From BruCON 2015
Revision as of 19:00, 20 September 2010 by Security4all (talk | contribs)

Jump to: navigation, search

There will be training sessions in the days prior to BruCON (22-23 Sept) , by internationally renowned trainers and at good prices. Seats are limited so don't wait to register!

Pre-registrations are only possible till the 17th of September. Register in time if you want to be sure to be able to attend the courses.

Registration details

The price for the 2 day courses is 895 € early bird (+ VAT) per attendee. After 1st of July this will become 995 €.

Location & Date

The courses will be given on 22 & 23 September in Belgacom University (BCU), Carlistraat 2, B-1140 Evere. (Google Maps Link)

The courses start at 9h00 and end at 17h00.

Lunch is included in the training fee.

Overview of the courses


Training #1: Pentesting High Security Environments

Description

This course will focus on penetration testing techniques that can be used when testing highly secured environments such as 3-letter agencies, DoD, financial organizations, federal organizations, and large companies. If you are tired of attacking unpatched Windows 2000 Servers in your hacking courses and want to take a course where you will be attacking new Operating Systems/Applications that are patched, locked down, and protected with an IDS/IPS then this is the course for you.

The first day of the course starts with attacking heavily protected environments from the outside and dealing with Network-Based IDS/IPS. Next is attacking web applications and dealing with Load Balancing, common application security measures in PHP/ASP.NET, and Web Application Firewalls.

The second day covers attacking from the LAN, dealing with NAC solutions, locked down workstations/GPOs, and Host-Based IDS/IPS. The last section of the course covers gaining control of Active Directory.

Instructor

Joe McCray

For more details see Pentesting High Security Environments

Pricing

The price is 895 € early bird (+ VAT) per attendee. After 1st of July this will become 995 €.


Training #2: A crash course in pentesting and securing VOIP networks

Description

As VoIP networks become more and more part of the way organizations communicate, security professionals need to understand their strengths and weaknesses. This knowledge will help them make sound decisions on the security (or lack of) of their VoIP system and network.

Attendees who follow the VoIP security training will gain valuable hands-on experience in testing VoIP equipment and networks. During the training they will make use of existent security tools as well as custom built tools to help them get the job done.

Instructor

Joffrey Czarny and Sandro Gauci

For more details see A crash course in pentesting and securing VOIP networks

Pricing

The price is 895 € early bird (+ VAT) per attendee. After 1st of July this will become 995 €.

Training #3: Social engineering

Description

In 2007, one of the biggest diamond robberies ever found place. The thief used no violence. He used one weapon -- his charm -- to gain confidence. He bought chocolates for the personnel, he was a nice guy, he charmed them, got the original of keys to make copies and got information on where the diamonds were. You can have all the safety and security you want, but if someone uses their charm to mislead people it won't help.

Social engineering attacks can have disastrous consequences, both financially and reputationally. You can have the best technical security controls in the world, from the most expensive firewall to the most sophisticated biometrics, but they will not protect you from a social engineering attack. In any security programme people are the weakest link. Social engineering tests can be used to evaluate and strengthen this link.

Like any penetration test, social engineering tests can help to identify security weaknesses that could allow your IT systems to be compromised. Such tests can:

  • Give a good indication of and even improve your staff’s level of security awareness
  • Teach your staff how to identify and deal with social engineering situations
  • Provide valuable recommendations on both security awareness and physical security

However, it can be difficult to know how to conduct a social engineering test. This two-day training course will teach participants how to conduct an ethical social engineering test, the theory behind social engineering, as well as giving recommendations on how to defend against social engineers. The course will include practical exercises and is open to anyone with an interest in social engineering.

Instructors

Martin Law and Sharon Conheady

For more details see Social Engineering

Pricing

The price is 895 € early bird (+ VAT) per attendee. After 1st of July this will become 995 €.

Training #4: Assessing and Exploiting Web Applications with Samurai-WTF

Description

Come take the official Samurai-WTF training course given by one of the founders and lead developers of the project! You will learn how to use the latest Samurai-WTF open source tools and the be shown the latest techniques to perform web application assessments. After a quick overview of pen testing methodology, the instructor will lead you through the penetration and exploitation of three different web applications, and the browsers connecting to them. Different sets of open source tools will be used on each web application, allow you to learn first hand the pros and cons of each tool. After you have gained experience with the Samurai-WTF tools, you will be challenged with a fourth web application that contains keys you must find and collect. This final challenge will give you time to practice your new skills at your own pace and experiment with your favorite new tools. This experience will help you gain the confidence necessary to perform web application assessments and expose you to the wealth of freely available open source tools.

Instructor

Justin Searle

For more details see Assessing and Exploiting Web Applications with Samurai-WTF

Training #5: Advanced Vulnerability Scanning Techniques Using Nessus

Description

This course teaches advanced scanning techniques by using a real-world scenario to demonstrate how these techniques help to solve problems in an example work environment. In this course you (or you and your team) will take on the role of a brand new security engineer for a financial company. You will be tasked with configuring and auditing a system to be used within your network environment. The system, and associated applications, make up the environment used to manage the business. Currently, the old systems are in place and an upgrade is planned. The current vulnerability scanning process takes over a week to complete and there is duplication of effort and a known false positive rate. Additionally, breaches have occurred on the network and your company is in jeopardy of being fined due to compliance violations. The vulnerability management process is missing vulnerabilities that were exploited by attackers. A sample system has been provided for you, that exactly mirrors what will be used in production, right down to the passwords and configuration.

Instructor

Paul Asadoorian

For more details see Advanced Vulnerability Scanning Techniques Using Nessus