Please note that all training courses are sold out for this year.
Welcome to the DerbyCon 2015 Training page. From here you will see a breakdown of all of the training events that you can register for. Training costs $1,000 per course (unless there are hardware costs for the course and may be slightly more due to hardware) and also includes the ticket admission.
Training will be two full days running from the morning on the September 23rd to the 24th. Training is before the actual conference so you will not miss anything as far as the actual conference goes. Training costs $1,000 and includes admission to the conference. Note that there are some classes that have physical hardware requirements that you get to keep. Some courses with this requirement may be more than the $1,000 charge – this is up to the trainers.
To purchase training, select the course you would like below:
Jump to the training you want to view:
Below is a list of training available training and descriptions.
Course Name: Hands-On Hardware Hacking & Reverse Engineering ($1,100)
This course teaches hardware hacking and reverse engineering techniques commonly used against electronic products and embedded systems. It is a combination of lecture and hands-on exercises covering the hardware hacking process, proper use of tools and test measurement equipment, circuit board analysis and modification, embedded security, and common hardware attack vectors. The course concludes with a final hardware hacking challenge in which students must apply what they’ve learned in the course to defeat the security mechanism of a custom circuit board. The main goal is to give students the resources and skills they need to confidently approach hardware exploitation and to come up with creative solutions for their own particular projects or problems.
A. Hardware Hacking Overview
2. Key goals
3. Common themes
B. Information Gathering
C. Product Teardown
1. Opening housings
2. Anti-tamper mechanisms
2.1. Defeating encapsulation
2.2. Hands-on exercise: Epoxy removal
3. Component identification
3.1. Basic components
3.3. Identifying ICs (Integrated Circuits)
3.4. Data sheets
5. PCBs (Printed Circuit Boards)
5.2. Deconstruction techniques
5.3. Hands-on exercise: PCB modifications
D. Soldering and Desoldering
2. Hands-on exercise: Soldering
3. Hands-on exercise: Desoldering
4. Difficult package types
E. Buses and Interfaces
1. Identifying interfaces
2. Determining pin function
2.1. Hands-on exercise: Initial probing w/ multimeter
3. Signal monitoring/analysis
3.1. Hands-on exercise: Signal monitoring w/ logic analyzer
3.3. Hands-on exercise: Digital signal decoding w/ logic analyzer
4. Debug interfaces
4.1. JTAG (IEEE 1149.1)
5. Hands-on exercise: Create a block diagram/schematic
F. Memory and Firmware
1. Memory types/technologies
2. Security considerations
3. Extracting firmware
4. Firmware analysis/disassembly
5. Hands-on exercise: Data extraction/modification
G. Signal Manipulation and Side Channels
2. Side channel attacks
H. Chip-Level Hacking
1. IC decapsulation
2. Die analysis/modification
I. Best Practices and Resources
J. Hardware Hacking Challenge
Students should bring their own laptop running Windows (or equivalent virtual machine) and containing a functional USB interface. The laptop will be used for online research and to control test equipment. Software and drivers will need to be installed. No prior electronics experience is required.
Joe Grand (@joegrand), also known as Kingpin, is a computer engineer, hardware hacker, product designer, runner, daddy, honorary doctor, TV host, member of L0pht Heavy Industries, and the proprietor of Grand Idea Studio (grandideastudio.com).
Purchase Hands-On Hardware Hacking below
Course Name: Advanced OSINT For Social Engineers
Information is the lifeblood of the social engineer. But there is now so much information available that it can be overwhelming. How can we dial in and narrow your focus in ways that will enhance your social engineering abilities? This course will show you the techniques, tricks, and tips used by the professional social engineering penetration testers of Social-Engineer, Inc.
This two-day course is not a laundry list of tools. We will also share the methodology, processes, and our own experiences that allow us to successfully apply information to plan and launch realistic SE scenarios for our clientele. Having the information is only half of what you need. During these two days, you will learn:
Non-tech OSINT gathering
Obfuscating your traffic
Social media exploitation
Developing realistic attack vectors
This course was developed based on student demand from our 5-Day Advanced Practical Social Engineering Course. Now a full two days devoted to the very same methods our team uses during Social Engineering Risk Assessments and Social Engineering Penetration Tests are offered to the students of this class.
* Your own laptop with admin rights to install tools
* A Willingness to learn
Chris Hadnagy is the founder and CEO of Social-Engineer, Inc. Chris possesses over 16 years experience as a practitioner and researcher in the security field. His efforts in training, education, and awareness have helped to expose social engineering as the top threat to the security of organizations today.
Chris established the world’s first social engineering framework at www.social-engineer.org, providing an invaluable repository of information for security professionals and enthusiasts. That site grew into a dynamic web resource including a podcast and newsletter, which have become staples in the security industry and are referenced by large organizations around the world. Chris also created the first hands-on social engineering training course and certification, Advanced Practical Social Engineering, attended by law enforcement, military, and private sector professionals.
A sought-after writer and speaker, Chris has spoken and trained at events such as RSA, Black Hat, and various presentations for corporate and government clients. Chris is also the best-selling author of two books; Social Engineering: The Art of Human Hacking and Unmasking the Social Engineer: The Human Element of Security.
Chris specializes in understanding how malicious attackers exploit human communication and trust to obtain access to information and resources through manipulation and deceit. His goal is to secure companies by educating them on the methods used by attackers, identifying vulnerabilities, and mitigating issues through appropriate levels of awareness and security.
Chris is a certified Expert Level graduate of Dr. Paul Ekman’s Micro Expressions courses, having made the study of non-verbal behaviors one of his specialties. In addition, he holds certifications as an Offensive Security Certified Professional (OSCP) and an Offensive Security Wireless Professional (OSWP).
Chris also enjoys listening to fine music such as Bruce Hornsby – Mandolin Rain and The Way It Is. Chris likes long walks on the beach with David Kennedy (@HackingDave) and appreciates gentle fingers through his hair.
Mike Hadnagy joins his brother, Chris, at Social-Engineer, Inc. as the company’s technical lead. Mike’s expertise in fortifying the technological side of network security over the past seven years gives the company an edge when executing the realistic social engineering audits for which Social-Engineer, Inc. is so well-known.
Over the years, the family talent for social engineering shone through as Mike negotiated and developed an impressive client base for several businesses including his own. Mike’s managerial success is a natural product of his desire to create solutions and provide excellent customer service.
Mike’s professional experience encompasses a number of defensive security skills, including: security management, firewall, antivirus solutions, data backup, and recovery systems. His belief that all users should be trained on best practices to keep systems secure was demonstrated in his time assisting customers with installation and implementation of network security systems and policies. Social-Engineer, Inc. is also taking advantage of Mike’s defensive knowledge for improving network security and virus/malware removal to craft realistic penetration tests exploiting human error in standard compliance policies. He is also a certified Social Engineering Pentest Professional (SEPP).
Purchase Advanced OSINT for SE below
Course Name: PenTesting with PowerShell
Are you a pen tester who needs to make the most out of PowerShell? Then this class is the one for you! You will learn how to use PowerShell in each phase of penetration testing. This class will give you:
– How to setup a free/low cost lab which accurately emulates large enterprise domains.
– How to get the most out of the major PowerShell frameworks (powersploit, nishang, etc).
– Overview and tips for using some handy modules like PowerCat, PowerShell based keyloggers, etc.
– Techniques for performance tweaking scripts you and others develop so get results FAST regardless of domain size.
– Turbocharged WMI to extend your reach even further.
– Components for working with AD Web Services, the fastest way work with modern domains.
– setting up your lab at home
– setting up your lab in the cloud
— converting amazon ec2 instances into domain controllers
— binding cloud and local lab systems to your ec2 DCs
Overview of Nishang
Overview of PowerSploit
Intro to PowerCat
Intro to web proxy
brief overview of yesterday
sharing your work – how to quickly and easily stream your results to your teammates.
work faster, not harder — performance tweaking to make your life easier
— using WMI
— using AD web services
putting it all together – how to merge all the modules
Students will need to bring:
– Laptop with some virtualization technology
– At least one windows OS (VM or physical)
– The Derbycon attitude (hungry to learn and ready to have fun)
Adam Crompton is a Senior Security Consultant with InGuardians where he specializes in penetration testing, research and development, and architecture reviews. He has spent a great deal of time within the networks of Insurance Companies performing penetration testing, vulnerability analysis, network device configuration and access reviews, data loss prevention, and software development. Adam has been a speaker at several security conferences and universities presenting on data exfiltration, antivirus evasion, and the honeypot tools he has developed. He is a graduate of The Ohio State University, with a bachelor’s degree in Computer Science.
Mick Douglas – Even when his job title indicated otherwise, Mick Douglas has been doing information security work for over ten years. He has received a bachelor’s degree in Communications from the Ohio State University and holds the CISSP, GPEN, GCUX, GWEB, GSNA, and GCIH certifications.
Prior to joining Black Hills InfoSec, Mick has done computer and network security in a variety of industries including: academia, telecommunications, banking, and insurance.
He is always excited for the opportunity to share with others so they do not have to learn the hard way! When he’s not “”geeking out”” you’ll likely find him indulging in one of his numerous hobbies; photography, scuba diving, or hanging around in the great outdoors.
Pentesting with PowerShell
Course Name: Advanced PowerShell for Blue and Red Teams
Learn how you can use PowerShell both in a defensive and offensive manner by people who have been using and teaching Microsoft PowerShell for years on both defense and offense.
Each exercise will build on the previous one so as to offer a solid based on how to use PowerShell both as a pentester and a defender. We will cover when PowerShell makes sense to use and when it will just get you caught quicker than any other tool in the target OS, on the defender side we will cover how it can be used to setup a properly secured environment and how to mitigate the use of PowerShell by attacker and be able to track every action an step taken and for the attacker how to operate in the shadows and minimize what they leave behind.
The class is geared to provide a solid foundation of knowledge on the language and tools that can be used to build your own tools and understand better how to use other. Challenges after each module will make the student apply what they learn in a fun competitive manner where the students who complete first most of the challenges will win a *class challenge coin* and their will be opportunity for all to win one.
• Review of PowerShell Basics (Additional references and material will be provided before class so as to provide with a solid base)
• WMI and CIM Basics.
• Introduction to working with the .Net API how it can be leverage to get more from PowerShell other than what is already built in.
• Introduction to working with Win32 so as to get access to lower level APIs not part of .Net
• ADSI (Active Directory Scripting Interface)
• Network Discovery. How to enumerate and discover host in a network and how to build your own tools to do it.
• Crypto Basics. How to leverage .Net Crypto APIs for both abuse and protection and build your own tools.
• Post-Exploitation using built in PowerShell cmdlets, .Net API, Win32 and different available Modules like PowerView, PowerSploit and others, including some limitations and risks on their used based on the PTES (Penetration Testing Execution Standard). We will cover both gathering of information, lateral movement and persistence.
· How to use it in a Shell on its own.
· How to use it inside of Metasploit.
· How to use it inside Cobalt Strike
· What PowerShell technology makes sense to when and where?
· How to setup your system for to track and log every PowerShell action and limitations of each version and how to mitigate some of them.
Windows Laptop running the latest version of the Windows Management Framework.
BIO: Carlos Perez
Carlos Perez is an experienced security practitioner on both defense and offense and has presented on the subjects in several security conference, blogs and Podcasts. Has contributed to the community several open source tools in Ruby, Python, C# and PowerShell. He has been awarded the Microsoft MVP award for his contributions to the community on PowerShell.
Purchase Advanced PowerShell for Red and Blue below
Course Name: Penetration Testing 101
New to the Pentesting world?! Thinking about becoming a Pentester?! Ever want to peek over your Pentester’s shoulder and figure out how they are doing everything?! Then this course is for you!
This course will walk through a couple days in the lives of a Pentester following methodologies laid out in the PTES (Penetration Testing Execution Standard). An exploitable virtual network environment will be set up so that you can actually scan and exploit to really see how things work!
This is a beginner’s course and designed to teach the basics!
• Intro to Kali Linux – Updating, starting services, etc.
• Recon phase – Google hacking, LinkedIn stalking, NMAP scanning… just learning about your target in general
• Exploitation – Using the information gathered during recon to figure out how to exploit your target, includes a crash course on Metasploit
• More Exploitation – Lots of exploitation! Creating your own antivirus bypass!
• Post Exploitation – Once your target is exploited, what can you do?
• Social Engineering and Physical Tests – Learn everything you ever wanted to know about using the art of persuasion to get into a company!
A laptop with Windows and Kali Linux installed. Host OS does not matter, these can be virtual machines.
BIO: Larry Spohn
Larry Spohn is a Senior Principal Security Consultant at TrustedSec, an Information Security consulting company, based out of Cleveland Ohio. Larry’s main areas of expertise are focused on Information Security Risk Assessments, Penetration Testing, Application Security, and Red Teaming. Larry has extensive experience in the financial sector and has extensive knowledge in Python and PowerShell development and exploitation.
BIO: Paul Koblitz
Paul is a Senior Security Consultant at TrustedSec. He has always had a passion for security, focusing on the physical side. While in the US Navy, Paul was a Duty Master-at-Arms and part of the shipboard security team. In Paul’s off time from the military, he held several security related jobs to include: late night and emergency locksmith, security systems installation consultant, and vehicle/personal property repossession. While working for TrustedSec, Paul has utilized his physical and social engineering skills in several fields of business such as; financial institutions, retail clothing chains, grocery store chains, manufacturing, and education. Paul also likes wearing extremely tight fitting clothes that does not appropriately fit him. It’s the tight feeling around the body.
Purchase Pentesting 101 below
Course Name: Corelan “Advanced”
For the 5th year in a row, Corelan is offering Win32 exploitation classes at Derbycon. In fact, this is the only conference in the US where you can take Corelan classes. The “”Corelan Advanced”” course is a truly unique opportunity to learn advanced exploitation skills from “corelanc0d3r”, the founder of Corelan Team, author of mona.py, and author of numerous tutorials on Exploit Development for the Win32 platform.
You will leave this class with an arsenal of tools, techniques and insights that will allow you to find bugs more easily, understand and manipulate the Windows heap, diagnose and understand heap corruptions and write complex exploits.
This is definitely not an intro class. This may be one of the most advanced courses on Win32 exploitation out there.
Students are expected to understand the basics of memory management on Windows (stack, heap, process virtual memory layout), master stack based buffer overflows (saved return pointer overwrites, SEH overwrites), have practical understanding of DEP bypass (ROP) and know how to write exploit modules for Metasploit.
DERBYCON WARNING: BE PREPARED FOR PAIN, AGONY, AND POSSIBLE HOSPITALIZATION. THIS COURSE IS NOT FOR THE WEAK! YOU WILL BE UP UNTIL AT LEAST 3AM EACH NIGHT!
Students are required to bring 2 VMs (Win7 64bit SP1 and Kali). Don’t start installing the VMs yet. The trainer will send out detailed instructions to set up the VMs a few weeks before the training.
It is recommended to bring notepads to take notes.
Founder of Corelan Team, author of mona.py and proud dad.
Purchase Corelan Advanced Below
Course Name: Corelan Foundations
The Corelan Foundations course is geared towards those new to exploit development, and will provide a fun and interactive environment to break Windows applications. The Foundations course covers a significant portion of the popular Bootcamp class, excluding some of the more advanced topics while adding a few chapters of its own.
This course will give you a rock solid understanding of the fundamentals of exploit development for Windows. During the course, students will get “hands-on” experience working with real vulnerabilities in real applications and the techniques used to exploit them.
Course topics include:
-Stack Buffer Overflow Basics
-Saved Pointer Overwrites
-Structured Exception Handler (SEH) Overwrites
-Unicode Transformed Buffers
-Developing Reliable & Reusable Exploits
-Finding and avoiding bad characters
-Creative ways to deal with character set limitations
-Egg-hunters under WoW64
-Introduction to Shellcoding
-Metasploit Framework Exploit Modules
A laptop (no netbook) with vmware workstation/virtualbox and enough processing power and RAM (we recommend 4Gb of RAM) to run up to 2 virtual machines at the same time.
Make sure your laptop has a screen size of at least 15″. The use of a 64bit processor and a 64bit operating system on the laptop will make the exercises more realistic.
2 Virtual machines installed (Windows 7 SP1, Kali Linux)
* Students will receive exact installation instructions after registration
Corelan Team Member “Lincoln” is a researcher, exploit developer, and senior security analyst with over 8 years industry experience.
He has been with Corelan Team since the beginning and enjoys learning and sharing with others. He has taught the Foundation class at Derbycon 2014.
BUY TICKETS FOR FOUNDATIONS BELOW
Course Name: Practical Mobile Penetration Testing (COST $1,100)
A No BS approach to learning practical Mobile Application Hacking using the Android platform and correlating its nuances with IOS for further study. This will be a lab focused class, where participants will walk away armed with the ability to fully access a mobile application and begin their journey into mobile application penetration testing.
Module 1: Diving into Mobile
Setting up a Mobile Testing Environment (Studio / AVD / Devices / Tools)
Intro to Android studio for coding and testing
Mobile Security Architectures
Attack Surfaces for mobile applications and OWASP
Module 2: Interacting and Exploring Android
Getting familiar with ADB and managing packages
Exploring the android file system
Exploring application data storage and running memory
Decompiling and deconstructing APK files
Analyzing the AndroidManifest.xml
Android Application Components and how they work
Attacking Android application components (Intents, Activities, Receivers, and Data)
Module 3: Reverse and Patching Android Applications
Understanding the Android APK (Dalvik, Smali, Java, Filetypes, Signing)
Smali 101 for android
Java source in Android and its relation to Smali
Patching Android application functionality
Module 4: Attacking Application Web Architectures
Proxying Mobile Traffic
Bypassing Certificate Pinning Protections
Web services testing refresher SOAP/REST
OWASP Attacks refresher
How web data interacts with your device and analyzing its data flow
Beyond OWASP attacking application logic
Course Pre-Reqs: (IMPORTANT)
1. Basic Linux cmdline skills
2. Web Application Testing Experience
Equipment and Software
A laptop with Administrative access and the following installed prior to class:
1. Java JDK installed
2. Android Studio installed and create an AVD
3. VMware installed
Rooted Android phone for testing and Labs
USB loaded with tools and custom VM for testing
BIO: Olie Brown
Olie Brown – CC Labs Inc.
Founder and Principal Security Engineer at CC Labs Inc. Focusing on Mobile Security Testing and Application Security.
Senior Security Consultant at FishNet Security focusing on Application Security.
BUY TICKETS FOR PRACTICAL MOBILE PENETRATION TESTING BELOW
Course Name: WiFi Penetration Testing
Wireless has become ubiquitous and this fast-paced class (redesigned from the previous years) will bring you up to speed with current WiFi security.
You will learn how WiFi networks work, from the big picture to the frame level and its different bits and pieces. A little bit of RF theory will help you choose the right hardware for the job and you will be able to build your own spectrum analyzer using Software defined radio. Hands-on cracking WEP, WPA Preshared key and (WPA) Enterprise via different methods will also be on the menu as well as cracking them using the processing power available with the cloud. We will finish with some tools to do WiFi reconnaissance as well as direction finding in order to find an access point hidden somewhere in the hotel.
The target audience for this class are penetration testers, wireless security researchers, IT folks or anyone interested in WiFi security.
– WiFi networks structure
– The WiFi frame structure
– How WiFi networks work (at the frame level)
– Packet analysis using Wireshark (understanding what’s wrong or what’s going on)
– Basic antenna theory
– Using the different Aircrack-ng tools
– Cracking WEP and WPA networks
– Using the cloud to crack WEP and WPA networks
– Generating custom dictionaries for WPA cracking
– WPA Enterprise Attacks: 802.1x, EAP, LEAP, PEAP, EAP-TTLS
– WiFi backdoors
– Build a spectrum analyzer using SDR
– Wireless reconnaissance
– WiFi direction finding
– A laptop with a RJ45 port
– Latest version of Kali Linux running natively (installed or as a Live CD/USB) or as a virtual machine. VMware products are recommended (VirtualBox USB driver is unstable) if you plan on using a virtual machine. A preinstalled Kali VM is available on their website.
– An Alfa AWUS036H
– Be comfortable using the command line on Linux
– Have basic Wireshark knowledge
BIO: Thomas d’Otreppe “Mister X”
Thomas d’Otreppe “Mister X” is a WiFi hacker and the author of Aircrack-ng, a Wi-Fi auditing suite as well as OpenWIPS-ng, an open source WiFi Intrusion Prevention System.
He has designed Offensive-Security Wireless Attacks (aka WiFu), a proactive wireless security course, with Mati Aharoni (muts) and also contributes to Kali Linux.
He works as a software developer for MainNerve.
Twitter: @aircrackng @openwipsng”
WiFi Penetration Testing
Course Name: Building Network Scout ($1,100 cost)
Everyone is watching the edge of their network. We have installed firewalls, IDS, IPS, and other defensive technologies at the network edge. Network-Scout moves these technologies inside your network to monitor for malicious activities that gets by traditional network perimeter defenses. Network-Scout is a distributed IDS, IPS, and Honeypot that is built on a Raspberry Pi using off-the-shelve technologies for under $150 per device. We will be teaching attendees on how to build and install a Network Scout.
Day 1 will include an introduction to Network Scout, parts break-out, soldering parts, and preparing the casing.
Day 2 will include cutting plexiglass, completing the build of the unit, and downloading the software. We will connect them together and give a demonstration on how they work.
None – the cost of the material is covered in the increased cost for $1,100 of the class.
After the class, you will get to take home your raspberry pi, jumper cables, charger, as card, Pelican case, and all the other parts that come with a Network Scout. This means you get to take home your Network Scout, but we also had to charge a little more for the materials (the Pi, charger, SD card combo alone costs about $55). Hope to see you there!
BIO: Shawn Jordan and Aedan Somerville
Shawn Jordan and Aedan Somerville are seniors at Marshall University. They are currently majoring in Digital Forensics and Information Assurance. Shawn Jordan runs a small home inspection company, leads a small college church group, and is conducting forensic research. Aedan Somerville works part time at a local restaurant and is president of the Marshall CCDC team.
Building Network Scout
Course Name: Introduction to Malware Analysis
Due to the prevalence and business impact of malware, security professionals increasingly need the skills necessary to analyze worms, bots and trojan horses. This two day course teaches attendees the proven concepts, techniques and processes for analyzing malware.
Students will take multiple “”from-the-wild”” malware samples in a hands-on environment and learn how to analyze their characteristics and behavior to determine what they do and what risk they present. The course culminates in an analysis that utilizes all of the tools and techniques that have been learned.
No previous malware analysis experience is necessary as this course is designed for those who have never performed malware analysis before.
– Introduction to Malware Analysis
– Setting up a Lab
– Static Analysis
– File Identification
– Header Analysis
– Embedded Strings Analysis
– Dynamic Analysis
– System Integrity Monitoring
– System Activity Monitoring
– Process Analysis
– Network Analysis and Monitoring
– Sandnets and Automation
– Advanced Malware Analysis Topics
Technical Skills: No previous experience in malware analysis is necessary as this course is designed for those who have never performed it before. High-level understanding of malware is recommended, and students must be experienced with a virtual machine (e.g. Taking snapshots, etc.)
Tools: Students will be required to bring their own laptops for the class. Laptops will need a VMWare Workstation or VirtualBox installation with an install of Windows (XP or higher) as the guest OS prior to the class. All other tools will be provided.
Tyler Hudak uses his 15 years of experience to provide KoreLogic’s clients with expertise and guidance in the areas of malware analysis, incident response, and computer forensics. He has successfully led cases that have involved system compromises, malware outbreaks, data exfiltration, and denial of service attacks. Tyler has developed and runs malware analysis training courses at information security conferences and privately for KoreLogic clients. He also regularly gives presentations on a variety of security topics including malware analysis, intrusion detection and incident response.
Purchase the course Introduction to Malware Analysis below
Course Name: Intro to Web Application Security by Example
This introductory course is tailored towards individuals that would like to gain a better understanding of basic web application security concepts. The course is taught through student participation with live hacking exercises, real world examples, and discussion. Dynamic testing, static source code analysis, and learning by doing while examining the OWASP Testing Guide to explore the OWASP Top 10.
(subject to change)
Intro to Web Application Security
Local Proxy Usage
OWASP Top 10
Static Source Code Analysis
-Wireless capable computer
-Firefox Web Browser
-BurpSuite Free Version (http://portswigger.net/burp/downloadfree.html)
BIO: Scott White
Scott White is a Principal Security Consultant at TrustedSec and also runs the DerbyCon Capture the Flag(CTF) competition. He has presented to organizations such as OWASP, ISSA, ISACA, FBI’s Infragard, and others. He has also spoken at Defcon, and has been called upon by organizations such as the FBI and Secret Service as a subject matter expert. He is the technical reviewer for the popular book, “Metasploit: The Penetration Tester’s Guide”. He holds a bachelors degree in Computer Science and a master’s degree in Network Security. He has held various past positions in support, system administration, web development, penetration testing, and application security for both public and private sectors with clients in both government and commercial spaces. His experience includes performing web application security assessments, internal, external, and physical penetration tests, source code reviews, social engineering, and web application security training. He has assessed everything from casinos to kiosks, 911 networks to power plants, and Fortune 500 companies to state and foreign federal governments. His extensive work in penetration testing coupled with over 15 years of programming experience gives him a thorough web application security understanding from both developer and attacker viewpoints.
Purchase the Intro to Web Application Security by Example below
Course Name: Android Hacking Basics
This course will provide basic instruction on how to hack on Android devices. The instructors will cover the security architecture of the Android platform and applications, investigate their weaknesses and vulnerabilities, and give students hands-on analysis and attack experience. Through lectures and interactive labs, students will walk away armed with the foundational knowledge needed to discover, identify, and exploit vulnerabilities on the Android mobile platform.
1. Introduction / Android ecosystem overview
2. Android security architecture
a. Android platform
b. Android applications
3. Attack Surface Overview
b. Physically proximity
4. Discovering Vulnerabilities
a. Static Analysis Techniques
i. Tools used
ii. How to identify issues / what to look for
b. Dynamic Analysis Techniques
i. Runtime issues, artifacts, etc.
ii. Network issues, man-in-the-middle
5. Rooting your device
i. Unlocking bootloaders
ii. Soft-rooting (exploits)
6. Rooting Lab (LAB1)
1. Application Auditing
a. Intents / Receivers
b. File system issues
c. MITM attacks
2. Reverse Engineering
a. Extracting “secrets” and useful data
b. Patching and rebuilding apps
c. Examining network traffic
d. Reversing advanced protection techniques
e. Deeper bug hunting
f. RE Lab (LAB2)
a. User and kernel mode crash logs
b. Attaching to Dalvik Code
c. Attaching to Native Code
d. Debugging Lab (LAB3)
4. Intro to ARM Exploitation
a. Native code threats and vulnerabilities
b. Exploit mitigations
c. Real-world vulnerabilities
d. Exploiting a vulnerable mobile app
e. ARM exploitation lab (LAB4)
5. Privilege Escalation
a. Platform-level vulnerabilities
b. Kernel-level vulnerabilities
c. Post-exploitation persistence
d. Privilege escalation lab (LAB5)
e. Findings Review
* Laptop running Linux or capable of running a VMware Virtual Machine
* Dual core CPU, 2GB+ of RAM recommended
* At least 20GB disk space available (100GB for full AOSP mirror + tools)
* At least one free USB 2.0+ port
* A physical Android device is strongly recommended (Nexus preferred)
* A MicroUSB cable (or cable that fits your device)
* Familiarity with protocol analyzers (e.g. Wireshark, tcpdump), man-in-the-middle techniques, and basic reverse engineering concepts (e.g. debuggers, disassemblers)
* Recommended: A licensed copy of the JEB decompiler
BIO: Joshua J. Drake
Joshua J. Drake is the Sr. Director of Platform Research and Exploitation at Zimperium and Lead Author of the Android Hacker’s Handbook (Wiley, 2014). Joshua focuses on original research such as reverse engineering and the analysis, discovery, and exploitation of security vulnerabilities. He has over 10 years of experience in the field and regularly speaks at top industry conferences. Prior to Zimperium, Joshua also worked with Accuvant, Rapid7’s Metasploit, and VeriSign’s iDefense Labs.
BIO: Zach Lanier
Zach Lanier is a Senior Research Scientist with Accuvant Labs, specializing in various bits of network, mobile, and application security. Prior to joining Accuvant, Zach most recently served as a Senior Security Researcher with Duo Security. He has spoken at a variety of security conferences, such as Black Hat, CanSecWest, INFILTRATE, ShmooCon, and SecTor, and is a co-author of the “Android Hacker’s Handbook” (Wiley, 2014).
Purchase the Android Hacking Basics Below
Course Name: Pwning and Responding to SCADA Devices and Networks
Taught by two of the leading ICS security experts, this hands-on SCADA Security course features exercises and labs that are performed on a portable SCADA lab. The participant will achieve an understanding of SCADA devices, how they work, how to exploit and perform incident response on these devices. The students will have a chance to also work with and physically interact with multiple SCADA devices. In addition, defense mechanisms will be taught to ensure attack damage is kept to a minimum.
1.1 Course Overview, Introductions and Ground rules
-Virtual machine install
1.2 ICS Systems Overview
1.3 Controllers, Embedded Systems and Protocols
-PLCS, DCS, Hybrid Controllers, PC-Control
1.4 SCADA and ICS Protocols
1.5 Working with Modbus, OPC, and HMIs
1.6 Tests performed against SCADA networks
-External Penetration Testing
-Internal Penetration Testing
1.7 SCADA Vulnerability Assessment Methodology
-Vulnerability assessment against SCADA devices
2.1 SCADA Exploitation
-Discuss SCADA exploitation
-Discuss methods for exploitation
-Perform exploitation of SCADA devices/embedded controllers
2.2 Introduction to SCADA Incident Response
-Concepts of SCADA Incident Response
-Phases of SCADA Incident Response
2.3 SCADA Incident Response Overview
2.4 SCADA Incident Response In-Depth
-How to perform SCADA Incident Response
-In Depth Incident Response against live Havex malware sample and custom created malware
-Lessons learned phase
2.5 SCADA Defense Mechanisms
Laptop capable of running 3 virtual machines or virtual box images.
Purchase Pwning and Responding to SCADA Devices and Networks below
Course Name: Practical Web Application Penetration Testing (PWAPT)
This course provides customized training on the latest open source tools and manual techniques for performing end-to-end web application penetration testing engagements. After a quick overview of the penetration testing methodology, the instructor will lead students through the process of testing and exploiting a target web application using the techniques and approaches developed from a career of real world application penetration testing experiences. Students will be introduced to the best open source tools currently available for the specific steps of the methodology, including Burp Suite Pro, and taught how these tools integrate with manual testing techniques to maximize effectiveness. A major goal of this course is teaching students the glue that brings the tools and techniques together to successfully perform a web application penetration test from beginning to end, an oversight in most web application penetration testing courses.
The majority of the course will be spent performing an instructor led, hands-on web application penetration test. Students won’t be given overly simplistic steps to execute independently. Rather, at each stage of the test, the instructor will present the goals that each testing task is to accomplish and perform the penetration test in front of the class while students do it on their own machine. Primary emphasis of these instructor led exercises will be placed on how to integrate the tools with manual testing procedures to improve the overall workflow. This experience will help students gain the confidence and knowledge necessary to perform web application penetration tests as an application security professional.
* Automated Discovery
* Manual Discovery
* Capture the Flag (time permitting)
* Laptop with at least two (2) USB ports.
* Latest VMware Player, VMware Workstation, or VWware Fusion installed. Other virtualization software such as Parallels or VirtualBox will probably work if the attendee is familiar with its functionality. However, VMware Player should be prepared as a backup.
* Ability to disable all security software on their laptop such as Antivirus and/or firewalls (Administrator).
* At least twenty (20) GB of hard drive space.
* At least four (4) GB of RAM.
Tim (lanmaster53) Tomes is the Managing Consultant at nVisium with extensive experience in Application Security and Software Development. Tim currently manages multiple open source software projects such as the Recon-ng Framework, the HoneyBadger Geolocation Framework, and PeepingTom, writes technical articles at lanmaster53.com, and frequently instructs and presents on Application Security topics at major Information Security conferences such as DerbyCon, ShmooCon, Black Hat and SANS.
Purchase Practical Web Application Penetration Testing (PWAPT) below