During this comprehensive course, tools and methodologies that are used during penetration tests in enterprise network/application environments will be detailed. The course will utilize a lab environment for a hands-on instruction of manual penetration testing methods, in addition to training for use of exploitation frameworks, such as Metasploit.
Focus will be geared towards methodology, processes, vectors, tools, and techniques used for exploitation. By the end of the course, the student will have an in-depth understanding of the underlying principals of network/application exploitation and will have gained experience in the successful execution of attacks.
Minimum Course Requirements:
Bring a Laptop with: 8GB of RAM at Minimum and Quad-Core Processor at minimum with the ability to Run Virtual Machines
Understanding of Basic Networking Concepts
Basic Linux Comprehension
Target Audience: This seminar is geared towards those seeking to enter the information security industry while also enriching those who seek to develop the skills and experience necessary to succeed as a penetration tester(for fun and for profit).
Rod Soto has over 15 years of experience in information technology and security. He has spoken at ISSA, ISC2, OWASP, RSA, DerbyCon,BlackHat,
DEFCON, Hackmiami, Bsides and also been featured in Rolling Stone Magazine, Pentest Magazine, Univision, VICE and CNN. Rod Soto was the
winner of the 2012 BlackHat Las vegas CTF competition and is the founder and lead developer of the Kommand && KonTroll/ NOQRTRCTF
competitive hacking Tournament series. He has also architected and co-develop military cyber ranges.
For more information:
The goal of the training is to give a red teamer's perspective to hackers and penetration testers who want to up their game of VAPT. We will start first with the fundamental concepts of red teaming and its process followed by differentiating how red-teaming is different than normal pentesting and the benefits of having a red-teaming approach towards application security testing.
After this, the training will build upon from the ground up starting with the fundamental concepts of Information Gathering and Recon + various un-common tools and techniques to gather much more information about a target. We will then share red-teaming techniques for VA of Web and Mobile Applications where we will discuss various tools and tricks to find more bugs which will be followed by exploitation and data extraction methodologies. Not only will we be going through various automated tools and manual analysis, but the focus will also be on making the tools work efficiently and effectively by tweaking and debugging them.
This will also include multiple case studies of interesting Business Logic vulnerabilities and how to spot them. Then we will cover numerous pivoting and privilege escalation mechanisms that help a red teamer move swiftly inside a corporate network without alerting the SOCs. The training will be packed with tons of real-life case studies we encounter during our staple + BONUS: A step by step case study of how we owned various pharmaceutical devices inside a corporate manufacturing network of a million dollar pharma client who wanted more than VAPT.
Key Learning Objectives:
Red Teaming and its approaches
Setting up a lightweight testing environment for maximum efficiency
Hunting for bugs and vulnerabilities that slip past automated scanners
Manual Exploitation of critical vulnerabilities and customizing public tools to work better
Data exfiltration techniques
Being stealthy, clean yet efficient while walking inside corporate networks
Interesting Case Studies
Hardware and Software Requirements
Laptop with Linux (Kali preferred in Virtual Machine) and min 4 GB ram (8 GB if VM)
Working Internet Connection via LAN and WiFi
Basic pentesting tools like Burp Suite (Pro preferred), Sqlmap and scripting engines like python and perl etc
What Students will receive
Free Hardcopy/Ebook of 3 Books (worth 150 EUR) to guide students from the ground up wrt. Hacking and Red Teaming tactics:
Kali Linux - Ethical Hackers Cookbook
Hands On - Red Team Tactics
Kali Linux - Ethical Hackers Cookbook (Second Edition) to be released in March (2019)
Aman Sachdev: Aman Sachdev is a programmer at heart and an information security professional with 5+ years of experience in Information Security Training and Testing has trained over 5000 individuals. His love for breaking challenging WAFs landed him in the core team as a red team pentester at Bugsbounty. Aman has done his Bachelor's in Computer Applications and also holds an OSCP certification apart from his vast experience in web application development. At BugsBounty he solves cybersecurity problems in the day and creates them at night. He has presented at numerous security conferences including RSA, CONFIDENCE Poland and CONFIDENCE London among others.
Himanshu Sharma (Co-Trainer): : Himanshu Sharma, has been in the field of bug bounty since 2009 and has been listed in Apple, Google, Microsoft, Facebook, Adobe, Uber, AT&T, Avira, and many more with hall of fame listings as proofs. . He has helped celebrities such as Harbhajan Singh in recovering their hacked accounts, and also assisted an international singer in tracking down his hacked account and recovering it. He has been a speaker at multiple international conferences Botconf '13, Confidence 2018 and RSA Asia Pacific and Japan '18 . He also spoke at IEEE Conference in California and Malaysia as well as for TedX. Currently, he is the cofounder of BugsBounty, a crowd-sourced security platform for ethical hackers and companies interested in cyber services. He also authored a book on Kali Linux titled "Kali Linux - An Ethical Hacker's Cookbook"
For more information:
This comprehensive one-day course will introduce both novice and advanced reverse engineers to the powerful features of Binary Ninja, a relatively new binary analysis tool. Students will hit the ground running with a fast paced comprehensive overview of Binary Ninja’s user interface before diving directly into the defining features of the tool: the Binary Ninja Intermediate Languages, or BNIL.
We will cover both the Low Level IL and Medium Level IL and why they are both superior to native disassembly for program analysis. From there, we will work in-depth with the Python API and explore how to develop plugins to serve as force multipliers in students’ analysis tasks; this will include techniques that are relatively unknown, such as automating creation of types and structures.
Finally, students will work with the various patching methods available in Binary Ninja, including the embedded Shell code C Compiler, to develop both exploits and shell code payloads from within Binary Ninja. Further advanced topics may be covered if time permits.
Minimum Course Requirements:
This training is tailored for those interested in reverse engineering
with at least a basic familiarity with an assembly language,
particularly x86/x64 or ARM. Additionally, some level of competence in
Python is expected. Basic knowledge of C/C++ will also be helpful.
What will be provided?
A USB drive containing the slide deck and all example scripts and binaries
A voucher for a free copy of Binary Ninja Personal edition (which can
also be upgraded to Commercial at a pro-rated price)
Josh Watson is a Senior Security Engineer at Trail of Bits and an
active member of the Binary Ninja community. He has published numerous
articles about reverse engineering with the Binary Ninja APIs and
released several open source plugins and tools. Due to his intimate
knowledge of its features and API, he is often confused for a Binary
For more information:
This Offensive OSINT training program focuses on a wide range of tools and techniques for performing real-world reconnaissance in order to launch targeted attacks against modern infrastructures.
This advanced training not only talks about using OSINT to extract data but also focuses on the significance of this data and how it could be directly enriched and used offensively for attacking and compromising Modern Digital Infrastructures.
We will take a deep-dive into various methodologies for extracting useful information from the internet. Furthermore, we will cover how this extracted information can be used in multiple attack scenarios.
This course takes a comprehensive hands-on approach to indulge the participants into real world scenarios, simulated lab environment and case studies in order to get proficient in techniques and methodologies. Each participant will also be provided ONE MONTH FREE ACCESS to our Private Lab mimicking the modern age infrastructure, as well as decoy accounts and organization’s social presence, where they can practise the skills learnt during the course.
* Target Scoping and Mapping the Attack Surface
* Subdomain Enumeration
* Organization’s Social Media Profiling
* Hunting Code Repositories, Dark Web, Paste(s) Sites and Leaked Data
* Employee(s) Profiling
* Cloud Recon
* Bucket/Blogs/Spaces Enumeration
* Enriching OSINT Data
* Tech Stack Profiling
* Identifying SSO/Login/Admin/VPN Portal(s)
* Explore Breached Password Databases
* Metadata Extraction
* Attacking Network Services using collated data
* Compromising Business Communication Infrastructure (BCI)
* Targeted Credential Spraying
* Compromising Cloud Server Instances
* Should have basic understanding of Pentesting
Who should take this course
* Penetration Testers
* Social Engineers
* Bug Bounty Hunters
* OSINT Researchers
* Risk Management Professionals
What Students Will Be Provided With
* Student Pack which contains
* Slide deck and OSINT CheatSheet
* Important Tools and custom Scripts
* Answers to challenges (covered during the training program)
* 1 Month Free Lab Access.
Shubham Mittal is an active Information Security researcher with 6+ years of experience in Pentesting and OSINT. He is Review Board Member for BlackHat Asia. He has delivered his trainings at Black Hat, NullCon, HackMiami, c0c0n, etc. He is the author of OSINT Framework - DataSploit (listed in Top Ten Security Tools of 2016) and is core organizer of @Recon Village which runs @DEFCON. He works from the command line, uses vi and loves beer.
For more information:
Sudhanshu Chauhan is an information security professional with 6+ years of experience. He is the developer of RedHunt OS and one of the core contributors to Datasploit (Open Source OSINT Framework). Sudhanshu has also identified multiple critical vulnerabilities in various organisations like Adobe, ATT, Freelancer, Yandex etc. He has been a speaker at various conferences such as Ground Zero Summit, Cyber-Hackathon Bar-Ilan University, BlackHat Arsenal, has delivered training at BlackHat US, AppSec EU, and c0c0n security conference and is core organizer of @Recon Village which runs @DEFCON and other security conferences.
For more information:
New generation malware and attacks have been targeting ICS and systems
causing huge monetary and human life losses. ICS system still vulnerable in
nature because it’s poorly understood. Penetration testing on ICS systems is a
very niche field which requires in-depth knowledge and has a huge dependency in
terms of the Hardware availability.
In this course, will concentrate on methodologies to conduct penetration testing
of commercial Hardware devices such as PLCs as well as simulators and also
provide an excellent opportunity for participants to have hands-on experience on
Penetration Testing of these devices and systems. This course also focused on
hardware analysis of the embedded system and fuzzing techniques over ICS
protocol to identify 0-day vulnerabilities. The ICS setup will simulate the ICS
infrastructure with real-time PLCs and SCADA application. In the end, of course,
there will be ICS CTF and some GOODIES to give away for the winners
Throughout the course, we will use Astra-ICS, a VM created by us specifically for
ICS and IoT penetration testing. It has most of the required tools for ICS and IoT
security analysis. We will also distribute VulICS, a vulnerable embedded sensor
made in-house for hands-on exercises.
The “Practical Industrial Control System (ICS) Hacking” course is aimed at
security professionals who want to enhance their skills and move to/specialize in
ICS security. The course is structured for beginner to intermediate level attendees
who do not have any experience in ICS, reversing or hardware.
WHO SHOULD TAKE THIS COURSE;
Penetration testers tasked with auditing ICS
Government officials from defensive or offensive units
Red team members tasked with compromising the ICS infrastructure
Embedded security enthusiasts
SCADA and PLC programmers.
Anyone interested in ICS security
Basic knowledge of Linux OS
Basic knowledge of programming (C, python) would be a plus
WHAT ATTENDEES SHOULD BRING:
Laptop with at least 40 GB free space
4+ GB minimum RAM (2+GB for the VM)
External USB access
Administrative privileges on the system
Arun is a Hardware, IOT and ICS Security Researcher. His areas of interest are Hardware Security, SCADA, Fault Injection, RF protocols and Firmware Reverse Engineering. He also has experience in performing Security Audits for both Government and private clients. He has presented a talk at the nullcon 2016,2017,2018 Goa, GNUnify 2017, Defcamp 2017,2018, BsidesDelhi 2017, c0c0n x 2017, EFY 2018, X33fcon2018, BlackHat USA 2018, Defcon USA 2018 Also Trainer for Practical Industrial Control Systems (ICS) hacking training, delivered in X33fcon2018, HIP 2018 and also delivered training for IoT hacking in HITB 2017, HIP 2017, BlackHat Asia 2018 and private clients in London, Australia, Sweden, Netherlands etc. He is an active member of null – The open Security community and G4H community.
For more information:
Secure code auditing is a highly effective process of identifying vulnerabilities in software. This
process requires a more in-depth analysis of an application in order to find the security flaws.
This comprehensive training will be hands on how to perform secure code auditing,
so you will need to bring your own laptop to perform different types of attacks on web based applications.
Windows/Linux/OsX Installed machine
RAM – 8GB
Free space in your machine – 10GB
Installed VMware Player in your machine
WHO SHOULD ATTEND:
Those who want to perform a manual secure code audit.
Those who have very basic knowledge in OWASP Top 10.
Those who want to build secure applications.
Those having basic development background.
Those who want to learn various source code review methodologies and approaches.
WHAT TO EXPECT:
Exposure to different tools used for performing attacks
J2EE based demo application to perform secure code audit
WHAT NOT TO EXPECT:
Any professional tools
Course Duration: 1 Day
The course covers relevant J2EE based web application issues to subsequently demonstrate how to
design and develop code defenses into an application.
Module 1: Secure Source Code Review(SSCR) Approaches
➢ What is SSCR
➢ Need for SSCR
➢ Different way of doing SSCR
➢ SSCR vs Dynamic application security testing
Module 2: Input Validation
➢ Bypassing client-side validation➢ Variable manipulation attacks
➢ Insecure Direct Object References
➢ File Upload attacks and best practices
➢ Reflected, Stored and DOM based XSS
➢ Proper implementation of OTP & CAPTCHA
➢ Best practices and guidelines to avoid these Attacks
Module 3: Injection
➢ Blind & Second Order SQL injection
➢ CSV based export features using formula injection
Module 4: Error Handling and Logging
➢ Proper implementation of log
➢ Proper error handling
Module 5: Code Quality
➢ Language specific configuration check
➢ Hard coded information
➢ Critical information in comment
➢ Client side hardcoded information
➢ Best practices to cheak unused code
Module 6: Cryptography
➢ Encryption & Decryption
➢ Encoding & Decoding
➢ Salted hash technique
➢ Storage of critical information in backend side
Module 7: XML External Entity (XXE) Attack
Module 8: Cross Site Request Forgery (CSRF)
Manoj Kumar has more than 6 years of experience in the field of Application Security and Secure coding process and a co-founder of h1hakz. He has Developed many Secure Application Projects using different languages and has Code reviewed a wide range ofapplications, from embedded systems to web applications including Retail Banking and E-commerce Application. Also given training on c0con, bslides delaware, WOPR etc....
Handle: @cysmanojsah, @h1hakz
Ranjith Menon who has more than 8 years of experience. He is an active player on Bug bounty programs and specialized in Web application, Mobile, Cloud and a contributor to the Security Community and co-founder of h1hakz, an open platform for knowledge sharing through webcast series. Also, he has found many vulnerabilities for many organizations. Also given training on c0con, bslides delaware, WOPR etc.Apart from hacking, he gets time for fitness from his work schedule.
Handle: @ranjith_menon16, @h1hakz
For more information: