Please click on any Training title below to see pricing and full description.
Note: Please read all Registration Terms and Conditions carefully. Training courses include full access to the Business Hall, Sponsored Workshops, Sponsored Sessions, and Arsenal. Briefings are not included with the purchase of a Training pass; however, you may purchase a Briefings pass to complement your Training course/s once you register. All Briefings and Trainings will be presented in English.
The days of using excel to find malicious activity are over. Breaches are only expanding in size, so incident responders need their own way of growing out of the days of using excel to hunt through mountains of data. In this course, you will learn how to create your own enterprise-wide hunting platform using ELK with data enrichment feeds. Additionally, creating the means of retrieving the data from the various endpoints and data sources will also be introduced and explained throughout the course. Students will deploy PowerShell scripts across a customized network environment to gather critical data necessary to respond to an incident. Once the data has been collected students will then enrich the data from both a normalization perspective as well as using visualizations to assist in finding outliers and anomalies within the data sets. This course will teach you how to not only set up an ELK server specifically geared to facilitate powerful hunting, but will also show you how to collect data efficiently from every single endpoint on your network in a very short span of time, thereby enabling you to proactively hunt on a regular basis.
From CEO to IT SysAdmin ninja, if you're looking to get some hands on experience with the tools and techniques the bad guys are using, this is the class for you. We'll take you from zero to hero using Metasploit to familiarize you with its capabilities and get you ready to take the Metasploit Mastery course.
Already cut your teeth with the Basics course? Just want to increase your Metasploit ninja skills? If you're looking to get some hands on experience with the tools and techniques the bad guys are using, this is the class for you. In this class you'll go from simply using Metasploit to molding it to do things you never imagined it could do.
New for 2017, this two day course will take a deep-dive into the world of red-teaming industrial control systems; while teaching the fundamentals of SCADA security that are required to successfully penetrate industrial control system environments. The course will also provide students with methodologies through which security research may be performed against SCADA devices in order to identify 0day flaws in some of the world's most critical systems. During the course, students will have the opportunity to engage in live attacks against programmable logic controllers (PLC's) and other industrial control systems, to include activities such as SCADA RTOS firmware reversing, ICS hardware hacking and SCADA protocol fuzzing.
Enterprises are managed using Active Directory (AD) and often form the backbone of the complete enterprise network. Therefore, to secure an enterprise from an adversary, it is inevitable to secure its Active Directory Environment. To secure AD, you must understand different techniques and attacks used by adversaries against it. Often burdened with maintaining backward compatibility and interoperability with a variety of products, AD environments lack ability to tackle latest threats.
This training is aimed towards attacking Modern Active Directory Environment using built-in tools like PowerShell and other trusted OS resources. The training is based on real world penetration tests and Red Team engagements for highly secured environments. Some of the techniques (see the course content for details), used in the course:
Challenge yourself in attacking a fully simulated enterprise environment, complete with domain services, security controls, misconfigurations, and vulnerable applications. You will learn to effectively create devastating attack paths to gain access to the crown jewels and demonstrate the impacts of a breach. This fast-paced course will teach you how to leverage penetration testing toolsets utilized by our tester's experience on hundreds of engagements. You will learn how to conduct effective, in-depth penetration tests, focused on demonstrating risks posed by modern attackers.
In this course you will:
Learn sophisticated operational tradecraft to exploit enterprise environments while evading modern defensive capabilities. This course will teach you to compromise high-security, diverse networks just like advanced adversaries in a full-scope red team operations, utilizing cutting-edge attack techniques across multiple operating systems (Windows, Mac OSX, and Linux) and minimizing impact in the environment. During the course, you will face live incident responders attempting to detect and remove your presence from the enterprise while you must achieve objectives to conquer your target. They will provide you direct feedback to the tradecraft utilized. Challenge yourself to operate like the enemy and take your security assessments to the next level.
In this course you will:
Real-world cloud security is most definitely not business as usual. The fundamental abstraction and automation used to build cloud platforms upends much of how we implement security. The same principles may apply, but *how* they apply is dramatically different, especially at enterprise scale.
This highly technical course expands off the basics of our Cloud Security Hands on Training and delves deep into practical cloud security and applied SecDevOps, which is really the only way to survive when operating in the cloud. It focuses completely on Infrastructure and Platform as a Service, and will not cover Software as a Service. The training is laser focused on technology, and *will not cover policies, risk, or governance issues* except as they come up in passing.
This course brings you a whole new level of hardware hacking – imagine being able to break an AES-128 bootloader in a few minutes, or glitching past password checks in otherwise secure devices. Based on the open-source ChipWhisperer, this course uses the hands-on experience by providing each student with a ChipWhisperer-Lite board (which they keep) and bringing them through a variety of attacks against real encryption and security code examples.
Anyone specifying or developing embedded systems needs to understand these attacks, as they might allow an attacker to compromise your otherwise secure system.
The fast-paced course teaches the audience a wealth of hacking techniques to compromise various operating systems and networking devices. The course will cover advanced penetration techniques to achieve exploitation against these platforms:
***** More Seats Added *******
The fast-paced course teaches the audience a wealth of hacking techniques to compromise various operating systems and networking devices. The course will cover advanced penetration techniques to achieve exploitation against these platforms:
Dive deep into real world malware events. Tear them apart. Unwrap the layers of obfuscation. Find the exploit. Protect your network. Explore exploits kits and ransomware. Join the fun and make the world a little safer.
This interactive training identifies and demonstrates multiple free online resources that break through traditional search roadblocks. Participants will be shown how to "dig" into the internet for personal information about any target. While popular sites such as Twitter, Instagram, and Facebook are covered in detail (including techniques that legally access some "hidden" content), the presentation goes much deeper into the vast resources available for researching personal information.
Aside from social networks, other technologies such as meta-data, reverse cellular info extraction, mobile app exploitation, and Application Programming Interfaces (APIs) will be explained. All resources can also be used to conduct thorough background checks on potential employees or to locate client vulnerabilities. All resources can be applied to domestic and international investigations. Many custom tools will be shared with the audience for free lifetime use. A custom Linux operating system pre-configured for immediate use will be provided.
This course will teach you how to clean up your digital footprint and take privacy to the extreme. The instructor has spent that past six years investigating methods for disappearing from all known databases while maintaining a "normal" existence. He has also researched the best ways to protect your data, communications, and overall online presence. This presentation of successes (and failures) will help you establish your own strategy for disappearing from public view. Overall, this course will explain how to become digitally invisible. You will make your communications private, internet connections anonymous, computers hardened, identity guarded, purchases secret, accounts secured, and home address hidden. You will legally create and strengthen aliases that will be used more often than your true identity. You will remove all personal details from public view and will reclaim your right to privacy. You will no longer give away your intimate details and you will remove yourself from the system. When taken to the extreme, you will be impossible to compromise.
As we learned in our first class (Application Security: for Hackers and developers), there are almost always bugs in code. We found them by auditing, fuzzing, and reversing code. Then we crafted exploits. To counter this reality, vendors have developed a variety of protections.
In this class we continue the battle. We describe a number of modern day protections: things like EMET, Isolated Heap, and CFG. We then perform hands-on lab work to show how bypasses can be constructed. This build-and-break teaching style provides the tools for vulnerability researchers, security engineers, and developers to perform cutting edge work.
The second half of the class is all about the kernel. You will learn how to debug, audit, fuzz, and exploit kernel code. The class is fast pasted, but low stress and fun. Prepare to learn!
Advanced Windows Exploitation provides an in-depth and hardcore drill down into topics ranging from precision heap spraying to DEP and ASLR bypass techniques to real-world 64-bit kernel exploitation. This course is extremely hands-on and includes a lab environment that is tailored to challenge and bring the most out of you. The case studies covered include vulnerabilities discovered by our research team or exploits written by Offensive Security.
The authors of Aircrack-NG and the best selling book "Kali / Backtrack 5 Wireless Penetration Testing" have teamed up to create this highly advanced course on Wireless Pentesting!
Class includes - $100 worth of hardware, 10+ hrs of HD class lectures and demos, 1 Month PentesterAcademy.com Access Pass containing Wi-Fi Challenges!
Learn how to thoroughly lock down Linux and UNIX systems from Jay Beale, the creator of Bastille Linux and other tools. In this fully hands-on course, you'll harden Linux systems and the programs that run on them. You'll learn how to repel, detect and contain attacks, using configuration and free tools, including SELinux, Docker and LXD containers, OSSEC, ModSecurity, FWKnopd, and AppArmor.
'Analyzing an IoT Empire' is the security complement to 'Building an IoT Empire'. In this unique course, we learn hands on with real IoT hardware devices (dozens or hundreds) and our iterative study of device classes (Intel AMD64, Cortex A, or Cortex M based) along with connected sensors, actuators, and serial buses (I2C, SPI, and UART) allows for self paced lab style exploration.
Iterations of each device class involve building an embedded system then penetrating it and analyzing the results for gaining experience in hardening the future Internet of Things. We consider local networks as well as limited cloud connectivity.
This course will focus on the techniques and tools for testing the security of Android mobile applications. During this course the students will learn about important topics such as the Android Security model, the Android runtime, How to perform static analysis, traffic manipulation, memory dumps, debugging, code modification and dynamic analysis – from zero knowledge of the APK to full exploitation. Students of this course will learn how to operate and make the best of the AppUse custom VM for Android application penetration testing, from its own creators.
By taking this course you will be able to perform penetration testing on Android mobile applications and expose potential vulnerabilities in the tested application such as insecure storage, traffic manipulation, malicious intents, authentication and authorization problems, client side SQLi, bad cryptography, and more.
There are four technical skills required by security researchers, software quality assurance and test engineers, or developers concerned about security: Source code auditing, fuzzing, reverse engineering, and exploitation. Each of these domains is covered in detail. C/C++ code has been plagued by security errors resulting from memory corruption for a long time. Problematic code is discussed and searched for in lectures and labs. Fuzzing is a topic book author DeMott knows about well. Mutation file fuzzing and framework definition construction (Sulley and Peach) are just some of the lecture and lab topics. When it comes to reversing C/C++ (Java and others are briefly discussed) IDA pro is the tool of choice. Deep usage of this tool is covered in lecture and lab. Exploitation discussions and labs are the exciting final component. You'll enjoy exploitation basics, and will also use the latest techniques.
This interactive course will teach security professionals how to use data science techniques to quickly write scripts to manipulate and analyze network data. The course will cover the entire data science process from data preparation, exploratory data analysis, data visualization, machine learning, model evaluation and finally, implementing at scale—all with a focus on security related problems.
Rebuilt from the ground up and new for Black Hat this year, this hands-on class will introduce you to the common interfaces on embedded MIPS and ARM systems, and how to exploit physical access to grant yourself software privilege via UART, JTAG, or SPI.
Developed and taught by an electrical engineer with over a decade of hardware security experience, over 70% of our time will be hands-on with current off-the-shelf hardware, supported by lectures to fill in the background. This is why classes we developed have sold out at Black Hat the past 3 years.
You've learned about JTAG, UART, and SPI in your introductory IOT hacking class, but how does this apply to real world devices you encounter on actual engagements?
This course will put what you've already learned into context. We'll analyze how and why hardware hacks belong in scope of certain pen tests, and what that means to threat modeling and deliverables. We'll build upon your basic skills and see how more advance hardware and firmware analysis tells us more about the software vulnerabilities in a system. We'll prototype some hardware exploits into compelling demos or helpful red-team tools.
ARM has emerged as the leading architecture in the Internet of Things (IoT) world. The all new "Advanced ARM IoT Exploit Laboratory" is a 2-day intermediate/advanced level class intended for students wanting to learn about bypassing exploit mitigation technology on ARM platforms. The class takes an in-depth look at ARM Return Oriented Programming (ROP) as well as bypassing ASLR. Our lab environment features hardware and virtual platforms for exploring exploit writing on ARM based Linux systems and IoT devices.
The class concludes with an end-to-end "Firmware-To-Shell" hack, where we extract the firmware from a popular SoHo router, build a virtual environment to emulate and debug it, and then use the exploit to gain a shell on the actual hardware device.
This class assumes that students already know the basics of ARM exploitation, including ARM assembly and ARM shellcode.
***For those keen on end to end ARM exploitation, it is recommended to take both the Intro and Advanced classes in succession in a 4-day format: https://www.blackhat.com/us-17/training/arm-iot-exploit-laboratory-intro.html***
ARM has emerged as the leading architecture in the Internet of Things (IoT) world. The all new "ARM IoT Exploit Laboratory: Intro" is a 2-day introductory level class intended for students who want to take their exploit writing skills to the ARM platform. The class covers topics such as ARM CPU architecture, ARM assembly language, functions on ARM, practical memory corruption on ARM and writing ARM shellcode from the ground up with plenty of time for hands-on exercises.
Our lab environment features hardware and virtual platforms for exploring exploit writing on ARM based Linux systems and IoT devices. This class paves the way for "The Advanced ARM IoT Exploit Laboratory" which specifically focusses on bypassing exploit mitigation techniques for ARM exploitation.
***For those keen on end to end ARM exploitation, it is recommended to take both the Intro and Advanced classes in succession in a 4-day format: https://www.blackhat.com/us-17/training/arm-iot-exploit-laboratory-advanced.html***
In this course you will learn to tackle important, complex, and unsolved security problems. The course will be a hands-on experience and our goal is that all course participants leave with the skills to conduct high-quality security research and build research teams of likeminded collaborators, as well as a refined research agenda competitive for publication in a white paper, professional magazine, or security conference. Security research fuels innovation, improves the state of information security, enriches your professional skillset, and helps you get ahead of the current state of the art. We encourage all participants to bring an information security topic that they wish to explore in more depth.
This is not your traditional SCADA/ICS/IoT security course! How many courses send you home with your own PLC and a set of hardware/RF hacking tools?!? This course teaches hands-on penetration testing techniques used to test individual components of a control system, including embedded electronic field devices, network protocols, RF communications, Human Machine Interfaces (HMIs), and various forms of master servers and their ICS applications. Skills you will learn in this course will apply directly to systems such as the Smart Grid, PLCs, RTUs, smart meters, building management, manufacturing, Home Area Networks (HAN), smart appliances, SCADA, substation automation, and synchrophasors.
Immerse yourself in hacking and activate your Inner-Penetration-Tester while learning new attack techniques to help defend your own networks. Initiated attackers are capable of infiltrating internal networks and extracting private data by leveraging less common attack vectors. In this training you will learn to combine your Red Team and Pen-tester prowess to create a less common attack tool that you will build and take home with you. With your new Project Mayhem Kit, you will learn to think as a hacker thinks as you engage a live environment with an innovative attack tool that you will build and deploy. In this completely hands-on training, you will demonstrate your new abilities to hack air-gapped systems and bypass perimeter defenses over a GSM network.
Hackers use Nmap for simple port scanning and OS detection, but by mastering the Nmap Scripting Engine (NSE), your security scanning capabilities will reach a whole new level. While Nmap comes with a large number of pre-written scripts, mastering NSE allows you to save time by automating many of the security tests your currently executing manually. In this class you'll go from using Nmap for simple port scanning into writing your own exploits in NSE, greatly accelerating your vulnerability scanning capabilities.
This is an entry level course and is a recommended pre-requisite for our Advanced Infrastructure Hacking course. This class familiarises the attendees with the basics of network hacking. A number of tools and techniques will be taught during the 2 days class. As this is a fast-paced course, attendees will be granted free 30 days lab access to allow sufficient time to practice all the concepts taught during the class.
If you want to step into the world of ethical hacking/pentesting, then this is the right course for you.
Attendees are encouraged to combine this class in succession with our Basic Web Hacking course in a 4 day format for a wider coverage of issues spanning both network and applications.
This course teaches the attendees a wealth of hacking techniques to compromise the security of various web application components. The course starts from the very basic and gradually builds up to the level where attendees can not only use the tools and techniques to hack various components involved in web hacking, but also walk away with a solid understanding of the concepts on which these tools work.
As this is a fast-paced course, attendees will be granted free 30 days lab access to allow sufficient time to practice all the concepts taught during the class.
Attendees are encouraged to combine this class in succession with our Basic Infrastructure Hacking course in a 4 day format for a wider coverage of issues spanning both network and applications.
This training is focused on drawing out the foundations of cryptographic vulnerabilities. These topics are timeless, and when the last application using ECB or CBC mode has upgraded - they'll be the foundations of the next evolution of impactful and popular cryptographic vulnerabilities. We'll talk about what attacks in the past took advantage of them, how algorithms and protocols have evolved over time to address these concerns, and what they look like now: where they're at the heart of the most popular bugs today. The other major areas we hit are cryptographic exploitation primitives such as chosen block boundaries, and more protocol-related topics, such as how to understand and trace authentication in complex protocols.
Problem solving and non-linear thinking are critical skills in the network security profession. These skills are hard learned, and often even more difficult to practice. This course will provide you with an opportunity to carry out a variety of attacks on a controlled system. You will solve problems through a collection of hands-on "capture-the-flag" scenarios with built-in challenges designed to test and expand your thought process. You will learn how to tackle these challenges from a practical problem-solving standpoint. Along the way we will discuss real life scenarios and dissect the thought processes required to achieve success in even the most daunting situations. Students will walk away with over $200 worth of tools utilized during the course.
From the start of the course, a set of challenges will be available for the students to participate in and solve. The practical application portion of this course will provide students with time to work on these challenges with the help of the instructors. These challenges will be in the form of a multistage challenge box that will require students to leverage the techniques and skills learned over the previous day. This could include physical locks, RFID replays gathered from around the conference, SCADA/ICS devices to hack and manipulate, etc. Challenges will be diverse and designed to stretch students to work together to leverage each others strengths in order to be successful.
Our Master course is aimed at existing penetration testers and people with a solid and technical understanding of penetration testing tools and techniques. Using Nmap, metasploit and getting a webshell should not be new concepts.
The course objectives are to teach students how to hack like a russian criminal network; strong offensive focus drawing on the techniques employed in recent industry hacks. Strong with regards to new vulnerabilities (current year - 3 years) and how to use them to their full potential. From deploying Dridex and Betabot to maintaining access and harvesting data, this course takes you through the TTP's used by criminals.
Hands-On Training of Vehicle Networking Systems, Vehicle Embedded Systems, and the Security Systems Enabled to Prevent Manipulation of These Systems.
This course provides a solid foundation in cloud security, and includes a full day of hands-on labs to apply the principles in practice. It also includes new, expanded material for advanced students. We cover all the material needed to pass the updated version 4 of the Cloud Security Alliance Certificate of Cloud Security Knowledge (CCSK) exam, but add a pragmatic approach to immediate kick start your cloud security projects. For Black Hat, we also add expanded material to show you how to take cloud security to the next level by leveraging DevOps techniques and the characteristics of the cloud.
Even when crypto is correctly implemented, it is notoriously difficult to use correctly. In this course, participants will obtain an in-depth understanding of how crypto works, how to use it properly, and how to stay clear of crypto misuses that will leave you wide open to attack. Beyond studying how crypto should be used, we cover many of the major attack vectors on crypto in practice, like padding-oracle attacks, length-leakage attacks, rainbow tables, poor randomness, timing attacks and much more. Finally, we show how subtle mistakes can lead to serious vulnerabilities, including famous attacks like BEAST, CRIME, Lucky13, DROWN and many more on TLS. The focus of the course is in-depth knowledge so that participants will be able to continue learning and understand newly released attacks, and how they affect their business.
Dark Side Ops II: Adversary Simulation is the combination of sophisticated, red team trade craft and cutting-edge, offensive development to simulate real-world adversary activities. Challenge yourself to move beyond reliance on the typical "low-hanging exploitable fruit" from 1999 and start thinking, persisting, pivoting, and operating like a sophisticated adversary. Application whitelisting got you down? No problem. Can't catch that callback? Been there. No touching disk? No worries. Dark Side Ops II: Adversary Simulation helps participants up their offensive game by sharing the latest in initial access and post-exploitation, defensive countermeasure bypasses, and unique malware code execution techniques.
Dark Side Ops: Custom Penetration Testing focuses on using stealthy techniques, advanced attacks, and custom malware to conduct realistic, targeted penetration tests. Intensive, hands-on labs provides even intermediate participants with a structured and challenging approach to write custom code and bypass the very latest in offensive countermeasures. Participants will also receive and compile source code to create several custom backdoors, RATs, and persistence and privilege escalation techniques as they learn to plan, exploit, pivot, persist, and evade detection in even the most secure networks.
This course focuses on understanding methods of attacking an organization and building some of the best detection capabilities to defend your organization. The attacks continue to change and most organizations still don't have the capabilities to detect the basic attacks. This course focuses on walking through the latest attack vectors used by attackers and the most proactive ways to detect these patterns within a network. We will be covering a wide variety of topics, but also focusing on teaching red team tactics through the period of the course.
This course is completely hands on!
At the end of day 2 - you will be attacking a fully simulated network and performing offensive capabilities. At the end of day 4 - you will have a clear understanding of the attack methods, and patterns to recognize abnormal behavior within your organization.
This course applies real-world offense and defense capabilities to truly paint the full picture of understanding how attacks happen today and how to best prevent them.
This course is brand new and the first time we've ever given it. This course is designed for beginner penetration testers, as well as seasoned defenders of the network to understand how to best defend your network.
Digital Forensics and Incident Response are the key fields that enable organizations to combat modern threats - whether they come from attackers on the other side of the world or from a disgruntled employee in the accounting department. In this course students will learn how to analyze a wide range of activity across Windows systems, including malware execution, anti-forensics tampering, exfiltration of sensitive data by attackers and rouge insiders, and more. To track these activities, students will learn how to locate and analyze over twenty artifact types that are commonly found on Windows systems. The learned skills are immediately usable in the field, whether the students are digital forensics investigators, incident response handlers, network administrators, or managers who want to understand these technical processes. This course has sold out for the last four years, has been consistently highly rated, and has been completely updated to include analysis of Windows 8 and Windows 10 systems.
This is a solid two-day course in network-level pwnage. Minimal theory, just pwning, priviledge escalation and exfil. Rinse and repeat. This is as hands on as you'd expect from Blackhat, no videos or demos here.
This course looks at the methods and approaches one would take when performing internal and external network penetration tests. In our fully functional lab, your aim will be to think like an attacker and map out your target, find weaknesses and fully exploit trust relationships in place. Using scenarios along with presentations, this course is a healthy mix of thinking, strategies and the methodologies you might need for every step along the way.
If you are looking for practical, hands on approach to learning how to pwn a network, then this is where you will find it.
This training will empower you to understand which are the most critical security threats affecting your SAP platform. Learn how to assess your organization for SAP-specific vulnerabilities using opensource tools, and use exploits in a controlled environment to better understand and communicate the potential business risk. Learn how to mitigate existing vulnerabilities to protect yourself against the most common as well as the latest attack vectors. No previous SAP expertise required!
Steganography is the science on concealing data within other data such as modifying the pixels of an image to carry your message. We'll explore basic techniques to both hide and detect messages concealed in images, audio and video using a basket of custom tools and techniques. We'll delve into more advanced steganographic and steganalytic techniques that make detection difficult and open an avenue for covert and plausibly deniable communications. High-capacity jpeg embedding, F5, and statistical hiding spanning an audio CD to name a few. Finally we also discuss malware usage, Enterprise protection, and viable covert communications approaches. Scattered throughout the course are hands-on exercises using custom steganographic and steganalytic programs never before released to the public.
Take your organization from compliance driven security awareness training to the next level of maturity with a comprehensive Security Culture Program. Security professionals who are responsible for training, phishing, and other employee behavior related functions will benefit from this step by step course to improve the measurements and ROI of your security awareness program. Your employee base is your largest attack surface, and a Security Culture Program is a critical piece to any Blue Team's defense-in-depth strategy. If you need to make your employees care about security, this course is your roadmap.
Fuzzing For Vulnerabilities is a two-day hands-on course where students learn the skills necessary to design and implement custom fuzzers. This course will walk students through the basics of setting up a fuzzing environment, writing a fuzzer, and analyzing the fuzzer to determine the scope of code covered during a fuzzing session. Students will leave this course with practical knowledge gained from developing a fuzzer for a real-world application with millions of installations worldwide. If your goal is to learn fuzzing to enhance the security of your own software or to find vulnerabilities in others software, this course will provide you with the knowledge to succeed.
"Software Exploitation via Hardware Exploitation" is an intensive hands-on course covering tools and methods for manipulating, modifying, debugging, reverse engineering, interacting with, and exploiting the software (firmware) and hardware of embedded systems. These embedded systems include COTS "IoT ("Internet Of Things") products (such as routers, webcams, etc) and Industrial/Enterprise devices. Participants will gain hands-on experience with real-world devices and products, learning to interface with them on a low level. Participants will also be walked through the process of finding several of the 0-day found and disclosed by the instructors. Found to be vulnerable in millions of devices worldwide.
More info available at: http://SexViaHex.com
Software crypto plays a large role in securing for instance content and mobile payments, but how does it stand up to local attackers with full control over a device? After taking the course, you will know how to attack software obfuscated ciphers, without spending endless time in de-obfuscation and reverse engineering.
The threat model we assume is that attackers have unrestricted access to the cryptographic implementation: they can read and modify all files, monitor the execution flow and tamper with it. The idea of whitebox crypto and software obfuscation is to mitigate attacks even in this scenario.
Recently, two classes of devastating attacks which require little knowledge of the implementation details and no reverse engineering of the algorithm were introduced. This course will give you practical experience with the most powerful attacks known against white box crypto: differential computational analysis and differential fault injection attacks. The attacks are performed with both open source tools and commercial grade tooling.
The Hands on Linux Web Server Hardening and System Monitoring Training course will get the attendees familiarized with a wealth of hardening techniques that are common for the Web Application stacks and provide the participants with the ability to secure infrastructure in the cloud or data center to PCI standards. The training will focus on the LAMP stack using Centos and provide hands-on configuration of security tools such as ModSecurity, OpenVAS, OSSEC, Fail2ban, Auditd, Logstash, SELinux, Honey Traps and more.
This course teaches hardware hacking and reverse engineering techniques and skills commonly used against electronic products and embedded systems. It is a combination of lecture and hands-on exercises covering the hardware hacking process, proper use of tools and test measurement equipment, circuit board analysis and modification, embedded security, and common hardware attack vectors. The course concludes with a final hardware hacking challenge in which students must apply what they've learned in the course to defeat the security mechanism of a custom circuit board.
Attackers are gaining access to the Enterprise through endpoints, but locking done laptops and desktops does no good when users spend the majority of their time on mobile devices. But mobile isn't just another endpoint. This hands-on course will equip the penetration tester with the understanding, tools, and skills to simulate malicious hackers' attacks against mobile via networking, messaging, and applications.
Integrated Circuit Reverse-Engineering and hacking requires several expertises. This course is designed to cover every aspects of these topics from Semiconductor Physics to sample preparation and attacks. A focus will be put on invasive attacks which are generally considered as a residual threat by certification schemes but are at the same time the most successful. The training is a combination of theoretical sections with case studies where the student will be given the opportunity to Reverse-Engineer real circuitry and develop attack strategies for memory dumps and counter-measure bypasses.
Covered topics includes:
This intensive two-day course is designed to teach the fundamental investigative techniques needed to respond to today's landscape of threat actors and intrusion scenarios. The class is built upon a series of hands-on labs that highlight the phases of a targeted attack, key sources of evidence, and the forensic analysis know-how required to analyze them.
Even prior to Sun Tzu penned his "Art of War," nations and their armies have been using counterintelligence methods to defend themselves from both outside and inside threats. The technology has changed greatly through the years, but the people who operate that technology haven't changes that much. Insider threats include a human component. In a recent survey of companies with data protection and privacy training programs, 55 percent of the respondents reported that they had experienced a security incident due to a malicious or negligent employee. Insider Threat Mitigation and Countermeasures draws from proven principals derived from counterintelligence and Law Enforcement techniques to deal with malicious and negligent employees. Our training program demystifies counterintelligence and Law Enforcement processes, breaking techniques down into fundamental skill-sets: building relationships and facilitating the flow of vital security information through effective communication and interviewing skills. These techniques will enable your personnel to establish and exploit information networks to detect and mitigate potential and actual insider threats
Kali Linux is the information security professional's platform of choice. Kali is loaded with thousands of tools specifically designed for professional penetration testing, performing network security audits, or generally allowing you to "break stuff like a pro".
But there's much more to Kali than meets the eye. It is a world-class, mature, secure, and enterprise-ready operating system distribution which provides the perfect platform for deployment and customization, allowing you to control your engagements in a professional manner.
The age of intelligent machines is here! We are now seeing Machine Learning disrupting every technological field including computer security. As more and more security products use Machine Learning, it is important as Pentesters and Security Researchers to understand how to make and break this technology!
This 4 Day Megaprimer will take you right from the basics of Machine Learning, to using it for security research, and to finally breaking security products using it! We will use case studies relevant to Infosec such as - Network intrusion detection, Spam detection, Security log analysis, Attacker Identification, Rogue Wi-Fi network detection, AV and IDS Evasion etc.
Students will receive - a copy of the book "Principles of Data Science", PDF slides and exercise files, 20 hrs HD videos of class lectures and demos, 1 Month PentesterAcademy.com access pass to solve Machine Learning challenges online!
Almost every computer incident involves a trojan, backdoor, virus, or rootkit. Incident responders must be able to perform rapid analysis on the malware encountered in an effort to cure current infections and prevent future ones. This course provides a rapid introduction to the tools and methodologies used to perform malware analysis on executables found on Windows systems using a practical, hands-on approach.
Air, sea, land, space, and now cyber. Cyberspace has been named an operational domain by the U.S. Department of Defense. This designation and subsequent application of U.S. doctrine to cyberspace operations has shed light on new tactics and techniques for network defense based on military doctrine developed over millennia; techniques you can use now to improve the defense of your network. This course will introduce you to the intricacies of this complex new landscape through discussion and hands-on exercises developed by career Army officers with a combined 50+ years of experience.
An employee clicks on a link in a phishing email. A worm propagates through your network, undetected. A keystroke logger listens quietly, exporting passwords once a week. How can you make sure you're not the next organization in the papers? Better firewall rules? A newer generation IDS? Faster updating for A/V signatures? We all know none of these is the right solution by itself. The future of defense is practical network monitoring and forensics.
From the author of "Network Forensics: Tracking Hackers Through Cyberspace" (Prentice Hall, 2012) comes Network Forensics: Continuous Monitoring and Instrumentation. This fast-paced, intensive class includes traffic and flow record analysis, cloud-based network forensics, next-generation firewall, DLP and SIEM analysis, wireless and mobile network forensics, and malware network behavior analysis all packed into a dense 4 days, with hands-on technical labs throughout the class.
Even wondered how different attacking a Mobile application would be, from a traditional web application? Gone are the days when knowledge of just SQL Injection or XSS could help you land a lucrative high-paying infoSec job.
After the introduction of iOS 10 and Android 7 Nougat, We are bringing an updated version of the course with the latest tools & techniques. This will be an introductory course on exploiting iOS and Android applications, suited well for both beginners as well as advanced security enthusiasts. The training will be based on exploiting Damn Vulnerable iOS app, Android-InsecureBankv2 and other real-world application vulnerabilities in order to give an in-depth knowledge about the different kinds of vulnerabilities in Mobile applications. This course will also discuss how an attacker can secure their application using secure coding & obfuscation techniques. After the workshop, the students will be able to successfully pentest and secure applications running on the various operating systems.
The training will also include a CTF challenge in the end where the attendees will use their skills learnt in the training to solve the CTF challenges. The students will be provided with Slides, tools and VMs used during the course.
From finding people and those who influence them to uncovering internal IP addresses and technology used at major corporations this course will propel you into the world of open source intelligence feet first. Expect to be shocked out at how much data is 'out there' and what people can do with it as well as how you can reach this data for both defending and attacking.
This Crash Course rapidly introduces the tools and methodologies necessary to get you analyzing malware that targets the OS X platform. We use a practical, hands-on approach to quickly adapt your current malware analysis skills for OS X.
Battle tested, industry approved, and by popular demand - Penetration Testing With Kali Linux returns to Black Hat Vegas. The one and only official training by the creators of Kali Linux, this intense, hands-on security class by Offensive Security has provided the foundation of knowledge for many in the security community. Year after year this class always sells out fast, so if you want to attend you better sign up quick.
Physical security is an oft-overlooked component of data and system security in the technology world. While frequently forgotten, it is no less critical than timely patches, appropriate password policies, and proper user permissions. You can have the most hardened servers and network but that doesn't make the slightest difference if someone can gain direct access to a keyboard or, worse yet, march your hardware right out the door.
Those who attend this session will leave with a full awareness of how to best protect buildings and grounds from unauthorized access, as well as how to compromise most existing physical security in order to gain access themselves. Attendees will not only learn how to distinguish good locks and access control from poor ones, but will also become well-versed in picking and bypassing many of the most common locks used in North America in order to assess their own company's security posture or to augment their career as a penetration tester.
There are more Android users than there are of any other mobile operating system worldwide. It is used not only in mobile devices but increasingly in infotainment, industrial, and enterprise products. "Practical Android Exploitation" is a course developed by Stephen A. Ridley (who also co-authored of "The Android Hacker's Handbook" by Wiley & Sons publishing) and Stephen C. Lawler (editor of "Practical Malware Analysis" and other books published by No Starch Press). "Practical Android Exploitation" is a comprehensive course aimed to teach all about Android software security and exploitation. Following the creation of their industry renown course ARMExploitation.com the creators of this course focused this new course on thoroughly exploring the inner-workings of the Android ecosystem and along the way teach participants how to reverse engineer and exploit software on Android. Participants will do it all: from decompiling applications, to writing their own shellcode FROM SCRATCH to exploit native code on Android systems. Jailbreaks, the history of public Android exploits, ARM exploitation, all will be covered in this intensive course.
More details available on: http://AndroidExploitation.com
The purpose of the course is to introduce students with prior basic exploitation experience (on other architectures) to "real world" exploitation scenarios on the ARM processor architecture. The reality is that exploitation these days is harder and a bit more nuanced than it was in the past with the advent of protection mechanisms like XN, ASLR, stack cookies, etc. As such, this course is called "practical" because it aims to teach exploitation on ARM under the real-world circumstances in which the exploit developer will encounter (and have to circumvent) these protection mechanisms. The course materials focus on advanced exploitation topics (circumventing protection mechanisms) using Linux as the platform as a basis to learn the ARM architecture but with the obvious applications being platforms running on mobile phones, tablets, embedded devices, etc.
This is an intensive course: Our hope is that students with some previous exploitation experience go from knowing nothing about ARM on the first day to exploiting custom heap implementation (bypassing ASLR, NX) using their hand-built ROP connect-back-shell payload on the the last day.
Its time to put your intelligence and security skills to the test! Our completely revamped "Practical Threat Intelligence" training course has a highly technical focus supported by automated attacks across 2,000 systems infiltrating 90 virtual organisations.
Students will be provided with an in-depth understanding of how to implement Cyber Threat Intelligence systems within their virtual organisations to efficiently identify and prioritise threats, attacks and security breaches.
Focusing on key Threat Actors and their Intent to harm your organisation, students learn the Attack Techniques that hackers use to remotely infiltrate your systems, Intelligence Techniques to gather and analyse the Indicators of Compromise, and what you need to do to Share Intelligence and respond in order to stay ahead of the attackers.
More and more security professionals have turned to scripting languages to automate tasks and complete work faster. If you've been wanting to learn Python and couldn't figure out how to start, or tried and can't get the hang of it this course will take you from zero to hero. This course was designed to follow a hacker's methodology of programming. Instead of learning formal programming practices that you'll never use, this course focuses on core concepts taught in 16 simple recipe-like modules. Throughout the course, we will reuse and build on past modules to quickly complete more complex projects. Each module has lab time for continuous hands-on opportunity and practical application exercises.
This course provides training in knowledge factors and functional requirements established for Entry and Intermediate Level Risk Analysts and addresses professional processes and policy requirements established within the federal Risk Management Framework (RMF). Specific focus is directed on identifying, implementing and integrating management, acquisition and administrative risk methodologies for securing critical information infrastructures and establishing standards necessary to help protect the confidentiality, maintain the integrity and ensure the availability of critical organizational computing resources within a risk managed framework.
Looking to expand your malware analysis skills to include the software powering critical internet infrastructure? Then take this class and develop skills analyzing Cisco IOS Firmware! You'll practice using a live router in a lab environment and perform hands-on analysis of a backdoored Cisco IOS image. You'll learn how to statically analyze a Cisco IOS image, obtain and analyze memory core dumps, and perform dynamic analysis of a running router.
"I wish developers would write secure code" is something the industry has been saying for decades, but in reality there has never been a better time to produce robust and secure apps than now, with more tools and processes than ever before.
But how do you do this? How do you fit security testing into the Agile development process without holding up the commits?
This course introduces security at speed for those responsible for developing apps. The goal is to automate secure development and introduce security tests and fixes within the workflow, making secure software an inherent outcome of the DevOps approach.
An introduction to digital signal processing, software radio, and the powerful tools that enable the growing array of SDR projects within the hacker community, this course takes a unique "software radio for hackers" approach, building on the participants' knowledge of computers and introducing them to the forefront of digital radio technology. Participants will learn how to transmit, receive, and analyze radio signals and will be prepared to use this knowledge in the research of wireless communication security. Each student will receive a HackRF One software defined radio transceiver, a $300 value.
While application flaws should ideally be fixed in the source code, this is often not a feasible task. Web application firewalls are often deployed as an additional layer of security that can monitor, detect and prevent attacks before they reach the web application. ModSecurity, an extremely popular open source web application firewall, is often used to help protect web applications against known and unknown vulnerabilities alike. By leveraging the flexibility within ModSecurity, participants will be able to write effective rules to mitigate complex web vulnerabilities.
Tactical Exploitation: Attacking UNIX focuses on the UNIX portion of our most popular multi-platform class, Tactical Exploitation (taught at BlackHat, BruCon, Countermeasure, etc.). Students will become immersed in a unique offensive school of thought at the post exploitation stage. A mind set seen in real world attacks vs penetration testing. Students learn how to compromise systems without depending on standard exploits and how to keep from getting caught. By abusing features provided by standard UNIX tools and trusts, students get hands on experience attacking a virtual enterprise network. This class is designed to help students achieve success in any environment.
Tactical Exploitation: Attacking Windows focuses on the Windows portion of our most popular multi-platform class, Tactical Exploitation (taught at BlackHat, BruCon, Countermeasure, etc.). Students will become immersed in a unique offensive school of thought at the post exploitation stage. A mind set seen in real world attacks vs penetration testing. Students learn how to compromise systems without depending on standard exploits and how to keep from getting caught. By abusing features provided by standard Windows tools, students get hands on experience attacking a virtual enterprise network. By using standard tools, students learn how to become effective in any environment regardless of Windows versions.
Too often, beginner courses assume an already high level of skill and understanding of the subject matter being taught. This course is different in that we start with no assumption, rather getting you ready to learn how attackers compromise targets, as well as ensuring you get to do the same thing. As the title suggests, it provides an ideal training ground for our other SensePost Training courses, further self-study, or other hacking courses.
The need for reverse engineering binary software components arises in more and more contexts every day. Common cases include analysis of malicious software such as viruses, worms, trojans and rootkits, analyzing binary drivers in order to develop open source drivers for alternate platforms, analyzing closed source software for security flaws, and source code recovery in legacy systems. The first step in such an analysis is generally the acquisition of a high quality disassembly of the binary component. Ida Pro is touted as the premier disassembler available today, capable of disassembling machine languages for a large number of microprocessors and micro controllers. This course will cover advanced features of Ida that may be used to work through challenging reverse engineering problems. This course is taught using primarily x86 and ARM assembly language.
The need for reverse engineering binary software components arises in more and more contexts every day. Common cases include analysis of malicious software such as viruses, worms, trojans and rootkits, analyzing binary drivers in order to develop open source drivers for alternate platforms, analyzing closed source software for security flaws, and source code recovery in legacy systems. The first step in such an analysis is generally the acquisition of a high quality disassembly of the binary component. Ida Pro is touted as the premier disassembler available today, capable of disassembling machine languages for a large number of microprocessors and micro controllers. This course will cover essential features of Ida that anyone looking to begin using this tool should be familiar with. This course is taught using x86, 32-bit, assembly language.
MDSec's Mobile Application Hacker's Handbook course is delivered by the lead author of the book. It features all new material and hands-on hacking examples, covering chapters 1-9 of MAHH. Over the 2 days, delegates will learn the tricks and techniques to hack mobile applications on the iOS and Android platforms.
The course follows chapters 1-9 of the Mobile Application Hacker's Handbook, with a strong focus on practical attacks. Over the 2-day training course delivered by the lead author of the book, delegates will learn the tricks and techniques to hack mobile applications on the iOS and Android platforms.
After a short introduction in to the subject, we delve in to the following core modules:
The highly popular course The Shellcode Lab is back! With feedback like "By far the best course I've taken at Black Hat", this is the training that takes your penetration testing and low level technical skills to the next level!
Students start with basic knowledge, and by the end of the first day write their own Mac OS X 64-bit Port Bind shellcode from scratch to remotely compromise a server.
In this exciting and hands on training, you will:
UPDATED FOR 2017 - this course is based on the Web Application Hacker's Handbook, and Burp Suite. During the course you will learn about everything from methodology tips such as writing your own burp extensions to the most prolific current attack vectors such as blind XML External Entity Injection and Java Deserialisation.
Our course contains around 150 slides, the rest of the time is hands-on practical experience against our 400+ lab examples.
Learn everything about security visualization to make your hunting, log analysis and forensic investigations more efficient and effective. We explore big data and visual analytics to uncover new insights and hidden attacks on your environment - https://www.youtube.com/watch?v=hhISnNVV7LA.
This course is for anyone in the industry that wishes to harness Maltego's powerful visualization capabilities with their own data. Be it structured data in spreadsheets, logs from an index (think Splunk, ELK) or a distributed SQL database – we'll teach you how to explore your data using interactive Maltego graphs.
You will learn how to hack your application with a whiteboard!
Threat modeling is a structured activity for identifying and evaluating application threats and vulnerabilities. The security objectives, threats, and attacks modeling activities during the threat modeling are designed to help you find vulnerabilities in your application. You can use the identified vulnerabilities to help shape your design and direct and scope your security testing.
The threat modeling course will teach you to perform threat modeling through a series of workshops, where our trainer will guide you through the different stages of a practical threat model. The students will be challenged to perform practical threat modeling in groups of 3 to 4 people covering the different stages of threat modeling on:
To achieve maximum stealth and obtain unabated access to the system, rootkits execute in kernel mode. This advanced course provides a comprehensive end-to-end view of the modus-operandi of rootkits by taking an in-depth look at behind the scenes working of the Windows kernel and how these mechanisms are exploited by malware through hands-on labs and real-world case studies. Kernel security enhancements that have been progressively added to Windows are discussed along with some circumvention techniques. Attendees will study key techniques used by rootkits to understand the real-world applicability of these concepts for offensive and defensive purposes. This course has been updated for Windows 10 Version 1607 (RS1).