Black Hat USA 2009 Weekday Training Session

July 27-28

Tactical Exploitation

HD Moore, MetaSploit

Overview:

Penetration testing often focuses on individual vulnerabilities and services, but the quickest ways to exploit are often hands on and brute force. This two-day course introduces a tactical approach that does not rely on exploiting known vulnerabilities. Using a combination of new tools and lesser-known techniques, attendees will learn how hackers compromise systems without depending on standard exploits. The class alternates between lectures and hands-on testing, providing attendees with an opportunity to try the techniques discussed. A virtual target network will be provided, along with all of the software needed to participate in the labs.

In the first half of the course, attendees will investigate a wide variety of information gathering and footprinting techniques, many of which are critical to a successful penetration test. The Metasploit Framework will be used as a development platform for building custom discovery tools.

In the second half of the course, the focus will shift from information discovery to information exploitation. Attendees will learn how to compromise common operating systems, and once in, how to gain access to the rest of the network.

This course is well-suited to penetration testers of any skill level and all security professionals who have a basic grasp of networking and software exploits. This course differs from a typical ethical hacking program in that the focus is on techniques that are not affected by patch levels. A portion of the class will be dedicated to building new tools, on the fly, to solve the challenges posed by a difficult penetration test.

Trainers:

HD Moore

HD Moore is the founder of the Metasploit Project and one of the core developers of the Metasploit Framework.

Valsmith

Val Smith has been involved in the computer security community and industry for over ten years. He currently works as a professional security researcher on a variety of problems in the security community. He specializes in penetration testing (over 40,000 machines assessed), reverse engineering and malware research. He works on the Metasploit Project development team as well as other vulnerability development efforts. Most recently Valsmith founded Attack Research which is devoted to deep understanding of the mechanics of computer attack. Previously Valsmith founded Offensive Computing, a public, open source malware research project.