SEARCH
TOOLBOX
LANGUAGES
Difference between revisions of "Training"

Difference between revisions of "Training"

From BruCON 2016

Jump to: navigation, search
(Registration details)
 
(149 intermediate revisions by 6 users not shown)
Line 1: Line 1:
[[Image:Register.jpg|200px|link=https://ssl.brucon.org/register-training/]]
+
__NOTOC__
  
There will be training sessions in the days prior to BruCON (22-23 Sept) , by internationally renowned trainers and at good prices. More courses will be announced in the coming days, so check this page later for more information.
+
<div style="text-align: left;">
 +
Immerse yourself into the world of pen testing and application security by attending the BruCON 2016 Trainings (24-26 October 2016).
  
==Registration details==
+
Offering world-class, deep-dive technical trainings given by '''the most recognized experts''' with huge industry experience in their domain!
  
The price for the 2 day courses is 895 € early bird (+ VAT) per attendee. After 1st of July this will become 995 €.
+
The Line-Up:
 +
* '''[[Training 2016 - Offensive PowerShell for Red and Blue Teams|Offensive PowerShell for Red and Blue Teams by Nikhil Mittal]] '''(3-day training) - In this course, you'll learn how to attack Windows network using PowerShell, based on real world penetration tests. The course runs on a lab network to which attendees will have Free access for one month after the training. The class consists of hands-on, challenges and demonstrations.
 +
* '''[[Training 2016 - Windows Kernel Exploitation|Windows Kernel Exploitation by Ashfaq Ansari]] '''(3-day training) - In this 3-day training course, you'll learn to fuzz Windows Kernel Mode driver and find vulnerabilities. You'll be taken from basics of Windows Architecture, it's Kernel and introduction to different software vulnerabilities along with their exploitation in Kernel mode. These 3 days will be full of hands-on, kernel debugging and WinDbg-Fu.
 +
* '''[[Training 2016 - Assessing and Exploiting Control Systems| Assessing and Exploiting Control Systems by Justin Searle (**)]]''' (3-day training) - This is not your traditional SCADA/ICS/IoT security course! How many courses send you home with your own PLC and a set of hardware/RF hacking tools?!? In this 3-day version of the course, you will receive all six days worth of slides.
 +
* '''[[Training 2016 - Hacking web applications – case studies of award-winning bugs in Google, Yahoo, Mozilla and more|Hacking web applications – case studies of award-winning bugs in Google, Yahoo, Mozilla and more by Dawid Czagan]]''' (2-day training) - Have you ever thought of hacking web applications for fun and profit? How about playing with authentic, award-winning security bugs identified in some of the greatest companies? If that sounds interesting, join this unique two-day hands-on training!
 +
* '''[[Training 2016 - Attacking with Excel|Attacking with Excel by Didier Stevens]]''' (2-day training) - In this training, our resident trainer Didier will teach you how to use Microsoft Office for offensive security. Performing a port scan, injecting and execute shellcode or even loading your own DLL's without touching the disk, only by using the Excel process !
 +
* '''[[Training 2016 - Hardware hacking training with Hardsploit|Hardware hacking training with Hardsploit by Julien Moinard (*)]] '''(2-day training) - Tired of watching hardware products getting hacked every day without having your part of fun ? Don't worry it will not be the case anymore! This training teaches you hardware hacking in its most pragmatic aspects by using both theory and practice (hands-on). It follows a simple (but efficient) training methodology based on a "Discover / Analyze / Attack & Protect" guideline that can be applied to any kind of hardware product (Internet of Insecure Things included). Each student will receive a Hardsploit hardware hacking tool, with a value of 250 euros.
  
==Location & Date==
+
==Registration details==
 
+
The price for 2-day courses is 1100 Euro early bird (+ VAT) per attendee. <br>
The courses will be given on 22 & 23 September in Belgacom University (BCU), Carlistraat 2, B-1140 Evere. ([http://maps.google.be/maps?f=q&source=s_q&hl=nl&geocode=&q=Carlistraat+2+B-1140+Evere&sll=50.805935,4.432983&sspn=5.075643,11.195068&ie=UTF8&z=16&iwloc=A Google Maps Link])
+
As of August 1st 2016 this will become 1200 Euro (+ VAT) per attendee. <br>
 
+
(*) The Hardware hacking training price is 180 Euro higher but includes the Hardsploit hardware
The courses start at 9h00 and end at 17h00.
 
 
 
==Overview of the courses==
 
<hr>
 
===Training #1: Pentesting High Security Environments===
 
====Description====
 
This course will focus on penetration testing techniques that can be used when testing
 
highly secured environments such as 3-letter agencies, DoD, financial organizations,
 
federal organizations, and large companies. If you are tired of attacking unpatched
 
Windows 2000 Servers in your hacking courses and want to take a course where you will
 
be attacking new Operating Systems/Applications that are patched, locked down, and
 
protected with an IDS/IPS then this is the course for you.
 
 
 
The first day of the course starts with attacking heavily protected environments from the
 
outside and dealing with Network-Based IDS/IPS. Next is attacking web applications and
 
dealing with Load Balancing, common application security measures in PHP/ASP.NET,
 
and Web Application Firewalls.
 
 
 
The second day covers attacking from the LAN, dealing with NAC solutions, locked
 
down workstations/GPOs, and Host-Based IDS/IPS. The last section of the course covers
 
gaining control of Active Directory.
 
 
 
====Instructor====
 
[[Training_1#Instructors| Joe McCray ]]<br><br>
 
'''For more details see [[Training_1#description| Pentesting High Security Environments]]'''
 
 
 
==== Pricing====
 
The price is 895 € early bird (+ VAT) per attendee. After 1st of July this will become 995 €.
 
 
 
<hr>
 
 
 
===Training #2: A crash course in pentesting and securing VOIP networks===
 
====Description====
 
As VoIP networks become more and more part of the way organizations communicate, security professionals need to understand their strengths and weaknesses. This knowledge will help them make sound decisions on the security (or lack of) of their VoIP system and network.
 
 
 
Attendees who follow the VoIP security training will gain valuable hands-on experience in testing VoIP equipment and networks. During the training they will make use of existent security tools as well as custom built tools to help them get the job done.
 
 
 
====Instructor====
 
[[Training_2#Instructors | Joffrey Czarny and Sandro Gauci ]]<br><br>
 
'''For more details see [[Training 2#description | A crash course in pentesting and securing VOIP networks ]]'''
 
 
 
==== Pricing====
 
The price is 895 € early bird (+ VAT) per attendee. After 1st of July this will become 995 €.
 
 
 
===Training #3: Social engineering===
 
====Description====
 
 
 
<blockquote>''In 2007, one of the biggest diamond robberies ever found place. The thief used no violence. He used one weapon --  his charm -- to gain confidence. He bought chocolates for the personnel, he was a nice guy, he charmed them, got the original of keys to make copies and got information on where the diamonds were. You can have all the safety and security you want, but if someone uses their charm to mislead people it won't help.''</blockquote>
 
 
 
Social engineering attacks can have disastrous consequences, both financially and reputationally. You can have the best technical security controls in the world, from the most expensive firewall to the most sophisticated biometrics, but they will not protect you from a social engineering attack. In any security programme people are the weakest link. Social engineering tests can be used to evaluate and strengthen this link.
 
  
Like any penetration test, social engineering tests can help to identify security weaknesses that could allow your IT systems to be compromised. Such tests can:
+
The price for 3-day courses is 1400 Euro early bird (+ VAT) per attendee. <br>
 +
As of August 1st 2016 this will become 1500 Euro (+ VAT) per attendee. <br>
 +
(**) The Assessing and Exploiting Control Systems training price is 230 Euro higher but includes a hardware kit (PLC and a hardware/RF testing kit)
  
* Give a good indication of and even improve your staff’s level of security awareness
+
Registration for Trainings:
* Teach your staff how to identify and deal with social engineering situations
 
* Provide valuable recommendations on both security awareness and physical security
 
  
However, it can be difficult to know how to conduct a social engineering test. This two-day training course will teach participants how to conduct an ethical social engineering test, the theory behind social engineering, as well as giving recommendations on how to defend against social engineers. The course will include practical exercises and is open to anyone with an interest in social engineering.
+
[[File:Register.jpg||link=https://registration.brucon.org/training-registration/]]
  
====Instructors====
+
The training price does not include travel, accommodation or computer material for the training unless otherwise stated in the training description or preparation material provided after registration. Please read carefully any communication that will be sent to you in regard to the training you've registered for because they will outline what you need to bring to get the most out of each training.
[[Training_3#Instructors | Martin Law and Sharon Conheady]]<br><br>
 
'''For more details see [[Training_3#description | Social Engineering]]'''
 
==== Pricing====
 
The price is 895 € early bird (+ VAT) per attendee. After 1st of July this will become 995 €.
 
===Training #4: Assessing and Exploiting Web Applications with Samurai-WTF===
 
====Description====
 
This course will focus on using open source tools to perform web application assessments. The course will take attendees through the process of application assessment using the open source tools included in the Samurai Web Testing Framework Live CD (Samurai-WTF). Day one will take students through the steps and open source tools used to assess applications for vulnerabilities. Day two will focus on the exploitation of web app vulnerabilities, spending half the day on server side attacks and the other half of the day on client side attacks. The latest tools and techniques will be use throughout the course, including several tools developed by the trainers themselves.
 
  
====Instructor====
+
==Location and dates==
[[Training_4#Instructor | Justin Searle]]<br><br>
+
The courses will be given on 24, 25 and 26 October 2016 in Hotel Novotel Gent Centrum, Goudenleeuwplein 5, B-9000 Gent<br>
'''For more details see [[Training_4#Description | Assessing and Exploiting Web Applications with Samurai-WTF]]'''
 
  
===Training #5: Advanced Vulnerability Scanning Techniques Using Nessus===
+
The courses begin promptly at 09h00 and end at 17h00. Out of consideration for your instructor(s) and fellow students, please try to be seated and ready to go by 08h45.
====Description====
 
This course teaches advanced scanning techniques by using a real-world scenario to demonstrate how these techniques help to solve problems in an example work environment. In this course you (or you and your team) will take on the role of a brand new security engineer for a financial company. You will be tasked with configuring and auditing a system to be used within your network environment. The system, and associated applications, make up the environment used to manage the business. Currently, the old systems are in place and an upgrade is planned. The current vulnerability scanning process takes over a week to complete and there is duplication of effort and a known false positive rate. Additionally, breaches have occurred on the network and your company is in jeopardy of being fined due to compliance violations. The vulnerability management process is missing vulnerabilities that were exploited by attackers. A sample system has been provided for you, that exactly mirrors what will be used in production, right down to the passwords and configuration.  
 
  
====Instructor====
+
Lunch is included in the training fee.
[[Training_5#Instructor | Paul Asadoorian]]<br><br>
 
'''For more details see [[Training_5#Description | Advanced Vulnerability Scanning Techniques Using Nessus]]'''
 

Latest revision as of 20:18, 20 June 2016


Immerse yourself into the world of pen testing and application security by attending the BruCON 2016 Trainings (24-26 October 2016).

Offering world-class, deep-dive technical trainings given by the most recognized experts with huge industry experience in their domain!

The Line-Up:

  • Offensive PowerShell for Red and Blue Teams by Nikhil Mittal (3-day training) - In this course, you'll learn how to attack Windows network using PowerShell, based on real world penetration tests. The course runs on a lab network to which attendees will have Free access for one month after the training. The class consists of hands-on, challenges and demonstrations.
  • Windows Kernel Exploitation by Ashfaq Ansari (3-day training) - In this 3-day training course, you'll learn to fuzz Windows Kernel Mode driver and find vulnerabilities. You'll be taken from basics of Windows Architecture, it's Kernel and introduction to different software vulnerabilities along with their exploitation in Kernel mode. These 3 days will be full of hands-on, kernel debugging and WinDbg-Fu.
  • Assessing and Exploiting Control Systems by Justin Searle (**) (3-day training) - This is not your traditional SCADA/ICS/IoT security course! How many courses send you home with your own PLC and a set of hardware/RF hacking tools?!? In this 3-day version of the course, you will receive all six days worth of slides.
  • Hacking web applications – case studies of award-winning bugs in Google, Yahoo, Mozilla and more by Dawid Czagan (2-day training) - Have you ever thought of hacking web applications for fun and profit? How about playing with authentic, award-winning security bugs identified in some of the greatest companies? If that sounds interesting, join this unique two-day hands-on training!
  • Attacking with Excel by Didier Stevens (2-day training) - In this training, our resident trainer Didier will teach you how to use Microsoft Office for offensive security. Performing a port scan, injecting and execute shellcode or even loading your own DLL's without touching the disk, only by using the Excel process !
  • Hardware hacking training with Hardsploit by Julien Moinard (*) (2-day training) - Tired of watching hardware products getting hacked every day without having your part of fun ? Don't worry it will not be the case anymore! This training teaches you hardware hacking in its most pragmatic aspects by using both theory and practice (hands-on). It follows a simple (but efficient) training methodology based on a "Discover / Analyze / Attack & Protect" guideline that can be applied to any kind of hardware product (Internet of Insecure Things included). Each student will receive a Hardsploit hardware hacking tool, with a value of 250 euros.

Registration details

The price for 2-day courses is 1100 Euro early bird (+ VAT) per attendee.
As of August 1st 2016 this will become 1200 Euro (+ VAT) per attendee.
(*) The Hardware hacking training price is 180 Euro higher but includes the Hardsploit hardware

The price for 3-day courses is 1400 Euro early bird (+ VAT) per attendee.
As of August 1st 2016 this will become 1500 Euro (+ VAT) per attendee.
(**) The Assessing and Exploiting Control Systems training price is 230 Euro higher but includes a hardware kit (PLC and a hardware/RF testing kit)

Registration for Trainings:

Register.jpg

The training price does not include travel, accommodation or computer material for the training unless otherwise stated in the training description or preparation material provided after registration. Please read carefully any communication that will be sent to you in regard to the training you've registered for because they will outline what you need to bring to get the most out of each training.

Location and dates

The courses will be given on 24, 25 and 26 October 2016 in Hotel Novotel Gent Centrum, Goudenleeuwplein 5, B-9000 Gent

The courses begin promptly at 09h00 and end at 17h00. Out of consideration for your instructor(s) and fellow students, please try to be seated and ready to go by 08h45.

Lunch is included in the training fee.