BLACK HAT TRAININGS

Black Hat Trainings at Sector are available through the Black Hat Trainings website. You can find out full details, pricing, availability and registration here. If you have any questions please contact training@blackhat.com.

Please note that this list may change based on availability. Please see the Black Hat Trainings page for full details.

Two-Day Trainings

 

A Beginners Guide to Reversing with Ghidra

Date: October 19-20
Presenters:
Tripwire VERT
Skill Level: Intermediate

 

Since 2019, the NSA’s software reverse engineering toolkit, Ghidra, has made powerful multi-architecture/multi-platform decompilation capabilities freely available. Join us for an introduction to Ghidra and a series of incremental challenges to build up hands-on experience. Students will learn how to navigate Ghidra, analyze binaries, and use integrated Python scripting. We’ll then shift focus to see what some common anti-reversing techniques look like when analyzed with Ghidra. Lessons will illustrate strategies for peeling back these layers of obfuscation using gradually more sophisticated examples. Between each lesson, students will get access to a new collection of topical reversing challenges with the opportunity to reinforce the techniques. By the end of the class, students will be writing their own Ghidra scripts to recover encrypted data from real malware samples.

Astute Infrastructure Red Teaming - Commandeering the Fleet

Date: October 19-20
Presenters:
Stage 2 Security
Skill Level: Intermediate

Stay frosty by (ab)Using Configuration Management (CM) systems (e.g. WSUS, jamf, Puppet, Chef, SaltStack, Ansible, etc…) to expand access within modern macOS, Linux, & Windows environments. This fast-paced and hands-on course teaches participants the Tactics, Techniques, and Procedures (TTPs) needed to infiltrate and expand access throughout various CM systems.

In this course you will:

  • Gain access to client-side endpoints (e.g. macOS) & create a TLS tunnel (via SOCKS)
  • Expand access onto Linux servers via piggybacking off SSH connections
  • Learn how to avoid osquery detection and bypass other EDR solutions
  • Exploit & Pivot through various Configuration Management (CM) systems (e.g. WSUS)

Compete throughout the course in our hands-on Capture the Flag (CTF) tournament!

Attacking and Securing APIs

Date: October 19-20
Presenters:
Mohammed Aldoub (@voulnet)
Skill Level: Beginner/Intermediate

This is a fully hands-on practical concentrated course on securing and attacking web and cloud APIs. APIs are everywhere nowadays: In web apps, embedded systems, enterprise apps, cloud environments and even IoT, and it is becoming increasingly necessary to learn how to defend, secure and attack API implementation and infrastructure.

This training aims to engage you in creating secure modern APIs, while showing you both modern and contemporary attack vectors.

With more than 50 labs in two days, you are in for a glue-me-to-the-keyboard adventure covering:

  • Defending and attacking Web APIs (REST, GraphQL..etc)
  • Attacking and securing AWS APIs and infrastructure.
  • Launching and mitigating modern Injection attacks (SSTI, RCE, SQLi, NoSQLi, Deserialization, object injection and more)
  • Securing and attacking passwords and secrets in APIs.
  • API authentication, authorization and access control.
  • Targeting and defending API architectures (Serverless, microservices, web services & APIs)

Cloud Security Hands-On for AWS (CCSK-Plus)

Date: October 19-20
Presenters:
Securosis

This course provides a solid foundation in cloud security, including 50% of hands-on labs to apply the principles in practice. It also includes new, expanded material for advanced students. We cover all the material needed to pass the Cloud Security Alliance Certificate of Cloud Security Knowledge (CCSK) exam, but add a pragmatic approach to immediate kick start your cloud security projects. For Black Hat, we also add expanded material to show you how to take cloud security to the next level by leveraging DevOps techniques and the characteristics of the cloud.

Data Breaches – Investigation and Response

Date: October 19-20
Presenters:
LMG Security
Skill Level:
Intermediate/Advanced

Mega-breach or minor incident? The difference is in the speed of detection, effectiveness of containment, and accuracy of scoping. In this technical, hands-on class, we’ll dig into different types of breach scenarios, including cloud account breaches (using Office365 as an example), internal compromise and ransomware. Learn strategies for detection and evidence preservation, and techniques for quickly responding to a breach. Each module includes a hands-on lab where you analyze and scope the breach.

False Flagging Cyber Operations

Date: October 19-20
Presenters:
Rendition Infosec

While attribution of cyberattacks is an imprecise science (to say they least), it is still important in many contexts. But have you ever wondered how difficult it would be for an attacker to blame their cyberattack on another attack group? In this course, you will learn specific techniques that adversaries use to misdirect defenders and forensic examiners. This course will be useful to both investigators who wish to detect and counter such ruses and red team operators who wish to employ these tactics in their own adversary emulation exercises.

Hacking and Securing Cloud Infrastructure

Date: October 19-20
Presenters:
NotSoSecure

Brand new for 2020, this 2-day course cuts through the mystery of Cloud Services (including AWS, Azure, and G-Cloud) to uncover the vulnerabilities that lie beneath. We will cover a number of popular services and delve into both what makes them different, and what makes them the same, as compared to hacking and securing traditional network infrastructure. Whether you are an Architect, Developer, Pentester, Security or DevOps Engineer, or anyone with a need to understand and manage vulnerabilities in a Cloud environment, understanding relevant hacking techniques, and knowing how to protect yourself from them is critical. This course covers both the theory as well as a number of modern techniques that may be used to compromise various Cloud services and infrastructure. Prior pentest/security experience is not a strict requirement, however, some knowledge of Cloud Services and familiarity with common Unix command-line syntax will be beneficial.

Highlights of our Training:

  • Gaining Entry in cloud via exposed services
  • Attacking specific cloud services
  • Post Exploitation
  • Defending the Cloud Environment
  • Host base Defenses
  • Auditing and benchmarking of Cloud
  • Continuous Security Testing of Cloud

Hands-On Hacking Fundamentals - Beginner Level

Date: October 19-20
Presenters:
SensePost
Skill Level:
Beginner

If you’re just starting your hacking career, or want to understand the field better, this course is for you.

We will give beginners everything they need to get started, from introductory concepts right through to immersive hands-on exploitation in a online lab environment. By the end of the course you will have a good grasp of how vulnerabilities and exploits work, how attackers think about networks and systems, and you will have compromised several of them including infrastructure, web applications and Wi-Fi. Only a web browser is needed.

In this course we’ll cover:

  • The different ways hackers think and how hacking makes you think.
  • Setting up your environment, from getting your Kali ready to getting comfortable on the command line.
  • Understanding vulnerabilities and exploits – how to find them and use them.
  • Finding and Hacking Infrastructure over the Internet.
  • Hacking Web Applications and other custom applications.
  • Hacking WiFi and traffic interception/analysis.

Network Traffic Analysis

Date: October 19-20
Presenters:
FireEye Mandiant

Sophisticated attackers frequently go undetected in a victim’s network for an extended period. Attackers can blend their traffic with legitimate traffic that only skilled network analysts know how to detect. This course shows learners how to identify malicious network activity.

The course provides an overview of network protocols, network architecture, intrusion detection systems, network traffic capture and traffic analysis. Learners review the types of network monitoring and the tools commonly used to analyze captured network traffic. The course also explores the best techniques for investigating botnets and how to use honeypots in network monitoring.

The course includes lectures and hands-on lab sessions to reinforce technical concepts.

System Forensics and Incident Handling

Date: October 19-20
Presenters:
Paula Januszkiewicz (CEO of CQURE)

The training focuses on detecting, responding, and resolving computer security incidents and covers the following security techniques. You will learn about the steps of the incident handling process, detecting malicious applications and network activity. Moreover, we will cover common attack techniques that compromise hosts, detecting and analyzing system and network vulnerabilities, continuous process improvement by discovering the root causes of incidents.

Four-Day Training Courses

Advanced Code Injection For Attackers, Defenders, And Developers

Date: October 17-20
Presenters:
Rendition Infosec

Code injection is a technique that is increasingly used by attackers to bypass application whitelisting. But most defenders have no idea how code injection really works. It’s challenging to investigate attackers using code injection if you don’t understand what they’re doing.

Most penetration testers/red team members don’t really understand code injection either, despite their near constant use of it. Ever used the “migrate” feature of metasploit? You’ve used code injection. Do you know how it works or why? You should – it will make you better at your job.

In this course, we’ll start by covering the basics of code injection, using the venerable “CreateRemoteThread” and move into advanced topics like Atom Bombing and Gargoyle that evade most traditional forensics techniques.

Source and binary code will be provided for all examples, so whether you work in offense or defense, you’ll be able to immediately level up.

Advanced Infrastructure Hacking - 2020 Edition (4 Day)

Date: October 17-20
Presenters:
NotSoSecure
Skill Level:
Intermediate/Advanced

The 2020 edition of our best selling class, brings more new, neat and ridiculous network hacks. From old-school misconfiguration issues to the very latest cutting-edge techniques and exploits against the modern network platforms, we have got it all covered. The course will cover advanced penetration techniques to achieve exploitation against these platforms:

  • Modern Operating systems (Windows, Linux)
  • Multiple Databases, Web and Application servers
  • Switches/Routers
  • Docker
  • VLANs
  • Kubernetes
  • AWS/Azure/GCP specific attacks
  • IaaS, PaaS, CaaS, SaaS and Serverless exploitation
  • VPNs

Note: Students will have access to a state-of-the-art Hacklab with a wide variety of vulnerabilities to practice exploitation and will receive a FREE 1 month subscription after the class to allow more practice time.

Cyber Intelligence Foundations

Date: October 17-20
Presenters:
Fireeye Mandiant
Skill Level:
Beginner

Cyber Intelligence Foundations (CIF) is a four day course that explains how to apply the discipline of intelligence analysis to the cyber domain. Students will learn about the intelligence lifecycle, the organizational role of cyber threat intelligence (CTI), and stakeholder analysis. They will learn basic practitioner skills such as developing raw data into minimally viable intelligence, interpreting cyber artifacts, and leveraging the intelligence cycle to compose original intelligence products. They will also receive an introduction to basic attribution techniques.

Unplugged, Modern WiFi Hacking

Date: October 17-20
Presenters:
Sensepost
Skill Level:
Intermediate

If you want to learn how to understand and compromise modern Wi-Fi networks, this is your course.

Learning modern Wi-Fi hacking can be a pain. Several new advances in WiFi security have been released, along with some new attacks. But, public literature still has lots of outdated material for technologies we rarely see deployed in the real world anymore. Numerous tools overly rely on automation, and leave you wondering when they don’t work, because neither the fundamentals nor underlying attack is understood. Even worse, some popular attacks will rarely if ever work in the real world.

If you want to really understand what’s going on, and master the attacks in such a way that you can vary them when you encounter real world complexities, this course will teach you what you need to know.

Web Hacking - Black Belt Edition 2020 (4 Day)

Date: October 17-20
Presenters:
Notsosecure

This class teaches the audience a wealth of hacking techniques to compromise modern-day web applications, APIs and associated end-points. This class focuses on specific areas of appsec and on advanced vulnerability identification and exploitation techniques. The class allows attendees to learn and practice some neat, new and ridiculous hacks which affected real-life products and have found a mention in real bug-bounty programs. The vulnerabilities selected for the class either typically go undetected by modern scanners or the exploitation techniques are not so well known.

Attendees will also benefit from a state-of-art Hacklab and we will be providing FREE 30 days lab access after the class to allow attendees more practice time. Some of the highlights of the class include:

  • Modern JWT, SAML, OAuth bugs
  • Core business logic issues
  • Practical cryptographic flaws.
  • RCE via Serialization, Object, OGNL and template injection.
  • Exploitation over DNS channels
  • Advanced SSRF, HPP, XXE and SQLi topics.
  • Serverless exploits
  • Web Caching issues
  • Attack chaining and real life examples.