Please click on any Training title below to see pricing and full description.
Note: Please read all Registration Terms and Conditions carefully.
Training courses include full access to the Business Hall, Sponsor Workshops, Sponsor Sessions, and Arsenal. Briefings are not included with the purchase of a Training pass; however, you may purchase a Briefings pass to complement your Training course/s once you register. All Briefings and Trainings will be presented in English.
For our 15th birthday and 15th year being involved with Black Hat, this is the beginners course that sets you on a path of offensive security knowledge. It is aimed at an introductory level for technical people with little or no experience in the world of hacking or penetration testing. This course is meant for those who work in IT security, project managers, middle-management, or anyone who wants to understand more about offensive testing and get their hands dirty breaking into various networks and applications.
Our Master course is aimed at existing penetration testers and people with a solid and technical understanding of penetration testing tools and techniques. Using Nmap, metasploit and getting a webshell should not be new concepts.
The course objectives are to teach students how to hack like a nation state; strong offensive focus drawing on the techniques employed in recent industry hacks. Strong with regards to new vulnerabilities (current year - 3 years) and how to use them to their full potential.
The closer you are to a target, the easier it is to hack. Learn how to take over a company first from the inside and then from outside.
This new course in the SensePost Training lineup looks at the ways you, the student, can exploit and control common architecture and network deployments often seen in the enterprise, such as Microsoft Active Directory infrastructures. This course, which will include new approaches and vectors, is perfect for penetration testers who are tasked at performing internal assessments. From goal-orientated gigs - such as owning AD - and backdooring servers to stealing corporate information without getting caught.
I'm sure there's an app for that!!
As mobile phone usage continues to grow at an outstanding rate, this course shows you how you'd go about testing Android and iOS and to some degree Windows Mobile, mobile platforms, and installed applications to ensure they have been developed in a secure manner.
This course will give you insight and practical window into the methods used when attacking mobile platforms. This course is ideal for penetration testers who are new to the mobile area and need to understand how to analyze and audit applications on various mobile platforms using a variety of tools and platforms. Our mobile course uses a mixture of lectures, hands-on-labs, demonstrations, and group exercises.
In 2002 we released one of the first SQL injection tools, Mieliekoek, then in 2007 we released Squeeza, a tool that exfiltration of data from compromised databases through various channels (DNS, timing, HTTP error messages).
We love owning the application layer and this course reflects that. We want to take students on a path of obtaining offensive security knowledge in the application realm. This course is meant for those who are new to penetration testing, network administrators or indeed anyone who wants to understand more about offensive testing and get their hands dirty breaking into various networks and applications.
From CEO to IT SysAdmin ninja, if you're looking to get some hands on experience with the tools and techniques the bad guys are using, this is the class for you. We'll take you from zero to hero using Metasploit to familiarize you with its capabilities and get you ready to take the Metasploit Mastery course.
Already cut your teeth with the beginners course? Just want to increase your Metasploit ninja skills? If you're looking to get some hands on experience with the tools and techniques the bad guys are using, this is the class for you. In this class you'll go from simply using Metasploit to molding it to do things you never imagined it could do.
Active Defenses have been capturing a large amount of attention in the media lately. There are those who thirst for vengeance and want to directly attack the attackers. There are those who believe that any sort of active response directed at an attacker is wrong. We believe the answer is somewhere in between.
If you want to execute in-depth and effective offensive engagements at scale, Adaptive Penetration Testing is for you. This challenging, fast-paced course will teach you how to use modern tools and tradecraft to accurately emulate modern threats, while adapting common penetration testing constraints. Challenge yourself in fully simulated enterprise network environments, complete with vulnerable services, applications, and modern endpoints.
APT X, Stuxnet, Energetic Y; it's time for penetration testers to start actually operating like the adversaries their customers actually face. Learn advanced, cutting edge tradecraft to glide through enterprise environments while evading modern defenses. Just like high-end adversaries, you and your team will compromise a high-security network from start to finish, evading live network defenders, all without throwing a single exploit. Challenge yourself to operate like the enemy and show your customers what they're truly up against.
The fast-paced course teaches the audience a wealth of hacking techniques to compromise various operating systems and networking devices. The course will cover advanced penetration techniques to achieve exploitation against these platforms:
Students will have access to a hack-lab with wide variety of vulnerabilities to practice exploitation and will receive a FREE 1 month subscription after the class to allow more practice time. From old-school misconfiguration issues to the very latest cutting-edge exploits, we have got it all covered.
This interactive training identifies and demonstrates over 100 free online resources that can aid anyone searching the internet with breaking through the traditional roadblocks. Participants will be shown how to "dig" into the internet for personal information about any target. While popular sites such as Twitter, Instagram, and Facebook are covered in detail (including techniques that legally access some "hidden" content), the presentation goes much deeper into the vast resources available online for researching personal information. Additionally, instructions for new real-time monitoring will be presented in great detail. Aside from web sites, other technologies such as document meta-data, reverse cellular caller ID, and Application Programming Interfaces (APIs) will be explained. These sources can also be used to conduct thorough background checks on potential employees or locate client vulnerabilities. All resources can be applied to domestic and international investigations. Many custom tools will be shared with the audience for free lifetime use.
From mind-bending XSS attacks, to exploitation of CSRF vulnerabilities, to advanced SQL injection attacks, Advanced Web Attacks and Exploitation will broaden your knowledge of web application hacking and help you identify and circumvent various protection mechanisms in use on the web today. Every year this course has been offered, multiple students have left the class with 0day exploits discovered during the training.
The authors of Aircrack-NG (most popular tool for Wi-Fi Pentesting) and the best selling book "Backtrack 5 Wireless Penetration Testing" (sold over 13,000+ copies worldwide) have teamed up to create this absolutely advanced course on Wireless Pentesting!
Advanced Windows Exploitation provides an in-depth and hardcore drill down into topics ranging from precision heap spraying to DEP and ASLR bypass techniques to real-world 64-bit kernel exploitation. This course is extremely hands-on and includes a lab environment that is tailored to challenge and bring the most out of you. The case studies covered include vulnerabilities discovered by our research team or exploits written by Offensive Security.
Learn how to thoroughly lock down Linux and UNIX systems from Jay Beale, the creator of Bastille Linux. In this fully hands-on course, you'll harden not only the operating system, but also the server programs running on it. You'll massively increase their resiliency to attack, whether they are web, mail, FTP or DNS servers. You'll also learn to use security tools to build in intrusion prevention system (IPS) functionality, advanced firewalling, spam filtering, and attack detection.
This course will focus on the techniques and tools for testing the security of Android mobile applications. During this course the students will learn about important topics, such as the Android Security model, the Android runtime, how to perform static analysis, traffic manipulation, memory dumps, debugging , code modification and dynamic analysis - from zero knowledge of the APK to full exploitation. Students of this course will learn how to operate and make the best of the AppUse custom VM for Android application penetration testing, from its own creators.
By taking this course you will be able to perform penetration testing on Android mobile applications and expose potential vulnerabilities in the tested application such as insecure storage, traffic manipulation, malicious intents, authentication and authorization problems, client side SQLi, bad cryptography, and more.
There are four technical skills required by security researchers, software quality assurance and test engineers, or developers concerned about security: Source code auditing, fuzzing, reverse engineering, and exploitation. Each of these domains is covered in detail. C/C++ code has been plagued by security errors resulting from memory corruption for a long time. Problematic code is discussed and searched for in lectures and labs. Fuzzing is a topic book author DeMott knows about well. Mutation file fuzzing and framework definition construction (Sulley and Peach) are just some of the lecture and lab topics. When it comes to reversing C/C++ (Java and others are briefly discussed) IDA pro is the tool of choice. Deep usage of this tool is covered in lecture and lab. Exploitation discussions and labs are the exciting final component. You'll enjoy exploitation basics, and will also use the latest techniques.
This is not your traditional SCADA security course! How many courses send you home with your own PLC and a set of hardware/RF hacking tools?!? This course teaches hands-on penetration testing techniques used to test individual components of a control system, including embedded electronic field devices, network protocols, RF communications, and master servers. Skills learned apply directly to systems such as the Smart Grid, PLCs, RTUs, smart meters, building management, manufacturing, Home Area Networks (HAN), smart appliances, SCADA, substation automation, and synchrophasors.
This two day course will take a deep-dive into the fundamentals of SCADA security and provide students with the knowledge that they need to safely perform penetration testing against live SCADA environments. The course will also provide students with methodologies through which security research may be performed against SCADA devices in order to identify 0day flaws in some of the world's most critical systems. During the course, students will have the opportunity to engage in live attacks against programmable logic controllers (PLC's) and other industrial control systems, to include activities such as SCADA RTOS firmware reversing and SCADA protocol fuzzing.
A look into automotive systems with an in-depth and hands-on course on automotive controllers and networks.
This training, a natural growth from Matasano's Cryptopals' challenges and the 'Crypto for Pen Testers' course, is designed to give students a a deep understanding of how exploitable cryptographic vulnerabilities and problematic cryptographic protocols arise. Rather than focus on individual attacks and teach people how to perform carbon-copy exploitation in contrived scenarios - we've gone a level deeper and taken the common underpinnings of them. What do Lucky13, hash length extensions, and Bitlocker bypass attacks have in common? Recognize the fundamental issue in them, and then start finding novel attacks in new situations.
It is continuously becoming harder to circumvent the security controls on externally facing systems and gain full access to the internal network. With the different types of technologies, hardening techniques, and detection; the job of a penetration tester continues to get more advanced. This course is designed to teach both novice and professional penetration testers real world techniques used to compromise an organization. Learn the top techniques from some of industries best penetration testers, the author of the Social-Engineer Toolkit (SET) David Kennedy, and Adrian Crenshaw (Irongeek).
This course provides a solid foundation in cloud security, and includes a full day of hands-on labs to apply the principles in practice. We cover all the material needed to pass the Cloud Security Alliance Certificate of Cloud Security Knowledge (CCSK) exam, but add a pragmatic approach to immediate kick start your cloud security projects. For Black Hat, we also add expanded material to show you how to take cloud security to the next level by leveraging DevOps techniques and the characteristics of the cloud.
This interactive course will teach network security professionals how to use data science techniques to quickly write scripts to manipulate and analyze network data. Students will learn techniques to rapidly write scripts to improve their work. Participants will learn now to read in data in a variety of common formats, then analyze that data and apply elementary machine learning techniques to identify potential threats.
Covering everything necessary to successfully manage an incident, students will work through various scenarios building response plans for each situation. From what should be in place prior to an crisis, to knowing when to trust your network again, this practical course will teach you how to appropriately respond in real world crisis.
During this course, we will help you unlock the true potential and raw power of Maltego - from helping you to understand the underlying technologies to exploring the full potential of Maltego's analytic capabilities. Join us and we'll show you how to navigate and map the Internet's darkest rivers...
Dark Side Ops: Custom Penetration Testing focuses on using stealthy techniques, advanced attacks, and custom malware to conduct realistic, targeted penetration tests. An intensive, hands-on lab environment with tons of code samples provides participants with a structured and challenging approach to bypass the very latest in offensive countermeasures. Participants will also receive and compile source code to create several custom shells and backdoors as they learn to plan, exploit, pivot, persist, and evade detection in even the most secure networks.
The ability to detect and respond to malware infections, external attacks, and insider threats requires a strong foundation in digital forensics and incident response. This courses teaches the skills necessary to to perform a wide range of computer forensics tasks and techniques across disk and volatile memory of Windows systems.
If you've wondered how much damage attackers can do with devices such as printers, wireless routers, thermostats, TVs, and even Wi-Fi-enabled treadmills, look no further than this course. If you've wondered just how to test "The Internet of Things" for security without crashing the device and uncover its hidden secrets, this course will satisfy your curiosity. The goal of this course is to enable you to uncover embedded system's vulnerabilities as part of your duties as a security professional.
This training will empower you to understand which are the most critical security threats affecting your SAP platform. Learn how to assess your organization for SAP-specific vulnerabilities using opensource tools, and use exploits in a controlled environment to better understand and communicate the potential business risk. Learn how to mitigate existing vulnerabilities to protect yourself against the most common attack vectors. No previous SAP expertise required!
Learn advanced browser exploitation techniques, DEP and ASLR bypass, ROP chaining and Use-After-Free bugs in this intermediate/advanced level exploit development training. Exploit Laboratory: Black Belt is the next step for those who have already taken an introductory class in exploit development and want to take their red team skills to the next level. Our lab environment will be made available to all attendees to take with them and continue learning after the two days are complete! Can be combined with Exploit Lab: Master as a 4-day class.
Take your exploit development skills to the max with this highly advanced level class. Featured for the first time at the Blackhat USA Trainings, the Exploit Laboratory: Master class covers topics such as advanced ROP chains, an in-depth analysis of infoleak bugs, one-byte memory overwrite ownage, heap spraying on modern Javascript engines, server side heap spraying, kernel exploits and using ROP in kernel exploits. As an added bonus, we shall also cover and an introduction to 64-bit exploitation. Our lab environment will be made available to all attendees to take with them and continue learning after the two days are complete! Can be combined with Exploit Lab: Black Belt as a 4-day class.
Fuzzing For Vulnerabilities is a two-day hands-on course where students learn the skills necessary to design and implement custom fuzzers. This course will walk students through the basics of setting up a fuzzing environment, writing a fuzzer, and analyzing the fuzzer to determine the scope of code covered during a fuzzing session. Students will leave this course with practical knowledge gained from developing a fuzzer for a real-world application with millions of installations worldwide. If your goal is to learn fuzzing to enhance the security of your own software or to find vulnerabilities in others software, this course will provide you with the knowledge to succeed.
This intensive, hands-on course covers examples of exploiting basic memory corruption vulnerabilities up through modern protections such as ASLR and DEP. This course dives deep into the problems encountered when developing real exploits such as space and character set issues. Attendees will learn the tools and techniques to find vulnerabilities and build working exploits as well as the mindset required to tackle exploitation techniques that are new to you.
This course teaches hardware hacking and reverse engineering techniques and skills commonly used against electronic products and embedded systems. It is a combination of lecture and hands-on exercises covering the hardware hacking process, proper use of tools and test measurement equipment, circuit board analysis and modification, embedded security, and common hardware attack vectors. The course concludes with a final hardware hacking challenge in which students must apply what they've learned in the course to defeat the security mechanism of a custom circuit board.
This intensive two-day course is designed to teach the fundamental investigative techniques needed to respond to today's landscape of threat actors and intrusion scenarios. Completely redeveloped with all new material in 2013, the class is built upon a series of hands-on labs that highlight the phases of a targeted attack, key sources of evidence, and the forensic analysis know-how required to analyze them.
Intelligence Driven Security is a class that provides students with an in-depth understanding of intelligence processes and through a hands-on survey of tools used to drive security posture using intelligence. Students will learn a variety of topics, from building an intelligence program through reverse engineering for intelligence analysis, to communicating and sharing intelligence with peers, partners, and leadership.
We all love gadgets like the WiFi Pineapple, Minipwner, and Pwn Plug! They are extremely useful to show compelling demos, aid in social engineering attacks and can be used for pentest task automation. In this training, you will learn how to make your own Pentesting Gadget from scratch using off the shelf home wireless routers. You will be able to run pentest tools like Nmap, Metasploit, Aircrack-NG, etc. on this platform, automate pentest tasks, create rogue devices, backdoor the firmware and even create a wireless IDS/IPS!
Almost every computer incident involves a trojan, backdoor, virus, or rootkit. Incident responders must be able to perform rapid analysis on the malware encountered in an effort to cure current infections and prevent future ones. This course provides a rapid introduction to the tools and methodologies used to perform malware analysis on executables found on Windows systems using a practical, hands-on approach.
Air, sea, land, space, and now cyber. Cyberspace has been named an operational domain by the U.S. Department of Defense. This designation and subsequent application of U.S. doctrine to cyberspace operations has shed light on new tactics and techniques for network defense based on military doctrine developed over millennia; techniques you can use now to improve the defense of your network. This course will introduce you to the intricacies of this complex new landscape through discussion and hands-on exercises developed by career Army officers with a combined 50+ years of experience.
From the authors of "Network Forensics: Tracking Hackers Through Cyberspace" (Prentice Hall, 2012) comes Network Forensics: Black Hat Release. This fast- paced class includes packet analysis, statistical flow record analysis, wireless forensics, intrusion detection and analysis, network tunneling, malware network behavior-all packed into a dense 4 days, with hands-on technical labs throughout the class.
For the first time in Black Hat, we are offering an Internet of Things (IoT) Exploitation class. It's a two-day action packed course full of hands-on exercises and labs on both simulated and real environments.
You'll get to play with some real devices, find vulnerabilities and write exploits for them using some cutting edge techniques and tools. Some of the things that we will cover in the class are:
and a lot more.
Battle tested, industry approved, and by popular demand - Penetration Testing With Kali Linux returns to Black Hat Vegas. The one and only official training by the creators of Kali Linux, this intense, hands-on security class by Offensive Security has provided the foundation of knowledge for many in the security community. Year after year this class always sells out fast, so if you want to attend you better sign up quick.
Those who attend this session will leave with a full awareness of how to best protect buildings and grounds from unauthorized access, as well as how to compromise most existing physical security in order to gain access themselves. Distinguish good locks and access control from poor ones and become well-versed in picking and bypassing in order to assess your own company's security posture or augment your career as a penetration tester.
Intensive lab-based course aiming to expand your exploitation ability to include the ARM processor architecture. Students will learn under "real world" circumstances through multiple lab exercises and challenges covering code auditing, advanced heap exploitation and more.
You will learn practical hands-on skills to implement Threat Intelligence into your organization. Create an Intelligence-Based Security Strategy. Develop your Intelligence Capabilities. Perform Intelligence Aggregation. Understand the Cyber Kill Chain. Identify Indicators of Compromise. Carry out Threat Analysis including Data Visualization. Identify, Profile and Track Hackers. Develop Actionable Intelligence. Respond and Disseminate Threats.
This course combines deep understanding of reverse engineering with rapid triage techniques to provide students with a broad capability to analyze malicious artifacts uncovered during incident response.
This course provides training in knowledge factors and functional requirements established for Entry and Intermediate Level Risk Analysts and addresses professional processes and policy requirements established within the federal Risk Management Framework (RMF). Specific focus is directed on identifying, implementing and integrating management, acquisition and administrative risk methodologies for securing critical information infrastructures and establishing standards necessary to help protect the confidentiality, maintain the integrity and ensure the availability of critical organizational computing resources within a risk managed framework.
An introduction to digital signal processing, software radio, and the powerful tools that enable the growing array of SDR projects within the hacker community, this course takes a unique "software radio for hackers" approach, building on the participants' knowledge of computer programming and introducing them to the forefront of digital radio technology. Participants will learn how to transmit, receive, and analyze radio signals and will be prepared to use this knowledge in the research of wireless communication security. Each student will receive a HackRF One software defined radio transceiver, a $300 value.
Software Exploitation via Hardware Exploits is a hands-on course covering tools and methods for manipulating, modifying, debugging, reverse engineering, interacting with, and exploiting the software and hardware of embedded systems. Students will learn how to use and develop tools and techniques for exploiting embedded devices from mobiles to off-the-shelf-consumer electronics.
Looking to sharpen your malware analysis skills? Then take this fast-paced class to develop skills in dealing with anti-reversing, packers, and special case malware. You will practice your new skills by dissecting real malware via hands-on labs.
This new extended version of Tactical Exploitation teaches students a deeper level of new tools and lesser-known techniques. Along with the extended format students will become immersed in a unique offensive school of thought. A mind set seen in real world attacks vs penetration testing. This class is designed to help students achieve success in any environment. Students learn how to compromise systems without depending on standard exploits and how to keep from getting caught.
Tactical Response is a multidisciplinary approach to understanding the methodologies, techniques, and tools for both offensive and defensive security. This 2-day course introduces a tactical approach for instrumenting, alerting, and responding for enterprises. It is designed to be
Ida Pro is touted as the premier disassembler available today, capable of disassembling machine languages for a large number of microprocessors and micro controllers. This course will cover advanced features of Ida that may be used to work through challenging reverse engineering problems. This course is taught using primarily x86 and ARM assembly language.
Ida Pro is touted as the premier disassembler available today, capable of disassembling machine languages for a large number of microprocessors and micro controllers. This course will cover essential features of Ida that anyone looking to begin using this tool should be familiar with. This course is taught using x86, 32-bit, assembly language.
Create custom exploit shellcode for Windows, Linux and Mac OS X, integrate your shellcode into Metasploit and public exploits. The Shellcode Lab holds your hand to take your security skills to the next level. Register for The Shellcode Lab now!
Our "Web Application Hacker's Handbook" Series is still the most deep and comprehensive general purpose guide to hacking web applications that is currently available. In late 2011, MDSec set up the online training labs: over 200 hacking labs hosted in the cloud. In this course, we bring you the solutions, demos, and much more material and technologies for you to try.
As well as covering the 1st and 2nd Edition, our course has evolved to cover new attacks and techniques, including blind XXE attacks, new XSS vectors, new and damaging logic flaws, and attacks against frameworks.
New to this class, you will be able to find vulnerabilities in our labs using the new Burp Collaborator, as well as other custom Burp extensions.
We have run courses for over 9 years at Black Hat, and we know what you want. This structured course is balanced at 130 slides with numerous opportunities to watch instructor-led demos, whilst hacking our library of over 150 lab exercises, spanning .Net, J2EE, PHP and finishing with a "Capture the Flag" contest.This class helps you bootstrap into the areas of reverse engineering, vulnerability exploitation, operating system design, code optimization, and compiler design. It's extremely rare to see any security conference where assembly language isn't mentioned in someone's slides. Because understanding assembly is crucial to analyzing and understanding how software (good or bad) operates. So by taking this class you will be able to start understanding more conference talks, and most importantly, you will have unlocked many more security career paths.
Even when crypto is correctly implemented, it is notoriously difficult to use correctly. In this course we study how crypto works, how to use it properly, and how to stay clear of crypto misuses that will leave you wide open to attack.
Learn everything about security visualization to make your log analysis and forensic investigations more efficient and effective. We explore big data and visual analytics to uncover new insights and hidden attacks on your environment.
To achieve maximum stealth and obtain unabated access to the system, rootkits execute in kernel mode. This advanced course provides a comprehensive end-to-end view of the modus-operandi of rootkits by taking an in-depth look at behind the scenes working of the Windows kernel and how these mechanisms are exploited by malware through hands-on labs and real world case studies. Kernel security enhancements that have been progressively added from Windows 7 to the latest update of Windows 8.1 are discussed along with some circumvention techniques. Attendees will study key parts of popular rootkits to understand the real world applicability of these concepts for offensive and defensive purposes.
