Black Hat USA 2013 brings together the best minds in security to define tomorrow's information security landscape. Featuring many new tracks and new training sessions, Black Hat USA is the biggest and best conference we've ever presented.
Need to conduct effective penetration tests as efficiently as possible? This challenging, fast-paced course will teach you how to best use available tools and methodologies to accurately emulate modern threats; all while adapting to tightening budgets, limited timeframes and diverse skillsets.
Attackers are constantly evolving, becoming more sophisticated in how they attack and evade security measures. Participants will develop stealth, evasion, and persistence techniques to effectively emulate the enemy and demonstrate the impact of a successful attacker.
The days of running grep to find simple stack overflows are gone. This 2 day course teaches students how to dive into large C/C++ source code projects and find exploitable memory corruption vulnerabilities armed with nothing more than a text editor. It is completely up to date and focuses on real world vulnerabilities such as use-after-free and type confusion in web browsers.
Looking to sharpen you malware analysis skills? Then take this fast-paced class to develop skills in dealing with anti-reversing packers and special case malware. You will practice your new skills by dissecting real malware via hands-on labs.
Learn how to profile a target with devastating accuracy without ever sending a packet to their network. Taught by the 2-time winner of the Defcon Social Engineering CTF, get extensive hands on experience utilizing OSINT tools to optimize your next pentest/SE attacks. Lots of labs and practical coursework makes sure you get actual experience with the tools.
From mind-bending XSS attacks, to exploiting race conditions, to advanced SQL injection attacks, Advanced Web Attacks and Exploitation will deepen and broaden your knowledge of web application hacking, as well as help you identify and circumvent various protection mechanisms in use on the web today.
Advanced Windows Exploitation provides an in-depth and hardcore drilldown into topics ranging from precision heap spraying to DEP & ASLR bypass techniques to real-world 64-bit kernel exploitation. This course is extremely hands-on and includes a lab environment, which is tailored to bringing the most out of you.
In this a two-day hands on course you will learn how to pentest Android applications, perform static analysis, traffic manipulation, memory dumps, debugging , code modification and dynamic analysis – from zero knowledge to full exploitation of any APK.
This course is full of hands-on labs, making the best out of the AppUse Android application pentesting platform, from its own creators.
This course will have 4 components: reverse engineering, source code auditing, fuzzing and exploitation. Each section contains a liberal amount of labs and hands-on exercises.
Learn advanced techniques in SQL Injection as well as some lesser known injection flaws such as LDAP Injection, Hibernate Query Language Injection, XPATH Injection, XML External Entity Injection, Direct Code injection etc. Identify, Extract, Escalate, Execute... Need we say More?
Hands-on course using open source tools to perform penetration testing of web application. Attendees will perform instructor lead application pentests using the open source tools included in the Samurai Web Testing Framework Live CD (Samurai-WTF).
This two day course will take a deep-dive into the fundamentals of SCADA security and provide students with the knowledge that they need to safely perform penetration testing against live SCADA environments. The course will also provide students with methodologies through which security research may be performed against SCADA devices in order to identify 0day flaws in some of the world’s most critical systems. During the course, students will have the opportunity to engage in live attacks against programmable logic controllers (PLC’s) and other industrial control systems, to include activities such as SCADA RTOS firmware reversing and SCADA protocol fuzzing.
Learn rapid techniques in how penetration testers utilize day to day attack vectors to rip through security controls. This course is designs for professionals looking to get into penetration testing or learning cutting edge techniques in gaining access to systems through penetration testing. Learn everything you need to know to be a successful penetration tester including ground breaking social engineering attacks, circumventing security mechanisms (antivirus and more).
Securing cloud computing is most definitely not business as usual. This course, which fulfills the Cloud Security Alliance CCSK requirements, shows you what's different, where to focus, and includes an entire day of hands-on cloud security labs.
You are under assault. Your data is being targeted by Cyber Criminals. Once extracted, it will be bought and sold as a commodity on the black market. This is not a matter of "if" your organization will suffer a data breach, it's a matter of "when". In this course, you will learn HOW to investigate data breaches, not click buttons. You will be taught by industry experts who have worked hundreds of cases, and have developed their methodology to be deadly accurate. The real-world experience of this four-day incident response training will benefit forensic practitioners of all levels.
Covering everything necessary to successfully manage an incident, students will work through various scenarios building response plans for each situation. From what should be in place prior to an incident, to knowing when to trust your network again, this practical course will teach you how to appropriately respond in real world incidents.
The US Special Operations Forces pioneered a methodology called F3EAD, which enabled amongst other things the ability to take out insurgent and terrorist networks. This class focuses on modifying the F3EAD methodology for utility in Cyber Defense Operations to allow cyber defenders to incorporate intelligence practices into their daily operations to focus not just on one off indicators but the overall threat actor. Intelligence enables cyber defense teams to look at the cyber battlefield from the 50,000-foot view and piece together all aspects of the cyber adversary's operations. From what altitude are you viewing the cyber battlefield?
Have you ever wondered whether your business-critical SAP implementation was secure? Do you know how to check it? Have you imagined which could be the impact of an attack to your core business platform? Do you know how to prevent it? This training is the answer to these questions.
This is a new and special training that covers both designing and attacking secure protocols. Attendees will learn the fundamentals of how to design a secure protocol, and be armed with the knowledge of how to evaluate the security of and discover weaknesses in existing protocols.
Digital forensics and incident response are two of the most critical fields in all of information security. The staggering number of reported breaches in the last year has shown that the ability to rapidly respond to attacks is a vital capability for all organizations.
Unlock the true potential and raw power of Maltego. Join us and we'll show you how to navigate and map the Internet's darkest rivers…
Learn how to expose the inner mechanisms of exploits and how they work. The class is highly hands-on and very lab intensive.
Black Belt is a new and advanced class continuing from where The Exploit Laboratory left off. This class is for those curious to dig deeper into the art and craft of software exploitation.
Hacking By Numbers "BlackOps Edition" is a student’s final course in the Hacking By Numbers series before being deployed into "Combat." In BlackOps, students will sharpen their skills in real-world scenarios before being shipped off to battle. BlackOps covers tools and techniques to brush up your skills on data exfiltration, privilege escalation, pivoting, client-side attacks and harnessing OSINT. Students will also focus on practical elements of attacking commonly found systems and staying under the radar. After completing BlackOps students are considered weaponized and ready for the final and most intense course in the HBN series: Combat.
Reality, Theory and Practice! This course is the "How did they do that?" of modern hacking attacks. From start to finish, we will lead you through the full compromise of a company's IT systems, explaining the tools and technologies, but especially the thinking, strategies and the methodologies for every step along the way. "Hacking By Numbers – Bootcamp Edition" will give you a complete and practical window into the methods and thinking of hackers.
Hacking By Numbers Cadet Edition is offered as an introduction to the art and science of computer hacking. Even with no hacking experience whatsoever Cadet Edition will equip students with the basic thinking and technical skills necessary to start exploring this fascinating world. 'Cadet Edition' is an introductory course for technical people with no previous experience in the world of hacking. The course will present one with background information, technical skills and basic concepts required to get going. This includes some coding and scripting, networking and Internet technologies, basic methodologies, essential thinking skills, tools and current hacking techniques. Cadet Edition is the ideal training ground to prepare one for the HBN Bootcamp, further self-study or other hacking courses.
As mobile phone usage continues to grow at an outstanding rate, this course shows you how you would go about testing the mobile platforms and installed applications, to ensure they have been developed in a secure manner. Hacking By Numbers Mobile will give you a complete and practical window into the methods used when attacking mobile platforms. This course is ideal for penetration testers who are new to the mobile area and need to understand how to analyze and audit applications on various mobile platforms using a variety of tools.
SensePost's Hacking by Numbers Unplugged is an entry-level wireless security-training course. It is done in the same style as our other HBN courses; highly practical with a focus on learning how things work, not just the tricks. The course starts off with some practically focused fundamentals. This includes wireless fundamentals such as antenna selection and radio radiation patterns, network fundamentals such as TCP/IP and wireless protocols. This section is kept intentionally short, with the rest of the fundamentals explained as part of a scenario based course. Three scenarios are used; the first is how to approach hacking a residential wireless network. Here technologies such as WEP are discussed. The second scenario is how to attack corporate networks, where WPA/2 technologies and attacks are discussed. The final scenario is an open coffee shop network where monitoring and interception attacks are discussed. By the end of the course, a student should have a much better understanding of wireless networks, and their security failings, and how to exploit these.
Grand Idea Studio's Hardware Hacking and Reverse Engineering training course focuses on teaching board-level hardware hacking and reverse engineering techniques and skills. The course is a combination of lecture and hands-on exercises. It covers the hardware hacking processes, circuit board analysis and modification, embedded security, and common hardware attack vectors. The course concludes with a final hardware hacking challenge in which students must apply what they've learned in the course to defeat the security mechanism of a custom circuit board.
In this class, students will be introduced to the basics of ICS and the components that they are likely to encounter while performing penetration tests and red team assessments for the Fortune 1000. Software and hardware components, including Human Machine Interface (HMI), Programmable Logic Controllers (PLC), and other ICS supporting components will be covered in detail. A deep dive into common vulnerabilities and configurations that exist in ICS deployments will be covered in detail. The instructors will also cover techniques for discovering ICS on enterprise networks as well as the precautions that must be taken while performing an ICS focused assessment. Students should expect to spend a significant amount of the classroom time in a custom developed ICS lab environment, using the techniques they learned in class. Students will also have the opportunity to experience working with live PLCs and performing simulated penetration tests which ultimately lead to the compromise of a real PLC.
Essential background material for effective reverse engineering.
Designed for information security professionals responding to computer security incidents or managing information security programs.
Tired of the NSA reading your personal emails? Want to keep pictures of your ex on your computer? Need to exfiltrate data innocuously? Then this Steganography course is for you!
We will explore steganography well beyond the common Least Significant Bit techniques. Want to learn about jpeg hiding? We do it several ways. Advanced audio? We do the wave with you. Executables, video, and bitmaps too. We'll learn about and apply steganalysis to demonstrate detection as well. Most of the techniques have DEMOs and source code, so you can dig into the details yourself.
Any app, anytime, anywhere, In this training you will learn how to perform cutting edge iOS application security assessment, conduct advanced analysis and identify vulnerabilities. You will learn how harness the power of the iOS iNalyzer framework to automate any tedious iOS black-box security analysis into a gray-box one man show, Any app, anytime, anywhere.
Bring. It. on.
Most trainings about Java security focus on the Security API or crypto techniques, and rarely focus the attacker perspective. This training uses both perspectives, first in focusses on the security architect/analyst PoV, and shows approaches how to identify holes in the protection infrastructure and how to close them. Then for the second half, the tables are turned and the focus shifts to the attackers point of view. Examination of the attack surface and delving into the offensive mindset in addition to the various defensive techniques discussed, provides for a well rounded approach to Java security.
Looking to enter the exciting cat-and-mouse game of malware analysis? Take this fast-paced class to learn about the tools and techniques used by professionals. You will practice your new skills by dissecting real malware via hands-on labs.
Step up your game with the latest advanced techniques for penetrating networks with the Metasploit Framework. Taught by a pair of shell-addicted, password-crazed, ruby fiends, so leave you python at the door
With Innovation, we bring you change. HotWAN has opened it’s mobile training offering to include a variety of industry experts across the mobile space ranging from iOS, Android and Software Defined Radio. This unique class seeks to provide you a better understanding of the emerging trends and threats in the mobile space.
This class encompasses:
Learn to recognize hackers' tracks and uncover network-based evidence. This fast-paced class includes packet analysis, flow record analysis, wireless forensics, intrusion detection and analysis, covert tunneling, malware network behavior — all packed into a dense 4 days with intensive hands-on technical labs.
Do you want to find intruders in your network, but don't know where to begin? If the answer is yes, NSM 101 is the course for you. Join Richard Bejtlich as he explains Network Security Monitoring from the ground-up in this brand-new, hands-on course.
Learn leading network security practices from the experts who develop these techniques and put them to practical use. Attendees will learn to correctly detect, classify, and prevent threats targeting a network by configuring and deploying advanced network threat defenses, countermeasures, and controls.
Learn to become more offensive in your defensive tactics.
The first comprehensive hands-on fuzzing course centered on the industry standard Peach Fuzzing Platform. Learn how to fuzz just about anything with Peach. No coding required, but recommended.
Embedded Edition is an advanced course offering from Deja vu Security. It teaches students the fundamentals of using Peach to fuzz embedded devices. This course covers the targeting, monitoring, and collection of crashes on custom hardware.
This is not your traditional SCADA security course! This course teaches hands-on penetration testing techniques used to test embedded electronic field devices, network protocols, RF communications, and controlling servers of ICS and Smart Grid systems like PLCs, RTUs, smart meters, Home Area Networks (HAN), smart appliances, SCADA, substation automation, and synchrophasors.
Premiering for the first time the entirely new "Pentesting with Kali Linux." This course has been entirely re-written from the ground up to reflect the most modern and effective techniques that all penetration testers need to know. This is an intensive, hands-on security class by Offensive Security, the creators of Kali.
Those who attend this session will leave with a full awareness of how to best protect buildings and grounds from unauthorized access, as well as how to compromise most existing physical security in order to gain access themselves. Distinguish good locks and access control from poor ones and become well-versed in picking and bypassing in order to assess your own company's security posture or augment your career as a penetration tester.
Intensive lab-based course aiming to expand your exploitation ability to include the ARM processor architecture. Students will learn under "real world" circumstances through multiple lab exercises and challenges covering code auditing, advanced heap exploitation and more.
An intensive 2 day course/exercise for the security professional that wants to up the ante on their current skill sets in offensive and defensive security. Learn new tactics and receive guidance from expert instructors while you test yourself in a team vs team environment. Hands on and technical.
In this training, you will learn how Red Team (or full scope) testing works, how to create a methodology for using a red team engagement as a repeatable test with metrics and actionable results. We will go through all elements of a red team test, from planning and scoping, intelligence gathering, target selection, vulnerability analysis, risk analysis, exploitation and execution, resource usage and ad-hoc agent deployment, post-exploitation, documentation and recording of evidence, damage analysis, and reporting.
0-day exploits aren't needed when you know how to be a highly effective hacker. Lets increase your exploitation success rate! Create custom payloads for Windows, Linux and Mac OS X, and integrate them into Metasploit and public exploits. You don't have to be elite since The Shellcode Lab holds your hand to take your security skills to the next level. If you want to compromise more systems than ever before, register for The Shellcode Lab now!
This offering is a highly-specialized course for security professionals interested in learning the skills, mindset and tools to become a professional social engineer. Students develop the ability to blend his/her mental skills of influence, persuasion and psychological tactics with technical skills to become a human hacker.
An introduction to digital signal processing, software radio, and the powerful tools that enable the growing array of SDR projects within the hacker community, this course takes a unique "software radio for hackers" approach, building on the participants' knowledge of computer programming and introducing them to the forefront of digital radio technology. Participants will learn how to transmit, receive, and analyze radio signals and will be prepared to use this knowledge in the research of wireless communication security.
Using a combination of new tools and lesser-known techniques, attendees will learn how hackers compromise systems without depending on standard exploits.
This new extended version of Tactical Exploitation teaches students a deeper level of new tools and lesser-known techniques. Along with the extended format students will become immersed in a unique offensive school of thought. This class is designed to help students achieve success in any environment. Students learn how to compromise systems without depending on standard exploits and how to keep from getting caught.
This course delivers hands on application of Foundstone's hacker methodology. This course has long been considered essential for penetration testers.
This course delivers hands on application of Foundstone's wireless hacking methodology. This course takes you from configuring interfaces to the latest attacks.
Learn to detect lies and find the TRUTH through the application of proven human-memory retrieval techniques while observing behavioral and emotional clues, and micro-expressions. Master the art of asking questions, how to phrase them, and when to ask them. Develop practical skills to establish rapport and gain trust which can be immediately applied in any situation, with anyone.
Even when crypto is correctly implemented, it is notoriously difficult to use correctly. In this course we study how crypto works, how to use it properly, and how to stay clear of crypto misuses that will leave you wide open to attack.
Learn everything about security visualization to make your log analysis and forensic investigations more efficient and effective. We explore situational awareness and learn how to uncover new insights and hidden attacks on your environment.
MDSec's course is delivered by the authors of the Web Application Hacker's Handbook, and the author of Burp Suite. It features hands-on hacking from the 2nd Edition of the Handbook, with 150+ examples including a CTF contest