Black Hat USA 2011 //Training

Caesars Palace Las Vegas, NV • July 30 - Aug 2

Register Now //all training


Weekday Course Weekend Course 4-Day Course
1-Day Course Virtual Cancellation!

( NOTICE: Registrants are notified when courses are chosen for cancellation; this training list reflects all course availabilities and is updated regularly. )

Hacking by Numbers: Cadet
// ONLINE EDITION - June 13-20 SensePost - registration now closed

Beginner level. An introduction to the art and science of computer hacking. Make the most of your time! Take this course online and be prepared to take a more advanced Hacking by Numbers course live at Black Hat USA 2011.

Advanced Malware Analysis by MANDIANT
//MANDIANT - Four Day Course

Course Preview

Students will learn to combat sophisticated malware head-on by studying its anti-analysis techniques.

Advanced Malware Deobfuscation
//Jason Geffner & Scott Lambert

Learn how to manually unpack the most advanced obfuscation protections.

Advanced Memory Forensics in Incident Response
//Jamie Butler & Peter Silberman

Specifically designed for information security professionals and analysts who respond to computer security incidents. It is designed as an operational course, using case studies and hands-on lab exercises to ensure attendees are gaining experience in each topic area.

Advanced Vulnerability Scanning Techniques Using Nessus
//Paul Asadoorian, Tenable Security

This course teaches advanced scanning techniques by using a real-world scenario to demonstrate how these techniques help to solve problems in an example work environment.

Advanced Windows Exploitation Techniques
//Offensive Security (Matteo Memelli & Jim O'Gorman) - Four Day Course

An in depth, hardcore drilldown into advanced Windows Vulnerability Exploitation techniques.

Course Preview

This course will have 4 components: reverse engineering, source code auditing, fuzzing, and exploitation. Each section contains a liberal amount of labs and hands-on exercises.

Assessing and Exploiting Web Applications with Samurai-WTF
//Justin Searle and Kevin Johnson

Using open source tools to perform web application assessments, this course will take attendees through the process of application assessment using the open source tools included in the Samurai Web Testing Framework Live CD (Samurai-WTF).

Building a Better Mouse Trap: The Art of Developing Effective Intrusion Detection/Prevention Signatures
//Rohit Dhamankar & Rob King

Learn how to implement effective network intrusion prevention.

Course Preview

This two day course will provide a primer, into the world of securing industrial control, and automation systems as they relate to the numerous industries where they are most prolific.

CISSP® Boot Camp
//Shon Harris - Four Day Course

This Logical Security course trains students in all areas of the security Common Body of Knowledge (CBK). Using this course, students prepare for the exam, while at the same time obtaining essential security knowledge that can be immediately used to improve organizational security.

CNSS-4012 Senior System Manager/CNSS-4015 System Certifier
//Information Assurance Associates (IA2) - Four Day Course

Very focused, highly concentrated, non-technical professional training necessary to achieve the fundamental knowledge needed to define, design, integrate and manage information system security policies, processes, practices, and procedures within federal interest information systems and networks.

CNSS-4016 Risk Analyst //NEW 2011
//Information Assurance Associates (IA2)

This workshop is geared towards security professionals whose duties and responsibilities include guiding security decisions for whole departments or even entire companies.

Course Preview

A two day workshop focusing on the progression from incident identification, investigation and malware analysis to explaining to management why it matters. In other words how to go from geek to sleek.

Designing Secure Protocols and Intercepting Secure Communication
// Moxie Marlinspike

This is a new and special training that covers both designing and attacking secure protocols. Attendees will learn the fundamentals of how to design a secure protocol, and be armed with the knowledge of how to evaluate the security of and discover weaknesses in existing protocols.

Detecting & Mitigating Attacks Using Your Network Infrastructure //UPDATED 2011
// Cisco Systems (Randy Ivener, Joseph Karpenko & John Stuppi)

Learn leading network security practices from experts who develop these techniques and put them to practical use.

Course Preview

Unlock the true potential and raw power of Maltego. Join us and we'll show you how to navigate and map the Internet's darkest rivers...

Effective Fuzzing: Using the Peach Fuzzing Platform
//Deja Vu Security (Michael Eddington & Adam Cecchetti)

The first comprehensive hands-on fuzzing course centered on the industry standard Peach Fuzzing Platform. Learn how to fuzz just about anything with Peach. No coding required, but recommended.

Enterprise Security From Day 1 to Completion
//Chris Conacher - August 1-2 only

A practical approach to developing an information security program.

The Exploit Laboratory
//Saumil Udayan Shah & S.K. Chong

Learn how to expose the inner mechanisms of exploits and how they work. The class is highly hands-on and very lab intensive.

The Exploit Laboratory: Black Belt Edition
//Saumil Udayan Shah & S.K. Chong

Black Belt is a new and advanced class continuing from where The Exploit Laboratory left off. This class is for those curious to dig deeper into the art and craft of software exploitation.

Hacking by Numbers: BlackOps Edition //NEW 2011

Your final course in the HBN series before being deployed into "Combat"

Hacking by Numbers: Bootcamp //UPDATED 2011

This course follows directly on from 'Cadet Edition' and serves as a prerequisite for the 'BlackOps Edition'. As always, the course can also be taken without any of the others. Bootcamp Edition can be taken back-to-back with either Cadet Edition (for beginners) or BlackOps Edition for more advanced students.

Hacking by Numbers: Cadet //UPDATED 2011

Beginner level. An introduction to the art and science of computer hacking.

Hacking by Numbers: Combat Training //UPDATED 2011

This course follows directly on from 'BlackOps Edition' However, the course can also be taken without any of the others.

Hacking by Numbers: Unplugged Edition //NEW 2011

The ultimate wi-fi hacking course

Hacking by Numbers: W^3 //UPDATED 2011 (formerly Hacking by Numbers Web 2.0)

Hacking by Numbers - W^3 Edition is an intermediate web application hacking course for people with some experience in penetration testing.

Hacking and Securing Oracle Database //NEW 2011
//Alexander Kornbrust, Sumit Siddharth

Course Preview

Is your Oracle database unbreakable? Learn about various security vulnerabilities and how to make it secure...

Course Preview

This course is the first of its kind and focuses entirely on hardware hacking.

IDA Pro Class: Reverse Engineering with IDA Pro
//Chris Eagle

Essential background material for effective reverse engineering.

Course Preview

Specifically designed for information security professionals and analysts who respond to computer security incidents.

Infrastructure Attacktecs™ & Defentecs™: Hacking Cisco Networks
//Steve Dugan

Extremely popular and intense hands-on course.

Introduction to Malware Analysis
//Jason Geffner & Scott Lambert

No Source? No Symbols? No Problem.

Macsploitation Class
//Vincenzo Iozzo & Dino Dai Zovi

The aim of this class is to provide the student with all the skills needed in order to fully perform research on this OS. Specifically how to write payloads, what are the tools needed to perform research and all the hidden oddities of OS X which other UNIX-based systems don't have.

Course Preview

This introductory course is for those interested in entering the field of malicious software analysis.

Mobile Hacking //NEW 2011

Brand new, never before seen mobile hacking course that will cover multiple smartphone technologies and development environments.

Real World Pen Testing by VERIS GROUP
//Veris Group, LLC

What it takes to provide valuable, consistent, and repeatable penetration tests with limited time and resources.

Course Preview

Learn to become more offensive in your defensive tactics against attackers.

Pentesting with BackTrack
//Offensive Security (Mati Aharoni & Chris Hadnagy) - Four Day Course

This is an intensive, hardcore, hands on Security class by the creators of Backtrack especially designed for delivery in BlackHat Trainings.

Pentesting with Perl
//Joshua Abraham - Tuesday, August 2

Utilize Perl to streamline the tedious aspects of pentesting.

Physical Penetration Testing (Introduction) //UPDATED 2011
//The CORE Group

Those who attend this session will leave with a full awareness of how to best protect buildings and grounds from unauthorized access, as well as how to compromise most existing physical security in order to gain access themselves. Distinguish good locks and access control from poor ones and become well-versed in picking and bypassing in order to assess your own company's security posture or augment your career as a penetration tester.

Physical Penetration Testing (Advanced) //NEW 2011
//The CORE Group

Individuals with an established understanding of the mechanics of locks and the basic ways in which they can be compromised will learn highly advanced and specialized techniques in this course. Impressioning fully-functioning keys for unknown locks, manipulating the dials of safes, and advanced picking and bumping techniques for higher security locks will be covered in great detail. [Restricted to Law Enforcement Officers, Government Personnel, and Properly-Credentialed Established Security Professionals only.]

Real World Security: Attack, Defend, Repel //UPDATED 2011
//Peak Security

An intensive 2 day course/exercise for the security professional that wants to up the ante on their current skill sets in offensive and defensive security. Learn new tactics and receive guidance from expert instructors while you test yourself in a team vs team environment. Hands on and technical.

The RSA Cryptosystem: Attacks and Implementation Dangers
//Andrew Lindell - Sunday, July 31 Only

A hands-on in-depth understanding of the RSA cryptosystem, how it works and what the best attacks are on it today.

SAP Security In-Depth //UPDATED 2011
// Mariano Nuñez Di Croce & Juan Pablo Perez Etchegoyen

Course Preview

Have you ever wondered whether your business-critical SAP implementation was secure? Do you know how to check it? Have you imagined which could be the impact of an attack to your core business platform? Do you know how to prevent it? This training is the answer to these questions.

Course Preview

Compromise Windows, Linux and Mac OSX machines, bypass security controls, and increase your successful exploitation rate by creating shellcode using various shellcoding techniques. Also learn how to integrate your shellcode into Metasploit so it can be used by all Metasploit exploits.

Symmetric Cryptography: Constructions and Cryptanalysis
//Andrew Lindell

Hands-on, in-depth understanding of how symmetric cryptographic primitives are constructed and broken, with a focus on block ciphers and cryptographic hash functions.

Tactical Exploitation //UPDATED 2011
//Val Smith

Using a combination of new tools and lesser-known techniques, attendees will learn how hackers compromise systems without depending on standard exploits.

Course Preview

This training course will discuss in-depth the ways in which tamper-resistant seals function, and students will perform hands-on attacks against the bulk of tamper-resistant devices on the market today. Be prepared for two days of deep knowledge and rolled-up sleeves… as all student stations come equipped with heat guns, solvent chemicals, and a wide range of tools and trickery.

TCP/IP Weapons School 3.0 //UPDATED 2011
//Richard Bejtlich, TaoSecurity

Learn how networks can be abused and subverted, while analyzing the attacks, methods, and traffic that make it happen.

Course Preview

This course delivers hands on application of Foundstone's hacker methodology. This course has long been considered essential for penetration testers.

Course Preview

This course delivers hands on application of Foundstone's wireless hacking methodology. This course takes you from configuring interfaces to the latest attacks.

Virtualization for Incident Responders
// Eric Fiterman, Rogue Networks/Methodvue

Course Preview

Principles and techniques for recovering evidence from virtualized systems and cloud environments - this course is intended for information security personnel who are responsible for handling incidents involving virtual infrastructure, cloud service providers, or desktop virtualization platforms.

The Web Application Hacker's Handbook, 2nd Edition: LIVE! //UPDATED 2011
//Dafydd Stuttard & Marcus Pinto

This course is a one-off 2nd Edition preview delivered by the authors of the Web Application Hacker's Handbook, and the author of Burp Suite. It features hands-on hacking with 150+ examples including a CTF contest

Web Application (in)Security //UPDATED 2011
//John Heasman & Daniel Martin

Finally, the long awaited successor to NGS Secure's hugely popular Web Application (In)Security Course is coming to BlackHat Vegas this year!

This is a cutting-edge, hands-on course aimed at hackers who want to exploit web applications, and developers who want to know how to defend them.

Web Security
//Elie Bursztein

Get a 360-degree overview of web application security.

Windows Physical Memory Acquisition and Analysis //UPDATED 2011
//Matthieu Suiche

Want to learn all about memory dumps, including how they work and deep analysis using Windbg.

Complete List of Black Hat USA 2011 Training Courses:

Black Hat USA 2011 brings together the best minds in security to define tomorrow's information security landscape. Featuring many new tracks and new training sessions, Black Hat USA is the biggest and best conference we've ever presented.

Training Category Matrix - get printable pdf »