TrustedSec 2013 Training


Bypassing Security Defenses – Secret Penetration Testing Techniques (November 6th & 7th 2013)

(course materials are in English)

It is continuously becoming harder to circumvent the security controls on externally facing systems and gain full access to the internal network. With the different types of technologies, hardening techniques, and detection; the job of a penetration tester continues to get more advanced. This course is designed to teach advanced techniques in order to bypass security defenses, gain access to an organization, and further penetrate into the network. Learn the techniques, tricks, and secrets from the author of the Social-Engineer Toolkit (SET) and one of the top penetration testers. What you’ll learn in this course:

  • Fundamental penetration testing concepts and an overview on methodologies and techniques
  • Basics of open-source tools and technologies and understanding attack avenues
  • Understanding of the Social-Engineer Toolkit (SET) and advanced features
  • Bypassing security technologies such as whitelisting/blacklisting, anti-virus, and other preventative measures
  • Develop a solid understanding of penetration testing techniques and tricks of the trade
  • High-level development concepts of Python and basics to programming
  • Creating your own exploits and tools in Python and utilizing them in attack vectors
  • An understanding of post exploitation and utilizing different tools and technologies in order to further penetrate a network
  • Hands on demonstrations, real world examples, and complete hands on with each of the phases of the course





Course Length: 2 days

Registration form


Price: 995$ CAD

Training canceled

Schedule


Day one
9:00AM - 11:00AM - Basics of penetration testing and concepts and methodologies around the Penetration Testing Execution Standard
11:00AM - 12:00PM - BREAK
12:00AM - 3:30PM - Hands on with different tools and technologies
3:30PM - 5:00PM - Basics of the Social-Engineer Toolkit

Day two
9:00AM - 11:00AM - Bypassing whitelisting/blacklisting, anti-virus, and other preventative technologies
11:00AM - 12:00PM - BREAK
12:00PM - 2:00PM - Performing specific techniques and bypasses in penetration testing
2:00PM - 3:00PM - Post exploitation techniques and further hacking into the network.
3:00PM - 5:00PM - Introduction to Python programming and developing security tools

Trainer/Student Information

  • Minimum Requirements To Take Course: The course is designed for beginner and intermediate levels. Basic concepts of Linux and maneuvering in Back|Track Linux is required
  • List Of Materials You Will Provide To Students: Code samples, vulnerable applications, digital copy of the Metasploit: The Penetration Testers Guide book, anti-virus safe payloads, custom tools, and more
  • List Of Equipment/Software Students Must Furnish (be very specific): The student must have a working machine with Back|Track Linux as well as a Windows machine with Java loaded. These can be virtualized and one can be the primary. No anti-virus on the Windows machine (we will need to write bypass payloads first to evade). Ensure connectivity between the two virtual machines and that networking is working properly

Bio


Dave Kennedy is founder and principal security consultant of TrustedSec, LLC - An information security consulting firm located in Cleveland Ohio. David was the former Chief Security Officer (CSO) for a Fortune 1000 where he ran the entire information security program. Kennedy is a co-author of the book "Metasploit: The Penetration Testers Guide," the creator of the Social-Engineer Toolkit (SET), and the creator of Artillery. Kennedy has presented on a number of occasions at Blackhat, Defcon, ShmooCon, BSIDES, Infosec World, Notacon, AIDE, ISACA, ISSA, Infragard, Infosec Summit, and a number of other security-related conferences. Kennedy has been interviewed by several news organizations including BBC World News. Kennedy is on the Back|Track and Exploit-DB development team and co-host of the Social-Engineer.org podcast and regular on ISDPodcast. Kennedy is one of the co-authors of the Penetration Testing Execution Standard (PTES); a framework designed to fix the penetration testing industry. Kennedy is the co-founder of DerbyCon, a large-scale conference in Louisville Kentucky. Prior to Diebold, Kennedy was a VP of Consulting and Partner of a mid-size information security consulting company running the security consulting practice. Prior to the private sector, Kennedy worked for the three letter agencies and deployed to Iraq twice for intelligence related missions.

Rules

  • Picture ID verification will be required (so make sure your name matches with registration records)
  • No recording of the class allowed
  • Courseware is private & copyrighted, and can’t be used to build your own training

Logistics

  • When: November 6st & 7nd, 2013 from 9am to 5pm both days
  • Where: Hôtel Plaza, Québec (Ste-foy), Quebec, Canada Google Maps
  • Material: BYOD (Bring your own device)

This includes

  • 2 day training at an awesome price! (English training)
  • Meals for both days
  • Refreshments for both days
  • Free admission to Hackfest 2013 (nights included)
  • One t-shirt

What is NOT included

  • Hotel accommodations!