This class will focus on massively scalable and demonstrably effective ways to attack systems. This class comprises one part Vulnerability Finding, one part Tool & Exploit development, and one part Attack Amplification. We will cover attacking COTS Discretionary Access Control based Unix systems. We will also have a special section on attacking a Mandatory Access Control based systems. The class will conclude with a session detailing how to protect your environment from the attacks covered in the class.
The class will have working exploit and tool code as examples, but the focus of the class is to demystify the entire process. Our motto is "To be; not to appear". It is our hope that our students will become functional in all subjects covered as they apply what they learned from the class.
If you come to this class, you will learn or see examples of:
- Vulnerability & Target Finding:
- How to write fault injection software for automated Application Testing.
- How to use and develop scalable tools to find targets and deliver custom payloads.
- Tool & Exploit Development:
- How to use available software libraries to write custom attack tools:
- Clustered Attack Servers
- Protocol Layer Attacks
- Application Layer Attacks
- Attack Amplification
- Attacking Mandatory Access Control based systems.
- How to scale your attacks to every IP in the IPv4 space.
- How to go undetected by common forensics tactics.
- How to bypass IDS/IPS.
- How to maintain control of a machine through an OS Reinstall (hardware dependent).
Who Should Attend:
- Programmers & Security Researchers: You are our primary target for this class and will take away the most value from it.
- Security Auditors & Seasoned "Pen-Testers": Be sure to brush up on C before you come. Your customers will really appreciate your new found knowledge after taking this class.
- Government: Any Red Team member will definitely learn from and enjoy this class.
Special Notes:
You need to come with a Unix (Slackware Linux preferred) laptop that is fairly recent. If you are not a programmer, we will try to make sure you still take away valuable knowledge. Get plenty of sleep. We know it's hard for a computer class to compete with the Vegas night life, but this one may require your full attention.