USA 2015: Barkeep, Another Round of Pentests
Three weeks ago we inaugurated this series of intel updates with a glimpse at the beginner-level pentest Trainings you'll find at Black Hat USA 2015. Now that everyone's well rested, let's take a look at the show's more intermediate-level Trainings.
There's no substitute for practice and real-world application, so that's what you'll find in Adaptive Penetration Testing. The majority of the course will focus on lab exercises, where you'll learn to overcome real-world obstacles and provide comprehensive and efficient security assessments. The Training will cover both network- and web-testing tools and frameworks such as Cobalt Strike, Metasploit, Nessus, Nmap, OWASP-ZAP, and SQLMap, as well as many others.
Next, how do you catch a ghost who's exfiltrating piles of data? By learning their tricks, of course. Adaptive Red Team Tactics will help take your adversarial tradecraft to a new level via controlled red-team operations. Learn to compromise a high-security network from start to finish, evading live network defenders, all without throwing a single exploit. Building on Veris Group's Adaptive Penetration Testing class, this immersive course teaches real-world adversarial tactics, techniques, and procedures (TTPs) refined through operational experience. Maybe you'll end up haunting some networks yourself.
As time goes on and new hardening techniques and detection technologies emerge, it grows ever harder to circumvent security controls on externally facing systems and gain full access to internal networks. Put another way, pentesting ain't getting any easier. Bypassing Security Defenses - Secret Penetration Testing Techniques will deliver exactly what's its title promises, thanks to the combined insights of David "ReL1K" Kennedy and Adrian "Irongeek" Crenshaw. By the end you'll have the foundation, methodologies, and knowledge to understand how attackers can penetrate and compromise an organization through the entire lifecycle.
Last but not least -- it's already sold out, actually -- is Offensive Security's clearly popular Penetration Testing with Kali Linux. Starting with the basics of standard security tasks automation and going all the way to discovering, fuzzing, and writing buffer overflows, this course provides not just more "tool usage" instruction, but details the concepts that underlie all pentesting.
Black Hat USA 2015 will occur at the Mandalay Bay resort in Las Vegas. It goes down August 1-6, so there's plenty of time to lock in early-bird discounts.