Hacking: the art of making systems do things their designers didn't expect. Today's trio of Trainings, which will all be on offer at Black Hat USA 2015, revolve around ways to slip past defenses and open the door to ownage.
Porous network perimeters are going the way of the dodo as services become more resilient, so pentesters need to be fluent in the art of exploiting front-facing web applications to gain that initial, critical network foothold. Forget run-of-the-mill SQL injection or mediocre file inclusion attacks, Offensive Security's sold out Advanced Web Attacks and Exploitation is where students will practice brain-melting SQL queries, mind-blowing XSS and remote code execution attacks starting from that initial foothold and ending with a complete compromise. It's no coincidence that every year this course is offered, students leave with new 0-days.
If that's a bit on the advanced side, Application Security: For Hackers and Developers will offer a great overview of four key technical skills all security researchers need: code auditing, fuzzing, reverse engineering, and exploitation. Dr. Jared Demott will go dive deep on each, lending insight to both experienced security vets and newer practitioners.
Lastly, rather than focusing on individual vulnerabilities, the quickest ways to exploit are often hands-on, using unique techniques. Tactical Exploitation 4Day will introduce a tactical approach to hacking and doesn't rely on known weaknesses. You'll learn how to build your own custom malware using toolsets both standard and strange, as well as how to understand and take down Windows domains. Windows conquered, the course will continue on to Unix. Want root? It's just waiting to be grabbed.
Black Hat USA 2015 will occur at the Mandalay Bay resort in Las Vegas. It goes down August 1-6, so there's plenty of time to lock in early-bird discounts.