Formation TrustedSec 2013

Bypassing Security Defenses – Secret Penetration Testing Techniques (6-7 Novembre 2013)

(course materials are in English)

Il est continuellement plus difficile de contourner les contrôles de sécurité sur des systèmes faisant face à l'externe et d'obtenir un accès complet au réseau interne. Avec les différents types de technologies, les techniques de renforcement et de détection, le travail d'un "pentester" devient de plus en plus avancé. Cette formation est destinée à enseigner des techniques avancées dans le but de contourner ces défenses de sécurité, obtenir accès à une organisaion, des trucs et secrets de l'auteur du "Social Engineering Toolkit" (SET) et l'un des "pentesters" les plus en vogue. Ce que vous apprendrez dans cette formation :

  • Concepts fondamentaux de "pentesting" et un aperçu des méthodologies et techniques
  • Bases des outils libres ainsi que des technologies, en plus de comprendre les vecteurs d'attaque
  • Compréhension du Social-Engineer Toolkit (SET) et fonctionnalités avancées
  • Contourner les technologies de sécurité tels le whitelisting et le blacklisting, les antivirus et autres mesures préventives
  • Développer une forte compréhension des techniques de "pentesting" et des "tricks of the trade"
  • Concepts de développement de haut niveau de Python et des bases de programmation
  • Créez vos propres exploits et outils en Python afin de les utiliser dans des vecteurs d'attaque
  • Compréhension de la psot exploitation et utiliser divers outils et technologie dans l'objectif de pénétrer plus profondément un réseau
  • Démontration technique "Hands on" avec des exemples réels, et ce, a chacune des chapitres du cours

Durée du cours: 2 jours

Registration form

Prix: 995$ CAD
Formation annulée


Jour un
9:00AM - 11:00AM - Basics of penetration testing and concepts and methodologies around the Penetration Testing Execution Standard
11:00AM - 12:00PM - BREAK
12:00AM - 3:30PM - Hands on with different tools and technologies
3:30PM - 5:00PM - Basics of the Social-Engineer Toolkit

Jours deux
9:00AM - 11:00AM - Bypassing whitelisting/blacklisting, anti-virus, and other preventative technologies
11:00AM - 12:00PM - BREAK
12:00PM - 2:00PM - Performing specific techniques and bypasses in penetration testing
2:00PM - 3:00PM - Post exploitation techniques and further hacking into the network.
3:00PM - 5:00PM - Introduction to Python programming and developing security tools

Informations importantes du formateur

  • Minimum Requirements To Take Course: The course is designed for beginner and intermediate levels. Basic concepts of Linux and maneuvering in Back|Track Linux is required
  • List Of Materials You Will Provide To Students: Code samples, vulnerable applications, digital copy of the Metasploit: The Penetration Testers Guide book, anti-virus safe payloads, custom tools, and more
  • List Of Equipment/Software Students Must Furnish (be very specific): The student must have a working machine with Back|Track Linux as well as a Windows machine with Java loaded. These can be virtualized and one can be the primary. No anti-virus on the Windows machine (we will need to write bypass payloads first to evade). Ensure connectivity between the two virtual machines and that networking is working properly


Dave Kennedy is founder and principal security consultant of TrustedSec, LLC - An information security consulting firm located in Cleveland Ohio. David was the former Chief Security Officer (CSO) for a Fortune 1000 where he ran the entire information security program. Kennedy is a co-author of the book "Metasploit: The Penetration Testers Guide," the creator of the Social-Engineer Toolkit (SET), and the creator of Artillery. Kennedy has presented on a number of occasions at Blackhat, Defcon, ShmooCon, BSIDES, Infosec World, Notacon, AIDE, ISACA, ISSA, Infragard, Infosec Summit, and a number of other security-related conferences. Kennedy has been interviewed by several news organizations including BBC World News. Kennedy is on the Back|Track and Exploit-DB development team and co-host of the podcast and regular on ISDPodcast. Kennedy is one of the co-authors of the Penetration Testing Execution Standard (PTES); a framework designed to fix the penetration testing industry. Kennedy is the co-founder of DerbyCon, a large-scale conference in Louisville Kentucky. Prior to Diebold, Kennedy was a VP of Consulting and Partner of a mid-size information security consulting company running the security consulting practice. Prior to the private sector, Kennedy worked for the three letter agencies and deployed to Iraq twice for intelligence related missions.


  • Picture ID verification will be required (so make sure your name matches with registration records)
  • No recording of the class allowed
  • Courseware is private & copyrighted, and can’t be used to build your own training


  • When: November 6st & 7nd, 2013 from 9am to 5pm both days
  • Where: Hôtel Plaza, Québec (Ste-foy), Quebec, Canada Google Maps
  • Material: BYOD (Bring your own device)

This includes

  • 2 day training at an awesome price! (English training)
  • Meals for both days
  • Refreshments for both days
  • Free admission to Hackfest 2013 (nights included)
  • Un t-shirt

What is NOT included

  • Hotel accommodations!