Hacking Classes 75% 75% Hands-on Learning in Our Modern Hack Lab. Written by BlackHat Trainers: Available Globally

Transcription

1 75% 75% Hands-on Learning in Our Modern Hack Lab Updated Regularly to Include Trending Techniques Written by BlackHat Trainers: Available Globally Hacking Classes

2 Hacking Classes FOUNDATION TRACK FOUNDATION TRACK = + THE ART OF HACKING... PAGE 4 INFRASTRUCTURE HACKING... PAGE 5 WEB HACKING... PAGE 6 ADVANCED TRACK ADVANCED INFRASTRUCTURE HACKING... PAGE 8 ADVANCED WEB HACKING... PAGE 9 SPECIALIST TRACK APPSEC FOR DEVELOPERS...PAGE 11 ADVANCED MOBILE EXPLOITATION...PAGE 12 SPECIALIST PLUS OFFENSIVE IOT EXPLOITATION...PAGE 15 XTREME EXPLOITATION...PAGE 17 POWERSHELL FOR PEN TESTERS FOUNDATION...PAGE 18 INTERMEDIATE...PAGE 19 ADVANCED...PAGE Global Services Limited, 2016 All Rights Reserved NotSoSecure Global Services Limited (Company Registration , VAT Registration ) Trading As NotSoSecure Head Office: CB1 Business Centre, Twenty Station Road, Cambridge, CB1 2JD, UK Registered Office: Office 75 Springfield Road, Chelmsford, Essex, CM2 6JB, UK [email protected] Tel:

3 FOUNDATION TRACK

4 4 The Art of Hacking 5 DAY CLASS FOUNDATION TRACK The ideal introductory / intermediate training that brings together both Infrastructure Hacking and Web Hacking into a 5-day Art of Hacking class designed to teach the fundamentals of what Pen Testing is all about. This exciting training was written to address the market need around the world for a real hands-on, practical and hack-lab experience that focusses on what is really needed when conducting a Penetration Test. Whilst a variety of tools are used, they are the key tools that should be in any Penetration Tester s kit bag. This, when combined with a sharp focus on methodology will give you what is necessary to start or formalise your testing career. WHO SHOULD TAKE THIS CLASS? System Administrators, Web Developers, SOC analysts, Penetration Testers, network engineers, security enthusiasts and anyone who wants to take their skills to the next level. Combination introduction to both infrastructure and web hacking Practical, hands-on hack-lab puts you in the driving seat Experience the journey of assessing web applications and the platforms they reside on Leave the class knowing the essential tools and techniques to continue your own journey This class teaches the attendees a wealth of hacking techniques to compromise the security of various operating systems, networking devices and web application components. The class starts from the very basic, and builds up to the level where attendees can not only use the tools and techniques to hack various components involved in infrastructure and web hacking, but also walk away with a solid understanding of the concepts on which these tools are based. The class comprises of 3 days of infrastructure hacking and 2 days of web hacking. DAY 1 DAY 2 DAY 3 DAY 4 DAY 5 Infrastructure Basics TCP/IP Basics The Art of Port Scanning Target Enumeration Brute-Forcing Metasploit Basics Password Cracking Hacking Unix, Databases and Applications Hacking Recent Unix Vulnerabilities Hacking Databases Hacking Application Servers Hacking third party applications (WordPress, Joomla, Drupal) Hacking Windows Windows Enumeration Hacking recent Windows Vulnerabilities. Hacking Third party software (Browser, PDF, Java) Post Exploitation: Dumping Secrets Hacking Windows Domains Information Gathering, Profiling and Cross-Site Scripting Understanding HTTP protocol Identifying the Attack Surface Username Enumeration Information Disclosure Issues with SSL/TLS Cross Site Scripting Cross-Site Request Forgery Injection, Flaws, Files and Hacks SQL Injection XXE Attacks OS Code Injection Local/Remote File include Cryptographic weakness Business Logic Flaws Insecure File Uploads

5 5 Infrastructure Hacking 3 DAY CLASS FOUNDATION TRACK This is an entry-level Infrastructure Security and testing class and is a recommended pre-requisite for our Advanced Infrastructure Hacking class. This class familiarises the attendees with the basics of network hacking. A number of tools and techniques will be taught during this 3-day class, If you would like to step into the world of Ethical Hacking / Pen Testing this is the right class for you. WHO SHOULD TAKE THIS CLASS? System Administrators, SOC Analysts, Penetration Testers, Network Engineers, security enthusiasts and anyone who wants to take their skills to the next level. Introduction into Infrastructure Testing Gain practical experience with the tools that will last you well into the future Learn core Infrastructure techniques Leave with the basis to take your testing knowledge forward into more Advanced Infrastructure topics This class familiarises the attendees with a wealth of hacking tools and techniques. The class starts from the very basic and gradually builds up to the level where attendees not only use the tools and techniques to hack various components involved in infrastructure hacking, but also walk away with a solid understanding of the concepts on which these tools work. DAY 1 Infrastructure Basics TCP/IP Basics The Art of Port Scanning Target Enumeration Brute-Forcing Metasploit Basics Password Cracking DAY 2 Hacking Unix, Databases and Applications Hacking Recent Unix Vulnerabilities Hacking Databases Hacking Application Servers Hacking Third Party Applications (WordPress, Joomla, Drupal) DAY3 Hacking Windows Windows Enumeration Hacking Recent Windows Vulnerabilities. Hacking Third Party Software (Browser, PDF, Java) Post Exploitation: Dumping Secrets Hacking Windows Domains

6 6 Web Hacking 2 DAY CLASS FOUNDATION TRACK Introduction into Web Application hacking Practical in focus, teaching how web application security flaws are discovered Covers leading industry standards and approaches Builds the foundation to progress your knowledge and move into more advanced Web Application topics This is an entry-level web Application Security-testing class and is a recommended pre-requisite for our Advanced Web Hacking class. This class familiarises the attendees with the basics of Web and Application hacking. A number of tools and techniques will be taught during the 2 day class. If you would like to step into the world of ethical hacking / pen testing with a focus on web applications, then this is the right class for you. This class familiarises the attendees with a wealth of tools and techniques needed to breach the security of web applications. The class starts from the very basic, and gradually builds up to a level where attendees can not only use the tools and techniques to hack various components involved in Web Application hacking, but also walk away with a solid understanding of the concepts on which these tools are based. The class also covers the industry standards such as OWASP Top 10, PCI DSS and contains numerous real life examples to help the attendees understand the true impact of these vulnerabilities. WHO SHOULD TAKE THIS CLASS? System Administrators, Web Developers, SOC analysts, Penetration Testers, network engineers, security enthusiasts and anyone who wants to take their skills to the next level. DAY 1 Information Gathering, Profiling and Cross-Site Scripting Understanding HTTP Protocol Identifying the Attack Surface Username Enumeration Information Disclosure Issues with SSL/TLS Cross-Site Scripting Cross-Site Request Forgery DAY 2 Injection, Flaws, Files and Hacks SQL Injection XXE Attacks OS Code Injection Local/Remote File Include Cryptographic Weakness Business Logic Flaws Insecure File Uploads

7 ADVANCED TRACK

8 8 Advanced Infrastructure Hacking 5 DAY CLASS ADVANCED TRACK Launched at BlackHat USA Latest exploits, highly relevant, continuously developed. 5-day practical class, teaching a wide variety of offensive hacking techniques. Written by real Pen Testers with a world conference reputation (BlackHat, AppSec, OWASP, Defcon et al). An Advanced Infrastructure Hacking class, released at BlackHat, designed for those who wish to push their knowledge The fast-paced class teaches the audience a wealth of hacking techniques to compromise various operating systems and networking devices. The class will cover advanced penetration techniques to achieve exploitation and will familiarise you with a wealth of hacking techniques for common operating systems, networking devices and much more. From hacking Domain Controllers with MS to GHOST local root, VLAN Hopping to VoIP Hacking, you have got everything covered. WHO SHOULD TAKE THIS CLASS? The class is ideal for those preparing for CREST CCT (ICE), CHECK (CTL), TIGER SST and other similar industry certifications, as well as those who perform Penetration Testing on infrastructure as a day job and wish to add to their existing skillset. Whether you are Penetration Testing, Red Teaming, or hoping to gain a better understanding of managing vulnerabilities in your environment, understanding advanced hacking techniques for infrastructure devices and systems is critical. The Advanced Infrastructure class will get the attendees familiarised with a wealth of hacking techniques for common Operating Systems and networking devices. While prior Pen Testing experience is not a strict requirement, a prior use of common hacking tools such as Metasploit is recommended for this class. DAY 1 Hacking Networks, Databases TCP/IP & Network Enumeration Port Scanning TCP/UDP Scanning Windows/Linux Enumeration The Art of Brute-Forcing Insecure SNMP Configuration Database Exploitation (Oracle, Postgres, Mysql) Hacking Application servers (Websphere) Exploiting SSL Vulnerabilities such as Heartbleed Exploiting Remote Systems via Shellshock Exploiting Java and PHP Serialization Bugs DAY 2 Advanced Windows Hacking Windows Vulnerabilities Mastering Metasploit Latest Remote Exploits Pivoting within Internal Network Local Privilege Escalation Custom Payloads Post-Exploitation DAY 3 Hacking Windows Domains Compromising Windows Domain Pass the hash Pass the ticket Breaking Kerberos Third party exploits (browser, java, pdf) DAY 4 Advanced Linux Hacking Linux Vulnerabilities Finger Rservices NFS Hacks SSH Hacks X11 Vulnerabilities Local Privilege Escalation Kernel Exploits Weak File Permissions SUID/SGID Scripts Inetd Services DAY 5 Hacking VLANs, VoIP, Switches & Routers VLAN Hopping Hacking VoIP Exploiting Insecure VPN Configuration Switch/Router vulnerabilities

9 9 Advanced Web Hacking 3 DAY CLASS ADVANCED TRACK This class familiarises the attendees with a wealth of advanced web hacking techniques. Besides covering advanced techniques in common web application flaws (such as those covered under OWASP Top 10), the class also covers some neat, new and ridiculous hacks. From mind bending XSS, to 2nd order SQL Injection; Breaking crypto to finding flaws in SAML/SSO and APIs we have got it all covered. The class has recently been updated to contain all current topics and modern technology. The class is ideal for candidates preparing for CREST ACE cerification. WHO SHOULD TAKE THIS CLASS? System Administrators, SOC analysts, Penetration testers, network engineers, security enthusiasts and anyone who wants to take their skills to next level. Advanced Web Hacking in a practical Hack Lab environment Gain in-depth expertise with the tools and techniques that will last you well into the future Learn core web hacking techniques This class familiarises the attendees with a wealth of advanced web hacking techniques. Besides covering advanced techniques in common web application flaws (such as those covered under OWASP Top 10), the class also covers some neat, new and ridiculous hacks. From mind bending XSS, to 2nd order SQL Injection; Breaking crypto to finding flaws in SAML/ SSO we have got it all covered. The class has recently been updated to contain all current topics and modern technology. The lab for the class is designed based on real life applications in which similar vulnerabilities have been found in past. For every vulnerability, in-depth solutions and mitigation strategies are also discussed. DAY 1 Hacking and Securing web and application servers Attacking Authentication Advanced Username Enumeration/ Brute Force Issues Exploiting SSO Session Management Issues Business Logic Bypass Authorization Issues DAY 2 Parameter Manipulation Attacks Cookie Analysis SSL Misconfiguration and Man in the Middle Attacks XSS: The Concept Same Origin Policy Identifying XSS Exploiting XSS Pitfalls in Defending XSS DAY3 Identifying Cross Site Request Forgery (CSRF) Exploiting CSRF Fixing CSRF Carriage Return & Line Feed (CRLF) injection Hacking APIs SQL Injection LDAP, XPATH, XXE Injections Insecure HTTP Methods Malicious File Uploads

10 SPECIALIST TRACK

11 11 AppSec for Developers 2 DAY CLASS SPECIALIST TRACK Pen Testing as an activity tends to capture security vulnerabilities at the end of the SDLC and is often too late to be able to influence fundamental changes in the way code is written. We wrote this class because of the need for developers to develop code and applications in a secure manner. It does not need to be more time consuming, but it is critical to introduce security as a quality component into the development cycle. The class does not target any particular web development platform, but does target the general insecure coding flaws developers make while developing applications. The examples used in the class include web development technologies such as ASP,.NET, JAVA and PHP. WHO SHOULD TAKE THIS CLASS? This training is Ideal for: Software/Web developers, PL/ SQL developers, Penetration Testers, Security Auditors, Administrators and DBAs and Security Managers. Covers latest industry standards such as OWASP Top 10 Insight into latest security vulnerabilities (such as mass assignment bug in MVC Frameworks) Thorough guidance on security best practices (like HTTP header such as CSP, HSTS header etc.) References to real world analogy for each vulnerability Hands-on labs A highly-practical class that targets web developers, pen testers, and anyone else who would like to learn about writing secure code, or to audit code against security flaws. The class covers a variety of best security practices and defense in-depth approaches, which developers should be aware of while developing applications. Students will be provided access to infrastructure on which they will identify vulnerable code and associated remediation. While the class covers industry standards such as OWASP Top 10 and SANS top 25 security issues, it also talks about real world issues that don t find a mention in these lists. The class does not focus on any particular web development language / technology but instead on the core principles. Examples include PHP,.NET, classic ASP and Java.10 and SANS top 25 security issues. DAY 1 DAY 2 Authorisation Session Management Logical Flaws Web Server Misconfiguration Application Server Misconfiguration HTTP Methods SSL and MITM attacks Cross Site Issues Cross Site Scripting Cross Site Request Forgery Session Fixation CRLF Injection Flash and Cross Domain Issues Server Side Issues SQL Injection File Uploads Server Side Includes File Inclusion Direct Object Reference OS Code Execution Best Security practice HSTS Content Security Policy Defence in Depth

12 12 Advanced Mobile Exploitation 3 DAY CLASS SPECIALIST TRACK A 3-day Advanced Mobile Exploitation class, focusing on Android and ios exploitation. If you want to try exploitation on new hardware and find security vulnerabilities, and 0-days in IoT devices, then Offensive IoT Exploitation is the class for you. At the end of the class, there will be a final CTF challenge where the attendees will have to identify security vulnerabilities and exploit them, in a completely unknown device. WHO SHOULD TAKE THIS CLASS? The only requirement for this class is that you bring your own laptop and have admin/root access. During the class, we will give you VPN access to our state-of-the-art hacklab which is hosted in our datacentre in the UK. Once you are connected to the lab, you will find all the relevant tools/vms there. We also provide a dedicated Kali VM to each attendee on the hacklab, so you don t need to bring any VMs with you. all you need is to install the VPN client and you are good to go! Also, note that we will use an Ethernet/Wired network for this class. If your laptop does not support this, please carry the correct adaptor to ensure you are able to connect to the wired network. All about Android and ios exploitation Practical in focus, giving you the tools to understand platform security for the most common mobile OS types Packed with tools, techniques, approaches and key security principles Very in-depth, focused approach relevant to any professional engaged with this most complex and rapidly growing field of security Advanced Android and ios Exploitation: This fast-paced training will familiarise you with the various Android and ios exploitation techniques, as well as bypassing most of the existing security models in both of the platforms. We will cover topics such as writing your own malware, auditing complicated and protected applications, automated static and dynamic analysis, Dex Exploitation, ARM, OWASP Mobile, Top 10 and a lot more. Platform Exploitation on which most of the smartphone run these days. In ARM, we will cover exploitation techniques such as Stack Based Buffer Overflows, Gadget Chaining, ROP and Bypassing protections. Finally, for ios, we will be looking into the application security auditing, creating a pen test environment, presenting a sandboxing model, code signing, inspecting binaries, use-after-free and much more. We will also be looking into Android rooting and ios jail breaking exploits, and recreate the scenario from scratch. Students will also be provided with custom exploitation labs, which will be preconfigured and loaded with all the tools and scripts which will be covered during the training.

13 DAY 1 DAY 2 DAY 3 Android Basics Introduction to Android Android Architecture Digging into Android kernel Android Security Model Android Security Architecture Android Permission model Application Sandboxing Bypassing Android Permissions Android Application Components Android Debug Bridge Creating a Simple Android Application Setting up the Environment Setting up Android Emulator Setting up a Mobile Pentest Environment Dex Labs Introduction to Dalvik File Format In-depth to Smali Manipulating smali files and cracking Applications Cracking Application Licenses Dex file manipulation Obfuscating applications with dex obfuscator App Kung-fu Application Analysis Reverse Engineering Traffic Interception (Active and Passive) of Android Applications OWASP Top 10 for Android Sniffing Application and phone s network data Unsecure file storage Having fun with databases Exploiting Logic and Code flaws in applications Exploiting Content Providers SQL Injection in Android Application Local File Inclusion/Directory Traversal Drive by Exploitation Tapjacking HTML 5 Attacks Phishing Attacks on Android Exploitation with Drozer Drozer 101 Exploiting Content Provider vulnerabilities with Drozer Drozer Scripting Exploiting permission protected apps with Drozer Android Forensics & Malware Analysis Extracting text messages, voice mails, call logs, contacts and messages Recovering information stored in SD Card Reversing and Analysing Android malwares using Apktool, dex2jar and JD-GUI Introduction to IDA Pro Analysing malwares and exploits using IDA Introduction to ARM Exploitation Introduction to ARM Instruction set and Registers Debugging with GDB Stack Overflows on ARM Format String vulnerabilities Ret2ZP Attack and ROP Shellcoding on ARM Exploit Mitigations and Bypasses ARM Based rootkits Further Exploitation Creating custom Bootloaders Android Root Exploits Recreating the exploit Fuzzing Android components Webkit Exploitation Use After Free vulnerability and exploitation Writing a reliable exploit for Android More ROP Exploitation Finding ROP gadgets and building ROP Chains Using GDB for Android debugging Information Leaks in Android Being Secure Android in the Enterprise Writing Secure Code Pen test before you publish Writing Python Scripts for automating android pen tests Source Code Auditing for Applications ios Background Understanding ios Architecture ios Security Features ios Application Overview ios Security Model Code Signing Sandboxing Exploit Mitigation Encryption Setting up the Environment Setting up XCode Setting up iphone/simulator ios Hello-World ios Application components Introduction to Objective C Writing a simple Hello World application in your own idevice/simulator ios App Analysis Reverse Engineering ios Apps Decrypting Appstore Binaries Locating PIE (Position Independent Executable) Inspecting Binary Manipulating Runtime Auditing Insecure API Evaluating the Transport Security Abusing Protocol Handlers Insecure Data Storage Attacking ios keychain App Assessments Setting up pen testing environment for assessment Passive app assessment Active app assessment Application analysis App Kungfu Exploiting XSS in Apps (UIWebViews) Attacking XML processor SQL Injection Filesystem Interaction Geolocation Logging Background-ing Memory Corruption Issues Format strings Object use-after free ROP for ios Exploit Mitigations in ios ios Forensics Analysis of Backed up data in itunes Extracting SMS, Call Logs, etc., from an ios backup Imaging the whole device Being Secure ios App compliance checklist Writing Secure Codes Pen test your App before you publish

14 SPECIALIST PLUS

15 15 Offensive IoT Exploitation 2 DAY CLASS / 5 DAY BOOTCAMP SPECIALIST PLUS A series of 2-day practical classes or a 5-day boot camp, exploring the Internet of Things (IoT), playing with firmware, finding exploits in common devices and finding zero days. If you want to learn hands-on exploitation techniques on new hardware platforms and find security vulnerabilities in IoT devices, then offensive IoT Exploitation is the class for you. At the end of the class, there will be a final CTF challenge where the students will be asked to test their new knowledge, identify security vulnerabilities and exploit them in a completely unknown device. Offensive IoT Exploitation IoT or the Internet of Things is an upcoming trend in technology. Many new devices are coming up every single month, however very little attention has been paid to the device s security until now. Offensive IoT Exploitation is a brand new and unique class that offers pen testers and security researchers the ability to assess and exploit the security of these smart devices. The class will cover a variety of IoT devices, assessing their attack surfaces and writing exploits. The 2-day hands-on class series provides students with the ability to try things for themselves rather than just watching the slides. We will start from the very beginning discussing the architecture of IoT devices, and slowly moving to firmware analysis, identifying attack surfaces, finding vulnerabilities and finally, exploiting these vulnerabilities. A Challenging Series of Fast-Paced IoT Classes Taught By World-Leading IoT Experts who are BlackHat Lecturers Practical & Hands-On on Real Devices In-Depth Firmware, Chip & Device Focused Learn to Write Device-Level Exploits Uniquely tailored Ubuntu IoT exploit platform to take away Offensive IoT Exploitation comprises a brand new series of classes that offers pen testers and security researchers the ability to assess and exploit the security of these smart devices. The classes cover a variety of IoT devices, assessing their attack surfaces and writing exploits. The 2-day hands-on class series (beginner, intermediate and advanced) provide students with the knowledge to try things for themselves (rather than just watching the slides). We start from the very beginning discussing the architecture of IoT devices, and slowly move to firmware analysis, identifying attack surfaces, finding vulnerabilities and finally, exploiting these vulnerabilities. Uniquely, all classes end with a hour hardware CTF (Capture the Flag) event (foundation class CTF is a software challenge).

16 Foundation Intermediate Advanced This class is designed for anyone who wants to get started with the basics of Internet of Things Exploitation. This is the first level of our 3-part Offensive IoT Exploitation class series. During the class, attendees will be introduced to the tools and techniques that can be used to get started with IoT pen testing. This is a beginner friendly class and students don t need to have previous experience in IoT or penetration testing. During the 2-days, we will begin with the fundamentals and gradually move towards understanding firmware analysis, mobile app exploitation for IoT, hardware exploitation, wireless analysis and software defined radio. Getting Started With IoT Security Introduction to IoT Security Architecture Getting Familiar with IoT Security and Components Case Studies of IoT Vulnerabilities Attack Vectors for Smart Devices Conventional Attack Techniques IoT Device Attack Surface Mapping Information Gathering and Reconnaissance Mobile Based Exploitation Android Exploitation : Web / Network Services Insecure Encryption Components Password Cracking / Other Attacks Hardware Analysis and Exploitation Hardware Hacking 101 Analyzing Boards and Components Identifying Serial Interfaces / Pinouts UART Introduction and Interaction Serial to Root Radio Hacking Getting started with SDR Radio Interfaces and Architecture Commonly used IoT Communication Techniques Pen Test Lab for Radio Hacking Getting Familiar with GNURadio Capturing and Streaming Radio Recording and Replaying Radio Traffic This class is designed for individuals who already have a basic understanding of IoT and are familiar with penetration testing on various platforms. Offensive IoT Exploitation - Intermediate level will get you started with pen testing IoT devices in real world scenarios. During the class, you will work with various IoT devices - analysing, debugging and exploiting firmware, attacking radio communication protocols and performing hardware exploitation. This class will be valuable for security professionals entering the IoT space, and IoT developers looking to secure their products beter. Firmware Analysis Understanding Device File Systems Firmware Extraction Techniques Analyzing and Backdooring Firmware Emulating Firmwares and Binaries Remote Live Debugging Firmware Binaries Identifying Vulnerabilities in Firmware Software Exploitation Reversing Mobile Applications MIPS Assembly Basics Registers and Flags Disassembling and Debugging Binaries Common Exploitation Techniques Exploitation on MIPS Hardware Analysis and Exploitation Introduction to SPI Flash Dumping Firmware from a Real Device JTAG Introduction and Techniques Hardware Protection Side Channel Attacks Radio Hacking Introduction to Zigbee and ZWave Based Attacks Sniffing Bluetooth Low Energy (BLE) BLE Attack Vectors Other Communication Modes & Vulnerabilities The Advanced edition of Offensive IoT Exploitation is meant for individuals who already have experience with pen testing IoT devices, and want to take their skillsets to the next level. This class will help students use advanced techniques for various aspects such as Radio reversing, exploiting hardware serial interfaces and software RE. This will be a fast paced 2-day class covering topics ranging from JTAG to going in-depth with reversing Zigbee. The class is meant for security professionals, pen testers, reverse engineers and IoT professionals who want to break complex IoT devices or secure their products. Firmware Based Exploitation Advanced Firmware Analysis and Reversing Getting Around with Encrypted Firmware Firmware Dumping - via UART and JTAG Debug Firmware Exploitation - ROP, Command Injection Building Cross-toolchains Smart Device Hacking JTAG Enabling JTAG Exploitation Side Channel and Timing Based Attacks (Theory) Pulling Chips from the Device Automating Exploitation with Custom Hardware Devices USB Based Attack Vectors Fuzzing IoT Devices Industrial Grade IoT Ecosystem Hacking IoT With SDR Mapping out IoT Devices Based on Radio Signals Reversing Radio Communication Protocols for an IoT Device Injecting Wireless Packets Versions and Security Issues Zigbee Exploitation Automotive Exploitation 5 Day Bootcamp Designed as an end-to-end class, our 5-day IoT Boot Camp immerses our students in a week of intense knowledge acquisition, integrating and compressing the beginner, intermediate and advanced classes into one overall IoT learning experience. Designed for those who wish to drive their knowledge rapidly in the fascinating and very real world of IoT.

17 17 Xtreme Exploitation 2 DAY CLASS SPECIALIST PLUS What to expect Two days of debugging & disassembling Only place where pointers are not the ideal ones Calc.exe popping up everywhere! What not to expect Anything not related to Exploit Development Theory and Slides! Upon completion of this class, participants will be able to: Understand how exploits works and different types of software exploitation techniques Understand the exploit development process Search for vulnerabilities in closed-source applications Write their own exploits for vulnerable applications WHO SHOULD TAKE THIS CLASS? The class is focused on a comprehensive coverage of software exploitation. It will present different domains of code exploitation and how they can be used together to test the security of an application. The participants will learn about different types and techniques of exploitation, using debuggers to create their own exploits, understand protection mechanism of the Operating Systems and how to bypass them. The class is heavily focused on being hands-on. Reference material documents will be provided for concepts for further reading. This class is all hands on, from the word Go! Only code and exploitation techniques are what you will take home. Information Security Professionals Anyone with an interest in understanding exploit development Ethical Hackers and Penetration Testers looking to upgrade their skill-set to the next level DAY 1 Basic, yet effectively fuzzing Microsoft Excel 2007 (XLS) Identifying the vulnerability Controlling registers and program flow Popping up calc! DAY 2 Understanding Heap Spraying Exploiting a Use-After-Free in Internet Explorer 6 Exploiting a Heap Overflow in Adobe Reader 8 Exploiting Adobe Reader on Windows 7 using ROP chains Understanding ASLR bypasses

18 18 Powershell for Penetration Testers FOUNDATION / INTERMEDIATE / ADVANCED SPECIALIST PLUS PowerShell has changed the way Windows networks are attacked. It is Microsoft s shell and scripting language available by default in all modern Windows computers. It could interact with.net, WMI, COM, Windows API, Registry and other computers on a Windows Domain. This makes it imperative for Penetration Testers and Red Teamers to learn PowerShell. This training is aimed towards attacking Windows network using PowerShell and is based on real world penetration tests and Red Team engagements for highly secured environments. Attendees will get free one month access to a complete Active Directory environment after the training. In-memory shellcode execution using client side attacks. Exploiting SQL Servers (Command Execution, trust abuse, lateral movement.) Using Metasploit payloads with no detection Active Directory trust mapping, abuse and Kerberos attacks. Windows / Web passwords, Wireless keys, LSA Secrets / other system secrets Shell access and exfiltration: DNS, HTTPS, Gmail etc. Network relays, port forwarding and pivots to other machines. Reboot and Event persistence Bypass security controls like Firewalls, HIPS and Anti-Virus. Penetration Tests and Red Team operations for secured environments need altered approaches. You cannot afford to touch a disk, throw executables and use memory corruption exploits without the risk of being ineffective as a simulated adversary. PowerShell is the tool of choice to enhance offensive tactics and methodologies. Day 1 PowerShell Essentials and Getting a foothold Introduction to PowerShell Language Essentials Using ISE Help system Syntax of cmdlets and other commands Variables, Operators, Types, Output Formatting Conditional and Loop Statements Functions Modules PowerShell Remoting and Jobs Writing simple PowerShell scripts Extending PowerShell with.net WMI with PowerShell Playing with the Windows Registry COM Objects with PowerShell Recon, Information Gathering and the likes Vulnerability Scanning and Analysis Exploitation Getting a foothold Exploiting MSSQL Servers Client Side Attacks with PowerShell PowerShell with Human Interface Devices Using Metasploit and PowerShell together Day 2 Post Exploitation and Lateral Movement Post-Exploitation What PowerShell is actually made for Enumeration and Information Gathering Privilege Escalation Dumping System and Domain Secrets Kerberos attacks (Golden, Silver Tickets and more) Backdoors and Command and Control Pivoting to other machines Poshing the hashestm Replaying credentials Network Relays and Port Forwarding Achieving Persistence Detecting and stopping PowerShell attacks Quick System Audits with PowerShell Security controls available with PowerShell

19 19 Powershell for Penetration Testers FOUNDATION / INTERMEDIATE / ADVANCED SPECIALIST PLUS PowerShell has changed the way Windows networks are attacked. It is Microsoft s shell and scripting language available by default in all modern Windows computers. It could interact with.net, WMI, COM, Windows API, Registry and other computers on a Windows Domain. This makes it imperative for Penetration Testers and Red Teamers to learn PowerShell. This training is aimed towards attacking Windows network using PowerShell and is based on real world penetration tests and Red Team engagements for highly secured environments. Attendees will get free one month access to a complete Active Directory environment after the training. In-memory shellcode execution using client side attacks. Exploiting SQL Servers (Command Execution, trust abuse, lateral movement.) Using Metasploit payloads with no detection Active Directory trust mapping, abuse and Kerberos attacks. Windows / Web passwords, Wireless keys, LSA Secrets / other system secrets Shell access and exfiltration: DNS, HTTPS, Gmail etc. Network relays, port forwarding and pivots to other machines. Reboot and Event persistence Bypass security controls like Firewalls, HIPS and Anti-Virus. Penetration Tests and Red Team operations for secured environments need altered approaches. You cannot afford to touch a disk, throw executables and use memory corruption exploits without the risk of being ineffective as a simulated adversary. PowerShell is the tool of choice to enhance offensive tactics and methodologies. Day 1 PowerShell Essentials Introduction to PowerShell Language Essentials Using ISE Help system Syntax of cmdlets and other commands Variables, Operators, Types, Output Formatting Conditional and Loop Statements Functions Modules PowerShell Remoting and Jobs Writing simple PowerShell scripts Extending PowerShell with.net Accessing Windows API WMI with PowerShell Playing with the Windows Registry COM Objects with PowerShell Day 2 Getting a foothold Recon, Information Gathering and the likes Vulnerability Scanning and Analysis Exploitation Getting a foothold Exploiting MSSQL Servers Client Side Attacks with PowerShell PowerShell with Human Interface Devices Writing shells in PowerShell Using Metasploit and PowerShell together Porting Exploits to PowerShell Day 3 Post Exploitation and Lateral Movement Post-Exploitation What PowerShell is actually made for Enumeration and Information Gathering Privilege Escalation Dumping System and Domain Secrets Kerberos attacks (Golden, Silver Tickets and more) Backdoors and Command and Control Abusing SQL Server Trusts Pivoting to other machines Poshing the hashestm Replaying credentials Network Relays and Port Forwarding Day 4 Persistence, Defenses and Bypass Achieving Persistence Clearing Tracks Bypass Basic Defenses Detecting and stopping PowerShell attacks Bypass Advanced Defenses Quick System Audits with PowerShell Security controls available with PowerShell

20 20 Powershell for Penetration Testers FOUNDATION / INTERMEDIATE / ADVANCED SPECIALIST PLUS PowerShell has changed the way Windows networks are attacked. It is Microsoft s shell and scripting language available by default in all modern Windows computers. It could interact with.net, WMI, COM, Windows API, Registry and other computers on a Windows Domain. This makes it imperative for Penetration Testers and Red Teamers to learn PowerShell. This training is aimed towards attacking Windows network using PowerShell and is based on real world penetration tests and Red Team engagements for highly secured environments. Attendees will get free one month access to a complete Active Directory environment after the training. In-memory shellcode execution using client side attacks. Exploiting SQL Servers (Command Execution, trust abuse, lateral movement.) Using Metasploit payloads with no detection Active Directory trust mapping, abuse and Kerberos attacks. Windows / Web passwords, Wireless keys, LSA Secrets / other system secrets Shell access and exfiltration: DNS, HTTPS, Gmail etc. Network relays, port forwarding and pivots to other machines. Reboot and Event persistence Bypass security controls like Firewalls, HIPS and Anti-Virus. Penetration Tests and Red Team operations for secured environments need altered approaches. You cannot afford to touch a disk, throw executables and use memory corruption exploits without the risk of being ineffective as a simulated adversary. PowerShell is the tool of choice to enhance offensive tactics and methodologies. Day1 PowerShell Essentials Introduction to PowerShell Language Essentials Using ISE Help system Syntax of cmdlets and other commands Variables, Operators, Types, Output Formatting Conditional and Loop Statements Functions Modules PowerShell Remoting and Jobs Writing simple PowerShell scripts Extending PowerShell with.net Accessing Windows API WMI with PowerShell Playing with the Windows Registry COM Objects with PowerShell Day 2 Getting a foothold Recon, Information Gathering and the likes Vulnerability Scanning and Analysis Exploitation Getting a foothold Exploiting MSSQL Servers Client Side Attacks with PowerShell PowerShell with Human Interface Devices Writing shells in PowerShell Using Metasploit and PowerShell together Porting Exploits to PowerShell Day 3 Post Exploitation and Lateral Movement Post-Exploitation What PowerShell is actually made for Enumeration and Information Gathering Privilege Escalation Dumping System and Domain Secrets Kerberos attacks (Golden, Silver Tickets and more) Day 4 Post Exploitation and Persistence Post-Exploitation What PowerShell is actually made for Backdoors and Command and Control Abusing SQL Server Trusts Pivoting to other machines Poshing the hashestm Replaying credentials Network Relays and Port Forwarding Persistence Achieving Persistence Clearing Tracks Day 5 Defenses and Bypass Bypass Basic Defenses Detecting and stopping PowerShell attacks Bypass Advanced Defenses Quick System Audits with PowerShell Security controls available with PowerShell

21 @NotSoSecure Global Services Limited, 2016 NotSoSecure Global Services Limited (Company Registration , VAT Registration ) Trading As NotSoSecure Head Office: CB1 Business Centre, Twenty Station Road, Cambridge, CB1 2JD, UK Registered Office: Office 75 Springfield Road, Chelmsford, Essex, CM2 6JB, UK Tel: