What to bring:
All necessary equipment will be provided, including pre-configured laptops, tools and utitlites.
Last year SensePost compromised over 200 networks worldwide. This course is a behind the scenes look at how it is done, with hands on instruction and real world case studies.
Reality, Theory and Practice.
This course is the "How did they do that?" of modern hacking attacks. From start to finish we will lead you through the full compromise of a company's IT systems, explaining not only the tools and technologies, but especially the thinking, strategies and the methodologies for every step along the way. Based on SensePost's acclaimed "Applied Hacking Techniques" course, "Hacking By Numbers" will give you a complete and practical window into the methods and thinking of hackers.
- Our course is focused on tuning the mind. How does one *think* when attempting to compromise a network from the Internet. Our reasoning is as follows
- Work according to a methodology
- Determine your strategy
- Select your tools (this should flow naturally from [b])
- Execute your attack
- From this you can see that the emphasis is not on the tools and how to use them. But on the *thinking* behind the tools.
- Our course is strongly method based. We perform all of our assessments according to a strict methodology that we believe ensures the best chances of a successful penetration. The course is delivered exactly according to this strict methodology, thereby giving you a systematic approach to attack and penetration.
- Our course is strongly case-study based. We base each lesson on a real life scenario and use the case to describe and demonstrate our thinking and techniques. We then give each student the opportunity to apply those techniques in the lab and on the 'net.
- Our course is *less* tools based. Although the course is extremely practical and technical in nature, it probably focuses less on the use of specific tools and utilities then other courses. Our thinking is that tools come and go and that anyone with a browser and a basic understanding of English can find and use the right tool for a specific job. Sometimes the 'right' tool doesn't exist and it needs to be built. In either case, our focus is on teaching the student how to decide what tool to use at various points of an attack, and how those tools should be applied to complete the job at hand.
- Our course is 100% real-world. Each trainer spends all the time that he's not giving training, actually performing assessments and penetration tests. i.e. the other 25 days of the month. Therefore, our course is not about how *hackers* break into networks, its about how *we* break into networks. Our trainers are all highly skilled and experienced security practitioners that are globally recognized in the field.
"Hacking by Numbers" runs for two days during which the SensePost trainers will walk you, step-by-step, through real-life hacking attacks. We'll start by identifying the target systems, teach you how to breach the target perimeter, and demonstrate how to extend these attacks in order to completely compromise the internal networks.
What You Will Learn:
This course will teach you by means of real examples, solid theory and hands-on exercises how a hacker would go about breaking into your network. Armed with this knowledge you can test and ensure that your systems are secure against these kinds of threats and attacks. Delegates will perform all hands on exercises using pre-configured laptops and will gain practical experience with the tools and utilities that are used everyday by industry analysts and underground specialists in the field.
How it Will Work:
Each student will be provided with a state-of-the-art laptop for the duration of the course. The machines are loaded with a Unix and a Microsoft operating system and are pre-configured with the vast range of tools, documents, software and other utilities required for the practical components of the course. Our dedicated lab environment and a direct connection to the open Internet ensure a real and authentic experience. At each step of the way we explain what was actually done to circumvent system security (that's the reality part), why it was done like that (the theory part) and how you can try it yourself (where you get to practice what we preach).
At the end of the course each student will receive a CD-ROM containing, not only the tools and utilities covered in the course, but also a huge collection of additional software and resources.
Who Should Attend:
Information security officers, system and network administrators, security consultants, government agencies and other nice people will all benefit from the valuable insights provided by this class. Remember that this course is practical and of an extremely technical nature, so a basic understanding of networking, security, Unix and NT is a course prerequisite.
Course Length: 2 days
Cost: US $2100 before 1 December 2003 or US $2300 after 1 December 2003
NOTE: this is a two day course. A Certificate of Completion will be offered.
Roelof Temmingh is the technical director of SensePost where his primary function is that of external penetration specialist. Roelof is internationally recognized for his skills in the assessment of web servers. He has written various pieces of PERL code as proof of concept for known vulnerabilities, and coded the world-first anti-IDS web proxy "Pudding". He has spoken at many International Conferences and in the past year alone has been a keynote speaker at SummerCon (Holland) and a speaker at The BlackHat Briefings (New Orleans). Roelof drinks tea and smokes Camels.
Haroon Meer is one of SensePost's senior technical specialists. He specializes in the research and development of new tools and techniques for network penetration and has released several tools, utilities and white-papers to the security community. He has been a guest speaker at many Security forums including BlackHat Briefings (New Orleans). Haroon doesnt drink tea or smoke camels.
Charl van der Walt is a founder member of SensePost. He studied Computer Science at UNISA, Mathematics at the University of Heidelberg in Germany and has a Diploma in Information Security from the Rand Afrikaans University. He is an accredited BS7799 Lead Auditor with the British Institute of Standards in London. Charl has a number of years experience in Information Security and has been involved in a number of prestigious security projects in Africa, Asia and Europe. He is a regular speaker at seminars and conferences nationwide and is regularly published on internationally recognized forums like SecurityFocus. Charl has a dog called Fish.