Black Hat USA 2007 Briefings and Training
Caesars Palace, Las Vegas • July 28-29 (Weekend Only)

Hacking By Numbers Combat Grading is the world’s first objective technical grading system for hackers and penetration testers. Participants are tasked to capture the flag in a series of exercised carefully designed to test the depth and the breadth of their skill in various diverse aspects of computer hacking. Around 15 exercises are completed over the course of two days, after which each participant is awarded a grade reflecting their scores and relative skill levels in each of the areas tested. Each exercise is completely technical in nature. Each exercise is discussed in depth after it has completed so that participants know immediately how they faired, what they did right and where they went wrong. Due to the diversity of the challenges set Combat Grading is thus also an intense learning experience.

Overview
Combat Grading offers something that has never been achieved before, an objective, technical skills rating system for hackers and penetration testers.

During the two-day session students are presented with fifteen unique technical exercises. Each exercise has scope, rules and specific objectives and must be completed within a limited time.  Each exercise is also described in terms of the type and depth of skills it tests. Flags are set at various points in the exercise, and clues can be requested so that participants can score points for the progress made, without necessarily needing to complete the entire exercise. The faster the test is completed, the higher the score.

Participants are provided with fully configured laptop computers and a CD with all the tools required to complete the exercises. However, private laptops may be used and Internet access will be available at all times.

Your overall Combat rating will decrease with time, but increase with each new exercise attempted. Thus Combat Ratings will remain an accurate reflection of your skill at any given time.

Prerequisites
SensePost will provide fully configured laptop computers as well as CDs with all the tools required. Students need to ensure they have the necessary level of skill.  Combat is hands-on and technical and is designed to test the skill of professional hackers and penetration testers. Whilst anyone may attempt the Grading participants may want to consider completing ‘Bootcamp’. ‘Combat Training’ or other similar courses first to ensure they’re ready for grading.

Context
‘Combat Rating is the ultimate target for students who have completed all the courses in the Hacking By Numbers series. However, no other SensePost course is a prerequisite for Combat Grading. Anyone with skill and guts may take the challenge. Participants wanting to know what awaits them in grading may test and hone their skills in a ‘Combat Training’ course first.

Who should attend
Combat Grading is designed for technical security professionals. It is expected that people attempt the grading are most likely to be involved in some form of technical penetration testing for at least two-thirds of their professional time.

Free additional tools workshop:
After the first day of the course SensePost offers a free additional workshop on using their suite of hacking tools, including Wikto, Aura, Suru, Crowbar, BidiBLAH and others, copies of which will be distributed to all students. The tools workshop is open to all attendees of any SensePost course and run in the evening after training on Saturday 28 and Monday 30 July. Precise times and locations will be announced during the training courses.

Haroon Meer is currently SensePost's director of Development (and coffee drinking). He specializes in the research and development of new tools and techniques for network penetration and has released several tools, utilities and white-papers to the security community. He has been a guest speaker at many Security forums including the Black Hat Briefings. Haroon doesn't drink tea or smoke camels.

Charl van der Walt is a founding member of SensePost. He studied Computer Science at UNISA, Mathematics at the University of Heidelberg in Germany and has a Diploma in Information Security from the Rand Afrikaans University. He is an accredited BS7799 Lead Auditor with the British Institute of Standards in London. Charl has a number of years experience in Information Security and has been involved in a number of prestigious security projects in Africa, Asia and Europe. He is a regular speaker at seminars and conferences nationwide and is regularly published on internationally recognized forums like SecurityFocus. Charl has a dog called Fish.