Training 2011

(Info on this page is for Derbycon 2011 only)

DerbyCon provides customized training to con attendees for an additional charge. Our goal is to provide quality training at an affordable rate, we will be announcing our trainers in the upcoming months.

All training will be performed after the normal conference hours from 4:00PM to 9:00PM (or until the instructor wants to let you go). Note: if you purchase the training, admission to DerbyCon is included.

Two-Day Training – Cost – $825.00

If you are interested in providing training, e-mail us at info [at] derbycon.com for more information.

Registration for Training is OPEN! Please select the training below!

We have closed down registration. You can register for training in person on Friday 8:00AM. We accept credit cards and cash.

Below is a list of the current trainer list which will be updated as the training sessions are finalized:

Corelan Live – Win32 Exploit Development Bootcamp – 1 ticket left


Trainer: Peter “corelanc0d3r” Van Eeckhoutte

Founder of Corelan Team and author of various Win32 exploit development tutorials and articles. Peter will be assisted by some of the Corelan Team members, making this training truly unique. The team will work with the students during the training and labs, assist them while they are working on the numerous exercises, and will share exploit development tips & tricks / experiences that were gathered over the years.

Description / Outline:


If you want to read, be able to understand and modify existing exploits, understand how metasploit exploits work, want to be able to determine the risk of a certain vulnerability or advisory, or just want to learn how to write exploits for fun, then this course is for you.

This intense hands-on course will provide students with solid understanding of current Win32 (stack based) exploitation techniques, and all common memory protection bypass techniques.

The course will cover topics including :

– Win32 memory management
– Using debuggers and debugger plugins such as pvefindaddr
– Exploiting stack based buffer overflows
– Heap Spraying
– Dealing with character set conversions and transformations (Unicode, etc)
– Using egghunters, omelet egg hunters
– Writing and integrating modules for Metasploit
– Writing shellcode
– Bypassing common memory protections (Safeseh, sehop, stack cookies, aslr, dep)
– Return Oriented Programming

During the course, students will get the opportunity to work on recently discovered vulnerabilities, real applications, and will be assisted by various Corelan Team members. Each training day will end with an exploit based CTF challenge.

Prerequisites:

Attendees should

– be able to read C code and simple scripts
– be familiar with writing basic scripts using perl/python/…
– be ready to dive into a debugger and read asm for hours and hours and hours

Tools/Equipment needed:

A laptop with vmware/virtualbox and enough processing power and RAM to run up to 2 virtual machines at the same time.

Students are required to bring the following virtual machines installed :

A clean / fully patched/updated:
1. Windows XP SP3 Professional
2. Windows 2008 or Windows 7 (Trial versions are fine)
3. BackTrack 5

All required tools and applications will be provided during the training.

Targeted Audience :

Pentesters, researchers, or anyone interested in learning how to write exploits in a Win32 environment. While this course will cover basics, students will need to be able to transition to more complex theory and exercises quickly.

Course Length:
Friday and Saturday starting at 4:00PM and ending at 9:00PM

 

 

Physical Security Skills for Penetration Testers


Trainer: Deviant Ollam (The CORE Group)

Deviant Ollam’s first and strongest love has always been teaching. A graduate of the New Jersey Institute of Technology’s Science, Technology, & Society program, he is always fascinated by the interplay that connects human values and social trends to developments in the technical world. While earning his BS degree at NJIT, Deviant also completed the History degree program at Rutgers University.

By paying the bills as a security auditor and penetration testing consultant with The CORE Group, Deviant is also a member of the Board of Directors of the US division of TOOOL (The Open Organization Of Lockpickers). Every year Deviant runs the Lockpicking Village at DEFCON and ShmooCon, and he has conducted physical security training sessions at Black Hat, DeepSec, ToorCon, HackCon, ShakaCon, HackInTheBox, CanSecWest, ekoparty, and the United States Military Academy at West Point. His favorite Amendments to the US Constitution are, in no particular order, the 1st, 2nd, 9th, & 10th.

Course Description / Outline:
Physical security is an oft-overlooked component of data and system security in the technology world. While frequently forgotten, it is no less critical than timely patches, appropriate.
password policies, and proper user permissions. You can have the most hardened servers and network but that doesn’t make the slightest difference if someone can gain direct access to a keyboard or, worse yet, march your hardware right out the door.

Those who attend this session will leave with a full awareness of how to best protect buildings and grounds from unauthorized access. Attendees will not only learn how to distinguish good locks and access control from poor ones, but will also become well-versed in picking and bypassing many of the most common locks used in North America.

Prerequisites:
None, save for an appreciation of why physical security is an integral part of the overall data security model.

Tools/Equipment needed:
If you have your own lockpick tools, you are welcome to bring them, but that is not necessary. A set of lockpicking tools will be provided to you as part of the course.

Targeted Audience:
Penetration Testers, Auditors, IT Professionals with duties that include Oversight of Infrastructure

Course Length:
Friday and Saturday starting at 4:00PM and ending at 9:00PM

 

 

Social-Engineering, CUDA Cracking, and PHUKD — OH MY — SOLD OUT!


Trainer: Dave “ReL1K” Kennedy

David Kennedy (ReL1K) is a security ninja and penetration tester that likes to write code, break things, and develop exploits. Dave is on the Back|Track and Exploit-Database development team and a core member of the Social-Engineer podcast and framework. David continues to contribute to a variety of open-source projects. David had the privilege in speaking at some of the nations largest conferences on a number of occasions including BlackHat, Defcon and Shmoocon. David is the creator of the Social-Engineer Toolkit (SET), Fast-Track, modules/attacks for Metasploit, and has released a number of public exploits. David heavily co-authored the Metasploit Unleashed course available online and has a number of security related white-papers in the field of exploitation. David has a book soon to be released in June from NoStarch Press, “Metasploit: A Penetration Testers Guide”. David is one of the founders of DerbyCon, a hacker con located in Louisville, Kentucky. Lastly, David worked for three letter agencies during his U.S Marine Corp career in the intelligence field specializing in red teaming and computer forensics.

Trainer: Martin “Pure Hate” Bos

Martin (purehate) Bos works as a penetration tester for Accuvant Inc.. He resides in Louisville, KY with his wife, Kim and their daughter. Martin is also one of the core developers for Backtrack-Linux and has been with the project since its early days. Martin also is a Co-Founder of Question-Defense.com, a website dedicated to answering technical questions daily and also has the largest online WPA Cracking service on the web. In addition to these things, Martin is one of the founders of DerbyCon, a hacker con located in Louisville, Kentucky.

Trainer: Adrian “Irongeek” Crenshaw

Adrian Crenshaw has worked in the IT industry for the last twelve years. He runs the information security website Irongeek.com, which specializes in videos and articles that illustrate how to use various pen-testing and security tools. He did the cert chase for awhile (MCSE NT 4, CNE, A+, Network+. i-Net+) but stopped once he had to start paying for the tests himself. He’s currently working on a Masters in Security Informatics, and is interested in obtaining a network security/research/teaching job in academia. Adrian is one of the founders of DerbyCon, a hacker con located in Louisville, Kentucky.

Course Description / Outline:
This course is broken out into three parts taught by the three trainers in an all-in-one class for the two-day training period. The first part is a hardcore in-depth course on the Social-Engineer Toolkit (SET) taught by David Kennedy (ReL1K). The course will cover how to utilize and leverage SET in a penetration test. During this course you’ll learn how to develop your own modules in the toolkit, leverage it during a social-engineer attack, and become an expert on all the options the Social-Engineer Toolkit provides. The basics of social-engineering and penetration testing will be covered in the class as well as an in-depth understanding of how to leverage SET in multiple capacities.

The second portion of the course will be taught by Martin “Pure Hate” Bos. This class will cover some of the more advanced password cracking techniques currently used in todays penetration tests. We will be focusing on quick targeted attacks which are specifically tailored to the environment of the engagement. We’ll discuss human password patterns, where and how to build a targeted password list for an engagement and the most effective ways to quickly crack passwords. All of the major algorithms in use today will be covered in great detail explaining which attack is best for which. Also covered will be extensive material on rules & creating rules to be used in conjunction with the Hashcat toolset. We will be covering all of the tools in the Hashcat Suite and a few others which can greatly reduce the time penetration testers waste on cracking passwords. The class expects a basic knowledge of Linux and is geared towards anyone who wants to be more effective in the field at cracking passwords in a time sensitive demanding environment.

The third portion of the course will be taught by Adrian “Irongeek” Crenshaw. This class will cover how to build and program the Programmable HID USB Keystroke Dongle (PHUKD) devices which are an advanced piece of hardware that can manipulate and simulate a keyboard and mouse. These attacks are used in physical environments for bypassing and circumventing autorun capabilities and deploying malicious actions on the intended device.

Prerequisites:
A laptop with vmware/virtualbox and enough processing power and RAM to run up to 2 virtual machines at the same time

Tools/Equipment needed:

Back|Track Linux and a Windows XP Service Pack 2 image. As an added bonus you can also have a Windows 7 fully patched system.

Targeted Audience:
Penetration testers, security enthusiast, or IT centric folks who want to learn security.

 

 

Metasploit Mastery SOLD OUT


Trainer: James “egypt” Lee

James Lee is a software developer for Rapid7 where he is Open Source Project
Manager and a core developer for the Metasploit Framework. Before coming to
Rapid7 to work on Metasploit, he was a Cybersecurity researcher for Idaho
National Laboratory where he discovered numerous vulnerabilities in SCADA and
Industrial Control Systems and probably didn’t write Stuxnet.

Description / Outline:


The Metasploit Framework is more than a pile of exploits; it is a collection of
tools for gaining access where none is provided and a scaffolding for building
new tools to extend the capabilities of an attacker. This course dives into
the newest features of the Metasploit Framework and demonstrates how to use
these features in every aspect of a penetration test. Topics will include
generating custom back-doors in multiple formats; creating custom modules,
plugins, and tools for addressing specific tasks; automating the
post-exploitation process; and the Meterpreter API with which students will
learn to quickly and efficiently take advantage of compromised machines.

At the end of the course, students will understand the architecture and design
goals of the Metasploit Framework and be able to extend the Framework to solve
new problems.

Tools/Equipment needed:

A laptop running a recent version of Linux, BSD, or Mac OS X and a system capable of running the most recent version of the Metasploit Framework.

Targeted Audience :

* Experience using the Metasploit Framework.
* Experience with exploits and vulnerability assessment tools.
* Experience with the Ruby programming language.
* Experience with low-level TCP/IP tools (nmap, hping, wireshark)
* Working knowledge of Microsoft Windows and at least one Unix-like operating systems (Linux, Solaris, Mac OS X, etc).
* Some experience with some scripting language, such as Ruby, Perl, Python, or PHP.
* Familiarity with TCP/IP networking and configuring TCP/IP settings on Unix and Windows platforms.

Course Length:
Friday and Saturday starting at 4:00PM and ending at 9:00PM

 

 

Automating Post Exploitation with Metasploit


Trainer: Carlos “Darkoperator” Perez

Carlos is one of the Top Contributors to the Metasploit project contributing in the area of post exploitation. He has written many of the modules and scripts currently included with the framework. He will providing tips and tricks for writing Meterpreter Scripts and Post modules to automate post exploitation using the Metasploit Framework.

Description / Outline:

As penetration testers, we run into situations that are unique in nature and require some level of customization in order to compromise a system. It may require us to be able to understand the inside of the Metasploit Framework and customize/write our own modules in order to perform our attack successfully. This course is aimed at teaching you the internals of the Framework and how to leverage modules in a post exploitation fashion and create your own in order to further compromise your target.

This hands-on course will provide students with solid understanding of post exploitation techniques, and how to write their own scripts and modules.

The course will cover topics including :

Ruby primer for Metasploit Meterpreter scripting and Post Module writing.
Post Exploitation Best practices.
Setting up and Dev and Test Environment.
Differences in the different payloads.
Anatomy of Metepreter Scripts and Post Modules.
Metasploit API calls and Post Mixin.
Working thru the Meterpreter API.
Working with System Commands.

During the course, students will get the opportunity to learn how to write and modify post exploitation modules in Metasploit to suit their needs during a penetration test. Metasploit is a powerful framework and understanding the components behind it and how to manipulate it to serve your needs is an exciting skill set to have.

Prerequisites:
A laptop with vmware/virtualbox and enough processing power and RAM to run up to 2 virtual machines at the same time

Tools/Equipment needed:

A laptop with vmware/virtualbox and enough processing power and RAM to run up to 2 virtual machines at the same time.

Students are required to bring the following virtual machines installed :

A clean / fully patched/updated:
1. Windows XP SP3 Professional
2. Windows 2008 or Windows 7 (Trial versions are fine)
3. BackTrack 5

Targeted Audience :

Pentesters, researchers, or anyone interested in learning how to write Meterpreter scripts and Post Modules.

Course Length:
Friday and Saturday starting at 4:00PM and ending at 9:00PM