Difference between revisions of "Training"
From BruCON 2016
(→Corelan Live – Win32 Exploit Development Bootcamp by Peter Van Eeckhoutte) |
|||
Line 74: | Line 74: | ||
but for the second day of class (iDevices) it is strongly recommended that | but for the second day of class (iDevices) it is strongly recommended that | ||
each student have Mac laptop running OS 10.6 Snow Leopard, and XCode 3.2.6 | each student have Mac laptop running OS 10.6 Snow Leopard, and XCode 3.2.6 | ||
+ | |||
+ | ==A crash course in pentesting and securing VOIP networks by Sandro Gauci and Sn0rkY== | ||
+ | As VoIP networks become more and more part of the way organizations | ||
+ | communicate, security professionals need to understand their strengths | ||
+ | and weaknesses. This knowledge will help them make sound decisions on | ||
+ | the security (or lack of) of their VoIP system and network. | ||
+ | |||
+ | Attendees who follow the VoIP security training will gain valuable | ||
+ | hands-on experience in testing VoIP equipment and networks. During the | ||
+ | training they will make use of existent security tools as well as | ||
+ | custom built tools to help them get the job done. | ||
+ | |||
+ | These are some of the hands-on topics that are covered: | ||
+ | |||
+ | * Scanning and fingerprinting various VoIP network protocols including SIP, SCCP (Skinny), MGCP, H.323 and IAX2 | ||
+ | * Toll fraud or making phone calls for free (at the expense of the victim) | ||
+ | * Attacks on PBX systems, including those specific to web applications | ||
+ | * Wiretapping of phone calls, both on physical network and remote wiretapping | ||
+ | * Denial of service attacks affecting both phones and PBX systems | ||
+ | * Attacks specific to Cisco and Asterisk VoIP solutions | ||
+ | * Common IP Phone vulnerabilities | ||
==Threat Modeling and Architecture review by Pravir Chandra== | ==Threat Modeling and Architecture review by Pravir Chandra== |
Revision as of 09:07, 25 July 2011
These are the confirmed trainings for Brucon 2011
Contents
- 1 Registration details
- 2 Location and dates
- 3 FAIR - Factor Analysis of Information Risk by Jack Jones
- 4 Corelan Live – Win32 Exploit Development Bootcamp by Peter Van Eeckhoutte
- 5 There’s An App For That (Pentesting Mobile Apps) by Joe McCray
- 6 A crash course in pentesting and securing VOIP networks by Sandro Gauci and Sn0rkY
- 7 Threat Modeling and Architecture review by Pravir Chandra
- 8 Dissecting Wireless Network Security by Vivek Ramachandran
Registration details
The price for the 2 day courses is 895 Euro early bird (+ VAT) per attendee. After 15th of July this will become 995 Euro (+ VAT) per attendee.
Registration for Trainings:
Location and dates
The courses will be given on 21 & 22 September at the Vrije Universiteit Brussel, Pleinlaan 2, 1050 Elsene
The courses start at 9h00 and end at 17h00.
Lunch is included in the training fee.
FAIR - Factor Analysis of Information Risk by Jack Jones
Factor Analysis of Information Risk (FAIR) provides a framework for understanding, analyzing, and measuring information risk. The outcomes are more cost-effective information risk management, greater credibility for the information security profession, and a foundation from which to develop a scientific approach to information risk management.
This training will introduce the students to FAIR and teach them how to apply it to real-life scenarios.
At the end of training, students are eligible to take a certification exam at no additional cost.
Everyone who attends training receives a free copy of the FAIRLite Excel-based application. FAIRLite is an Excel application designed to enable simple and effective quantitative analysis of risk scenarios using the FAIR framework. Developed by a former CISO who understands the need for efficient and practical tools, FAIRLite is simple to use and yet flexible enough to per- form powerful analyses on complex scenarios.
Note that FAIRLite requires an Excel plugin from RiskAMP.com. A fully functional 30-day demo version of the RiskAMP plugin is provided to students. Students may purchase the plugin (Professional Edition required) directly from RiskAMP for $249.95.
Students are considered to have a basic understanding of risk and some experience in one or more disciplines related to risk (e.g., information security, disaster recovery, continuity management, operational risk, etc.).
Corelan Live – Win32 Exploit Development Bootcamp by Peter Van Eeckhoutte
Based on the Corelan tutorials, this hands-on course will provide students with solid understanding of current Win32 stack based exploitation techniques :
- Win32 memory management
- Using debuggers and debugger plugins such as pvefindaddr
- Exploiting stack buffer overflows
- Bypassing memory protections (Safeseh, sehop, stack cookies, aslr, dep)
- Dealing with character set conversions and transformations (Unicode, etc)
- Using egghunters, omelet egg hunters
- Writing and integrating modules for Metasploit
- Writing shellcode
more info can be found at : http://www.corelan-training.com/
There’s An App For That (Pentesting Mobile Apps) by Joe McCray
This is a 2-day workshop focused on hands-on mobile application security testing. Each day this course starts you off with setting up your environment (emulator/sdk/hardware/etc), then quickly moves into using your device as an attack platform. From there the course goes into the basics of reverse engineering mobile applications, exploiting mobile applications on each respective platform, and finally on to attacking web services from each platform.
Important Note:
Students are strongly encouraged to bring a Mac laptop running OS 10.6 Snow
Leopard, and XCode 3.2.6
Running Windows or Linux is acceptable for the first day of class (Android), but for the second day of class (iDevices) it is strongly recommended that each student have Mac laptop running OS 10.6 Snow Leopard, and XCode 3.2.6
A crash course in pentesting and securing VOIP networks by Sandro Gauci and Sn0rkY
As VoIP networks become more and more part of the way organizations communicate, security professionals need to understand their strengths and weaknesses. This knowledge will help them make sound decisions on the security (or lack of) of their VoIP system and network.
Attendees who follow the VoIP security training will gain valuable hands-on experience in testing VoIP equipment and networks. During the training they will make use of existent security tools as well as custom built tools to help them get the job done.
These are some of the hands-on topics that are covered:
- Scanning and fingerprinting various VoIP network protocols including SIP, SCCP (Skinny), MGCP, H.323 and IAX2
- Toll fraud or making phone calls for free (at the expense of the victim)
- Attacks on PBX systems, including those specific to web applications
- Wiretapping of phone calls, both on physical network and remote wiretapping
- Denial of service attacks affecting both phones and PBX systems
- Attacks specific to Cisco and Asterisk VoIP solutions
- Common IP Phone vulnerabilities
Threat Modeling and Architecture review by Pravir Chandra
Threat Modeling & Architecture Review are cornerstones of a preventative approach to Software Security Assurance. By combining these topics into single comprehensive course attendees can get a complete understanding of how to understand the risks an application faces and how the application will handle those potential problems. This enables consistently accurate assessment of an application’s security posture and recommendation of appropriate improvements or mitigating controls.
Dissecting Wireless Network Security by Vivek Ramachandran
This workshop will provide a highly technical and in-depth treatment of Wi-Fi security. The emphasis will be to provide the participants with a deep understanding of the principles behind various attacks and not just a quick how- to guide on publicly available tools.
We will start our journey with the very basics by dissecting WLAN packet headers with Wireshark, then graduate to the next level by cracking WEP, WPA/WPA2 and then move on to real life challenges like orchestrating Man-in-the- Middle attacks and taking on the live Wi-Fi CTF!
Topics that will be addressed in the training :
- Understanding WLAN protocol basics using Wireshark
- Bypassing WLAN Authentication – Shared Key, MAC Filtering, Hidden SSIDs
- Cracking WLAN Encryption – WEP, WPA/WPA2 Personal and Enterprise
- Attacking the WLAN Infrastructure – Rogues Devices, Evil Twins, DoS Attacks, MITM attacks
- Advanced Enterprise Attacks – attacking 802.1x, Radius server, Cisco LEAP, SSL MITM over Wireless, IPSec over WLAN attacks
- Attacking Wireless Intrusion Detection and Prevention Systems
- Attacking the Wireless Client – Honeypots, Hotspot attacks, Caffe-Latte, Hirte Attack, Ad-Hoc networks and Viral SSIDs, WiFishing
- Compromising the Client using Metasploit and SET post wireless network hijacking
- Wireshark as a wireless forensics tool
- Extending Aircrack-NG for fun and profit
- Programming Wireless Sniffers and Packet Injectors using raw sockets and 3rd party libraries
- Over 25 hands-on lab sessions on different attacks
- 5 pure Wi-Fi CTF challenges of varying difficulty played at various stages in the training