i

On This Page

Advanced Testing, Evaluating and Breaking of Security Software

Black Hills Information Security | March 29 - 30



Overview


Security defense tools got you down? Vendors are always coming out with new ways to make life difficult for blackhat hackers. No worries! This course covers numerous methods to leave those vendors in the dust.

This course will start participants off with a fundamental overview of how common security products work. With this understanding, attendees will see just how easy it is to get around these products. Participants will be trained in using existing tools to sneak right past AV, DLP, IDS/IPS, and Application Whitelisting software. The class will show techniques that will get you into a network, methods to create persistent backdoors on the network, and ways to get data out of their hands and in to yours.

But wait! These tools won't work forever in the constant arms race that is happening between hackers and vendors. Participants will be given the upper hand by being walked through step-by-step in how to create a variety of custom malware in a multitude of languages. This training will provide the solid platform that is needed to keep the vendors scrambling. All of the source code is yours to keep.


Who Should Take this Course

Red teamers that are looking for the next step in offensive security will greatly enjoy this course. Blue teamers that would like to see just how effective their security products will also love this class. This class focuses heavy on hands-on labs that will really drive home the key-concepts and get you ahead of the game.

Student Requirements

  • Basic programming experience with a language such as Python, C++, or GoLang.
  • Basic understanding of network penetration testing techniques.

What Students Should Bring

  • A laptop that is capable of running multiple virtual machines
  • VMWare Fusion or Workstation (Depending on OS). Trial versions are available.
  • Windows VM (https://dev.modern.ie/tools/vms/)
  • Symantec EndPoint Protection. Trial version available.
  • Visual Studio 2015 Community Edition (Free)

What Students Will Be Provided With

  • USB thumb drive
  • Virtual Machines used in the course
  • All source code and tools
  • Labs and documentation

Trainers

Brian Fehrman has been interested in security since the high-times of AOL when he practiced the art of social engineering. He quickly found a passion for programming by learning to code in Visual Basic. From there, he moved on to C++, C#, and then adapted to using any language that he found to be the right tool for the job. He learned to apply this knowledge to interacting with the physical world through signal processing, robotics, computer vision, and artificial intelligence. Brian combined his love for programming and his enthusiasm for security into a single space. He has performed security assessments for numerous Fortune 500 companies, has made contributions to open source security projects such as recon-ng, and has presented at conferences such as DerbyCon.