Difference between revisions of "Training"

Difference between revisions of "Training"

From BruCON 2016

Jump to: navigation, search
(Blanked the page)
Line 1: Line 1:
'''BruCON 2009 is over. Check the following if you missed it:'''
* [[Presentations]]
* [[Video]]
* [[Weblogs]]
* [[Press Review]]
* [[Photo Documentation]]
Keep yourself subscribed to our [  RSS feed] or [  Announcement mailinglist] to stay informed.
<strike>There will be trainings in the days prior to BruCON (16-17 Sept) , by internationally renowned trainers and at good prices. If you were looking for the conference presentations, see the [[Schedule]].</strike>
==Registration details==
The price for the 2 day courses is € 900 (+ VAT) per attendee.
Please send an e-mail to '''registrations at''' with the following information:
* Name:
* E-mail:
* The course name:
You will receive a mail with your registration number and payment instructions (bank wire or PayPal). Upon reception of your payment, you will get your final registration confirmation. If you don't receive your payment instructions within 48h, please contact us at  '''helpdesk (at)'''
==Location & Date==
The courses will be given on 16 & 17 September in Belgacom University (BCU), Carlistraat 2, B-1140 Evere. ([,4.432983&sspn=5.075643,11.195068&ie=UTF8&z=16&iwloc=A Google Maps Link])
The courses start at 9h00 and end at 17h00.
==Overview of the courses==
===Crash course in Penetration Testing===
[[Training_1| Joe McCray and Chris Gates]]
This course will cover some of the newer aspects of penetration testing
such as Open Source Intelligence Gathering with Maltego and other Open
Source tools.
Advanced Scanning, Enumeration, Exploitation (remote and client-side),
and Post-Exploitation relying heavily on the features included in the
Metasploit Framework will also be covered.
Emphasis throughout the entire workshop will be placed on being as
stealthy as possible, and dealing with popular defensive technologies
such as:
*Network Intrusion Detection/Prevention Systems
*Host-Based Intrusion Detection/Prevention Systems
*Web Application Firewalls
*Content-Filtering Proxies
Web Application penetration testing will be covered as well with focus
on practical exploitation of cross-site scripting (XSS), cross-site
request forgery (CSRF), local/remote file includes, and SQL Injection.
'''For more details see [[Training 1| Crash Course in Penetration Testing]]'''
==== Pricing====
The price for this 2 day course is € 900 (+ VAT).
===Web 2.0 Hacking – Attacks and Defense ===
[[Training_2#About_course_designer_and_instructor | Shreeraj Shah]]
Introduction and adaptation of new technologies like Ajax, Rich Internet Applications and Web Services has changed the dimension of Application Hacking. We are witnessing new ways of hacking web based applications and it needs better understanding of technologies to secure applications. The only constant in this space is change. In this dynamically changing scenario in the era of Web 2.0 it is important to understand new threats that emerge in order to build constructive strategies to protect corporate application assets. Application layers are evolving and lot of client side attack vectors are on the rise like Ajax based XSS, CSRF, Widget injections, RSS exploits, Mashup manipulations and client side logic exploitations. At the same time various new attack vectors are evolving around SOA by attacking SOAP, XML-RPC and REST. It is time to understand these advanced attack vectors and defense strategies.
The course is designed by the author of "Web Hacking: Attacks and Defense", “Hacking Web Services” and “Web 2.0 Security – Defending Ajax, RIA and SOA” bringing his experience in application security and research as part of curriculum to address new challenges. Application Hacking 2.0 is hands-on class. The class features real life cases, hands one exercises, new scanning tools and defense mechanisms. Participants would be methodically exposed to various different attack vectors and exploits. In the class instructor will explain new tools like wsScanner, scanweb2.0, AppMap, AppCodeScan etc. for better pen-testing and application audits.
'''For more details see [[Training 2| Web 2.0 Hacking – Attacks and Defense]]'''
==== Pricing====
The price for this 2 day course is € 900 (+ VAT).
===Social Engineering testing for IT Security professionals===
[[Training_3| Sharon Conheady and Martin Law]]
Social engineering is the use of deception or impersonation to gain unauthorised access to sensitive information or facilities. Because computer security is becoming more sophisticated, hackers are combining their technical expertise with social engineering to gain access to sensitive information or valuable resources in your organisation.
Social engineering attacks can have disastrous consequences, both financially and reputationally. You can have the best technical security controls in the world, from the most expensive firewall to the most sophisticated biometrics, but they will not protect you from a social engineering attack. In any security programme people are the weakest link. Social engineering tests can be used to evaluate and strengthen this link.
Like any penetration test, social engineering tests can help to identify security weaknesses that could allow your information to be compromised. Such tests can:
* Give a good indication of and even improve your staff’s level of security awareness
* Teach your staff how to identify and deal with social engineering situations
* Provide valuable recommendations on both security awareness and physical security
'''For more details see [[Training 3| Social Engineering testing for IT Security professionals]]'''
==== Pricing====
The price for this 2 day course is € 900 (+ VAT).

Revision as of 14:29, 7 January 2010