TREINAMENTOS

Advanced Pentest Techniques

Instrutor: Filipe Balestra

Idioma: Português

Duração: 16 horas

Data: 26 e 27 de novembro de 2009

Requer Laptop Proprio: Sim

Total de Vagas: 30

Vagas Disponíveis: 0

Minimo de Estudantes para realizar o curso: 05

Investimento: R$ 520,00 (Antecipado) / R$ 700,00 (No dia do evento)

 

COSEINC - Linux Exploitation

Instrutor: Rodrigo Rubira Branco (BSDaemon)

Idioma: Português

Duração: 16 horas

Data: 30 de novembro e 01 de dezembro de 2009

Requer Laptop Proprio: Sim

Total de Vagas: 7

Vagas Disponíveis: 4

Minimo de Estudantes para realizar o curso: 05

Investimento: $1000 USD

 

Web Testing & Exploiting Workshop

Instrutor: Andres Pablo Riancho

Idioma: Inglês

Duração: 16 horas

Data: 30 de novembro e 01 de dezembro de 2009

Requer Laptop Proprio: Sim

Total de Vagas: 18

Vagas Disponíveis: 14

Minimo de Estudantes para realizar o curso: 05

Investimento: $450 USD

 

Immunity - Breaking Windows for Beginners

Instrutor: Gustavo Scotti

Idioma: Português

Duração: 16 horas

Data: 26 e 27 de novembro de 2009

Requer Laptop Proprio: Sim

Total de Vagas: 10

Vagas Disponíveis: 0

Minimo de Estudantes para realizar o curso: 05

Investimento: $600 USD

 

 

* Em alguns dias serão disponibilizadas as ementas de todos os treinamentos.

 

 

 

 

Advanced Pentest Techniques  Filipe Alcarde Balestra

Overview TRAGAM LAPTOPS! O treinamento que será ministrado esse ano no H2HC foi criado especialmente para o evento, objetivando muita prática e ir além do que os outros treinamentos de teste de intrusão costumam ir. Os tópicos abordados no treinamentos são: - Levantamento de Informações - Varreduras - Enumeração de Serviços - Identificação de Sistemas Operacionais - Trojans, Backdoors e Rootkits - Escalação de Privilégios - Identificação de Vulnerabilidades - Ataque a Banco de Dados - Atacando Bruteforce Local e Remoto - Server Side Attack - Client Side Attack - Ataques a Redes Wireless - Criando seu próprio exploit (Criação de exploit para um Buffer Overflow) e procurando por 0day - Sniffer e Keylogger - Ataques a aplicações web - Ataques de negação de serviço (DoS) - Ataques Físicos - Introdução a Anti-Forense - Estudo de caso: Testes de Intrusão/Invasões Públicas O ambiente de teste terá: - Linux - Windows 2000/XP/Vista - Servidores Apache, PHP, MySQL, SSHd, IIS, Oracle, RPC, ASP, SQL Server, dentre outros serviços. Este será um treinamento onde cada aluno deverá levar o seu notebook e ter instalado nele a última versão do Vmware, cuja versão Server pode ser obtido gratuitamente em www.vmware.com. O Vmware é necessário, pois será oferecido para o aluno uma máquina virtual com todas as ferramentas que serão usadas durante o curso. Treinamento exclusivo do evento, com muita, muita prática.

Filipe Alcarde Balestra is a Security Researcher.

 

 

COSEINC - Linux Exploitation  Rodrigo Rubira Branco

TRAGAM LAPTOPS! Overview Module 1 Why exploit software and how to release vulnerabilities Introduction to shellcodes Debugging Linux applications Introduction to GDB Introduction to strace/ltrace Stack Overflow Exploitation Understanding the stack Returning into .text Modifying the stack . Application specific exploitation Laboratory Challenges Module 2 Classical Heap Overflow Exploitation Understanding the heap Understanding the ELF format Changing the .GOT and .DTORS Laboratory Challenges

Rodrigo Rubira Branco (BSDaemon) is a Senior Vulnerability Research Consultant in the Vulnerability Research Lab (VRL) of COSEINC. Previously worked as a Security Expert for Check Point Software Technologies. He worked as the Principal Security Researcher at Scanit (http://www.scanit.net), the biggest security company in the Middle East, incorporated by the giant Oger Systems. Also, worked as a software Engineer at IBM, member of the Advanced Linux Response Team (ALRT), part of the IBM Linux Technology Center (IBM/LTC). He is the maintainer of many open-source projects and has talks at the most important security-related conferences in the world. Rodrigo is also a member of the RISE Security (www.risesecurity.org).

 

 

Web Testing & Exploiting Workshop  Andres Pablo Riancho

TRAGAM LAPTOPS! This training course focus is on manual and automated, discovery and exploitation of web application vulnerabilities. During this course you are going to go through a series of lectures followed by hands on practice. In each practice you will find vulnerabilities to exploit, each with a different level of complexity, which will defy your understanding of the subject. After the hands on practice, a small lecture on how the vulnerability is fixed is presented, together with common errors introduced by developers in that process. The training will also teach you how to use the most advanced tools used by professionals in the field, like w3af (developed by the trainer), the burp suite, sqlmap and many others. Course Syllabus (detailed) . Day One 1. HTTP protocol review . Web architecture . HTTP headers and methods . HTTP authentication . HTTPS . Session management: cookies 2. Common web server misconfigurations . Banners . Directory Indexing . HTTP authentication . HTTP method restrictions 3. Common development and configuration errors . HTML comments and versioning . File inclusions . Backup and local database files . Hidden HTML Fields . Path Disclosure and directory enumeration . Exceptions and error messages 4. Types of analysis . Static code analysis, black box testing and gray box testing: . Definitions . Vulnerabilities that can be detected . Vulnerabilities that CAN'T be detected 5. Web Application Vulnerabilities . Reverse engineering of Java applets y Flash movies . Local file read . Local file inclusions . Path Traversal and Null Bytes . Remote file inclusions . Cross Site Scripting (XSS) . Cross Site Tracing . Cross Site Request Forgeries / Session Riding . HTTP Response Splitting . Day Two 1. Web Application Vulnerabilities . Uncommon attack vectors . LDAP Injection . OS Commanding . SQL Injection: . Enumeration of tables and columns . Execution of queries and stored procedures . Creation of files . Execution of OS commands . Blind SQL Injection 2. Web application privilege escalation . Session handling . Logical vulnerabilities 3. Countermeasures . mod_security . PHP hardening: . Secure configuration parameters . GRASP . PHP-IDS . Hardening for Java - HDIV Course Timeline (how the syllabus will be covered in the allotted timeframe and conform to coffee and meal breaks): Cofee and meal break hours (subject to change by H2HC organization): . 8:30am Breakfast and course start . 10:30am Coffee break . 12:30pm Meal . 15:50pm Cofee break Day one . 9am to 10:30am: attendees laptop setup; Items 1 and 2 of syllabus. . 10:50am to 12:30pm: Item 3 and 4 of syllabus. . 13:30pm to 15:50pm: Item 5 of syllabus. . 16:10pm to 17:00pm: Item 5 of syllabus. Day two . 9am to 10:30am: Review of day one and start of item 6 of syllabus. . 10:50am to 12:30pm: Item 6 of syllabus. . 13:30pm to 15:50pm: Item 6 and 7 of syllabus. . 16:10pm to 17:00pm: Item 8 of syllabus, course review. Pedagogic Methods Used to Teach Material: This two-day course combines lectures with increasingly difficult hands-on exercises designed to teach the attendee different ways to discover and exploit web application vulnerabilities. Student Requirements, experience/expertise: The course will cover an introduction to the HTTP protocol basis and web application development, but knowledge on these subjects is desired. The students should have a solid knowledge of general security subjects, and at least one year experience in a technical position related to any of the subjects in the syllabus. Student Requirements, equipment/software students must furnish: One laptop with at least 1GB of RAM, Ethernet card, and a CD reader. The trainer will provide a live CD that will be used to perform all the hands-on exercises, so the laptop needs to be able to boot from the CD. List of Materials Provided to Students: 1. Live CD 2. Booklet with printed slides 3. Certificate of completion 4. w3af T-Shirt Minimum Number of Students Required to Delivery Course: 8 Maximum Number of Students That Can be accommodated in Course: 18

Andres Riancho is an information security researcher and founder of Bonsai, where he is mainly involved in Penetration Testing and Vulnerability Research. In the research field, he discovered critical vulnerabilities in IPS appliances from 3com and ISS; and contributed with SAP research performed at his former employer. His main focus has always been the Web Application Security field, in which he developed w3af a Web Application Attack and Audit Framework used extensively by penetration testers and security consultants. Andrés has spoken and hold trainings at many security conferences around the globe, like OWASP (Poland), CONFidence (Poland), OWASP World C0n (USA), CanSecWest (Canada), T2 (Finland) and ekoparty (Buenos Aires). Andrés founded Bonsai in 2009 in order to further research into automated Web Application Vulnerability detection and exploitation.

 

 

Breaking Windows for Beginners  Gustavo Scotti

TRAGAM LAPTOPS! * Tired of reading advisories without knowing how to use it? * Tired of following amazed the 1001 milw0rm exploits without contributing? * Tired of the endless screaming of your clients every time a public windows exploit written in aramaic resets the mail server in the middle of a pentest? Immunity offers a PG course for administrators, consultors and curious minded about one of the most fascinating themes of information security: Exploit writting. By the end of the training you will have the knowledge for moving freely in a debugger, understand the risks of a vulnerability and for develop a exploit wich allows to take advantage of a stack overflow PREVIOUS KNOWLEDGE: None needed, but it's encouraged to know some basic idea about the python programming language. TOPICS: Day 1 * Introduction to the stack mechanism * Understanding assembly on the debugger * Basic Python: Connecting to the remote server * Overwritting the stack * Crashing a server: What? How much? How? Why? * Understanding a security patch * The path to the shellcode * Globalizing targets * Exploiting windows remotely with our own exploit Day 2 * The two sword * Creating our own client-side * Introduction to ActiveX * Listing and analizing methods in Immunity Debugger * Exploiting Internet Explorer

Gustavo Scotti is a Software Developer at Immunity, Inc., where he develops low level technology inside Microsoft Windows kernels. With Immunity, has helped global companies to improve Microsoft Windows security with custom development. Mr. Scotti is a hardcore reverse engineering fan, having all Playstation2 internals reversed and open sourced back in 2001. He also co-authored a famous ezine in Brazil, Axur05. Gustavo Scotti é um Software Developer na Immunity, Inc., onde ele desenvolve tecnologias de baixo nível dentro do kernel Microsoft Windows. Com a Immunity, tem ajudado empresas globais a melhorar a seguranca do Windows com desenvolvimento customizado. O Sr. Scotti é um fã ardoroso de engenharia reverse, tendo analisado os "internals" do Playstation 2 em 2001. Ele tambem co-autorou uma famosa ezine no Brasil, Axur05.