Please click on any Training title below to see pricing and full description.
Note: Please read all Registration Terms and Conditions carefully.
Training courses include full access to the Business Hall, Sponsored Workshops, Sponsored Sessions, Arsenal and Features. Briefings are not included with the purchase of a Training pass; however, you may purchase a Briefings pass to complement your Training course/s once you register. All Briefings and Trainings will be presented in English.
The days of using excel to find malicious activity are over. Breaches are only expanding in size, so incident responders need their own way of growing out of the days of using excel to hunt through mountains of data. In this course, you will learn how to create your own enterprise-wide hunting platform using ELK with data enrichment feeds. Additionally, creating the means of retrieving the data from the various endpoints and data sources will also be introduced and explained throughout the course. Students will deploy PowerShell scripts across a customized network environment to gather critical data necessary to respond to an incident. Once the data has been collected students will then enrich the data from both a normalization perspective as well as using visualizations to assist in finding outliers and anomalies within the data sets. This course will teach you how to not only set up an ELK server specifically geared to facilitate powerful hunting, but will also show you how to collect data efficiently from every single endpoint on your network in a very short span of time, thereby enabling you to proactively hunt on a regular basis.
Learning the secret incantations to make embedded systems carry out your will is not as hard as one might think. In the world of IoT, the hardened system is rare and often a firmware image is more than enough to find and exploit weaknesses. This session explains in detail a process for going from zero-knowledge to zero-day on real-world devices without breaking a sweat or picking up a screwdriver.
Students will be provided a virtual machine image configured to emulate a selection of vulnerable devices. Attendees will be guided to rediscover vulnerabilities and then craft exploits for these virtual devices before finally testing on real hardware. This training is focused on identifying bug chains which are easily and reliably exploited over an IP network by an unauthenticated attacker using portable techniques.
This hands-on training teaches the concepts, tools, and techniques to analyze, investigate and hunt malwares by combining two powerful techniques malware analysis and memory forensics.This course will introduce attendees to basics of malware analysis, reverse engineering, Windows internals and memory forensics, it then gradually progresses deep into more advanced concepts of malware analysis & memory forensics. Attendees will learn to perform static, dynamic, code and memory analysis. This course consists of scenario-based hands-on labs after each module which involves analyzing real-world malware samples and infected memory images (Crimewares, APT malwares, Fileless malwares, Rootkits, etc.). This hands-on training is designed to help attendees gain a better understanding of the subject in a short span of time. Throughout the course, the attendees will learn the latest techniques used by the adversaries to compromise and persist on the system. It also covers the code injection and rootkit techniques used by the adversaries to bypass security products. The training also demonstrates how to integrate malware analysis and forensics techniques into a custom sandbox to automate the analysis of malicious code. After taking this course, attendees will be better equipped with skills to analyze, investigate and respond to malware-related incidents.
From CEO to IT SysAdmin ninja, if you're looking to get some hands on experience with the tools and techniques the bad guys are using, this is the class for you. We'll take you from zero to hero using Metasploit to familiarize you with its capabilities and get you ready to take the Metasploit Mastery course.
Already cut your teeth with the Basics course? Just want to increase your Metasploit ninja skills? If you're looking to get some hands on experience with the tools and techniques the bad guys are using, this is the class for you. In this class you'll go from simply using Metasploit to molding it to do things you never imagined it could do.
New for 2018, this two day course will take a deep-dive into the world of red-teaming industrial control systems; while teaching the fundamentals of SCADA security that are required to successfully penetrate industrial control system environments. The course will also provide students with methodologies through which security research may be performed against SCADA devices in order to identify 0day flaws in some of the world's most critical systems. During the course, students will have the opportunity to engage in live attacks against programmable logic controllers (PLC's) and other industrial control systems, to include activities such as SCADA RTOS firmware reversing, ICS hardware hacking and SCADA protocol fuzzing.
This class teaches students the basics of performing the first few stages of a social engineering (SE) attack: Performing reconnaissance via OSINT; Enumeration and exploitation of SE targets; and Gaining access via SE and hardware tools. You will learn how to gather valuable information used to create and execute highly targeted SE attacks, and gain a better understanding of human, physical, and technical attack vectors. Classroom hands-on exercises will include OSINT skill building, evaluation of human vulnerability, use of the Hak5 Pineapple to conduct active WiFi attacks, and performance of physical computer attacks by delivering payloads with the Hak5 USB Bash Bunny. Through class exercises, real-world case studies, and demonstrations, we focus on understanding and using modern techniques to demonstrate vulnerability through SE pen testing. This course culminates in an examination of effective approaches to and elements of building successful organizational security awareness programs.
The days of reacting to an attack are past. Blue Teams must try to actively detect an adversary. Deception provides capabilities of detecting and shaping the path an adversary with increased certainty and reveal the intent of an adversary.
In this training, we understand, implement and design different deception techniues. We will use built-in OS tools to deploy deception enterprise-wide. We will practice identifying deception and counter deception by Red Teams. Some techniques, used in the course:
Active Defenses have been capturing a large amount of attention in the media and in legislation lately. There are those who thirst for vengeance and want to directly attack the attackers. There are those who believe that any sort of active response directed at an attacker is wrong. We believe the answer is somewhere in between.
Enterprises are managed using Active Directory (AD) and it often forms the backbone of the complete enterprise network. To secure AD, you must understand different techniques and attacks used by adversaries against it. Often burdened with maintaining interoperability with a variety of products, AD lack ability to tackle latest threats.
This training is aimed towards attacking modern AD using built-in tools, scripting languages and other trusted OS resources. Some of the techniques, used in the course:
Challenge yourself in attacking a fully simulated enterprise environment, complete with domain services, security controls, misconfigurations, and vulnerable applications. You will learn to effectively create devastating attack paths to gain access to the target environment's "crown jewels" and demonstrate the impacts of a breach. This fast-paced course, led by highly skilled, recognized names in penetration testing, will teach you how to leverage penetration testing toolsets utilized by our team during hundreds of engagements. You will learn how to conduct effective, in-depth penetration tests, focused on demonstrating risks posed by modern attackers.
In this course you will:
ARM has emerged as the leading architecture in the Internet of Things (IoT) world. The "Advanced ARM IoT Exploit Laboratory" is a 2-day intermediate/advanced level class intended for students wanting to learn about bypassing exploit mitigation technology on ARM based IoT devices. The class takes an in-depth look at ARM Return Oriented Programming (ROP) as well as bypassing ASLR. Our lab environment features hardware and virtual platforms for exploring exploit development on ARM IoT devices.
The class concludes with an end-to-end "Firmware-To-Shell" hack, where we extract the firmware from a popular ARM SoHo router and an ARM IP Camera, build a virtual environment to emulate and debug it, and then use the exploit to gain a shell on the actual hardware device.
NOTE!! This class assumes that students already know the basics of ARM exploitation, including ARM assembly and ARM shellcode. For students keen on end to end ARM exploitation, it is recommended to take both INTRO and ADVANCED classes in succession in a 4-day format.
Learn to embrace cloud and build secure and resilient applications and infrastructure that blow away what you can do in traditional environments. This advanced training program covers cutting-edge techniques for building secure cloud deployments, from networking and identity management through application security and serverless architectures. This two day training is predominantly hands-on labs as we build out a secure cloud environment and cloud-native application architecture, then create a deployment pipeline with integrated security testing. We finish with security automation and a live fire incident response exercise. All labs are in Amazon Web Services but we also discuss the implementation differences for Azure and Google Compute Platform.
This course brings you a whole new level of hardware hacking – imagine being able to break an AES-128 bootloader in a few minutes, or glitching past password checks in otherwise secure devices. Based on the open-source ChipWhisperer, this course uses the hands-on experience by providing each student with a ChipWhisperer-Lite board (which they keep) and bringing them through a variety of attacks against real encryption and security code examples.
Anyone specifying or developing embedded systems needs to understand these attacks, as they might allow an attacker to compromise your otherwise secure system.
Our best-selling class, Advanced Infrastructure Hacking (AIH), returns to BH USA. The 2018 edition brings more new, neat and ridiculous network hacks. From old-school misconfiguration issues to the very latest cutting-edge techniques and exploits against the modern network platforms, we have got it all covered. The course will cover advanced penetration techniques to achieve exploitation against these platforms:
Our best-selling class, Advanced Infrastructure Hacking (AIH), returns to BH USA. The 2018 edition brings more new, neat and ridiculous network hacks. From old-school misconfiguration issues to the very latest cutting-edge techniques and exploits against the modern network platforms, we have got it all covered. The course will cover advanced penetration techniques to achieve exploitation against these platforms:
From mind-bending XSS attacks, to exploitation of CSRF vulnerabilities, to advanced SQL injection attacks, Advanced Web Attacks and Exploitation (AWAE) will broaden your knowledge of web application hacking and help you identify and circumvent various protection mechanisms in use on the web today. Every year this course has been offered, multiple students have left the class with 0-day exploits discovered during the training.
As highly skilled professionals with years of experience under our belts we know that there is a gap between academic knowledge of threat modeling and the real world.
In order to minimize that gap we have developed practical Use Cases, based on real life projects. Each use case includes a description of the environment, together with questions and templates to build a threat model. Students will be challenged in groups of 3 to 4 people to perform the different stages of threat modeling on the following:
Advanced Windows Exploitation provides an in-depth and hardcore drill down into topics ranging from precision heap spraying to DEP and ASLR bypass techniques to real-world 64-bit kernel exploitation. This course is extremely hands-on and includes a lab environment that is tailored to challenge and bring the most out of you. The case studies covered include vulnerabilities discovered by our research team or exploits written by Offensive Security.
Tired of "detecting" a breach after an incident has already begun? Hunt operations focus on proactively searching for malicious threat actors and closing the gap from infection to detection. Many security solutions attempt to prevent the initial compromise, or detect known post-exploitation activity, but can be bypassed by skilled attackers. This course will teach you how to create threat hunting hypothesis and execute them in your environment to proactively search for attacker indicators not identified by existing security solutions.
In this course, you will:
PowerShell offers security practitioners working within the Microsoft stack amazing capabilities for both offense and defense. Today, PowerShell is relied upon by red teams, threat hunters, incident responders, penetration testers, criminals, and nation-state adversaries alike due to its ability to automate attack and defense at scale. Gain a full understanding of how to effectively wield PowerShell as an attacker or defender.
In this course you will learn:
Upgrade your Red Team tradecraft with bleeding-edge Tactics, Techniques, and Procedures (TTPs) used by attackers in real-world breaches. Infiltrate networks, gather intelligence, and covertly persist in a network like an advanced adversary. Use the skillsets taught to go up against live incident responders in an enterprise lab environment designed to mimic a mature real-world network, and learn to adapt and overcome Blue Team response through collaborative feedback.
Topics covered include:
Learn how to thoroughly lock down Linux and UNIX systems from Jay Beale, the creator of Bastille Linux and the Center for Internet Security's first Linux security benchmark. In this fully hands-on course, you'll be given a laptop with capture-the-flag intentionally-vulnerable virtual machines, which you will learn to attack and defend against those attacks, as well as unknown attacks. You'll learn to harden not only the operating system, but also the server programs running on it. You'll massively increase their resiliency to attack, no matter what application they run. You'll learn how to repel, detect and contain attacks, using configuration and free tools, including SELinux, Docker and Kubernetes containers, OSSEC, ModSecurity, FWKnopd, and AppArmor. Don't miss it!
There are four technical skills required by security researchers, software quality assurance and test engineers, or developers concerned about security: Source code auditing, fuzzing, reverse engineering, and exploitation. Each of these domains is covered in detail. Code has been plagued by security errors resulting from memory corruption for a long time. Problematic code is discussed and searched for in lectures and labs. Fuzzing is a topic book author DeMott knows about well. Mutation, framework, and genetic fuzzers (Peach, AFL, etc) are just some of the lecture and lab topics. When it comes to reversing C/C++ (Java and others are briefly discussed) IDA pro is the tool of choice. Deep usage of this tool is covered in lecture and lab. Exploitation discussions and labs are the exciting final component. You'll enjoy exploitation basics, and will also use the latest techniques.
This interactive course will teach security professionals how to use data science techniques to quickly manipulate and analyze security data. The course will cover the entire data science process from data preparation, exploratory data analysis, data visualization, machine learning, model evaluation and finally, implementing at scale—all with a focus on security related problems.
Immerse yourself in a simulated corporate environment where you will learn hands on both the latest attacker techniques, but most importantly how to detect the attacks. This course will apply offensive techniques used by adversaries and penetration testers to help teach offensive methods as well as the best approach to detect both easy and hard attacks. Learn to circumvent the latest security tech, move laterally across systems, and gain access to data while learning how to detect these each step of the way. This course is designed for beginners, intermediates, and season defenders and penetration testers taught by some of the leading experts in information security.
This hands-on class will introduce you to the common interfaces on embedded MIPS and ARM systems, and how to exploit physical access to grant yourself software privilege via UART, JTAG, or SPI.
Designed for newcomers to hardware, over 70% of our time will be hands-on with current off-the-shelf hardware, supported by lectures to fill in the background. This is why classes we developed have sold out at Black Hat the past 4 years.
You've learned about JTAG, UART, and SPI in your introductory IOT hacking class, but how does this apply to real world devices you encounter on actual engagements?
This course will put what you've already learned into context. We'll analyze how and why hardware hacks belong in scope of certain pen tests, and what that means to threat modeling and deliverables. We'll build upon your basic skills and see how more advance hardware and firmware analysis tells us more about the software vulnerabilities in a system. We'll prototype some hardware exploits into compelling demos or helpful red-team tools.
ARM has emerged as the leading architecture in the Internet of Things (IoT) world. The "ARM IoT Exploit Laboratory: Intro" is a 2-day introductory level class intended for students wishing to enter the world of ARM based exploit development. The class covers topics such as ARM CPU architecture, ARM assembly language, functions on ARM, practical memory corruption on ARM and writing ARM shellcode from the ground up with plenty of time for hands-on exercises.
Our lab environment features hardware and virtual platforms for exploring exploit writing on ARM based Linux systems and IoT devices. This class paves the way for "The Advanced ARM IoT Exploit Laboratory" which specifically focusses on bypassing exploit mitigation techniques for ARM exploitation.
NOTE!! For students keen on end to end ARM exploitation, it is recommended to take both INTRO and ADVANCED classes in succession in a 4-day format.
This is not your traditional SCADA/ICS/IIoT security course! How many courses send you home with a $500 kit including your own PLC and a set of hardware/RF hacking tools?!? This course teaches hands-on penetration testing techniques used to test individual components of a control system, including embedded electronic field devices, network protocols, RF communications, Human Machine Interfaces (HMIs), and various forms of master servers and their ICS applications. Skills you will learn in this course will apply directly to systems such as the Smart Grid, PLCs, RTUs, smart meters, building management, manufacturing, Home Area Networks (HAN), smart appliances, SCADA, substation automation, synchrophasors, and even IoT.
Even organizations who are not ready for Red Teaming, or who can't afford it can benefit from a greater understanding of the adversarial mindset, but how to get it? Threat and Malware analysis provide some insight, but may be limited to traditional atomic IOCs. So, how do we move beyond that?
This course will introduce actual advanced attacks using MITRE's ATT&CK framework and walk students through cutting edge attack TTPs. Throughout these hands-on exercises, we will discuss how best to detect these techniques, how to identify true malfeasance, and how to see a bigger picture of defense using ATT&CK.
Monitoring for attacks and defending against them in real-time is crucial. Defending our cloud infrastructure during attacks can prove to nightmare even with the currently available solutions in the market. We live in cloud first era where the cloud is our first choice of deployment due to the convenience and scalability. In this training we will learn how to defend our cloud infrastructure using Serverless technologies and Elastic Stack. Elasticstack will collect, analyse logs and triggers alerts based on configured rule-set. Serverless stack drives the defence to perform automated blocking. It will be configured based on the use case and type of attacks. The currently solution works on AWS, Azure and GCP. It can be extended for other providers and custom solutions like in house firewalls, IPS, etc.
Scenarios:
Stay frosty within AWS and Azure environments with this fast-paced and hands-on course which teaches each participant the Tactics, Techniques, and Procedures (TTPs) needed to infiltrate and expand access within cloud platforms.
In this course you will:
This is an entry level course and is a recommended pre-requisite for our Advanced Infrastructure Hacking course. This class familiarizes the attendees with the basics of network hacking. A number of tools and techniques will be taught during the 2 days class. As this is a fast-paced course, attendees will be granted FREE 30 days' lab access to allow sufficient time to practice all the concepts taught during the class.
If you want to step into the world of ethical hacking/pentesting, then this is the right course for you. Attendees are encouraged to combine this class in succession with our Basic Web Hacking course, in a 4 day format for a wider coverage of issues spanning both network and applications.
This course teaches the attendees a wealth of hacking techniques to compromise the security of various web application components. The course starts from the very basic and gradually builds up to the level where attendees can not only use the tools and techniques to hack various components involved in web hacking, but also walk away with a solid understanding of the concepts on which these tools work.
Attendees are encouraged to combine this class in succession with our Basic Infrastructure Hacking course, in a 4 day format for a wider coverage of issues spanning both network and applications. As this is a fast-paced course, attendees will be granted free 30 days lab access to allow sufficient time to practice all the concepts taught during the class.
Penetration testers contribute immensely to the infosec industry and we've seen how that contribution has been picked up by the underground. Whether we like to admit it or not, both ethical hackers and the underground draw inspiration from each other in their tools, techniques and methodologies.
In 2017 we saw the Petya ransomware exploit systems using nation-state capabilities (EternalBlue and EternalRomance), credential theft with Mimikatz and pivot across network with PsExec and WMIC. At SensePost we posted a new method to obtain Macro-less code execution in MSExcel/Word and expanded ruler with a 3rd method for code execution; outlook homepages.
Now imagine the offensive capabilities or defensive insight that can be added to your red team/blue team/hacker crew through the combination of carefully selected underground and penetration testing techniques; welcome to Black Ops Hacking – Master level.
Vehicle Electronic Systems continue to evolve and as they do more and more embedded hardware and software continues to drive the mechanical functions of the vehicle. In this course we will explore the unique networks and communication systems of vehicle electronic systems. We will enable the future of vehicle security research with a mix of lecture and hands-on teaching. Students will learn about vehicle electronic systems, communication networks such as CAN Bus and other serial data networks, as well as discuss the future of Vehicle communications systems. We will learn how to interact with vehicle systems over vehicle network protocols using hands-on tools that are used by Vehicle Manufacture's and Security Researchers.
Cloud Security Hands-On provides a solid foundation in cloud security, including 50% of hands-on labs to apply the principles in practice. It also includes new, expanded material for advanced students. We cover all the material needed to pass the Cloud Security Alliance Certificate of Cloud Security Knowledge (CCSK) version 4 exam, but add a pragmatic approach to immediate kick start your cloud security projects. For Black Hat, we also add expanded material to show you how to take cloud security to the next level by leveraging DevOps techniques and the characteristics of the cloud. If students can keep up, we finish with a live fire incident response exercise.
Even when crypto is correctly implemented, it is notoriously difficult to use correctly. In this course, participants will obtain an in-depth understanding of how crypto works, how to use it properly, and how to stay clear of crypto misuses that will leave you wide open to attack. This course covers RSA, Elliptic Curve Cryptography, Post-Quantum Cryptography and Key Exchange Protocols. Beyond studying how the crypto should be used, we cover many of the major attack vectors on crypto in practice, including the DROWN, FREAK and Logjam attacks on TLS and recent attacks like ROCA on RSA key generation and KRACK on WPA2. The focus of the course is in-depth knowledge so that participants will be able to continue learning and understand newly released attacks, and how they affect their business.
*** UPDATED FOR 2018 ***
Dark Side Ops: Custom Penetration Testing focuses on using stealthy techniques, advanced attacks, and custom malware to conduct realistic, targeted penetration tests. Intensive, hands-on labs provides even intermediate participants with a structured and challenging approach to write custom code and bypass the very latest in offensive countermeasures. Participants will also receive and compile source code to create several custom backdoors, RATs, and persistence and privilege escalation techniques as they learn to plan, exploit, pivot, persist, and evade detection in even the most secure networks.
Dark Side Ops II: Adversary Simulation is the combination of sophisticated, red team trade craft and cutting-edge, offensive development to simulate real-world adversary activities. Challenge yourself to move beyond reliance on the typical "low-hanging exploitable fruit" from 1999 and start thinking, persisting, pivoting, and operating like a sophisticated adversary. Application whitelisting got you down? No problem. Can't catch that callback? Been there. No touching disk? No worries. Dark Side Ops II: Adversary Simulation helps participants up their offensive game by sharing the latest in initial access and post-exploitation, defensive countermeasure bypasses, and unique malware code execution techniques.
Mega-breach or minor incident? The difference is in the speed of detection, effectiveness of containment, and accuracy of scoping. IT and security professionals are on the front lines.
In this technical, hands-on class, we'll dig into different types of breach scenarios, including cloud account breaches, internal compromise, lost/stolen device, and ransomware. Learn strategies for detection and evidence preservation, and techniques for quickly scoping/containing a breach. Each module includes a hands-on lab where you analyze and scope the breach.
The capstone of the class is an interactive tabletop exercise, where you have to respond to a Maktub ransomware infection--- and handle a flood of media calls because your data has been leaked onto Pastebin. Can you detect, contain and respond to the breach before it turns into a nightmare?
This intensive, engaging class will give you plenty of "war stories" to share, and hands-on experience in data breach scoping and response.
Digital Forensics and Incident Response are the key fields that enable organizations to combat modern threats - whether they come from attackers across the world or from a disgruntled employee in the accounting department. In this course students will learn how to analyze a wide range of activity across Windows systems, including malware execution, anti-forensics tampering, exfiltration of sensitive data by attackers and rouge insiders, and more. To track these activities, students will learn how to locate and analyze over twenty artifact types that are commonly found on Windows systems. The learned skills are immediately usable in the field, whether the students are digital forensics investigators, incident response handlers, network administrators, or IT managers who want to understand these technical processes. This course has sold out for the last five years, has been consistently highly rated, and has been completely updated to include analysis of Windows 10 systems.
Fuzzing For Vulnerabilities is a two-day hands-on course where students learn the skills necessary to design and implement custom fuzzers. This course will walk students through the basics of setting up a fuzzing environment, writing a fuzzer, and analyzing the fuzzer to determine the scope of code covered during a fuzzing session. Students will leave this course with practical knowledge gained from developing a fuzzer for a real-world application with millions of installations worldwide. If your goal is to learn fuzzing to enhance the security of your own software or to find vulnerabilities in others software, this course will provide you with the knowledge to succeed.
The only workshop delivered by someone who has access to a source code of Windows! It is a part of CQURE Academy and provides certification. In this workshop you will investigate the critical tasks for a high-quality penetration test. We'll look at the most efficient ways to map a network and discover target systems and services. Once it has been done, we will search for vulnerabilities and reduce false positives with manual vulnerability verification. At the end we will look at exploitation techniques, including the use of authored and commercial tools. One of the most important things to conduct a successful attack is to understand how the targets work. In the attack summary we will always go through the securing techniques. We will go through the operating systems' build in problems and how they can be beneficial for hackers!
Includes authored tools!
"Software Exploitation via Hardware Exploitation" is an intensive hands-on course covering tools and methods for manipulating, modifying, debugging, reverse engineering, interacting with, and exploiting the software (firmware) and hardware of embedded systems. These embedded systems include COTS "IoT ("Internet Of Things") products (such as routers, webcams, etc) and Industrial/Enterprise devices. Participants will gain hands-on experience with real-world devices and products, learning to interface with them on a low level. Participants will also be walked through the process of finding several of the 0-day found and disclosed by the instructors. Found to be vulnerable in millions of devices worldwide.
More info available at: http://SexViaHex.com
Too often, beginner courses assume an already high level of skill and understanding of the subject matter being taught. This course is different in that we start with no assumption, rather getting you ready to learn how attackers compromise targets, as well as ensuring you get to do the same thing. As the title suggests, it provides an ideal training ground for our other SensePost Training courses, further self-study, or other hacking courses.
Code injection is a technique that is increasingly used by attackers to bypass application whitelisting. But most defenders have no idea how code injection really works. It's challenging to investigate attackers using code injection if you don't understand what they're doing.
Most penetration testers/red team members don't really understand code injection either, despite their near constant use of it. Ever used the "migrate" feature of metasploit? You've used code injection. Do you know how it works or why? You should – it will make you better at your job.
In this course, we'll start by covering the basics of code injection, using the venerable "CreateRemoteThread" and move into advanced topics like Atom Bombing and Gargoyle that evade most traditional forensics techniques.
Source and binary code will be provided for all examples, so whether you work in offense or defense, you'll be able to immediately level up.
It is indeed all about the information - who controls it, how it propagates, and the effect it has on the receiver. With that knowledge and access comes great power. In this course, you will learn and practice how information operations (IO) are planned and executed. Perhaps more importantly, you will learn how to defend yourself, your employer, and your nation from information-based campaigns.
This fast-paced course will include IO strategies, military IO doctrine and TTPs, psychological operations, deception and counter-deception, IO incident response, how to craft themes and messages, propagation techniques, and tactics for defending and countering information operations, among numerous other subjects.
You'll leave the course with much deeper insight into how information operations are executed and how to defend against them. You'll also gain a heightened awareness and resistance to the manipulation that is taking place on a daily basis.
Have you ever wondered how shadowy groups effortlessly churn out cracks for the latest commercial software? Or how someone built a key generator for your favorite game? Or how to protect your own software from these types of attacks? This class is a high-speed introductory crash course in software reverse-engineering, cracking, and counter-measures. The course covers the basics of x86 assembly, reverse-engineering with the industry favorite IDA, and, of course, hands on experience cracking software.
Interested in hardware hacking, but don't know where to start? This class, taught by world-renowned engineer and hacker Joe Grand, brings you through the process of reverse engineering and defeating the security of electronic devices. Having premiered at Black Hat in 2005, it is the longest running hardware hacking training in the industry and covers product teardown, component identification, circuit board reverse engineering, soldering/desoldering, signal monitoring/analysis, firmware/memory extraction, and more!
This Crash Course rapidly introduces the tools and methodologies necessary to get you analyzing malware that targets the OS X platform. We use a practical, hands-on approach to quickly adapt your current malware analysis skills for OS X.
Almost every computer incident involves a trojan, backdoor, virus, or rootkit. Incident responders must be able to perform rapid analysis on the malware encountered in an effort to cure current infections and prevent future ones. This course provides a rapid introduction to the tools and methodologies used to perform malware analysis on executables found on Windows systems using a practical, hands-on approach.
Malware authors sometimes take deliberate steps to thwart the reverse engineering of their malware. This course is focused on advanced topics related to combating malware defense mechanisms. Designed for the experience d malware analyst, a robust skill set in x86 architecture and the Windows APIs is essential. Students will learn how to specifically combat against anti-disassembly, anti-debugging and anti-virtual machine techniques. Students will also learn how to defeat packed and armored executables and will be challenged to demonstrate these skills several times throughout the course.
Additional topics covered will include malware stealth techniques, such as process injection and rootkit technology; analyses of samples written in alternate programming languages, such as Delphi and C++; and a review of available tools and techniques. All concepts and materials presented are reinforced with demonstrations, real-world case studies, follow-along exercises, and student labs to allow students to practice what they have learned. This class is taught by senior FLARE Malware Analysts who are experienced in fighting through the state-of-the-art malware armor.
Air, sea, land, space, and now cyber. Cyberspace has been named an operational domain by the U.S. Department of Defense. This designation and subsequent application of U.S. doctrine to cyberspace operations has shed light on new tactics and techniques for network defense based on military doctrine developed over millennia; techniques you can use now to improve the defense of your network. Taught by the authors of On Cyber: Towards an Operational Art for Cyber Conflict, this course will introduce you to the intricacies of this complex new landscape through discussion and hands-on exercises developed by career Army officers with a combined 50+ years of experience.
Even wondered how different attacking a Mobile application would be, from a traditional web application? Gone are the days when knowledge of just SQL Injection or XSS could help you land a lucrative high-paying infoSec job.
After a sold out class as multiple conferences over the last few years, we have revamped the material to include a host of new tools and techniques. This will be an introductory course on exploiting iOS and Android applications, suited well for both beginners as well as advanced security enthusiasts. We now also cover ARM and OS exploitation techniques. The training will be based on exploiting Damn Vulnerable iOS app, Android-InsecureBankv2 and a large range of real-world applications in order to give an in-depth knowledge about the different kinds of vulnerabilities in Mobile applications. This is an extensive hands-on class where the students will be exploiting all of these taught vulnerabilities. The course will also discuss how an attacker can secure their application using secure coding & obfuscation techniques. After the workshop, the students will be able to successfully pentest applications running on the various operating systems.
The training will also include a CTF challenge in the end where the attendees will use their skills learnt in the training to solve the CTF challenges. The students will be provided with Slides, tools and VMs used during the course. The students will also be provided with video guides to replicate all of the techniques learnt in the class for once the training ends.
From finding people and those who influence them to uncovering internal IP addresses and technology used at major corporations this course will propel you into the world of open source intelligence feet first. From blue teams to intelligence analysts this course will show you how to get the most out of Maltego with both online and offline data! Expect to be shocked out at how much data is 'out there' and what people can do with it as well as how you can reach this data for both defending and attacking. Come learn about how we find information, correlate it and gain insight into it with the power of Maltego.
This interactive training identifies and demonstrates multiple free online resources that break through traditional search roadblocks. Participants will not only be shown how to "dig" into the internet for personal information about any target but also how to connect attributes across multiple open source data points. While popular sites such as Twitter, Instagram, and Facebook are covered in detail (including techniques that legally access some "hidden" content), the presentation goes much deeper into the vast resources available for researching personal information. Aside from social networks, other technologies such as meta-data, reverse cellular info extraction, mobile app exploitation, and Application Programming Interfaces (APIs) will be explained. The participants will then take all resources available to them and learn how to create their own methodology through practical exercises. All resources can be applied to domestic and international investigations. A custom Linux operating system pre-configured for immediate use will be provided.
Battle tested, industry approved, and by popular demand - Penetration Testing With Kali Linux returns to Black Hat Vegas. The one and only official training by the creators of Kali Linux, this intense, hands-on security class by Offensive Security has provided the foundation of knowledge for many in the security community. Year after year this class always sells out fast, so if you want to attend you better sign up quick.
This is a solid two-day course in network-level pwnage. Minimal theory, just pwning, privilege escalation and exfiltration. Our Pentesting Enterprise Infrastructure course is as hands on as you'd expect from Black Hat, no videos or demos here.
This course looks at the methods and approaches we take when performing internal and external network penetration tests. At SensePost we have almost two decades of experience pwning 'all the things' and continue to contribute to the industry with cutting edge research and tools.
For our training, we have taken our experience from the field and brought it to you in a controlled lab environment. Your aim will be to think like a hacker, map your target, find weaknesses and fully exploit the trust relationships in place. Using scenarios along with presentations, this course is a healthy mix of problem solving, strategies and the methodologies delivered by experienced hackers.
Physical security is an oft-overlooked component of data and system security in the technology world. While frequently forgotten, it is no less critical than timely patches, appropriate password policies, and proper user permissions. You can have the most hardened servers and network, but that doesn't make the slightest difference if someone can gain direct access to a keyboard or, worse yet, march your hardware right out the door.
Both mechanical lock systems as well as electronic access controls will be covered in depth... and students will be provided all the tools as well as the knowledge needed to bypass them! Those who attend this course will leave with a full awareness of how to best protect buildings and grounds from unauthorized access, as well as how to compromise most existing physical security in order to gain access themselves.
There are more Android users than there are of any other mobile operating system worldwide. It is used not only in mobile devices but increasingly in infotainment, industrial, and enterprise products. "Practical Android Exploitation" is a course developed by Stephen A. Ridley (who also co-authored of "The Android Hacker's Handbook" by Wiley & Sons publishing) and Stephen C. Lawler (editor of "Practical Malware Analysis" and other books published by No Starch Press). "Practical Android Exploitation" is a comprehensive course aimed to teach all about Android software security and exploitation. Following the creation of their industry renown course ARMExploitation.com the creators of this course focused this new course on thoroughly exploring the inner-workings of the Android ecosystem and along the way teach participants how to reverse engineer and exploit software on Android. Participants will do it all: from decompiling applications, to writing their own shellcode FROM SCRATCH to exploit native code on Android systems. Jailbreaks, the history of public Android exploits, ARM exploitation, all will be covered in this intensive course.
More details available on: http://AndroidExploitation.com
Ever wondered how to handle deluge of security issues and reduce cost of fixing before software goes to production ? How unicorns like Google, Facebook, Amazon, Etsy handle security at scale? In Practical DevSecOps training you will learn how to handle security at scale using DevSecOps practices. We will start off with the basics of the DevOps, DevSecOps and move towards advanced concepts such as Security as Code, Compliance as Code, Configuration management, Infrastructure as code etc.,
The training will be based on DevSecOps Studio, a distribution for DevSecOps enthusiasts. We will cover real-world DevSecOps tools and practices in order to obtain an in-depth understanding of the concepts learnt as part of the course.
We will also cover how to use static analysis (SAST), Dynamic Analysis (DAST), OS hardening and Security Monitoring as part of the Secure SDLC and how to select tools which fit your organization needs and culture.
After the training, the students will be able to successfully hack and secure applications before hackers do. The training will also include a CTF challenge in the end where the attendees will use skills learnt in the training to solve the CTF challenges. The students will be provided with slides, tools and Virtual machines used during the course.
The key points of our course are "Comprehensive" and "Practical".
We cover:
"Practical IoT Hacking: Basic Edition" is a research backed and unique 2-day course which offers security professionals, a good understanding of the core of IoT Technology i.e. IoT protocols, sensor tech and their underlying weaknesses. The extensive hands-on labs enable attendees to master the art, tools and techniques to find-n-exploit or find-n-fix the vulnerabilities in IoT, not just on emulators but on real smart devices as well.
The course is aimed at security professionals who want to enhance their skills and move to/specialize in IoT security. The course is structured for beginner level attendees who do not have any experience in IoT, reversing or hardware.
The course specifically focuses on the security issues and attacks on evolving IoT technologies including widely used IoT protocols and platforms in various domains such as home, enterprise etc. It covers grounds-up on various IoT protocols including internals, specific attack scenarios for individual protocols and open source software/hardware tools one needs to have in their IoT penetration testing arsenal. We also discuss in detail how to attack the underlying hardware of the sensors using various practical techniques.
Attendees will be provided with:
This course is designed to introduce students to the concept of vulnerability discovery through fuzzing and determining the exploitability of crashing conditions. Students will be exposed to techniques to quickly identify common patterns in specifications that produce vulnerable conditions, learn the process to build a successful fuzzer, and highlight public fuzzing frameworks that produce quality results. These concepts will be reinforced with "real world" case studies that demonstrate the fundamentals being introduced.
More and more security professionals have turned to scripting languages to automate tasks and complete work faster. If you've been wanting to learn Python and couldn't figure out how to start, or tried and can't get the hang of it this course will take you from zero to hero. This course was designed to follow a hacker's methodology of programming. Instead of learning formal programming practices that you'll never use, this course focuses on core concepts taught in 16 simple recipe-like modules. Throughout the course, we will reuse and build on past modules to quickly complete more complex projects. Each module has lab time for continuous hands-on opportunity and practical application exercises.
Comprehensive CNSS-4016 Risk Analysis certification and the federal Risk Management Framework (RMF) training for Information System Security Managers (ISSM's), Certification Agents and Security Control Assessors (SCA's). The Risk Management Framework (RMF) curriculum is specifically designed for cybersecurity practitioners that exercise security or Assessment and Authorization (A&A) as well as Program or Acquisition Management control over critical information infrastructures. Highly concentrated, non-technical professional training necessary to achieve the fundamental knowledge, skills, and abilities needed to analyze, assess, control, determine, mitigate and manage risks within IT systems. This course provides training in knowledge factors and functional requirements established for Entry and Intermediate Level Risk Analysts and addresses professional processes and policy requirements established within the federal Risk Management Framework (RMF). Specific focus is directed on risk methodologies for securing critical information infrastructures and establishing standards necessary to help protect the organizational IT infrastructure.
An introduction to digital signal processing, software radio, and the powerful tools that enable the growing array of SDR projects within the hacker community, this course takes a unique "software radio for hackers" approach, building on the participants' knowledge of computers and introducing them to the forefront of digital radio technology. Participants will learn how to transmit, receive, and analyze radio signals and will be prepared to use this knowledge in the research of wireless communication security. Each student will receive a HackRF One software defined radio transceiver, a $300 value.
Tactical Exploitation: Attacking Unix focuses on the UNIX portion of our most popular multi-platform class, Tactical Exploitation (taught at conferences such as BlackHat, BruCon, and Countermeasure). Students will become immersed in a unique offensive school of thought at the post-exploitation stage, a mindset seen in real-world attacks vs penetration testing. Students will learn how to compromise systems without depending on standard exploits and how to avoid discovery. By abusing features provided by standard UNIX tools and trusts, students get hands-on experience attacking a virtual enterprise network. This class is designed to help students achieve success in any environment.
The need for reverse engineering binary software components arises in more and more contexts every day. Common cases include analysis of malicious software such as viruses, worms, trojans and rootkits, analyzing binary drivers in order to develop open source drivers for alternate platforms, analyzing closed source software for security flaws, and source code recovery in legacy systems. The first step in such an analysis is generally the acquisition of a high quality disassembly of the binary component. Ida Pro is touted as the premier disassembler available today, capable of disassembling machine languages for a large number of microprocessors and micro controllers. This course will cover advanced features of Ida that may be used to work through challenging reverse engineering problems. This course is taught using primarily x86 and ARM assembly language.
The need for reverse engineering binary software components arises in more and more contexts every day. Common cases include analysis of malicious software such as viruses, worms, trojans and rootkits, analyzing binary drivers in order to develop open source drivers for alternate platforms, analyzing closed source software for security flaws, and source code recovery in legacy systems. The first step in such an analysis is generally the acquisition of a high quality disassembly of the binary component. Ida Pro is touted as the premier disassembler available today, capable of disassembling machine languages for a large number of microprocessors and micro controllers. This course will cover essential features of Ida that anyone looking to begin using this tool should be familiar with. This course is taught using x86, 32-bit, assembly language.
MDSec's Mobile Application Hacker's Handbook course is delivered by the lead author of the book. It features all new material and hands-on hacking examples, covering chapters 1-9 of MAHH. Over the 2 days, delegates will learn the tricks and techniques to hack mobile applications on the iOS and Android platforms.
The course follows chapters 1-9 of the Mobile Application Hacker's Handbook, with a strong focus on practical attacks. Over the 2-day training course delivered by the lead author of the book, delegates will learn the tricks and techniques to hack mobile applications on the iOS and Android platforms.
After a short introduction in to the subject, we delve in to the following core modules:
Introduction to Mobile Application Security Assessment (Chapter 1)
Analysing iOS applications (Chapter 2)
How to attack iOS applications (Chapters 3-4)
Securing iOS applications (Chapter 5)
Understanding Android applications (Chapter 6)
Exploiting Android applications (Chapter 7-8)
Securing Android applications (Chapter 9)
The security industry is running fast towards security automation to increase the capability and capacity of security teams so they can effectively and efficiently stay on top of the constantly evolving threats, attacks and security breaches that occur every day!
Learn how to implement streamlined security operations and optimize budgets through security automation, including:
The highly popular course The Shellcode Lab is back! With feedback like "By far the best course I've taken at Black Hat", this is the training that takes your penetration testing and low level technical skills to the next level!
With 17 multi-part hands-on labs and over 150 slides of hard core technical content, students start with basic knowledge, and by the end of the first day write their own Mac OS X 64-bit Port Bind shellcode from scratch to remotely compromise a server.
In this exciting and hands on training, you will:
A course containing all the latest web application hacking techniques released since the course authors' Web Application Hacker's Handbook. If you're familiar with the book and tools, this is the course to try it all out on.
**** More seats added*****
This class teaches audience a wealth of hacking techniques to compromise modern day web applications, APIs and associated end-points. This class focus on specific areas of appsec and on advanced vulnerability identification and exploitation techniques (especially server side flaws). The class allows attendees to learn and practice some neat, new and ridiculous hacks which affected real life products and have found a mention in real bug-bounty programs. The vulnerabilities selected for the class either typically go undetected by modern scanners or the exploitation techniques are not so well known. Attendees will also benefit from a state-of-art Hacklab and we will be providing FREE 30 days lab access after the class to allow attendees more practice time. Some of the highlight of the class includes:
This intensive two-day course is designed to teach the fundamental investigative techniques needed to respond to today's landscape of threat actors and intrusion scenarios. The class is built upon a series of hands-on labs that highlight the phases of a targeted attack, key sources of evidence, and the forensic analysis know-how required to analyze them.
Understanding of the Windows kernel has typically been considered to have a steep learning curve and not for the faint of heart. However, many vulnerabilities have surfaced from within the depths of the kernel proving it to be a lucrative target for attackers. Security researchers who want to move beyond the classroom need to have a solid understanding of what goes on under the hood and behind the scenes. Unfortunately, other courses often hurry through, overlook or consider these fundamental concepts to be supplemental.
The Windows Kernel Primer course takes a deep dive into the Windows operating system, breaking down important data structures and walking step-by-step through the underlying kernel architecture. These fundamental concepts are key for system developers, malware analysts, forensics investigators, and vulnerability researchers. This course is designed to equip students with a strong foundation of Windows internals, and is taught through in-depth lecture accompanied by hands-on reverse engineering labs and exercises.
We will be breaking down and working through a lot of low-level concepts in class. There are no hard-set prerequisites, but if you have no programming experience or have never worked in a debugger, you may have to work extra hard to keep up. However, If you are up for the challenge and are looking for training that takes you a bit deeper, this course was written for you.
To achieve maximum stealth and obtain unabated access to the system, rootkits execute in kernel mode. This advanced course provides a comprehensive end-to-end view of the modus-operandi of rootkits by taking an in-depth look at behind the scenes working of the Windows kernel and how these mechanisms are exploited by malware through hands-on labs and real world case studies. Kernel security enhancements that have been progressively added to Windows are discussed along with some circumvention techniques. Attendees will study key techniques used by rootkits to understand the real-world applicability of these concepts for offensive and defensive purposes. This course has been updated for Windows 10 Version 1709 (RS3).
