SEARCH
TOOLBOX
LANGUAGES
Difference between revisions of "Training"

Difference between revisions of "Training"

From BruCON 2016

Jump to: navigation, search
(Dissecting Wireless Network Security by Vivek Ramachandran)
(Registration details)
 
(138 intermediate revisions by 4 users not shown)
Line 1: Line 1:
These are the confirmed trainings for Brucon 2011
+
__NOTOC__
  
==FAIR - Factor Analysis of Information Risk by Jack Jones==
+
<div style="text-align: left;">
 +
Immerse yourself into the world of pen testing and application security by attending the BruCON 2016 Trainings (24-26 October 2016).
  
Factor Analysis of Information Risk (FAIR) provides a framework for understanding, analyzing, and measuring information risk. The outcomes are more cost-effective information risk management, greater credibility for the information security profession, and a foundation from which to develop a scientific approach to information risk management.
+
Offering world-class, deep-dive technical trainings given by '''the most recognized experts''' with huge industry experience in their domain!
  
This training will introduce the students to FAIR and teach them how to apply it to real-life scenarios.
+
The Line-Up:
 +
* '''[[Training 2016 - Offensive PowerShell for Red and Blue Teams|Offensive PowerShell for Red and Blue Teams by Nikhil Mittal]] '''(3-day training) - In this course, you'll learn how to attack Windows network using PowerShell, based on real world penetration tests. The course runs on a lab network to which attendees will have Free access for one month after the training. The class consists of hands-on, challenges and demonstrations.
 +
* '''[[Training 2016 - Windows Kernel Exploitation|Windows Kernel Exploitation by Ashfaq Ansari]] '''(3-day training) - In this 3-day training course, you'll learn to fuzz Windows Kernel Mode driver and find vulnerabilities. You'll be taken from basics of Windows Architecture, it's Kernel and introduction to different software vulnerabilities along with their exploitation in Kernel mode. These 3 days will be full of hands-on, kernel debugging and WinDbg-Fu.
 +
* '''[[Training 2016 - Assessing and Exploiting Control Systems| Assessing and Exploiting Control Systems by Justin Searle (**)]]''' (3-day training) - This is not your traditional SCADA/ICS/IoT security course! How many courses send you home with your own PLC and a set of hardware/RF hacking tools?!? In this 3-day version of the course, you will receive all six days worth of slides.
 +
* '''[[Training 2016 - Hacking web applications – case studies of award-winning bugs in Google, Yahoo, Mozilla and more|Hacking web applications – case studies of award-winning bugs in Google, Yahoo, Mozilla and more by Dawid Czagan]]''' (2-day training) - Have you ever thought of hacking web applications for fun and profit? How about playing with authentic, award-winning security bugs identified in some of the greatest companies? If that sounds interesting, join this unique two-day hands-on training!
 +
* '''[[Training 2016 - Attacking with Excel|Attacking with Excel by Didier Stevens]]''' (2-day training) - In this training, our resident trainer Didier will teach you how to use Microsoft Office for offensive security. Performing a port scan, injecting and execute shellcode or even loading your own DLL's without touching the disk, only by using the Excel process !
 +
* '''[[Training 2016 - Hardware hacking training with Hardsploit|Hardware hacking training with Hardsploit by Julien Moinard (*)]] '''(2-day training) - Tired of watching hardware products getting hacked every day without having your part of fun ? Don't worry it will not be the case anymore! This training teaches you hardware hacking in its most pragmatic aspects by using both theory and practice (hands-on). It follows a simple (but efficient) training methodology based on a "Discover / Analyze / Attack & Protect" guideline that can be applied to any kind of hardware product (Internet of Insecure Things included). Each student will receive a Hardsploit hardware hacking tool, with a value of 250 euros.
  
At the end of training, students are eligible to take a certification exam at no additional cost.
+
==Registration details==
 +
The price for 2-day courses is 1100 Euro early bird (+ VAT) per attendee. <br>
 +
As of August 1st 2016 this will become 1200 Euro (+ VAT) per attendee. <br>
 +
(*) The Hardware hacking training price is 180 Euro higher but includes the Hardsploit hardware
  
Everyone who attends training receives a free copy of the FAIRLite Excel-based application.
+
The price for 3-day courses is 1400 Euro early bird (+ VAT) per attendee. <br>
FAIRLite is an Excel application designed to enable simple and effective quantitative analysis of
+
As of August 1st 2016 this will become 1500 Euro (+ VAT) per attendee. <br>
risk scenarios using the FAIR framework. Developed by a former CISO who understands the
+
(**) The Assessing and Exploiting Control Systems training price is 230 Euro higher but includes a hardware kit (PLC and a hardware/RF testing kit)
need for efficient and practical tools, FAIRLite is simple to use and yet flexible enough to per-
 
form powerful analyses on complex scenarios.
 
  
Note that FAIRLite requires an Excel plugin from RiskAMP.com. A fully functional 30-day
+
Registration for Trainings:
demo version of the RiskAMP plugin is provided to students. Students may purchase the plugin
 
(Professional Edition required) directly from RiskAMP for $249.95.
 
  
Students are considered to have a basic understanding of risk and some experience in one or more disciplines related to risk (e.g., information security, disaster recovery, continuity management, operational risk, etc.).
+
[[File:Register.jpg||link=https://registration.brucon.org/training-registration/]]
  
==Corelan Live – Win32 Exploit Development Bootcamp by Peter Van Eeckhoutte'''==
+
The training price does not include travel, accommodation or computer material for the training unless otherwise stated in the training description or preparation material provided after registration.  Please read carefully any communication that will be sent to you in regard to the training you've registered for because they will outline what you need to bring to get the most out of each training.
  
Based on the Corelan tutorials, this hands-on course will provide students with solid understanding of current Win32 stack based exploitation techniques :
+
==Location and dates==
 +
The courses will be given on 24, 25 and 26 October 2016 in Hotel Novotel Gent Centrum, Goudenleeuwplein 5, B-9000 Gent<br>
  
-      Win32 memory management
+
The courses begin promptly at 09h00 and end at 17h00. Out of consideration for your instructor(s) and fellow students, please try to be seated and ready to go by 08h45.
  
-      Using debuggers and debugger plugins such as pvefindaddr
+
Lunch is included in the training fee.
 
 
-      Exploiting stack buffer overflows
 
 
 
-      Bypassing memory protections (Safeseh, sehop, stack cookies, aslr, dep)
 
 
 
-      Dealing with character set conversions and transformations (Unicode, etc)
 
 
 
-      Using egghunters, omelet egg hunters
 
 
 
-      Writing and integrating modules for Metasploit
 
 
 
-      Writing shellcode
 
 
 
==There’s An App For That (Pentesting Mobile Apps) by Joe McCray==
 
 
 
This is a 2-day workshop focused on hands-on mobile application security testing. Each day this course starts you off with setting up your environment (emulator/sdk/hardware/etc), then quickly moves into using your device as an attack platform. From there the course goes into the basics of reverse engineering mobile applications, exploiting mobile applications on each respective platform, and finally on to attacking web services from each platform.
 
 
 
==Threat Modeling and Architecture review by Pravir Chandra==
 
Threat Modeling & Architecture Review are cornerstones of a preventative approach to Software Security
 
Assurance. By combining these topics into single comprehensive course attendees can get a complete
 
understanding of how to understand the risks an application faces and how the application will handle
 
those potential problems. This enables consistently accurate assessment of an application’s security
 
posture and recommendation of appropriate improvements or mitigating controls.
 
 
 
==Dissecting Wireless Network Security by Vivek Ramachandran==
 
This workshop will provide a highly technical and in-depth treatment of Wi-Fi security. The emphasis will be to provide the participants with a deep understanding of the principles behind various attacks and not just a quick how-
 
to guide on publicly available tools.
 
 
 
We will start our journey with the very basics by dissecting WLAN packet headers with Wireshark, then graduate to the next level by cracking WEP, WPA/WPA2 and then move on to real life challenges like orchestrating Man-in-the-
 
Middle attacks and taking on the live Wi-Fi CTF!
 
 
 
Topics that will be addressed in the training :
 
* Understanding WLAN protocol basics using Wireshark
 
* Bypassing WLAN Authentication – Shared Key, MAC Filtering, Hidden SSIDs
 
* Cracking WLAN Encryption – WEP, WPA/WPA2 Personal and Enterprise
 
* Attacking the WLAN Infrastructure – Rogues Devices, Evil Twins, DoS Attacks, MITM attacks
 
* Advanced Enterprise Attacks – attacking 802.1x, Radius server, Cisco LEAP, SSL MITM over Wireless, IPSec over WLAN attacks
 
* Attacking Wireless Intrusion Detection and Prevention Systems
 
* Attacking the Wireless Client – Honeypots, Hotspot attacks, Caffe-Latte, Hirte Attack, Ad-Hoc networks and Viral SSIDs, WiFishing
 
* Compromising the Client using Metasploit and SET post wireless network hijacking
 
* Wireshark as a wireless forensics tool
 
* Extending Aircrack-NG for fun and profit
 
* Programming Wireless Sniffers and Packet Injectors using raw sockets and 3rd party libraries
 
* Over 25 hands-on lab sessions on different attacks
 
* 5 pure Wi-Fi CTF challenges of varying difficulty played at various stages in the training
 

Latest revision as of 20:18, 20 June 2016


Immerse yourself into the world of pen testing and application security by attending the BruCON 2016 Trainings (24-26 October 2016).

Offering world-class, deep-dive technical trainings given by the most recognized experts with huge industry experience in their domain!

The Line-Up:

  • Offensive PowerShell for Red and Blue Teams by Nikhil Mittal (3-day training) - In this course, you'll learn how to attack Windows network using PowerShell, based on real world penetration tests. The course runs on a lab network to which attendees will have Free access for one month after the training. The class consists of hands-on, challenges and demonstrations.
  • Windows Kernel Exploitation by Ashfaq Ansari (3-day training) - In this 3-day training course, you'll learn to fuzz Windows Kernel Mode driver and find vulnerabilities. You'll be taken from basics of Windows Architecture, it's Kernel and introduction to different software vulnerabilities along with their exploitation in Kernel mode. These 3 days will be full of hands-on, kernel debugging and WinDbg-Fu.
  • Assessing and Exploiting Control Systems by Justin Searle (**) (3-day training) - This is not your traditional SCADA/ICS/IoT security course! How many courses send you home with your own PLC and a set of hardware/RF hacking tools?!? In this 3-day version of the course, you will receive all six days worth of slides.
  • Hacking web applications – case studies of award-winning bugs in Google, Yahoo, Mozilla and more by Dawid Czagan (2-day training) - Have you ever thought of hacking web applications for fun and profit? How about playing with authentic, award-winning security bugs identified in some of the greatest companies? If that sounds interesting, join this unique two-day hands-on training!
  • Attacking with Excel by Didier Stevens (2-day training) - In this training, our resident trainer Didier will teach you how to use Microsoft Office for offensive security. Performing a port scan, injecting and execute shellcode or even loading your own DLL's without touching the disk, only by using the Excel process !
  • Hardware hacking training with Hardsploit by Julien Moinard (*) (2-day training) - Tired of watching hardware products getting hacked every day without having your part of fun ? Don't worry it will not be the case anymore! This training teaches you hardware hacking in its most pragmatic aspects by using both theory and practice (hands-on). It follows a simple (but efficient) training methodology based on a "Discover / Analyze / Attack & Protect" guideline that can be applied to any kind of hardware product (Internet of Insecure Things included). Each student will receive a Hardsploit hardware hacking tool, with a value of 250 euros.

Registration details

The price for 2-day courses is 1100 Euro early bird (+ VAT) per attendee.
As of August 1st 2016 this will become 1200 Euro (+ VAT) per attendee.
(*) The Hardware hacking training price is 180 Euro higher but includes the Hardsploit hardware

The price for 3-day courses is 1400 Euro early bird (+ VAT) per attendee.
As of August 1st 2016 this will become 1500 Euro (+ VAT) per attendee.
(**) The Assessing and Exploiting Control Systems training price is 230 Euro higher but includes a hardware kit (PLC and a hardware/RF testing kit)

Registration for Trainings:

Register.jpg

The training price does not include travel, accommodation or computer material for the training unless otherwise stated in the training description or preparation material provided after registration. Please read carefully any communication that will be sent to you in regard to the training you've registered for because they will outline what you need to bring to get the most out of each training.

Location and dates

The courses will be given on 24, 25 and 26 October 2016 in Hotel Novotel Gent Centrum, Goudenleeuwplein 5, B-9000 Gent

The courses begin promptly at 09h00 and end at 17h00. Out of consideration for your instructor(s) and fellow students, please try to be seated and ready to go by 08h45.

Lunch is included in the training fee.