Hacking by Numbers:
Bootcamp Edition

Overview

For 2013, we've incorporated a number of web application layer attacks and approaches into Bootcamp. From attacking CMS systems via plugins, to thoroughly understanding SQL injection flaws and exploits methods. Numerous infrastructure-layer attacks have been updated to mirror what real attackers are currently exploiting.

• A quick review of key concepts and technologies
• A review of Internet Reconnaissance
• A review of fingerprint - portscanning, OS and service identification
• Vulnerability Discovery
• Exploiting Known Vulnerabilities
• Finding and Exploiting Vulnerabilities in Web Applications
• Attacking Content Management Systems via commonly installed plugins
• Understanding and exploiting SQL databases via a browser
• Real-world exercises and capture-the-flag

Prerequisites

No hacking experience is required for this course, but a solid technical grounding is an absolute must. Students are expected to be versed in basic programming or scripting, networking and Internet technologies, nix and Windows operating systems, basic SQL and database technologies.

Context

'Bootcamp' is SensePost's 'introduction to hacking' course. It is strongly method based and emphasizes structure, approach and thinking over tools and tricks. The course is popular with beginners, who gain their first view into the world of hacking, and experts, who appreciate the sound, structured approach.

Cadet and Bootcamp Edition can be taken back-to-back. There is a small amount of overlap between the courses but they have been carefully designed to provide a congruent learning experience.

Students who have mastered the Bootcamp Edition will be perfectly prepared to move on the 'BlackOps' Edition to sharpen their skills in real hacking scenarios.

Who should attend

Information security officers, system and network administrators, security consultants, government agencies and other nice people will all benefit from the valuable insights provided by this class.

What to bring

Students should have BackTrack5 R3 running on their laptops before arriving in class. It is up to the students how they wish to accomplish this, but we would suggest running the 'Gnome 32bit VMWare' image. On Windows or Linux systems this can be run via VMPlayer, and from OSX via VMWare Fusion. Laptops should have Ethernet, WiFi, at least 4GB RAM, and 15GB free disk space.

BackTrack VMWare Image

VMWare Player (Windows/Linux)

VMWare Fusion (OS X)

Course Length

Two days. All course materials, lunch and two coffee breaks will be provided. A Certificate of Completion will be offered.

Trainers

All of SensePost’s Hacking By Numbers trainers are working penetration testers or developers. What we perform for our clients often makes it into our HBN courses as modules. We love teaching and have been doing so for Blackhat for over a decade now.

Glenn Wilkinson is SensePost's resident Zimbabwean, functioning mostly as a lead security analyst. He is active in the SensePost research labs, having had his work presented at BlackHat Vegas, UnCon, and ITWeb ZA. As a Rhodes scholar he holds two Masters degrees from the University of Oxford.

Sara Perez Merino is SensePost's resident Spaniard, functioning mostly as a lead security analyst. Coming from a consultant background her areas of expertise are in infrastructure and web application assessments but also has an interest in most things related to mobile research and forensics.