Training

Available trainings

- Enterprise Penetration Testing Methods by Rod Soto - REGISTER
- Offensive OSINT for Pentesters by RedHunt Labs - REGISTER
- Fundamentals of Effective Web App Security Assessments by Ryan Wendel - REGISTER
- Exploiting APIs: Offensive Techniques, Tactics, and Labs by Will Vandevanter - REGISTER

- Exploit Development for Beginners by Sam Bowne - REGISTER



 

Enterprise Penetration Testing Methods By Rod Soto

During this comprehensive course, tools and methodologies that are used during penetration tests in enterprise network/application environments will be detailed.The course will utilize a lab environment for a hands-on instruction of manual penetration testing methods, in addition to training for use of exploitation frameworks, such as Metasploit. 

Focus will be geared towards methodology, processes, vectors, tools, and techniques used for exploitation. By the end of the course, the student will have an in-depth understanding of the underlying principals of network/application exploitation and will have gained experience in the successful execution of attacks.

‍Minimum Course Requirements:
Bring a Laptop with: 4 GB of RAM at Minimum and Quad-Core Processor at Minimum Ability to Run Virtual Machines
Understanding of Basic Networking Concepts
Basic Linux Comprehension

Target Audience:
This seminar is geared towards those seeking to enter the information security industry while also enriching those who seek to develop the skills and experience necessary to succeed as a penetration tester (for fun and for profit).

Bio
Rod Soto has over 15 years of experience in information technology and security.  He has spoken at ISSA, ISC2, OWASP, RSA, DerbyCon,BlackHat, DEFCON, Hackmiami, Bsides and also been featured in Rolling Stone Magazine, Pentest Magazine, Univision and CNN. Rod Soto was the winner of the 2012 BlackHat Las vegas CTF  competition and is the founder and lead developer of the Kommand && KonTroll/ NOQRTRCTF competitive hacking Tournament series.He has also architected and co-develop military cyber ranges.

REGISTER FOR TRAINING




Offensive OSINT for Pentesters By RedHunt Labs

Description

This Offensive OSINT training program focuses on a wide range of tools and techniques for performing real-world reconnaissance in order to launch targeted attacks against modern infrastructures.

This advanced training not only talks about using OSINT to extract data but also focuses on the significance of this data and how it could be directly enriched and used offensively for attacking and compromising Modern Digital Infrastructures.We will take a deep-dive into various methodologies for extracting useful information from the internet. Furthermore, we will cover how this extracted information can be used in multiple attack scenarios.

This course takes a comprehensive hands-on approach to indulge the participants into real world scenarios, simulated lab environment and case studies in order to get proficient in techniques and methodologies. Each participant will also be provided ONE MONTH FREE ACCESS to our Private Lab mimicking the modern age infrastructure, as well as decoy accounts and organization’s social presence, where they can practice the skills learnt during the course.

Course Outline:

* Target Scoping and Mapping the Attack Surface

* Subdomain Enumeration

* Organization’s Social Media Profiling

* Hunting Code Repositories, Dark Web, Paste(s) Sites and Leaked Data

* Employee(s) Profiling

* Cloud Recon

* Bucket/Blogs/Spaces Enumeration

* Enriching OSINT Data

* Tech Stack Profiling

* Identifying SSO/Login/Admin/VPN Portal(s)

* Explore Breached Password Databases

* Metadata Extraction

* Attacking Network Services using collated data

* Compromising Business Communication Infrastructure (BCI)

* Targeted Credential Spraying

* Compromising Cloud Server Instances

Student Requirements

* Should have basic understanding of Pentesting

Who should take this course

* Penetration Testers

* Social Engineers

* Red-Teamers

* Bug Bounty Hunters

* OSINT Researchers

* Risk Management Professionals

What Students Will Be Provided With

* Student Pack which contains

  * Slide deck and OSINT CheatSheet

  * Important Tools and custom Scripts

  * Answers to challenges (covered during the training program)

* 1 Month Free Lab Access.

Bio

Shubham Mittal

Shubham Mittal is an active Information Security researcher with 6+ years of experience in Pentesting and OSINT. He is Review Board Member for BlackHat Asia. He has delivered his trainings at Black Hat, NullCon, HackMiami, c0c0n, etc. He is the author of OSINT Framework - DataSploit (listed in Top Ten Security Tools of 2016) and is core organizer of @Recon Village which runs @DEFCON. He works from the command line, uses vi and loves beer.

Sudhanshu Chauhan

Sudhanshu Chauhan is an information security professional with 6+ years of experience. He is the developer of RedHunt OS and one of the core contributors to Datasploit (Open Source OSINT Framework). Sudhanshu has also identified multiple critical vulnerabilities in various organizations like Adobe, ATT, Freelancer, Yandex etc. He has been a speaker at various conferences such as Ground Zero Summit, Cyber-Hackathon Bar-Ilan University, BlackHat Arsenal, has delivered training at BlackHat US, AppSec EU, and c0c0n security conference and is core organizer of @Recon Village which runs @DEFCON and other security conferences.

REGISTER FOR TRAINING




Fundamentals of Effective Web Application Security Assessments by Ryan Wendel

Description
This course offering seeks to provide students a balance of practical theory and hands-on testing experience related to the assessment of web applications from the perspective of an offensive security consultant. 

The main goal is to impart an efficiency-focused mindset along with a framework of techniques a professional penetration tester would leverage to evaluate an application's security posture during a time-compressed client engagement. 

The course will guide students through the early phases of a consistent, repeatable, and defined approach towards examining an application's attack-surface given a finite amount of resources. Among the main topics discussed will be automated and manual testing techniques related to initial reconnaissance, exhaustive enumeration, session-handling logic, and effective vulnerability discovery. 

This course will also review how the Same-Origin-Policy and Cross-Origin Resource Sharing mechanisms affect cross-site attacks, highlight various advanced Burp Suite techniques, and pass on strategies designed to help students become better, more capable application-focused security professionals. The OWASP Top 10 will be utilized by this course to frame discussions regarding web application security best practices and the avoidance/remediation of common, high-severity vulnerabilities.

Hands-on labs will accompany each lecture component as the class works through the early phases of a real-world application assessment workflow. Students will get to work with vulnerable applications carrying common vulnerabilities inspired by ones discovered during real engagements. Once completed, students will possess a base level of skills required to deftly navigate time-limited professional web application assessments and feel confident in their delivery of high-quality consultations that clients will benefit from and employers will reward.

This class will make heavy use of the Burp Suite web proxy testing and scanning tool. A trial license for the professional version of Burp Suite will be provided to students at no cost.

Course outline

- Lab Setup
- Initial Application Reconnaissance
- Session Handling Logic
- Application Enumeration
- Effective Scanning Techniques
- XSS, CSRF, SOP, and CORS
- Vulnerability Remediation
- Being a standout Consultant

Target Audience: This course is geared towards information security professionals (aspiring or already employed) looking to garner a deeper understanding of how to efficiently conduct consultative web application penetration testing engagements.  

Minimum course requirements: - Firm understanding of the HTTP protocol. - Familiarity with basic web application attack vectors, theory, and practice. - Familiarity with web proxies (preferably Burp Suite) and similar tools. 

Students are expected to bring a laptop with the following requirements - USB Port - 4 GB of RAM (minimum) - At least 10GB of free storage space - VMWare Player or VMWare Fusion 

Bio Ryan Wendel currently operates as a penetration testing consultant working for the Dell Secureworks Adversary Group. His primary interests and areas of expertise encompass simulating real-world attacks on web applications and external/internal networks & infrastructure. 
Ryan's technology career spans over 15 years and includes pivotal, senior positions in systems administration, web application development, outsourced service management, and both offensive & defensive information security roles. Ryan brings a wealth of real-world business and technology 
consultation experience to the table via his formal education, adventures in business ownership, and explicit information security consulting roles. With a passion for professional development and a keen interest in web application testing, Ryan maintains a steadfast commitment to expanding 
his knowledge and technical acumen in the security field. Ryan holds a degree in Computer Engineering from NC State University and a Masters in Business Administration from the University of North Carolina. 

REGISTER FOR TRAINING 

  

*Exploiting APIs: Offensive Techniques, Tactics, and Labs by Will Vandevanter 

This 1-day training focuses on offensive techniques and tactics for attacking APIs. API endpoints and microservices have seen a large expansion over the past few years making them a central component of many appsec assessments. Understanding how these targets can be exploited is vital for any offensive role. 

Using a hands-on approach we focus on the methodology for assessing and exploiting these technologies, including: 

- Testing for authorization/authentication bypasses 
- Modern Injection Attacks 
- GraphQL 
- Blacklist/Whitelist Bypasses 
- Insecure Direct Object Reference everywhere! 
- Automating parts of your process 

The design for this training is hands-on with 80% of class time spent on labs to ensure the maximum amount of practice and understanding. This class is designed for penetration testers with between 1-3 years of experience and back-end web application developers with 3+ years of experience and interest 
in offensive security techniques. As a penetration tester you will add a number of new weapons to your arsenal. Although the training is focused on application security and intermediate in difficulty, discerning developers will benefit from being better able to protect your code and spot the issues discussed 
before they make it into production. Every trainee should walk away with a deeper understanding of the modern API attacks discussed and the confidence to articulate the business risk surrounding them. 

Outline 

- Enumeration 
- Input Bypasses 
- Authorization and Authentication 
- GraphQL - Common Vulnerabilities 
- Code Analysis 

Student requirements 

Familiarity with a web proxy such as BurpSuite or ZAP. The trainer will use BurpSuite Professional for the examples and discuss a couple of Pro specific tools. You can sign up for a free trial license if you do not currently have a pro license. 
A laptop with 4GB or more RAM with a hard drive with 4GB or more free space. This is an intermediate AppSec training and familiarity with the OWASP Top 10 is expected. It is your responsibility to already be familiar with the vulnerabilities and exploitation of OWASP top 10 (for example as seen in Webgoat or DVWA). 
It’s recommended to work on the labs from a Virtual Machine. A Kali OS VM can be helpful though is not required. 
Students will be provided with: 

- Copy of the slides. 
- A large set of custom scripts and links from the training. 
- Remote access to the labs for 10 days after the training. 

Bio 
Will Vandevanter is a seasoned application security researcher who has identified and disclosed vulnerabilities in a number of products. He has previously spoken at BlackHat, DEFCON, TROOPERS, OWASP AppSec, and other conferences and is an active contributor to various open source software projects.He currently works as a private contractor performing penetration testing services, source code review assessments, and delivering in-person and online Web Application Security trainings.

REGISTER FOR TRAINING





Exploit Development for Beginners by Sam Bowne

OVERVIEW
Class structure: A live CTF scoreboard is running so participants can compete to solve challenges. The instructor will briefly explain the principles and demonstrate the attacks, but workshop participants will spend most of their time performing hands-on projects. Complete instructions guide participants through beginning projects, and a series of challenges of escalating difficulty are presented to encourage each participant to progress to their appropriate level of accomplishment.

Workshop participants will perform all the steps in exploit development: finding vulnerabilities with fuzzing, sending crafted strings to target the EIP, injecting shellcode, and overcoming defenses, to achieve remote code execution.We will begin with high-level exploits, which allow direct command-line remote code execution on vulnerable systems including 
Web forms, ImageMagick-using servers, and SQL injections.

Then we will move to classic stack buffer overflows, which allow attackers to inject binary machine code into running servers. After that we will perform heap overflows and exploit format string vulnerabilities. We will also exploit the Structured Event Handler on Windows systems.

Finally, we will examine modern operating system defenses, including Address Space Layout Randomization, Data Execution Prevention, Stack Cookies, and SEHOP. We will perform attacks which defeat these protections, including Return Oriented Programming and Heap Spraying. Most of the attacks use x86 code, but we will also exploit 64-bit and ARM-based systems.

We will use gdb, Immunity Debugger, Mona, Metasploit, LordPE, and write simple Python and C programs.

KEY TAKEAWAYS

Understanding of memory segmentation and usage in running code
Details of the binary defenses on Windows and Linux
Experience performing the whole exploit development process: fuzzing, controlling execution, and using shellcode

WHO SHOULD TAKE THIS COURSE
Developers and engineers who want to understand the vulnerabilities of the systems they make, red-team members who want to go beyond using tools others have written, and researchers who want 
to develop new attacks or defenses.

AUDIENCE SKILL LEVEL
Intermediate/Advanced

STUDENT REQUIREMENTS
Familiarity with C and assembly language is helpful but not essential.

WHAT STUDENTS SHOULD BRING
A computer that can run VMware virtual machines.

WHAT STUDENTS WILL BE PROVIDED WITH
USB sticks with the required virtual machines, and access to the challenges, instructions, and lecture slides. They will remain available after the workshop concludes, and they are all free to use 
with a Creative Commons license.

TRAINERS
Elizabeth Biddlecome is a consultant and instructor, delivering technical training and mentorship to students and professionals. She leverages her enthusiasm for architecture, security, 
and code to design and implement comprehensive information security solutions for business needs. Elizabeth enjoys wielding everything from soldering irons to scripting languages in cybersecurity 
competitions, hackathons, and CTFs.

Sam Bowne has been teaching computer networking and security classes at City College San Francisco since 2000. He has given talks and hands-on trainings at RSA, DEF CON in Las Vegas, DEF CON China, 
HOPE, BSidesSF, BSidesLV, LayerOne, Toorcon, and many other schools and conferences. Credentials: PhD, CISSP, DEF CON Black Badge Co-Winner

- REGISTER