Black Hat USA 2010 //Training

Caesars Palace Las Vegas, NV • July 24-27


Register Now //all training


Complete List of Black Hat USA 2010 Training Courses:

Black Hat USA 2010 brings together the best minds in security to define tomorrow’s information security landscape. Featuring many new tracks and new training sessions, Black Hat USA is the biggest and best conference we've ever presented.

Training Category Matrix - get printable pdf »


TRAINING: SCHEDULE »


LEGEND:

Weekday Course Weekend Course
4-Day Course Course Cancelled!

( NOTICE: Registrants are notified when courses are chosen for cancellation; this training list reflects all course availabilities and is updated regularly. )




Advanced Malware Analysis by MANDIANT
//MANDIANT (Nick Harbour & Jay Smith) - Four Day Course

Students will learn to combat sophisticated malware head-on by studying its anti-analysis techniques.


Advanced Malware Analysis Using Responder Professional //NEW 2010
//HBGary (Greg Hoglund & Shawn Bracken)

Students will learn to combat sophisticated malware head-on by studying its anti-analysis techniques.


Advanced Malware Deobfuscation
//Jason Geffner & Scott Lambert

Learn how to manually unpack the most advanced obfuscation protections.


Advanced Memory Forensics in Incident Response
//Jamie Butler & Peter Silberman

Specifically designed for information security professionals and analysts who respond to computer security incidents. It is designed as an operational course, using case studies and hands-on lab exercises to ensure attendees are gaining experience in each topic area.


Advanced Vulnerability Scanning Techniques Using Nessus //NEW 2010
//Paul Asadoorian, Tenable Security

This course teaches advanced scanning techniques by using a real-world scenario to demonstrate how these techniques help to solve problems in an example work environment.


Advanced Web Application Pen-Testing: Web 2.0 Edition //NEW 2010
//Aspect Security

Students gain hands-on testing experience with freely available web application security test tools to find and diagnose flaws and learn to identify them in their own projects.


Advanced Windows Exploitation Techniques
//Offensive Security (Matteo Memelli & Jim O’Gorman) - Four Day Course

An in depth, hardcore drilldown into advanced Windows Vulnerability Exploitation techniques.


Application Security: For Hackers and Developers
//Jared DeMott, Harris

This course will have 4 components: reverse engineering, source code auditing, fuzzing, and exploitation. Each section contains a liberal amount of labs and hands-on exercises.


AppSec Leadership Essentials //NEW 2010
//Aspect Security

A practical, step-by-step approach to securing an entire organization.


Assaulting IPS
//Craig Williams, Mike Caudill & Kevin Timm, Cisco Systems

Learn to be become a skilled and knowledgeable IPS tester.


Assessing and Exploiting Web Applications with Samurai-WTF
//NEW 2010

//InGuardians

Using open source tools to perform web application assessments, this course will take attendees through the process of application assessment using the open source tools included in the Samurai Web Testing Framework Live CD (Samurai-WTF).


Basic Malware Analysis Using Responder Professional //NEW 2010
//HBGary (Martin Pillion & Rich Cummings)

Students will learn to combat sophisticated malware head-on by studying its anti-analysis techniques.


Building a Better Mouse Trap: The Art of Developing Effective Intrusion Detection/Prevention Signatures
//Rohit Dhamankar & Rob King

Learn how to implement effective network intrusion prevention.


CISSP® Boot Camp
//Shon Harris - Four Day Course

This Logical Security course trains students in all areas of the security Common Body of Knowledge (CBK). Using this course, students prepare for the exam, while at the same time obtaining essential security knowledge that can be immediately used to improve organizational security.


CISSP® Review Seminar
//Shon Harris - Tuesday, July 27 Only

This Logical Security course trains students in all areas of the security Common Body of Knowledge (CBK). Using this course, students prepare for the exam, while at the same time obtaining essential security knowledge that can be immediately used to improve organizational security.


Designing Secure Protocols and Intercepting Secure Communication
// Moxie Marlinspike - Weekend Only

This is a new and special training that covers both designing and attacking secure protocols. Attendees will learn the fundamentals of how to design a secure protocol, and be armed with the knowledge of how to evaluate the security of and discover weaknesses in existing protocols.


Detecting & Mitigating Attacks Using Your Network Infrastructure
// Cisco Systems (Randy Ivener, Joseph Karpenko & Tim Sammut)

Learn leading network security practices from experts who develop these techniques and put them to practical use.


Effective Fuzzing: Using the Peach Fuzzing Platform
//Leviathan (Michael Eddington & Adam Cecchetti)

The first comprehensive hands-on fuzzing course centered on the industry standard Peach Fuzzing Platform. Learn how to fuzz just about anything with Peach. No coding required, but recommended.


Enterprise Security From Day 1 to Completion
//Chris Conacher - July 26 - 27 only

A practical approach to developing an information security program.

The Exploit Laboratory
//Saumil Udayan Shah & S.K. Chong

Learn how to expose the inner mechanisms of exploits and how they work. The class is highly hands-on and very lab intensive.


The Exploit Laboratory: Black Belt Edition //NEW 2010
//Saumil Udayan Shah & S.K. Chong

Black Belt is a new and advanced class continuing from where The Exploit Laboratory left off. This class is for those curious to dig deeper into the art and craft of software exploitation.


Finding Security Bugs in Closed-source Software: Advanced
//Halvar Flake - July 26 - 27 only

Intense advanced course encompassing binary analysis, reverse engineering and bug finding.


Finding Security Bugs in Closed-source Software: Beginner
//Halvar Flake - July 24 - 25 only

Intense beginner course encompassing binary analysis, reverse engineering and bug finding.


Gray Hat Hacking: Moving to the Next Level //UPDATED 2010
//Allen Harper

Working through lab examples and real world vulnerabilities to take you to the next level


Hacking by Numbers: Bootcamp
//SensePost

Novice level. A highly practical course that teaches method-based hacker thinking, skills and techniques.


Hacking by Numbers: Cadet
//SensePost

Novice level. A highly practical course that teaches method-based hacker thinking, skills and techniques.


Hacking by Numbers: Combat Training
//SensePost

Advanced level. This course is all hack, no talk.


Hacking by Numbers: Web 2.0
//SensePost

Web 2.0 is a whole new world and Hacking By Numbers - Web 2.0 Edition is a course designed to prepare you for it.


Hands-On Hardware Hacking and Reverse Engineering Techniques: Black Hat Edition
//Joe Grand - Weekend Only

This course is the first of its kind and focuses entirely on hardware hacking.


IDA Pro Class: Reverse Engineering with IDA Pro
//Chris Eagle

Essential background material for effective reverse engineering.


Incident Response: Black Hat Edition by MANDIANT
// MANDIANT (Kris Harms & Dan McWhorter)

Specifically designed for information security professionals and analysts who respond to computer security incidents.


Infrastructure Attacktecs™ & Defentecs™: Hacking Cisco Networks
//Steve Dugan

Extremely popular and intense hands-on course.


Introduction to Malware Analysis
//Jason Geffner & Scott Lambert

No Source? No Symbols? No Problem.


Mac Hacking Class //NEW 2010
//Vincenzo Iozzo & Dino Dai Zovi

The aim of this class is to provide the student with all the skills needed in order to fully perform research on this OS. Specifically how to write payloads, what are the tools needed to perform research and all the hidden oddities of OS X which other UNIX-based systems don’t have.


Malware Analysis: Black Hat Edition by MANDIANT
//MANDIANT (Michael Sikorski & Steve Davis)

This introductory course is for those interested in entering the field of malicious software analysis.


Pentesting High Security Environments //NEW 2010
//Joseph McCray - July 26-27 Only

Focus on penetration testing techniques that can be used when testing highly secured environments.


Pentesting with BackTrack //NEW 2010
//Offensive Security (Mati Aharoni & Chris Hadnagy) - Four Day Course

This is an intensive, hardcore, hands on Security class by the creators of Backtrack especially designed for delivery in BlackHat Trainings.


Pentesting with Perl //NEW 2010
//Joshua Abraham - Tuesday, July 27 Only

Utilize Perl to streamline the tedious aspects of pentesting.


Physical Penetration Testing: From Beginner to Expert
//Deviant Ollam - July 26-27 Only

Those who attend this session will leave with a full awareness of how to best protect buildings and grounds from unauthorized access.


Real World Security: Attack, Defend, Repel //NEW 2010
//Peak Security - July 26-27 Only

An intensive 2 day course/exercise for the security professional that wants to up the ante on their current skill sets in offensive and defensive security. Learn new tactics and receive guidance from expert instructors while you test yourself in a team vs team environment. Hands on and technical.


RFID, Access Control & Biometric Systems
//Zac Franken & Adam Laurie

This workshop is geared towards security professionals whose duties and responsibilities include guiding security decisions for whole departments or even entire companies.


The RSA Cryptosystem: Attacks and Implementation Dangers //NEW 2010
//Andrew Lindell - Sunday, July 25 Only

This workshop is geared towards security professionals whose duties and responsibilities include guiding security decisions for whole departments or even entire companies.


SAP Security In-Depth //NEW 2010
// Mariano Nuñez Di Croce, Onapsis - July 26-27 Only

Have you ever wondered whether your business-critical SAP implementation was secure? Do you know how to check it? Have you imagined which could be the impact of an attack to your core business platform? Do you know how to prevent it? This training is the answer to these questions.


Secure the Human
//Lance Spitzner, Honeytech

Everything you need to plan, deploy and maintain a successful awareness and training program.


Senior System Manager (CNSS-4012 (Certified)), ISSM/IAM
//Information Assurance Associates (IA2) - Four Day Course

Very focused, highly concentrated, non-technical professional training necessary to achieve the fundamental knowledge needed to define, design, integrate and manage information system security policies, processes, practices, and procedures within federal interest information systems and networks.


Static Code Analysis for Enterprise Applications, Web Services and Web 2.0 //NEW 2010
//Shreeraj Shah, Blueinfy

We will be covering analysis techniques, with tools, for assessment and review of enterprise application source code. Enterprise 2.0 and mashups, along with other different Web 2.0 concepts, reinforced by hands-on experience, will help in understanding next generation application requirements.


StegAnalysis Investigations: Investigator Training //NEW 2010
//WetStone Technologies - July 24-25 Only

Students will participate in hands on experiments with stego’d images, multimedia files, advanced network protocols and Steganographic file systems. Detailed analytical and jamming methods will be utilized to both discover and disrupt Steganographic operations.


Symmetric Cryptography: Constructions and Cryptanalysis //NEW 2010
//Andrew Lindell - July 26-27 Only

Hands-on, in-depth understanding of how symmetric cryptographic primitives are constructed and broken, with a focus on block ciphers and cryptographic hash functions.


Tactical Exploitation
//HD Moore

Using a combination of new tools and lesser-known techniques, attendees will learn how hackers compromise systems without depending on standard exploits.


TCP/IP Weapons School 2.0
//Richard Bejtlich, TaoSecurity

Learn how networks can be abused and subverted, while analyzing the attacks, methods, and traffic that make it happen.


Ultimate Hacking: Black Hat Edition //UPDATED 2010
//Foundstone

This course delivers hands on application of Foundstone's hacker methodology. This course has long been considered essential for penetration testers.


Ultimate Hacking: Wireless
//Foundstone

This course delivers hands on application of Foundstone's wireless hacking methodology. This course takes you from configuring interfaces to the latest attacks.


Understanding and Deploying DNSSEC
//Paul Wouters and Patrick Naubert

This one-of-a-kind training course will arm attendees with the skills needed to design, deploy, maintain and secure even the most sophisticated Microsoft infrastructures. This "special edition" course will also include the development and design of ISA Server DMZ configurations and deployments to further secure your Microsoft installations


Virtualization for Incident Responders //NEW 2010
//Eric Fiterman - Methodvue

Principles and techniques for recovering evidence from virtualized systems and cloud environments - this course is intended for information security personnel who are responsible for handling incidents involving virtual infrastructure, cloud service providers, or desktop virtualization platforms.


Virtualization (In)Security
//Joanna Rutkowska & Rafal Wojtczuk - July 26-27 only

An unbiased view on the security of recent Xen systems (Xen 3.3 and 3.2), show exemplary attacks and a study of how various technology (e.g. Intel VT-d and TXT) and clever design of the VMM can help to improve security.


WAF Virtual Patching Workshop //NEW 2010
// Ryan C. Barnett & Brian Rectanus - Tuesday, July 27 Only

This workshop is intended to provide an overview of the recommended practices for utilizing a web application firewall for virtual patching.


WarfaRE - Offensive Reverse Engineering //NEW 2010
// Pedram Amini & Ero Carrera

Understanding the inner workings of advanced malware goes beyond simply reverse engineering it. Thinking like the attacker helps in anticipating future techniques.


The Web Application Hacker's Handbook - Live Edition //NEW 2010
//Dafydd Stuttard & Marcus Pinto

This course follows the chapters of The Web Application Hacker’s Handbook, with strong focus on practical attacks and methods and concludes with a Capture the Flag contest.


Web Application (in)Security
//John Heasman & Daniel Martin

Finally, the long awaited successor to NGS’s hugely popular Web Application (In)Security Course is coming to BlackHat Vegas this year!

This is a cutting-edge, hands-on course aimed at hackers who want to exploit web applications, and developers who want to know how to defend them.


Web Security //NEW 2010
//Hristo Bojinov, Dan Boneh, Elie Bursztein & John Mitchell - July 26-27 Only

Get a 360-degree overview of web application security.


Windows Physical Memory Acquisition and Analysis //NEW 2010
//Matthieu Suiche

Want to learn all about memory dumps, including how they work and deep analysis using Windbg.