From BruCON 2015
Jump to: navigation, search
(Description)
 
(177 intermediate revisions by 7 users not shown)
Line 1: Line 1:
There will be trainings in the days prior to BruCON , by internationally renowned trainers and at good prices.
+
__NOTOC__
  
==Registration details==
+
<div style="text-align: left;">
  
===Crash course in Penetration Testing===
+
Immerse yourself into the world of pen testing and application security by attending the BruCON 2015 Trainings (5-7 October).
  
 +
Offering world-class, deep-dive technical trainings given by '''the most recognized experts''' with huge industry experience in their domain!
  
====Instructors====
+
The Line-Up:
Joe McCray, and Chris Gates
+
* [[Training 2015 - Practical Malware Analysis - Rapid Introduction|Practical Malware Analysis: Rapid Introduction by Andrew Honig]] (3 day training)
 +
* [[Training 2015 - Tactical Exploitation and Response|Tactical Exploitation and Response by Colin Ames]] (3 day training)
 +
* [[Training 2015 - Hacking web applications – case studies of award-winning bugs in Google, Yahoo, Mozilla and more|Hacking web applications – case studies of award-winning bugs in Google, Yahoo, Mozilla and more by Dawid Czagan]] (2 day training)
 +
* [[Training 2015 - Wireshark WiFi and Lua-Packet Class|Wireshark WiFi and Lua-Packet Class by Didier Stevens *]] (2 day training)
 +
* <strike> Cyber Breach Management by Chris Nutt (3 day training) </strike> - Cancelled
 +
* [[Training 2015 - Offensive IoT Exploitation|Offensive IoT Exploitation by Aditya Gupta and Aseem Jakhar]] (3 day training)
 +
* [[Training 2015 - Assessing and Exploiting Control Systems|Assessing and Exploiting Control Systems by Justin Searle **]] (3 day training)
  
====Description====
+
Best motivation for training: ''"The only thing worse than training your employees and having them leave, is not training them and having them stay!"''
This course will cover some of the newer aspects of penetration testing
 
such as Open Source Intelligence Gathering with Maltego and other Open
 
Source tools.
 
  
Advanced Scanning, Enumeration, Exploitation (remote and client-side),
+
==Registration details==
and Post-Exploitation relying heavily on the features included in the
+
The price for 2 day courses is 1100 Euro early bird (+ VAT) per attendee. <br>
Metasploit Framework will also be covered.
+
As of August 1st 2015 this will become 1200 Euro (+ VAT) per attendee. <br>
 
+
(*) The Wireshark Wireless training price is 175 Euro higher but includes an AirPCap Card.
Emphasis throughout the entire workshop will be placed on being as
 
stealthy as possible, and dealing with popular defensive technologies
 
such as:
 
 
 
- Network Intrusion Detection/Prevention Systems
 
- Host-Based Intrusion Detection/Prevention Systems
 
- Web Application Firewalls
 
- Anti-Virus
 
- Content-Filtering Proxies
 
 
 
Web Application penetration testing will be covered as well with focus
 
on practical exploitation of cross-site scripting (XSS), cross-site
 
request forgery (CSRF), local/remote file includes, and SQL Injection.
 
 
 
'''For more details see [[Training 1| Crash Course in Penetration Testing]]'''
 
 
 
==== Pricing====
 
 
 
 
 
===Web 2.0 Hacking – Attacks and Defense ===
 
====Instructor====
 
Shreeraj Shah
 
====Description====
 
Introduction and adaptation of new technologies like Ajax, Rich Internet Applications and Web Services has changed the dimension of Application Hacking. We are witnessing new ways of hacking web based applications and it needs better understanding of technologies to secure applications. The only constant in this space is change. In this dynamically changing scenario in the era of Web 2.0 it is important to understand new threats that emerge in order to build constructive strategies to protect corporate application assets. Application layers are evolving and lot of client side attack vectors are on the rise like Ajax based XSS, CSRF, Widget injections, RSS exploits, Mashup manipulations and client side logic exploitations. At the same time various new attack vectors are evolving around SOA by attacking SOAP, XML-RPC and REST. It is time to understand these advanced attack vectors and defense strategies.  
 
 
 
The course is designed by the author of "Web Hacking: Attacks and Defense", “Hacking Web Services” and “Web 2.0 Security – Defending Ajax, RIA and SOA” bringing his experience in application security and research as part of curriculum to address new challenges. Application Hacking 2.0 is hands-on class. The class features real life cases, hands one exercises, new scanning tools and defense mechanisms. Participants would be methodically exposed to various different attack vectors and exploits. In the class instructor will explain new tools like wsScanner, scanweb2.0, AppMap, AppCodeScan etc. for better pen-testing and application audits.
 
 
 
For more details see [[Training 2| Web 2.0 Hacking – Attacks and Defense]]
 
  
==== Pricing====
+
The price for 3 day courses is 1400 Euro early bird (+ VAT) per attendee. <br>
===Social Engineering testing for IT Security professionals===
+
As of August 1st 2015 this will become 1500 Euro (+ VAT) per attendee. <br>
====Instructors====
+
(**) The Assessing and Exploiting Control Systems training price is 180 Euro higher but includes a PLC and a hardware/RF testing kit
====Description====
 
 
  
Social engineering is the use of deception or impersonation to gain unauthorised access to sensitive information or facilities. Because computer security is becoming more sophisticated, hackers are combining their technical expertise with social engineering to gain access to sensitive information or valuable resources in your organisation.
+
Registration for Trainings:
  
Social engineering attacks can have disastrous consequences, both financially and reputationally. You can have the best technical security controls in the world, from the most expensive firewall to the most sophisticated biometrics, but they will not protect you from a social engineering attack. In any security programme people are the weakest link. Social engineering tests can be used to evaluate and strengthen this link.
+
[[File:Register.jpg||link=https://registration.brucon.org/training-registration/]]
  
Like any penetration test, social engineering tests can help to identify security weaknesses that could allow your information to be compromised. Such tests can:
+
The training price does not include travel, accommodation or computer material for the training unless otherwise stated in the training description or preparation material provided after registration.  Please read carefully any communication that will be sent to you in regard to the training you've registered for because they will outline what you need to bring to get the most out of each training.
  
      * Give a good indication of and even improve your staff’s level of security awareness
+
==Location and dates==
      * Teach your staff how to identify and deal with social engineering situations
+
The courses will be given on 5, 6 and 7 October in Hotel Novotel Gent Centrum, Goudenleeuwplein 5, B-9000 Gent<br>
      * Provide valuable recommendations on both security awareness and physical security
 
  
For more details see [[Training 3| Social Engineering testing for IT Security professionals]]
+
The courses begin promptly at 09h00 and end at 17h00. Out of consideration for your instructor(s) and fellow students, please try to be seated and ready to go by 08h45.
  
==== Pricing====
+
Lunch is included in the training fee.

Latest revision as of 09:14, 17 September 2015


Immerse yourself into the world of pen testing and application security by attending the BruCON 2015 Trainings (5-7 October).

Offering world-class, deep-dive technical trainings given by the most recognized experts with huge industry experience in their domain!

The Line-Up:

Best motivation for training: "The only thing worse than training your employees and having them leave, is not training them and having them stay!"

Registration details

The price for 2 day courses is 1100 Euro early bird (+ VAT) per attendee.
As of August 1st 2015 this will become 1200 Euro (+ VAT) per attendee.
(*) The Wireshark Wireless training price is 175 Euro higher but includes an AirPCap Card.

The price for 3 day courses is 1400 Euro early bird (+ VAT) per attendee.
As of August 1st 2015 this will become 1500 Euro (+ VAT) per attendee.
(**) The Assessing and Exploiting Control Systems training price is 180 Euro higher but includes a PLC and a hardware/RF testing kit

Registration for Trainings:

Register.jpg

The training price does not include travel, accommodation or computer material for the training unless otherwise stated in the training description or preparation material provided after registration. Please read carefully any communication that will be sent to you in regard to the training you've registered for because they will outline what you need to bring to get the most out of each training.

Location and dates

The courses will be given on 5, 6 and 7 October in Hotel Novotel Gent Centrum, Goudenleeuwplein 5, B-9000 Gent

The courses begin promptly at 09h00 and end at 17h00. Out of consideration for your instructor(s) and fellow students, please try to be seated and ready to go by 08h45.

Lunch is included in the training fee.