BYPASSING SECURITY DEFENSES – SECRET PENETRATION TESTING TECHNIQUES
Instructor: David Kennedy, President / CEO of TrustedSec, LLC.
When: Monday, March 17, 2014, 8AM – 5PM (lunch included)
Where: Tree of Life / Expedient: 5000 Arlington Center Boulevard, Upper Arlington
Cost: $20 (COISSA members only. Registration opens Saturday, March 1 at noon)
It is continuously becoming harder to circumvent the security controls on externally facing systems and gain full access to the internal network. With the different types of technologies, hardening techniques, and detection, the job of a penetration tester continues to get more advanced. This course is designed to teach advanced techniques in order to bypass security defenses, gain access to an organization, and further penetrate into the network. Learn the techniques, tricks, and secrets from the author of the Social-Engineer Toolkit (SET) and one of the top penetration testers. What you’ll learn in this course:
- Fundamental penetration testing concepts and an overview on methodologies and techniques.
- Basics of open-source tools and technologies and understanding attack avenues.
- Understanding of the Social-Engineer Toolkit (SET) and advanced features.
- Bypassing security technologies such as whitelisting/blacklisting, anti-virus, and other preventative measures.
- Develop a solid understanding of penetration testing techniques and tricks of the trade.
- High-level development concepts of Python and basics to programming.
- Creating your own exploits and tools in Python and utilizing them in attack vectors.
- An understanding of post exploitation and utilizing different tools and technologies in order to further penetrate a network.
- Hands on demonstrations, real world examples, and complete hands on with each of the phases of the course.
The course is designed for beginner and intermediate levels. Basic concepts of Linux and maneuvering in Kali Linux are required.
WHAT STUDENTS WILL BE GIVEN
Code samples, vulnerable applications, digital copy of Metasploit: The Penetration Testers Guide, anti-virus safe payloads, custom tools, and more.
WHAT STUDENTS NEED TO BRING
The student must have a working machine with Kali Linux as well as a Windows machine with Java loaded. These can be virtualized and one can be the primary. We highly recommend using VMWare – if you are using VirtualBox it will be a very difficult time for you. No anti-virus on the Windows machine (we will need to write bypass payloads first to evade). Ensure connectivity between the two virtual machines and that networking is working properly.
Be aware that you may need to spend some time getting VMWare Tools to work in Kali. If you plan to use a shared folder with the VMs, you’ll need to get this working before you arrive.
Registration is open to current members of Central Ohio ISSA who did not attend when David taught for us last year, and opens Saturday, March 1 at noon, at the link below: