On This Page

DARK SIDE OPS: CUSTOM PENETRATION TESTING

Bryce Kunz, Silent Break Security | Oct 14-15



Overview

Hackers penetrate enterprise networks in the flash of an eye, ravage endpoints for sensitive data, and silently exfiltrate the keys to your kingdom without every popping up an alert. Dark Side Ops: Custom Penetration Testing enables participants to "break through" to the next level by removing their dependence on 3rd-party penetration testing tools, allowing for outside-the-box thinking and custom tool development designed specifically for the target environment. Participants are provided with hands-on experience into the black hat techniques currently used by hackers to bypass network-based enterprise intrusion detection and prevention systems (IDS/IPS), layer 7 web proxies, and data loss prevention (DLP) solutions. The custom approach doesn't stop there. Participants learn advanced evasion techniques of corporate host-based countermeasures, including anti-virus and application whitelisting solutions by developing, compiling, and deploying custom backdoors, payloads, and persistence deep into protected enterprise networks.

At the end of this course students will be able to:


Who Should Take this Course

Dark Side Ops: Custom Penetration Testing is ideal for offensive security enthusiasts ready to take their skills beyond tool, script, or fill-in-the-blank penetration testing framework dependence. L33t programming skills are not necessary to enjoy this course. If you're interested in being able to build or modify custom offensive tools to bypass the latest offensive countermeasures, this course is for you. This course is equal parts attack/exploit, malware coding/programming, and hands-on lab environment. Participants will not leave this course disappointed.


Student Requirements

Students should have at least:


What Students Should Bring

Laptop:



Windows 7 virtual machine with the following software installed on it:


Trainers

Brady Bloxham is Founder and Principal Security Consultant at Silent Break Security, where he focuses on providing advanced, custom penetration testing services. Brady started his career working for various three letter agencies, where he earned multiple awards for exceptional performance in conducting classified network operations. Brady stays current in the information security field by writing custom malware, researching new persistence and code injection techniques, and providing training on advanced, stealthy attack methodologies. Brady has publicly released many tools, including Throwback (a custom beaconing backdoor), and presented his research at DEF CON, DerbyCon, and various other security conferences. Brady also maintains the PwnOS project and holds several highly respected industry certifications. :)

Bryce Kunz's experience includes being the vice president of Computer Network Exploitation Services at Defense Point Security, a global network exploitation and vulnerability analyst within the Department of Defense (DoD), an information assurance researcher for the National Information Security Training and Education Center, and the incident response manager for the Department Homeland Security's (DHS) Security Operations Center (SOC) under the U.S. Customs and Border Protection (CBP). Bryce is the creator of PwnOS v2.0, an exploitable virtual machine, and has spoken at various conferences, including Derbycon 4.0. Bryce is an avid researcher in the field of network exploitation and has released several tools and custom techniques, including White Lightning, a browser exploitation framework.