Experience the attacker’s mindset and prepare your IT system defense

Hands-on Hacking Essentials is an eye-opening training for IT specialists, system administrators and security practitioners, a much needed “shock therapy” for most.

 

Training duration: 2 days of pure hacking and feeling ”1337”
What to take with you: Every participant needs to bring their own laptop that has WiFi (or LAN cable port) for connecting to the training environment via VPN device. You will get more detailed info closer to the training.
Group size: 12 participants maximum
Trainers: rotates in trainings

  • Karl Kristjan Raik (in English)
  • James Dodd (in English)
  • Taavi Sonets (in English)

 

The main differences between hacking and penetration testing are the intent and (imposed) limitations. Therefore, the idea behind this training is to see practical information security from the attacker’s or ”opposing teams’ point of view and to deliver first-hand experience or running attacks.

 

Although this training is highly technical and extensively hands-on, all scenarios are built so that with the help of hints or even full HOWTO’s from the scoring server, everyone can complete all exercises regardless of prior 1337 skills or experience level with various operating system.

 

Everyone will walk through the phases of an attack until successfully 0wning various systems and services. There are plenty of attack scenarios to play through and to complete scored objectives. Since the expected participants’ skill and experience level is varying to a large degree, we cover a mix of *nix and Windows world and focus on explaining key concepts and on showing real attacks even to those who have never compiled or launched any exploits before.

Ohjelma

Trainers will engage participants with lectures, live attack demonstrations and practical examples followed by individual hands-on exercise scenarios. Training is interactive, practical, and besides active participation also full of attack stories that help to change the perspective and understanding of real life security threats.

08.30 Ilmoittautuminen ja aamukahvi
09.00 Introductions

  • Introduction
  • Kali Linux intro (participant’s attack platform)
  • Reconnaissance and information gathering
  • Targets (a mix of Windows and Linux workstations and servers)
12.00 Lounas
13.00 Essential attack phases, concepts attack vectors and tools

  • Remote exploitation attacks
  • Privilege escalation attacks
  • Attack tool-sets and attack automation (incl. Metasploit Framework and meterpreter)
  • ”Jumping the (fire)wall” with targeted client-side attacks
17.00 Ensimmäinen koulutuspäivä loppuu

 

 

Trainers will engage participants with lectures, live attack demonstrations and practical examples followed by individual hands-on exercise scenarios. Training is interactive, practical, and besides active participation also full of attack stories that help to change the perspective and understanding of real life security threats.

08.30 Ilmoittautuminen ja aamukahvi
09.00 Putting it all together in one training scenario

 

„Network Takeover” scenario with Kali Linux and Armitage

  • „Network Takeover” scenario with Kali Linux and Armitage – a whole day hands-on hacking scenario that walks participants through a small company network takeover scenario from an attacker’s perspective.
  • Mostly Armitage along with other tools on Kali Linux will be used for attacking, making it easy to track and visualize how the victim network reveals itself as participants hack deeper into the network.
12.30 Lounas
13.00 Training scenario continues

  • A brief reconnaissance followed by a targeted client-side attack gains your foothold. Pivoting your attacks through the initial compromised workstation and following up with local privilege escalation, scanning, password hash dumping, pass-the-hash and other attacks will deliver you the rest of the subnet. Credential and additional information harvesting, traffic capturing, data ex-filtration, steganography tools, PHP shells and other trickery will be used to compromise the rest of the subnets to find and steal steal the intellectual property you are after. We will also explain weaknesses in Windows credential handling by using tools such as Mimikatz and WCE (fairly www.clarifiedsecurity.com/trainings/ info@clarifiedsecurity.com popular tools among APT attackers) to dump plain-text passwords from any Windows version. Towards the end you will also use AV evasion tools and techniques to defeat or bypass common defense tools.
  • Your targets network consists of Windows 7, Windows XP and various Linux based firewall and server distributions.
  • Feedback and training wrap-up
17.00 Koulutus päättyy

Kouluttaja

Hinnat

Yksityinen sektori1645 €
Julkinen sektori1045 €

Hintaan lisätään alv 24 %. Hintaan sisältyvät sähköiset materiaalit, kahvi- ja lounastarjoilut.

Lisätietoja

Leena Kalaoja

Asiakkuuspäällikkö, tiiminvetäjä

leena.kalaoja@almamedia.fi

050 528 6956

Paikka

Taitotalo kongressikeskus

Valimotie 8

00380 Helsinki

Koulutus järjestetään Taitotalon Kongressikeskuksessa Helsingin Pitäjänmäellä, osoitteessa Valimotie 8, 00380 Helsinki.

Olemme neuvotelleet erikoishinnat useisiin Helsingin hotelleihin. Mainitse huonetta varatessasi, että olet tulossa Alma Talentin tapahtumaan.

Huonehinnat

  • Radisson Blu -hotellit ja SOKOS-hotellit: alennus -11 % Flex-hinnasta
  • Clarion Hotel Helsinki: alennus -15 % päivän BAR-huonehinnasta
  • Scandic Paasi -15% Flex-hinnasta & Scandic Park -15% Flex-hinnasta
  • Hotel Katajanokka: alennus -15 % päivän BAR-huonehinnasta nettisivujen kautta etukoodilla JAZ (koodi syötetään Special Rates -valikon Corporate-kenttään) tai olemalla yhteydessä hotellin vastaanottoon