Workshops

« See all workshops

Hands-On Introduction to Common Hacking Tools

Monday, September 30
9:00am – 4:30pm
Track: Risk Management & Security


Jump To:


As an increasing number of valuable corporate assets are made available over computer networks, having the ability to understand the types of threats facing your organizations as well as possessing the skills required to identify and mitigate flaws on your networks are increasingly important components of an organizations' risk posture.

This full day course will enable IT professionals to better understand the methodologies, tools, and techniques used by attackers against their technical infrastructure, with the primary aim of helping them develop better defense methods and capabilities. Attendees will learn to perform basic technical security vulnerability assessment tasks and gain a strong foundation for future studies in host and network security assessment.

The workshop will use Kali Linux™, a collection of free and open source security tools many attackers and security practitioners use. Students will have access to a network of targets that will allow them to get hands-on experience, enhancing understanding of the process and tools, and how to effectively counter them. Guidance will be provided for continued learning after the course if students wish to go on to master the tools and techniques introduced in this course.

What Students Will Learn:

  • Discussion of current and emerging attacker methods, techniques, concepts, and tools
  • Set up and use Kali Linux, a collection of security tools. (Kali is the successor to Backtrack)
  • Understand the basic steps an attacker uses to penetrate a network
  • Discuss and use tools for network mapping and analysis
  • Configure and use the OpenVAS vulnerability scanner to audit network & host security
  • Setup and use of Metasploit exploit framework to exploit flaws found
  • Understand password cracking, enabling them to craft better authentication capabilities and audit password strength
  • An overview on building client-side exploits and basic anti-virus evasion techniques
  • Understand the common web flaws of SQL injection and Cross Site Scripting (XSS), and demonstrate their impact on various applications and solutions.
  • References will be provided to remediate or implement compensating controls
  • Introduce the art of effectively communicating with the various stakeholders

Prerequisites:

  • Basic network knowledge (Cyber ninjas need not apply.)
  • Desire to stretch your technical knowledge
  • System Requirements for Hands-on Labs
  • You will need to bring your own notebook computer. Each student will be given a virtual machine containing an open-source OS, tools, documentation.
  • Student systems should meet the following minimum requirements
    1. Any OS capable of running VirtualBox (see point 4 below).
    2. At least 2 GB of RAM; (at least) 5 GB of free hard drive space
    3. Modern CPU (last 2-3 years); if you have 2+ GB of RAM you will be fine.
    4. Before the first day of class students must install the latest stable version of VirtualBox.  Also install the latest version of  “Oracle VM VirtualBox Extension Pack”. Both are free and found here: https://www.virtualbox.org/wiki/Downloads  
    5. Your system should be updated with the latest security patches for your own protection if you opt to get on the classroom/conference network.
    6. Wired network ready. 
    7. Optional: Student should have Administrator access to the OS in case they need to install new software during class.  This will not be necessary once VirtualBox is installed. Again, be sure to have VirtualBox installed (step 4 above) before you arrive at class.

KALI LINUX™ is a trademark of Offensive Security.

 

Speakers

David Rhoades

David Rhoades

Senior Consultant, Maven Security Consulting, Inc.

David Rhoades is a senior consultant with Maven Security Consulting Inc. Maven Security Consulting Inc. is a Delaware corporation that provides information security assessments and training services to a global clientele.

David’s expertise includes web application security, network security architectures, and vulnerability assessments. Past customers have included domestic and international companies in various industries, as well as various US government agencies. David has been active in information security consulting since 1996, when he began his career with the computer security and telephony fraud group at Bell Communications Research (Bellcore).

David has taught at various security conferences around the globe, including for USENIX, MIS Training Institute, and ISACA.

David has a Bachelor of Science degree in Computer Engineering from the Pennsylvania State University.

Steven Pinkham

Steven Pinkham

Security Consultant, Maven Security Consulting, Inc.

Steve Pinkham is a security consultant for Maven Security Consulting (www.MavenSecurity.com) and the current leader of the Raleigh OWASP chapter.  Steve has spent time in systems administration, programming, security research and consulting.  

His current focus is on web and mobile security, though he enjoys breaking anything he can get his hands on.  Steve runs the Web Security Dojo project (http://dojo.mavensecurity.com), and has submitted many fixes and improvements to other open source web security tools.  He has spoken at various domestic and international conferences, and holds a Bachelor of Science in Computer Science from Virginia Commonwealth University.


Agenda

Agenda coming soon

How to Register

Attend this workshop with any of the following Interop passes: