Black Hat USA 2014 brings together the best minds in security to define tomorrow's information security landscape. For the twelfth year running, SensePost will be at Blackhat Briefings offering our courses to those wanting to further their skills in offensive security.
SensePost has Reloaded all our existing courses with fresh content and challenging new practical exercises. Included in our Reloaded course arsenal are a few new faces, including our brand new Special Operations course for red teams.
‘The closer you are to a target, the easier it is to hack’ – Learn how to take over a company first from the inside and then from outside.
Our refreshed Hacking by Numbers Reloaded course looks at the ways you, the student, can exploit and control common architecture and network deployments often seen in the enterprise, such as Microsoft Active Directory infrastructures.
This course looks at the methods and approaches one would take when performing internal and external network penetration tests. In our fully functional lab, your aim will be to think like an attacker and map out your target, find weaknesses and fully exploit trust relationships in place. Using scenarios along with presentations, this course is a healthy mix of thinking, strategies and the methodologies you might need for every step along the way.
If you are looking for practical, hands on approach to learning how to pwn a network, then this is where you will find it.
As mobile phone usage continues to grow at an outstanding rate, this course shows you how you’d go about testing the mobile platforms, and installed applications to ensure they have been developed in a secure manner.
This course will give you insight and practical window into the methods used when attacking mobile platforms. This course is ideal for penetration testers who are new to the mobile area and need to understand how to analyze and audit applications on various mobile platforms using a variety of tools and platforms. Our mobile course uses a mixture of lectures, hands-on-labs, demonstrations and group exercises.
The course runs over two days and is a mixture of talks and hands on mobile application hacking. You’ll tear apart top 10 mobile applications and look for flaws and also exploit them like attackers are currently doing.
With the Web celebrating its 25th birthday on the 12th March, web applications have ruled the Internet ever since. There’s a web app for most parts of our Internet lives and to a degree, our daily lives. With this large surface area, there’s no doubt that they are often the entry point for most breaches. If you look at some of the biggest hacks in the last 18 months, they all come from a flaw in a web application.
This course sets the scene for you start at the beginning with the basics and go all the all the way to learn how to exploit the more advanced techniques. The course focuses on the fundamentals rather than specific tools and introduces you to our hacking methodology refined over thousands of assessment conducted over the last 14 years..
This two day course has enough theory to ensure you understand what you are trying to achieve, but with a heavy focus on practical exercises. Students should expect lots of hands on hacking with some of the finest hackers in the industry!.
This course is all about attacking Wi-Fi: from home access points, to corporate access points, to client devices (laptops, mobile phones, etc.). It'll start with the basics, then work through standard techniques that our analysts use in their Wi-Fi engagements, and work up to bleeding edge research that SensePost has been conducting. On the later point, the course will include exclusive training around SensePost's distributed tracking and profiling framework known as Snoopy (http://research.sensepost.com/tools/footprinting/snoopy).
This two day course has enough theory to ensure you understand what you're doing, but with a heavy focus on practical exercises. Expect a lot of hands on hacking with some of the finest hackers in the industry!
BlackOps is the penetration-testing course. This is not your average point and click pwnage course, but a course designed and developed based upon real-world field experience using real world tools and techniques.
The students will be instructed on how to generate an appropriate payload, gain remote access (bypassing inbound/outbound protection mechanisms), and persist on the target box or network. This course touches upon the latest tools and techniques aiding data harvesting, exfiltration, pivoting, privilege escalation, HIPS evasion, persistence, client-side attacks, and OSINT.
This year we’ve added additional modules that look at how you’d tackle large infrastructure penetration tests (seeing the wood through the trees), a monster section on stalking people using OSINT approaches, and a section on real-world malware techniques/types, AV bypassing, data harvesting and extrusion techniques used in the wild.
Finally our last module is a no-holds barred module where you need to stalk, social engineer, exploit and exfiltrate data from a suspected bad guy using the techniques learned throughout the course.
HBN Special Operations Edition is a brand new course for individuals or small units wanting to rapidly acquire a basic, usable capability in Open Source Intelligence Gathering, Social Engineering Attacks and Computer Network Attack & Exploitation. This is not a course for CIOs, auditors or pentesters. This is a course for red team members who want to introduce Direct Digital Action as part of a broader Red Team skill set.
The course is oriented around a very specific tool kit - Maltego Teeth. Built by Paterva to be the ultimate attack platform for use by teams of operators, Teeth combines human intelligence, pattern recognition and powerful automated attack tools with graphical information sharing software
The tool is free to use and pre-installed on Kali Linux, making it an ideal platform for red teams operating in the field. Maltego's built in secure collaboration and communications functions allow operators to collaborate and share intelligence both vertically and horizontally in real time
This course is considered the ultimate hacker combat training course. From the first hour, to the final few minutes, students are placed in different attacker scenarios as they race the clock to "capture the flag."
In a true SensePost style, the solutions lie much more in technique and an out-of-box thought process than in the use of scripts or tools. Each exercise is designed to teach a specific lesson and is discussed in detail upon completion with the group.
With new challenges being added all the time, this course is ideal for penetration testers who want to test their skills and/or gain exposure to new and interesting attack techniques.