Black Hat West Coast Trainings 2013 brings together the best minds in security to define tomorrow's information security landscape.
Learn to become more offensive in your defensive tactics.
Need to conduct effective penetration tests as efficiently as possible? This challenging, fast-paced course will teach you how to best use available tools and methodologies to accurately emulate modern threats, all while adapting to tightening budgets, limited timeframes and diverse skillsets.
The days of running grep to find simple stack overflows are gone. Finding exploitable vulnerabilities, such as use-after-frees, often requires a thorough understanding of more complex code patterns such as reference counting and garbage collection. This two-day course teaches students how to dive into large C/C++ source code projects and find exploitable memory corruption vulnerabilities armed with nothing more than a text editor. Students will learn the necessary skills by focusing on real world vulnerabilities found in open source web browsers.
Many, if not most, security professionals spend a comparatively small amount of time profiling their targets in comparison to the attack phase, and rarely step outside O/S and application enumeration. This is unfortunate, since proper enumeration can expose critical information and vulnerabilities, increasing the chances of success while reducing the noise of the attack. In this intensive, hands-on course, two-time Defcon social engineering CTF winner, Shane MacDougall, will run through a gamut of tools, websites, and procedures that every penetration tester/attacker should have in their toolkit, and collect data points that at might not seem relevant, but can in fact yield huge lift to the attacker, all without sending a single packet to the target network.
Learn advanced techniques in SQL Injection as well as some lesser known injection flaws such as LDAP Injection, Hibernate Query Language Injection, XPATH Injection, XML External Entity Injection, Direct Code injection etc. All attendees will receive FREE access to on-line labs related to the class.
This is not your traditional SCADA security course! This course teaches hands-on penetration testing techniques used to test embedded electronic field devices, network protocols, RF communications, and controlling servers of ICS and Smart Grid systems like PLCs, RTUs, smart meters, Home Area Networks (HAN), smart appliances, SCADA, substation automation, and synchrophasors.
Malware is at the epicenter of cybercriminal activity. It is used to perform service disruption, fraud, intellectual property theft and other nefarious activities. For those charged with defense, it is critical to master the skills necessary to rapidly understand malware’s underlying capabilities. This four-day course has been designed for those aspiring security researchers looking to break into the fields of incident response, network security or anti-malware.
Provide students with the practical knowledge they need to understand the real cloud security issues and solutions. The Cloud Security Plus class provides students a comprehensive two-day review of cloud security fundamentals and prepares them to take the Cloud Security Alliance Certificate of Cloud Computing Security Knowledge (CCSK) exam (this course is also known as the CCSK- Plus). Starting with a detailed description of cloud computing, the course covers all major domains in the latest Guidance document from the Cloud Security Alliance, and includes a full day of hands-on cloud security training covering both public and private cloud.
This course provides four-days of intense, highly concentrated, non-technical professional training necessary to achieve the fundamental knowledge, skills, and abilities needed to define, design, integrate, and manage cyber security policies, processes, procedures and protocols. Specific focus is directed on identifying, implementing and integrating management, certification and administrative solutions for securing critical information infrastructures and establishing standards necessary to help protect the sensitivity, maintain the integrity and ensure the accessibility of data stored, processed, displayed or transmitted within commercial and federal netwoks.
Digital forensics and incident response are two of the most critical fields in all of information security. The staggering number of reported breaches and data leaks in the last year has shown that the ability to rapidly respond to incidents is a vital capability for all organizations. During this training, students will learn both the theory around digital forensics and incident response as well as gain valuable hands-on experience with the same types of evidence and situations they will see in real-world investigations. By the end of the course, they will be able to perform deep investigations of on-disk and in-memory forensics artifacts against Microsoft Windows systems.
The Exploit Laboratory: Red Team is an intense two-day course carefully crafted to provide students a practical hands-on approach to exploiting modern day operating systems. The focus of the class is to bring participants up to speed on the complexities of exploit writing required for defeating modern exploit mitigation techniques.
This class can be combined with Exploit Laboratory: Master as a 4 day course.
The Exploit Laboratory: Master features advanced topics in exploit development. This two-day class is designed for participants already familiar with exploit development and need to take their skills to the next level. The Master edition course is an ideal extension of the Exploit Laboratory: Red Team class. The class is primarily driven by lab examples and exercises, with very little theoretical teaching.
As mobile phone usage continues to grow at an outstanding rate, this course shows you how you’d go about testing the mobile platforms, and installed applications to ensure they have been developed in a secure manner.
Hacking By Numbers Mobile will give you a complete and practical window into the methods used when attacking mobile platforms. This course is ideal for penetration testers who are new to the mobile area and need to understand how to analyze and audit applications on various mobile platforms using a variety of tools and platforms.
This intensive two-day course is designed to teach the fundamental investigative techniques needed to respond to today’s landscape of threat actors and intrusion scenarios. Completely redeveloped with all-new material in 2012, the class is built upon a series of hands-on labs that highlight the phases of a targeted attack, key sources of evidence, and the forensic analysis know-how required to analyze them.
Do you want to find intruders in your network, but don't know where to begin? If the answer is yes, NSM 101 is the course for you. Join Richard Bejtlich as he explains Network Security Monitoring from the ground-up in this brand-new, hands-on course.
Premiering for the first time the entirely new "Pentesting with Kali Linux." This course has been entirely re-written from the ground up to reflect the most modern and effective techniques that all penetration testers need to know. This is an intensive, hands-on security class by Offensive Security, the creators of Kali.
Get ready to learn with the best. Two time DEFCON SECTF winner, Shane MacDougall, will spend two-days teaching everything you need to know to become a great social engineer.
This new extended version of Tactical Exploitation teaches students a deeper level of new tools and lesser-known techniques. Along with the extended format, students will become immersed in a unique offensive school of thought. This class is designed to help students achieve success in any environment. Students learn how to compromise systems without depending on standard exploits and how to keep from getting caught.
Learn everything about security visualization to make your log analysis and forensic investigations more efficient and effective. We explore situational awareness and learn how to uncover new insights and hidden attacks on your environment.