with tons of code samples provides participants with a structured and challenging approach to bypass the very latest in offensive countermeasures. Participants will also receive and compile source code to create several custom shells and backdoors as they learn to plan, exploit, pivot, persist, and evade detection in even the most secure networks.
Learn to write mobile malware and deploy it on the app stores.
This course will give you insight and practical window into the methods used when attacking mobile platforms. This course is ideal for penetration testers who are new to the mobile area and need to understand how to analyze and audit applications on various mobile platforms using a variety of tools and platforms. Our mobile course uses a mixture of lectures, hands-on-labs, demonstrations, and group exercises.
Most malware analysts and incident responders aren't able to dissect OS X malware. And with the usage of Apple Macintosh computers growing across the enterprise they need to be prepared to deal with current and future threats. With that corporate increase comes an increase in attacks. Will you be prepared to analyze malware and threats targeted for OS X when they come your way?
This Crash Course rapidly introduces the tools and methodologies necessary to get you analyzing malware that targets the OS X platform. We use a practical, hands-on approach to quickly adapt your current malware analysis skills for OS X.
An introduction to digital signal processing, software radio, and the powerful tools that enable the growing array of SDR projects within the hacker community, this course takes a unique "software radio for hackers" approach, building on the participants' knowledge of computer programming and introducing them to the forefront of digital radio technology. Participants will learn how to transmit, receive, and analyze radio signals and will be prepared to use this knowledge in the research of wireless communication security. Each student will receive a HackRF One software defined radio transceiver, a $300 value.
Too often, beginner courses assume an already high level of skill and understanding of the subject matter being taught. This course is different in that we start with no assumption, rather getting you ready to learn how attackers compromise targets, as well as ensuring you get to do the same thing. As the title suggests, it provides an ideal training ground for our other SensePost Training courses, further self-study, or other hacking courses.