Black Hat USA Registration Black Hat USA Registration Black Hat USA Briefings Black Hat USA Briefings Black Hat USA Training Black Hat USA Training Black Hat USA Schedule Black Hat USA Schedule Black Hat USA Sponsors Black Hat USA Sponsors Black Hat  USA Special Events Black Hat  USA Special Events Black Hat USA Venue Black Hat USA Venue

On This Page

Tactical Exploitation (4 Day Version)

Attack Research | July 27-30



Ends May 31



Ends July 24



Ends July 30


Penetration testing often focuses on individual vulnerabilities and services, but the quickest ways to exploit are often hands on and brute force. This four-day course introduces a tactical approach that does not rely on exploiting known vulnerabilities. Using a combination of new tools and lesser-known techniques, attendees will learn how hackers compromise systems without depending on standard exploits. The class alternates between lectures and hands-on testing, providing attendees with an opportunity to try the techniques discussed.

In the first half of the course, attendees will come to a new understanding of how to use the Metasploit Framework and how to harness this new found understanding. Our attention will turn to the initial target exploitation with a significant amount of target modeling, which includes, unique Attack Research only methods of reconnaissance and how to tie that in with initial exploitation phases.

The class will then move into unique less known tactics for taking down windows domains regardless of how old or new they are. This section of the class is based heavily upon post exploitation techniques perfected by Attack Research. Students will walk away being able to compromise any windows host regardless if it is the newest OS or not.

In the second half of the course, the focus will shift from compromising Windows based networks to a true production level Windows/Unix enterprise environment. Students will learn complete domination of a true production Windows/Unix environment, but they will also learn PSP evasion, unique stealth approaches, persistence mechanisms, and varying degrees of collection strategies. Students will receive in-depth exploitation techniques for becoming root in any Unix environment and abusing these newly found resources. Attendees will learn how to compromise common operating systems, and once in, how to gain access to the rest of the network.

This course is well-suited to penetration testers of any skill level and all security professionals who have a basic grasp of networking and software exploits. This course differs from a typical ethical hacking program in that the focus is on techniques that are not affected by patch levels. A portion of the class will be dedicated to building new tools, on the fly, to solve the challenges posed by a difficult penetration test.

Students will test all of the skills they have gained in the course against a virtual network specially designed for the class. The labs will be interwoven into the lecture so that students will receive a significant amount of time practically exercising these new skills as they learn. By the end of the class students will have spent 50% of the time in a lab environment.

Student Requirements

Student machines must be able to run at least 2 virtual machines utilizing either: VMWare Workstation (which can be obtained through a demo license) or Virtual Box. This usually means at least 4 gig’s of memory is needed. Student laptops must be running either OSX, Linux, or Windows and they must have the ability to disable all antivirus on the machine, or remove it. Students must have administrative access on their machine for sniffing traffic, adjusting firewalls, etc,

Students must have:

Material and Equipment

Students will walk away from the class with full documentation and the entire custom and noncustom tools that we have given them or they have designed in class. Last year at Black Hat Las Vegas AR released a number of Windows 7 post exploitation tools that no one has ever seen or heard of and they were made available only to the class. Students walk away from AR training sessions with more than just the “usual” training materials but a wealth of knowledge for both attacking and defending networks. AR brings all of the hardware and software necessary for the class training environment.


Russ Gideon has many years of experience in information security fulfilling many diverse roles from being a core component of an Incident Response operation to running effective Red Teams from across the United States government. Russ excels both at malware reverse engineering, which enables him to deeply understand how the attackers do what they do, as well as at high end Red Teaming where he has to penetrate sophisticated and well protected high value systems. Russ currently serves as the Director of Malware Research and Training at Attack Research.

Val Smith has been involved in the computer security community and industry for over ten years. He currently works as a professional security researcher on a variety of problems in the security community. He specializes in penetration testing (over 40,000 machines assessed), reverse engineering and malware research. He works on the Metasploit Project development team as well as other vulnerability development efforts. Most recently Val Smith founded Attack Research which is devoted to deep understanding of the mechanics of computer attack. Previously Val Smith founded Offensive Computing, a public, open source malware research project.

Colin Ames is a security researcher with Attack Research LLC where he consults for both the private and public sectors. He's currently focused on Pen testing, Exploit Development, Reverse Engineering, and Malware Analysis.

David Kerb has worked in the computer security arena for the past ten years. He has specialized in reverse engineering, malware research, and penetration testing. During the past ten years he has worked with various places including Offensive Computing, a Malware Research Company. He is currently conducting research at Attack Research which is set up to help understand the internals of attacks. Dave Kerb has focused on *nix systems and enjoys figuring out how to abuse various trust relations between *nix systems.