2017 Training

We are pleased to announce 2 and 4 day trainings at NolaCon!

Note: the Conference runs immediately post training: May 19-21. And, all trainings include full conference admission to NolaCon.

2-day trainings (May 17-18, 2017)

2- day training (May 15-16, 2017)

4-day training (May 15-18, 2017)

2-day trainings (May 17-18, 2017):

Intro to Penetration Testing (May 17th & 18th)

This immersive two-day course will cover the fundamentals of penetration testing in modern network environments. The course is very hands on, with multiple labs reinforcing each section, and culminates with a capture the flag exercise to validate what the students have learned.

Sections covered will include:
• Methodology of penetration testing and red teaming
• Getting to know your attack platform
• Client-side exploitation
• Scanning & enumeration
• Remote exploitation
• Lateral movement
• Persistence methods
• Further learning & breaking into the industry
• Culmination Exercise (CTF) (more info)

Malware Analysis: Babby Steps (May 17th & 18th)

As malicious software continues to thrive as an economy, the number of unique malicious samples in the wild increases. As such, the more malware analysts out there, the better. The goal of this course is to take you through the babby steps of malware analysis, such that if you were handed a sample you may be able to analyze it, determine its function and capabilities and suggest protections for it.

Malware analysis isn’t a classroom subject, you can’t learn it from reading a book or having someone lecture. The only way to learn it is to work through samples and gain a knowledge of the tools and tradecraft employed by malware authors. In order to maximize the amount of time you’ll be learning by digging through samples, this course will be a combination of lectures and labs, at about a 50/50 split. Lectures will focus on necessary materials to understand the topics, and labs will be CTF style challenges, targeted at improving certain skills and knowledge. (more info)

BPT: Basic Persistent Threat: An Introduction to Persistence (May 17th & 18th)

This two-day course will cover the basics of persistence for Windows and Linux. It is a useful introductory course for defense or offense. Persistence is the method for staying resident on a system after compromise. The ‘P‘ in APT. We’ll cover basic persistence so this class will cover BPT!
Course Outline:
• Overview of hacker methodology
• Reasons for persistence
• Types of persistence
• Windows persistence
• Linux persistence
(more info)

Modern Red Team Immersion Bootcamp (May 17th & 18th)

In reality penetration testing and red teaming are NOT synonyms. It’s one thing to search for vulnerabilities, but it’s entirely different when you operate in that fuzzy space between simulating an adversary and being the adversary. Welcome to the Modern Red Team Immersion Bootcamp where the focus is on strategy and realistic execution rather than tools and vulnerability findings.

In this training students will dive headfirst, immersing themselves, into a pool of deliberate self-doubt, mental masochism, and tactical triumph. Those crazy enough will find themselves knee deep in recon and attack planning against a target of their choosing and will engage in the subtle art of balancing the liberty of a true no-scope-yoloswag red team engagement with the need to achieve a specific desired impact, normally that means stealing the most important stuff without getting caught. Students can expect to be challenged to know their enemy, define impactful targets, craft a fool proof targeted spear phish, get up in that west coast post exploitation vector swag, exfiltrate that sweet big data booty, and more! Not to worry, nothing illegal will be permitted.(more info)

Physical Penetration Testing (May 17th & 18th)

Physical security is an oft-overlooked component of data and system security in the technology world. While frequently forgotten, it is no less critical than timely patches, appropriate password policies, and proper user permissions. You can have the most hardened servers and network but that doesn’t make the slightest difference if someone can gain direct access to a keyboard or, worse yet, march your hardware right out the door. (more info)

2-day training (May 15-16, 2017):

Protective Security Analyst

Security needs are evolving faster than most companies can adapt. It is critical in today’s world to have an expert who can assess facilities and operations not only against today’s adversaries, but also recognize the threats of tomorrow.
This dynamic course is ideal for any individual who is tasked to make critical security decisions for their facilities. Our industry leading experts will teach you all the necessary components of a well layered physical defense system. You will learn how to make proper changes to existing systems or work with a design team to harden new spaces. This knowledge become the framework for your next evolution: where we teach you to examine a site and perform a comprehensive security assessment. (more info)

4-day training (May 15-18, 2017):

Pentesting and Exploiting Corporate Infrastructure (May 15-18)

This training is Hands-on training on pentesting and exploiting corporate infrastructure. Training starts with the basics of networking and then moves into scanning, enumeration, exploitation and post exploitation.

Training includes recent vulnerabilities such as Shellshock, Heartbleed, POODLE etc. There will be lot of popping of shells during attack. The lab contains multiple vulnerable applications on various platforms such as Windows and Linux. (more info)

Protective Security Analyst / Physical Security Pentesting – Complete Physical Security Course (May 15th-18th)

Security needs are evolving faster than most companies can adapt. It is critical in today’s world to have an expert who can assess facilities and operations not only against today’s adversaries, but also recognize the threats of tomorrow.

From file cabinets to vault doors, we rely on locks to secure our world. In today’s digital world, this critical aspect of security is an often overlooked vector for attack. While frequently forgotten, it is no less critical than timely patches, appropriate password policies, and proper user permissions. You can have the most hardened servers and network but that doesn’t make the slightest difference if someone can gain direct access to a keyboard or, worse yet, march your hardware right out the door. Gone are the days where physical security and information security are separate disciplines. A thorough understanding of the vulnerabilities in common physical security systems, and how to exploit them, is an essential element in protecting ourselves, our information systems, and our property from harm. (more info)