March 2014: Secret Pentesting Techniques

BYPASSING SECURITY DEFENSES – SECRET PENETRATION TESTING TECHNIQUES

Instructor: David Kennedy, President / CEO of TrustedSec, LLC.
When: Monday, March 17, 2014, 8AM – 5PM (lunch included)
Where: Tree of Life / Expedient: 5000 Arlington Center Boulevard, Upper Arlington
Cost: $20 (COISSA members only. Registration opens Saturday, March 1 at noon)

It is continuously becoming harder to circumvent the security controls on externally facing systems and gain full access to the internal network. With the different types of technologies, hardening techniques, and detection, the job of a penetration tester continues to get more advanced. This course is designed to teach advanced techniques in order to bypass security defenses, gain access to an organization, and further penetrate into the network. Learn the techniques, tricks, and secrets from the author of the Social-Engineer Toolkit (SET) and one of the top penetration testers. What you’ll learn in this course:

  • Fundamental penetration testing concepts and an overview on methodologies and techniques.
  • Basics of open-source tools and technologies and understanding attack avenues.
  • Understanding of the Social-Engineer Toolkit (SET) and advanced features.
  • Bypassing security technologies such as whitelisting/blacklisting, anti-virus, and other preventative measures.
  • Develop a solid understanding of penetration testing techniques and tricks of the trade.
  • High-level development concepts of Python and basics to programming.
  • Creating your own exploits and tools in Python and utilizing them in attack vectors.
  • An understanding of post exploitation and utilizing different tools and technologies in order to further penetrate a network.
  • Hands on demonstrations, real world examples, and complete hands on with each of the phases of the course.

REQUIREMENTS

The course is designed for beginner and intermediate levels. Basic concepts of Linux and maneuvering in Kali Linux are required.

WHAT STUDENTS WILL BE GIVEN

Code samples, vulnerable applications, digital copy of Metasploit: The Penetration Testers Guide, anti-virus safe payloads, custom tools, and more.

WHAT STUDENTS NEED TO BRING

The student must have a working machine with Kali Linux as well as a Windows machine with Java loaded. These can be virtualized and one can be the primary. We highly recommend using VMWare – if you are using VirtualBox it will be a very difficult time for you. No anti-virus on the Windows machine (we will need to write bypass payloads first to evade). Ensure connectivity between the two virtual machines and that networking is working properly.

Be aware that you may need to spend some time getting VMWare Tools to work in Kali. If you plan to use a shared folder with the VMs, you’ll need to get this working before you arrive.

Registration

Registration is open to current members of Central Ohio ISSA who did not attend when David taught for us last year, and opens Saturday, March 1 at noon, at the link below:

Event Registration

Posted in Uncategorized | Comments Off

February Meeting: Enterprise Architecture

We will be meeting at Expedient again this month for our regular third-Wednesday discussion

Monthly Meeting – Enterprise Architecture Roundtable
Where: Expedient/Tree of Life, Upper Arlington Google Maps link
When: Wednesday, February 19th, 2014
Time: 8:00am – 11:30am
Member Cost: FREE
Non-Member Cost: $20

Schedule:
08:00 – 08:15 : Registration with light breakfast
08:15 – 11:00 : Enterprise Architects from Cardinal Health, BMW Financial Services, and The Huntington Bank.

This ISSA Technology Roundtable is an opportunity to brainstorm and network, while having a meaningful discussion among local peers. We invite you to come discuss how to make your enterprise architecture practice a success in today’s landscape. We will be engaging with Enterprise Architects from regional companies to discuss the following topics:

  • The changing landscape of Enterprise Architecture
  • Strategies for adapting to change
  • Areas to be flexible, and areas where we should not compromise
  • Skills and competencies that EAs need to have in this “new world.”
  • Analytics to drive EA execution – what data do you need?
  • Partnering with Security
  • Integrating security policies and standards
  • Securing reference architectures
  • What are the questions leadership looks to EA to answer?

Security practitioners will find this session very insightful as they reflect on measurements of success:

  • Business enablers
  • Project engagement: are you always playing catch-up?
  • Communication across departments
  • Reference architectures
  • How are you selling value to the business, IT and enterprise architecture?
  • Promptly delivering requirements that support policy and standards
  • Reporting the facts and moving on: choosing your battles

Event Registration

Posted in Uncategorized | Comments Off