Course Description:

This course picks up where the wildly successful courses “Advanced Penetration Tester: Pentesting High Security Environments”, and “CyberWar: Emulating Advanced Persistent Threat” left off. The focus of this class is “Taking Intrusion Detection System (IDS) evasion, and Anti-virus bypass to the next level.”

Key Points:

• Per student request there will be absolutely NO Windows 2000, no Windows XP, Vista, or Server 2003 in the entire course. Only Windows 7, Windows 8, Server 2008, Server 2012 and new flavors of Linux.

• Students attack a network of fully patched, and hardened hosts. Each target computer will be running a Host-Based Intrusion Detection System (HIDS), updated Anti-Virus, and a logging agent that reports to a Security Information and Event Management (SIEM) solution.

• There will also be a Network Intrusion Detection System (NIDS), a web content filtering proxy, and a stateful inspection firewall as well.

• The students will have access to the consoles of all of the security appliances. Students will be able to see in real time the events triggered by the HIDS, NIDS, Proxy, and the logs so the students can learn exactly what attacks and defenses really work in today’s high security environment.

Students that are Network/System Administrators with three or more years experience working in environments such as financial institutions, DoD networks, or similar high security environments will benefit greatly from this course.
It is however primarily designed for Network/Web Application Penetration testers that are looking for the little tips and tricks that will help them better attack high security environments.

CyberWar 2014 Outline

Day 1: Attacking From the Outside

• Attacking Hardened Web Applications
  • Advanced Methods of identifying SQLI/XSS

• Bypassing Common Web Application Security Mechanisms
  • Client-Side Filtering
  • Alphanumeric Filtering
  • Magic Quotes
  • ASP.NET Request Validate

• Bypassing Common Security Products
  • IDS Signature Evasion
  • Dealing with Web Application Firewalls

Day 1’s Mission:

Attack a mock company’s heavily protected external web applications from the outside

Day 2: Bypassing Anti-Virus & HIPS

• Bypassing Popular Anti-Virus
  • AVG
  • McAfee
  • Symantec
  • Windows Defender

• Bypassing Popular HIPS
  • McAfee HIPS
  • Symantec EndPoint Protection
  • Forefront

Day 2’s Mission:

Bypass the most common host-based security products

Day 3: DLL/Process Injection, SRP/Applocker Bypass

• DLL Injection
• Process Injection
• Bypassing SRP and AppLocker

Day 3’s Mission:

Bypass Group Policy Objects, Software Restriction Policy, and HIPS

Day 4: Advanced Host & Network Enumeration

• Attacking Windows 7 and 8
  • Advanced Post-Exploitation
  • Data-Mining

• Attacking 2008/2012 Active Directory
  • Advanced Network Enumeration
  • Data-Mining 2008/2012 Active Directory with security settings enabled

Day 4’s Mission:

Students will be tasked with gaining access to a highly protected network, finding and stealing critical data and exfiltrating that data without being detected.

Pressure will added to the training environment by constantly changing the environment and its defensive mechanisms at irregular intervals.

Day 5: The Mother Of All CTFs

Get your sleep the night before, eat your Wheaties the morning of because you are about to participate in what will be the toughest CTF around.

Course Schedule

This is an online course that will run from August 12th – 16th (Live Online) 10am – 2pm

Course Costs (Note: This is a beta class so the cost will go up next time we run it)

The course cost is $1,000USD – click here to register for $1,000USD

First 10 applicants can signup for $300 USD – click here to see if you can be one of the first 10 signups.

The sessions will be recorded each day so students can review the materials at their leisure. Get ready – this workshop is gonna be a ton of material

Day 1:

• Stack Overflows
• SEH Overwrites
• Shellcoding tricks

Day 2:

• Heap Spray
• DEP Bypass
• ASLR

Exploit Development Weekend Bootcamp Cost is $150 – click here to purchase for $150

Or

You can have it for $100 if you:

1. Post about it on Twitter
2. Like this page on Facebook
3. +1 this page on Google+

Send me an email with proof that you’ve done this and I’ll reply with the $100 payment link

All day Saturday/Sunday June 8th and 9th.  1 full day of Network Pentesting (8^th), and 1 full day of Web App Pentesting (9^th). We’ll go from 10am-3pm each day. You’ll get your courseware and network access on the 7^th of June and maintain access to the lab network until the 30^th of June.

The webinars will be recorded each day, and the network will be fluid (targets changing each day in some cases several times a day). Get ready – this workshop is gonna be full on pentesting covering both Network and Web App Pentesting all in one shot!

Day 1:

• External Network Scanning
• Internal Network Scanning
• Exploitation (Service and Client-Side)
• Post-Exploitation
• Getting REALLY comfortable with Metasploit (lots of tips and tricks)

Day 2:

• SQL Injection
• Cross Site Scripting
• File Handling Vulnerabilities
• Getting REALLY comfortable with Burp Suite (lots of tips and tricks)

Pentester Weekend Bootcamp Cost is $150 – click here to purchase for $150

Or

You can have it for $100 if you:

1. Post about it on Twitter
2. Like this page on Facebook
3. +1 this page on Google+

Send me an email with proof that you’ve done this and I’ll reply with the $100 payment link

Hope to see you in class.

Each Saturday from noon to 4pm EST Joe McCray will host a webinar.

Here are some of the topics to look forward to:

Course Outline:

Week 1 – Stack Overflows

Week 2 – Structured Exception Handlers

Week 3 – Heap Spray

Week 4 – Shellcoding Tricks

Each week Joe will host the 4 hour webinar where he will walk through the previous week’s homework exercises, cover the material for the current week, take questions from the students, and provide homework for the upcoming week. The homework that is handed out each week is designed so students can work on and reinforce each week’s lesson.

Level 1: Courseware, Labs, forums, videos $100                       

Level 2: Live Online (Nights or Weekends) $500                       

Level 3: Live Online (5-Day weekdays) $1500                            

What will we be doing you ask – check this out:

Fundamenatls:

- Cmdlets

- Variables

- WMI Objects

- Interacting With Active Directory

Hacking with Powershell:

- Traditional Hacking

- Ping Sweeping

- Port Scanning

- Enumerating Hosts/Networks

- Download & Execute

- Parsing Nmap

- Parsing Nessus

- Powersploit

- Nishang

…and of course integrating with Metasploit

Level 1: Courseware, Labs, forums, videos $100                

Level 2: Live Online (Nights or Weekends) $500                

Level 3: Live Online (5-Day weekdays) $1500                     

Week 1: Programming Concepts, Parsing Files, Logs, and PCAPs

Python Basics

Text File Parsing

Log Parsing

PCAP Parsing

Week 2: Password Cracking, Netcat, Port-Scanning, and simple fuzzing

Password Cracking

Netcat-like Functionality

Port-Scanning

Fuzzing

Week 3: Web Application Vulnerability Testing

Vulnerable Service Identification

SQL Injection

XSS

RFI/LFI

Week 4: Writing Your Own Security Tools

Click Here To Signup

Level 1: Courseware, Labs, forums, videos $100           

Level 2: Live Online (Nights or Weekends) $500           

Level 3: Live Online (5-Day weekdays) $1500                

Week 1: Basic Forensics

Analyzing a hard drive image

Recovering deleted files

Decrypting encrypted files

Week 2: Bypassing Anti-Virus

Using Hex Editors to bypass AV

Using packers to bypass AV

Using debuggers/disassemblers to bypass AV

Week 3: Network/Browser Forensics

Advanced pcap analysis

De-obfuscating malicious javascript

Week 4: Memory Analysis

Memory analysis

Malicious pdf file analysis

DLL injection

Level 1: Courseware, Labs, forums, videos $100            

Level 2: Live Online (Nights or Weekends) $500            

Level 3: Live Online (5-Day weekdays) $1500                 

Course Outline

Week 1: Simple ASP/ MSSQL Web App

Week 2: PHP/MySQL Web App

Week 3: JSP/Oracle Web App

Week 4: Tricky Stuff

Specifics I’ll Be Covering

SQL Injection

Cross-Site Scripting

Web Shells

Filter Evasion

SQL Injection to a command-shell

XSS to a command-shell

WAF Bypass

Level 1: Courseware, Labs, forums, videos $100          

Level 2: Live Online (Nights or Weekends) $500          

Level 3: Live Online (5-Day weekdays) $1500               

The network environment is going to be highly fluid, really volatile. Each day the network topology will be changing slightly.

Class Outline

Week 1: Scanning & Exploitation

Dealing with Load Balancers, IPS, and WAF

Web Attacks

Client-Side Exploitation

Week 2: BypassingAV

File Splitting

Packing

Encoding

Shellcode Injection

Week 3: Post Exploitation

Getting Files On/Off System

Download and Execute

Creating Listeners/Backdoor Services

Different Kinds of Reverse Shells

Automating Tasks

Privilege Escalation

Lateral Movement

Pass The Hash

Host Enumeration

Host Data Mining

Active Directory Enumeration

Week 4: Your Pentest

Level 1. Courseware, Labs, forums, videos $100          

Level 2: Live Online (Nights or Weekends) $500         

Level 3: Live Online (5-Day weekdays) $1500              

Here’s the low down. If you are hacking modern versions of Windows (Windows 7, Windows 8, Server 2008, Server 2012) – you need Powershell.

The class cost is $100 – click here to purchase

What will we be doing you ask – check this out:

Fundamenatls:
- Cmdlets
- Variables
- WMI Objects
- Interacting With Active Directory

Hacking with Powershell:
- Traditional Hacking
- Ping Sweeping
- Port Scanning
- Enumerating Hosts/Networks
- Download & Execute
- Parsing Nmap
- Parsing Nessus
- Powersploit
- Nishang

…..and of course integrating with Metasploit

This class will run for the entire month of June on Tues/Thurs from 7pm – 9pm EST
The classes will be recorded so students can still view the lessons if they miss an individual class.

Or, you can bundle with the Python class that is already running right now for $150

Click here to purchase the Python and Powershell bundle for $150

If you’ve already purchased the Python For Security Professionals class – send me an email and I’ll give you the Powershell for the additional $50.

If you’ve already purchased the Python For Security Professionals & Python For Tool Security Development package – send me an email and I’ll give you the Powershell for FREE.

This is a full package deal offer – so you’ll get airfare, lodging, and the training if you win.

To enter and be considered for one of the seats you’ll have to perform several activities.
You can do as many activities as you want everyday – good luck.

After you complete your tasks, send an email to joe(at)strategicsec(dot)com with publicly viewable links to the completed activities.

Here are the entry activities:

- Tweet about this giveaway (3 points)
- Follow @j0emccray on twitter (1 point)
- Follow @strategicsec on twitter (1 point)
- Friend j0emccray on facebook [facebook.com/j0emccray] (1 point)
- Add gplus.to/j0emccray to one of your circles on Google+ (1 point)
- Like this page on facebook (1 point)
- +1 Hacking in Paradise page on Google+ (1 point)
- Blog about this class (3 points)
- Google+ post about this class (3 points)
- Follow @ITSecPros on twitter (5 points)
- +1 IT Security Professionals page on Google+ (1 point)

a Rafflecopter giveaway

We’re not here to tell you stuff you already know, or give you a huge report full of meaningless information.

His extensive experience and deep knowledge, mixed with his comedic style has lead Joe to be one of the most highly sought after speaking experts in the industry. Joe often makes speaking appearances and gives seminars at major events in the security community such as Black Hat, DefCon, BruCon, Hacker Halted and more.

There is no substitute for experience and just flat out knowing an industry inside and out. Organizations need to track the competitive landscape, regulatory changes, and advances in technology to compete and thrive in their respective sectors.
Our consultants draw upon years of experience as well as deep industry knowledge to ensure our clients’ security and more importantly their success.

Title:    So You Wanna Be A Pentester
Date:    Thursday, May 23, 2013
Time:    2:00 PM – 3:00 PM EDT

I’ll be covering things like:

• Some of the various types of penetration testing jobs
• Education/Certification/Experience/Skill requirements
  • Should I have a degree – if so what type?
  • Should I have certifications – if so which ones?
  • Should I have work experience – if so what type?
  • What skills should I have prior to applying?
  • Do I need to be a good programmer?
  • Where can I get these skills if I’m not currently working in the field?
  • Security clearance requirements
  • What are good key words to use when searching IT job sites for pentesting jobs?
  • What to expect during the interview process
  • I’m not in the US, where can I find pentester work abroad?
  • How much money can I expect to make as a pentester?
  • The good the bad and the ugly…what the work is actually like day-in and day-out

I’m hoping that newbies that want to get into the field will find this webinar helpful.

Space is limited.
Reserve your Webinar seat now at:
https://www4.gotomeeting.com/register/422400863

After registering you will receive a confirmation email containing information about joining the Webinar.

System Requirements

PC-based attendees
Required: Windows® 7, Vista, XP or 2003 Server

Mac®-based attendees
Required: Mac OS® X 10.6 or newer

Mobile attendees
Required: iPhone®, iPad®, Android™ phone or Android tablet

Python For Security Professionals (Online) – Level 1  for $100

Or

Python For Security Tool Development (Online) – Level 2 for $100

Or

Both workshops for $150

Short Descriptions:

Python For Security Professionals (Online) – Level 1

This is a beginner’s functional programming course focused on programming concepts that can be used to accomplish common security tasks such as log parsing, password cracking, port scanning, vulnerability testing, web application security testing, malware analysis, and exploit development. There won’t be a bunch of math, no CD collection databases, and no useless programming mumbo jumbo.

Each Week the students will learn a few basic programming concepts, and then use some sample code (skeleton scripts) to perform security tasks. The students will keep the skeleton scripts so that when they get back to work they’ll have something that they can use a crib sheet to  build scripts that can do other security tasks.

This class will run for the entire month of May on Mon/Wed from 7pm – 9pm EST.

Click Here To Signup

Python For Security Tool Development (Online) – Level 2

This class takes what you learned in Python For Security Professionals to the next level. It’s designed for people that want to modify existing security tools, and/or create their own. We will focus exclusively solving problems IT Security Professionals often face. We’ll analyze several popular security tools, and modify them to work in situations they weren’t designed for.

Finally you’ll be required to develop a sophisticated analysis tool, and a sophisticated attack tool as part of the class. You’ll get to choose what the primary functions of your tools are, and you’ll be encouraged to release your tool as an open source project or modify your tool so that it becomes an integral component a class project that will be released as an open source project on github.

This class will run for the entire month of June on Mon/Wed from 7pm – 9pm EST.

Click Here To Signup

Want to take both for $150 – Click Here

Course Syllabus:

Python For Security Professionals (Online) – Level 1

This class will run for the entire month of May on Mon/Wed from 7pm – 9pm EST.

This class is for security professionals that have VERY LITTLE PROGRAMMING EXPERIENCE.

Week 1:     Programming Concepts, Parsing Files, Logs, and PCAPs

•     Python Basics
•     Text File Parsing
•     Log Parsing
•     PCAP Parsing

Week 2:    Password Cracking, Netcat, Port-Scanning, and simple fuzzing

•     Password Cracking
•     Netcat-like Functionality
•     Port-Scanning
•     Fuzzing

Week 3:    Web Application Vulnerability Testing

•     Vulnerable Service Identification
•     SQL Injection
•     XSS
•     RFI/LFI

Week 4:    Writing Your Own Security Tools

Click Here To Signup

Python For Security Tool Development (Online) – Level 2

The depth of the material will be heavily dependent upon the skill-level of the attendees. I’ll do my best to make sure that I help everyone and sufficiently challenge each student based on their ability/knowledge.

The primary goal of this class will be for the students to really get in there and work on something really useful for the IT Security community.

Click Here To Signup

Want to take both for $150 – Click Here

To enter and be considered for one of the seats you’ll have to perform several activities.
You can do as many activities as you want everyday – good luck.

After you complete your tasks, send an email to joe(at)strategicsec(dot)com with
publicly viewable links to the completed activities.

Here are the entry activities:

- Tweet about this giveaway (3 points)
- Follow @j0emccray on twitter (1 point)
- Follow @strategicsec on twitter (1 point)
- Friend j0emccray on facebook [facebook.com/j0emccray] (1 point)
- Add gplus.to/j0emccray to one of your circles on Google+ (1 point)
- Like this page on facebook (1 point)
- +1 Hacking in Paradise page on Google+ (1 point)
- Blog about this class (3 points)
- Google+ post about this class (3 points)
- Follow @ITSecPros on twitter (5 points)
- +1 IT Security Professionals page on Google+ (1 point)

 
Hacking In Paradise Giveaway

What’s this place all about?

Simple – it’s a social networking and resource website for IT Security Professionals. Think – LinkedIn, Facebook, Monster.com, and Wikipedia all wrapped up in one website just for IT Security People.

What separates this website from anywhere else on the web?

The key differentiators for this website are:

1. Spam-Free
2. Vendor-Free
3. Content and Discussion driven

There were several goals that this site needed to accomplish, and I’m really hoping that we are moving in the right direction so we can achieve them. Here is the rundown:

R00kie group goals:

• Provide us with a project management solution so we could task r00kies with projects and track the status of those projects.

• Provide us with the ability for r00kies to collaborate on documents
• Provide us with a mechanism to allow r00kies to show what their contributions to the r00kie program have been

IT Security Community Goals

• Provide us with a mechanism to give back to the IT Security Community
• Provide the IT Security Community with a vehicle to learn and keep up with the industry

Check out the site, and let us know what you think

I really hope that you check out the website and let us know what you think. I know it will take some time, but I really think that we’re going to provide something of value to the community with this project.

http://it-security-professionals.com/

Joe

So what exactly do I mean by “Hands-on” – this video is a good example of the kinds of things you’ll be learning.

Course Outline

Week 1: Simple ASP/ MSSQL Web App (2 and 4 April)

Week 2: PHP/MySQL Web App (9 and 11 April)

Week 3: JSP/Oracle Web App (16 and 18 April)

Week 4: Tricky Stuff (23 and 25 April)

Specifics I’ll Be Covering

•          SQL Injection
•          Cross-Site Scripting
•          Web Shells
•          Filter Evasion
•          SQL Injection to a command-shell
•          XSS to a command-shell
•          WAF Bypass

Class Schedule

Tuesday and Thursday evenings from 7pm EST to 9:00pm EST via webinar.

Network Access

Students will have 24/7 network access from 1 March 2013 to 31 March 2013.

Class Cost

This class has a cost $100 USD. Click HERE to signup.

Each Saturday in the month of April (6^th, 13^th, 20^thand 27^th) from noon to 4pm EST Joe McCray will host a webinar.

Here are some of the topics to look forward to:

Course Outline:

• April 6^th– Stack Overflows
• April 13^th – Abusing Structured Exception Handlers on Windows
• April 20^th – Heap Spray
• April 27^th – ROP Exploits

Each week Joe will host the 4 hour webinar where he will walk through the previous week’s homework exercises, cover the material for the current week, take questions from the students, and provide homework for the upcoming week. The homework that is handed out each week is designed so students can work on and reinforce each week’s lesson.

The cost for this workshop is $100USD – click HERE to register.

The network environment is going to be highly fluid, really volatile. Each day the network topology will be changing slightly.

Class Outline

Week 1:  Scanning & Exploitation                                                   (1-7 April)

• Dealing with Load Balancers, IPS, and WAF
• Web Attacks
• Client-Side Exploitation

Week 2:  BypassingAV                                                                   (8-14 April)

• File Splitting
• Packing
• Encoding
• Shellcode Injection

Week 3: Post Exploitation                                                            (15-21 April)

• Getting Files On/Off System
• Download and Execute
• Creating Listeners/Backdoor Services
• Different Kinds of Reverse Shells
• Automating Tasks
• Privilege Escalation
• Lateral Movement
• Pass The Hash
• Host Enumeration
• Host Data Mining
• Active Directory Enumeration

Week 4: Your Pentest                                                                    (22-31 April)

Class Schedule

Monday and Wednesday evenings from 7pm EST to 9:00pm EST via webinar.

Network Access

Students will have 24/7 network access from 1 April 2013 to 31 April 2013.

Class Cost

This class has a cost $100 USD. Click HERE to signup.

I really think you are going to like this one!

I really think this is the kind of class that pentesters, and security professionals are REALLY going to enjoy.

There are a lot of situations that can arise on a pentest where Metasploit just won’t work and you’ll have to perform the task by hand – this is often the case in high security environments because many of the defensive tools look specifically for Metasploit. -

- Hands-on -

So what exactly do I mean by “Hands-on” – this video is a good example of the kinds of things you’ll be learning.

https://www.youtube.com/watch?v=wZ-b8qe7M8I

Course Outline

• Week 1: Scanning (5 and 7 March)

• Week 2: Exploitation (12 and 14 March)

• Week 3: Post-Exploitation (19 and 21 March)

• Week 4: Tricky Stuff (26 and 28 March)

Specifics I’ll Be Covering

•          Scripting
  •    Bash
  •    Batch
  •    VBScript
  •    Powershell
  •    Python
•          Using public exploit code
  •    Compiling Code on Windows and *nix
  •    Fixing broken exploit code
  •    Changing shellcode in exploits
•          Bypassing Anti-Virus
•          Post-Exploitation

Class Schedule

Tuesday and Thursday evenings from 7pm EST to 9:00pm EST via webinar.

Network Access

Students will have 24/7 network access from 1 March 2013 to 31 March 2013.

Class Cost

This class has a cost $200 USD. Click HERE to signup.

Joe

Alright, it’s been a whirlwind week teaching a classroom-based class in Maryland, 2 online classes, and of course the other recent drama. I’m working on a few new things right now that I think you might be interested in.

Hands-on Web Application Security

So what exactly do I mean by “Hands-on” – this video is a good example of the kinds of things you’ll be learning.

Course Outline

Week 1: Simple ASP/ MSSQL Web App (4 and 6 March)

Week 2: PHP/MySQL Web App (11 and 13 March)

Week 3: JSP/Oracle Web App (18 and 20 March)

Week 4: Tricky Stuff (25 and 27 March)

Specifics I’ll Be Covering

•          SQL Injection
•          Cross-Site Scripting
•          Web Shells
•          Filter Evasion
•          SQL Injection to a command-shell
•          XSS to a command-shell
•          WAF Bypass

Class Schedule

Monday and Wednesday evenings from 7pm EST to 9:00pm EST via webinar.

Network Access

Students will have 24/7 network access from 1 March 2013 to 31 March 2013.

Class Cost

This class has a cost $100 USD. Click HERE to signup.

New Stuff…I’m working on another course so later today I’ll be releasing the info on that as well!

Joe

I’m putting this dirty laundry out 1 time, and one time only. I absolutely will not speak on this subject ever again after this post. In my last blog post I responded to this Plagarism accusation from Saumil Shah. I emailed every single student in the class, made them aware of the situation – apologized, and offered refunds to anyone that felt slighted in any way. For the nearly 180 students that are taking courses with me this month I’ve given 12 refunds and I’ll happily give a refund to any other student that requests it.

After that I tried to go on about my business, but this is getting to the point of sheer stupidity.

Saumil, for 2 years even though very mention of your name made my skin crawl I still praised you publicly, recommended you publicly (YES, EVEN IN THE COURSEWARE YOU SAY I STOLE FROM YOU  – said that I learned this from you and I’d recommend that people take your classes).

Let’s get down to brass tacks here…

The truth is that Saumil and I have a financial dispute over a class that he taught with my company and a partner training company that I often work with nearly two years ago. The class wasn’t selling well so I lowered the price (literally cut the price in half) to get some sales. The company that hosted the training paid Saumil $9,000 when the class only grossed a little over 20K. Saumil wanted me to pay him 17,000. In total I paid him 15K when my cut was only 6K. So basically I lost 11K on the class and Saumil still wants the remaining 2K. And no there was no contract between us – it was a gentlemen’s agreement done without even a handshake.

When I was in the class I was so appreciative of him helping me learn the subject that I offered to rewrite my notes from his class, update the attack scripts and port them to python for him which was something he said he wanted to do in the future, and fully document lab manuals with step-by-step walkthroughs for each lab.  I told him that he could have ALL of this for free and I would be happy to do it as it would help me learn the material better. I honestly had planned to work on future classes with him where he would teach the exploit development and I would teach the network/web attacks. I was excited about the potential and he was too.

When it came time to settle up I paid him more money than I took in for the class (more than double what I took in – $6,000 was all I made and he wanted $17,000 – nearly triple what I made).  I was already in financial peril at the time because 3 customers had not paid for their penetration tests, and 1 customer had not paid me for a class so I was owed nearly $100,000 dollars. I was drowning financially so I paid him late, but even with paying him late I was still giving him money when I didn’t have it to give.

I got evicted from my home and even then I was still trying to pay Saumil for a class that I lost money on, a few months later I taught a class in Norway at HackCON  and had my point of contact for the event give Saumil all of the money from the event when I had no home to live in.

At this point I was in deep financial peril at the time and felt like Saumil was being an asshole to me. What kind of human I kept thinking to myself would be this way to me when I was homeless.

At this point I now fully hated his guts – nothing would satisfy me more than punching him in the mouth in front of god and country. I only had a few thousand dollars left to pay at this point, and the only reason that I was going to pay it was because I didn’t want him to go to security conferences and tell people in the IT Security community that I didn’t pay my bills. I figured it would destroy my ability to speak at conferences, run classes, and basically ruin me.

At that point Saumil’s business partner Hiren Shah began calling our mutual acquaintances, and my contractors asking each of that what my financial situation was. How much money I had made on recent penetration tests, courses, had they been paid from me recently, and more.

This put me through the roof!!!!!!!!!

Here I am taking money out my family’s mouth, still don’t have a place to live, and struggling to pay Saumil just so I can keep my private life out of the security industry and now here we go. Too late for that.

At this point I didn’t care anymore, I was so angry with him for being such a cowardly bitch that I couldn’t stand it. I swore that the next time I see him there was gonna be some furniture moving. Yes ChrisJohnRiley THIS IS THE NEW BLACK I was 2 seconds away from whooping  Saumil’s ass. I was ready to put my foot so far up his ass that his breath would smell like shoe polish!

I told him explicitly (yes that means I dropped a lot of F-Bombs) how I felt, and that I’m not paying him the remaining money because he and Hiren are both some bitches.  After that – all of these notes I rewrote, scripts I ported from perl to python, lab manuals that I wrote – for him as a gift to show my appreciation that he mentions in his blog post, and yes his precious virtual machines – I used them in classes, webinars, and workshops I taught. I did it to spite him. I was pissed at him – immature I realize – but at least it’s the truth. I might as well try to make my money back after all of this mess.

Saumil and anybody else for that matter – you can write whatever you want about me. You can put me on what ever page you want, talk about me on twitter, but at the end of the day Saumil can have a hot steamy cup of FUCK YOU! At this point I flat out don’t care how many people you tell, how many people talk about this on twitter. I hope that every single human being on this earth learns how much of a whining wimpy little bitch you are, and knows that I can’t stand you and I would rather eat hot shit before I’d even acknowledge that you are a fucking human being let alone speak to you.

No I’m not paying you, and I sincerely feel bad for every single incident of a people loosing respect for me with regard to this issue, I know that I will never do it again because there is no HUMAN being that would ever be the way that he was to me, but I refuse to continue to talk to people like you are a good person when I know you are not.

So Saumil, and Hiren – I just want you to know what I think of you personally, and professionally.

From the bottom of my heart…

FUCK YOU!

Joe

http://blog.exploitlab.net/2013/02/defending-our-work.html

Summary:

I used the virtual machines from the class that I was in 2 years ago. I did it out of convenience. The virtual machines are built with software that is freely available on the Internet. There is no intellectual property of his that was stolen.

Saumil and I have had disagreements in the past and quite frankly the differences between us have still not been resolved. We are civil, but that is about the end of it. I emailed Saumil yesterday and let him know the following:

Even though we are not on good terms I apologize for using his virtual machines and will create new ones for my upcoming classes.

1. Even though we have personal issues I recommended him in my webinars and in this very course as a good person to learn from.
2. The screenshot of debugger commands that he references in his blog post was never given out to students. And honestly – it’s just commands not intellectual property. It’s the same as handing out a GDB cheatsheet for reference.

To both Saumil and the entire IT Security community

I apologize for misrepresenting the courseware. I looked at it as all of the software on the virtual machines that he gives away is freely available on the internet and it was helping me get the courseware done quickly by providing a working set of attack target virtual machines. It was never intended to be considered giving away his courseware. I will correct this immediately and I will have new virtual machines for my future classes.

I sent a formal apology for Peter Van Eeckhoutte (https://twitter.com/corelanc0d3r), someone I truly respect for his technical ability and his friendship because someone contacted asking if this blog post was  about him. I can assure you that Peter has the utmost of integrity, honor, and professionalism. He has absolutely nothing to do with all of this.

If any student of mine in this course or anything other course I’m currently teaching would like a refund – feel free to ask. My integrity is important to me, and any student or client of mine that feels that my integrity is not at the proper level I will gladly refund their money.

Joe

The network environment is going to be highly fluid, really volatile. Each day the network topology will be changing slightly.

Class Outline

Week 1:  Scanning & Exploitation                                                   (1-9 Feb)

• Dealing with Load Balancers, IPS, and WAF
• Web Attacks
• Client-Side Exploitation

Week 2:  BypassingAV                                                                   (10-16 Feb)

• File Splitting
• Packing
• Encoding
• Shellcode Injection

Week 3: Post Exploitation                                                            (17-23 Feb)

• Getting Files On/Off System
• Download and Execute
• Creating Listeners/Backdoor Services
• Different Kinds of Reverse Shells
• Automating Tasks
• Privilege Escalation
• Lateral Movement
• Pass The Hash
• Host Enumeration
• Host Data Mining
• Active Directory Enumeration

Week 4: Your Pentest                                                                    (24-28 Feb)

Class Schedule

Monday and Wednesday evenings from 7pm EST to 9:30pm EST via webinar.

Network Access

Students will have 24/7 network access from 1 Feb 2013 to 28 Feb 2013.

Class Cost

This class has a cost $100 USD. Click HERE to signup.

Each Saturday in the month of February (2^nd, 9^th, 16^th, and 23^rd) from noon to 4pm EST Joe McCray will host a webinar.

Here are some of the topics to look forward to:

Course Outline:

• Feb 2^nd – Stack Overflows (in both Linux and Windows)
• Feb 9^th – Abusing Structured Exception Handlers on Windows
• Feb 16^th – Heap Spray
• Feb 23^rd – ROP Exploits

Each week Joe will host the 4 hour webinar where he will walk through the previous week’s homework exercises, cover the material for the current week, take questions from the students, and provide homework for the upcoming week. The homework that is handed out each week is designed so students can work on and reinforce each week’s lesson.

The cost for this workshop is $100USD – click HERE to register.

The best thing about CTFs is also the worst thing about them – and that is that they can be all over the place. There are so many ways you can run one ranging from simple wargame servers, to network based exploitation games, to exploit development and reverse engineering challenges. After having several conversations about CTFs over the last month or so I found myself admitting over and over again that participating in CTFs was a HUGE factor in my skill development. It was how I learned Linux, it was how I learned packet analysis and intrusion detection – and to be honest – it was fun! I loved participating in CTFs, and I loved running them back then too because I learned so much. I can be honest and use the quote that rookie Frank Hackett says “The truth is…I just got a case of the lazies’ so I was reluctant to do it.

I have a lot of newbies I work with now – I call them the Security Rookies. A lot of them are interested in being involved in a CTF.

Sigh…Man what the hell….who needs sleep? Let’z do da damn thang!

I decided to setup a CTF for newbies – I’m calling it ‘Your First CTF’, it’s a CTF that starts with a month of training you up for the CTF and then finally participating in it. There will be tons of challenges ranging from simple Windows/Linux security tasks, to host-based exploitation (both with and without Metasploit), some malware analysis, some reverse engineering tasks, and some exploit development.

From October 22nd – November 11th I’ll provide you with access to the Strategic Sec lab network that will be full of challenges with explanations and step-by-step walkthroughs for each challenge. On the 22nd of October and each Saturday between October 22nd – November 11th I will release a video walk-through with me detailing how to solve each challenge and how it or something like it can be a ‘gotcha‘ in a CTF.

The actual CTF will be hosted from November 19th – 25th. It’ll be a team based CTF, and I’ll use the month that the training is being held to break people up into teams. We’ll allow participants to pick their own teams, and unpicked participants will be grouped into individual teams.

The cost of the event is $50 for the training, $50 to participate in the CTF, or $75 to do both.

You can click here to purchase the $50 training for the CTF.

You can click here to purchase your participant slot in the CTF for $50.

You  can click here to purchase the training and the CTF participant slot for $75.

Other relevant info:

• You should receive a confirmation of your purchase within 1 business day of purchase. Be sure to check your spam folder for this confirmation email. If you do not receive the email by the 2nd day please email me at joe<at>strategicsec.com with your Paypal confirmation number.

• On the 22nd of October you will receive your network login information via email. Be sure to check your spam folder for this email as well, and if you don’t receive it please email me at joe<at>strategicsec.com with your Paypal confirmation number.

• Each member of the winning team will be given a FREE Strategic Security class of their choice.

• I’ll be providing more info to participants as they register….right now – it’s time to get to work building the CTF network.

If you are interested in running your own CTF – these are some good documents that cover what CTFs are all about:

https://www.calpolyswift.org/wp-content/uploads/2011/11/ctf_presen.pdf

http://6dev.net/talk/pses-2012/pses_ctf_debriefings_en.pdf

http://cisr.nps.edu/events/downloads/WECS6/wecs6_ch04.pdf

http://openctf.com/dox/oCTF6_whitepaper.pdf

This was the first CTF I ever participated in (this is a really good write-up):

http://www.nxnw.org/~steve/papers/discex3_autonomix_defcon.pdf

This is a really good write-up detailing how to run a CTF, network topology, vulnerable services/apps, and more importantly and setup a scoring system for it:

http://theccgroup.org/carolinacon/ctf/presentation/HowTo0wnCaptureTheFlag.pdf

However, you will learn everything you need to get up and running. I’ll be answering a lot of common beginner questions and showing how basic exploitation works.

Common Questions I’ll be addressing:

• What programming languages you need to know?
• What are the best ways to learn these languages?
• What tools do you need?
• Which tools should you start with first?
• What references you use to get started and more importantly what to avoid?

Exploit Techniques I’ll be covering:

• Exploiting Stack Overflows
• Exploiting Structured Exception Handlers
• Heap Sprays
• ROP Exploits and Stack Pivots

Space is limited.
Reserve your Webinar seat now at:
https://www3.gotomeeting.com/register/576658462

I’ll be covering:

• Analyzing network traffic pcaps
• Memory analysis
• Analyzing malicious PDFs
• Dealing with packers
• Dealing with javascript obfuscation

Like the every workshop I do this one is also designed to be a lab style of class.

Students will be given a VMware image with the malware all of the analysis tools preloaded to download and use for the workshop.

Along with the VMware image students will be given a lab manual that walks them through the various analysis steps.

The workshop will be LIVE via GotoWebinar again, and I will be walking the students through the various labs, and answering student questions.

Basic Info:

• The workshop will be held on Saturday the 25th of August, 2012 from 12 noon EST to 4 pm EST at a cost of $50 USD
• The VM and lab manual will be made available for download on the 20th of August at noon EST
• The VM will also contain several samples of live malware so students can practice on other malware samples.
• You should receive a confirmation email within 4 hours of registering for the workshop (be sure to check your spam folder)
• Workshop attendees will get a 10% discount on the Advanced Malware Analysis course taught by Joe McCray

Click HERE to register for this workshop.

The Network

The entire network is comprised of all 64-Bit Windows and Linux hosts.

• Hardened Hosts joined to a hardened domain
  • 64-Bit Windows 7 hosts joined to a Server 2008 R2 Active Directory Domain with all security GPOs applied

• Hardened Servers
  • 64-Bit Linux hosts running mod_security, suPHP, suhosin, greensql, and several other security mechanisms
  • 64-Bit Server 2008 R2 running AppLocker, BitLocker, Auditing Services, IPSec, WAFs

• Other Types of Servers
  • HPC Server 2008
  • TMG
  • NPS/NAP
  • RODC
  • IAS

• Security Products
  • HIPS
  • AV
  • Snort
  • AlienVault

The Rules

• Users will have administrative access to the workstations (but not the servers).
• Admin access to the servers must be requested via email
• User contributed binaries and tools can not be submitted to VirusTotal or similar sites without permission from the creator
• Security mechanism bypass techniques can not be submitted vendors, or written about with out permission from the creator
• Lab users can request that VMs with certain security mechanisms be added to the network. Strategic Security lab techs will make a best effort to fulfill these types of requests.
• The group’s centralized meeting and discussion place is a LinkedIn group called “Advanced Penetration Testers: Pentesting High Security Environments” – http://www.linkedin.com/groups?gid=3270572&trk=hb_side_g
• Submitted VMs must be in VMWare ESX format with updated VMWare tools installed. Dropbox is the preferred VM transfer mechanism
• Articles must be emailed to joe@strategicsec.com before the 1st of each month

The Vetting

• Initial vetting will be done by Joe McCray (ensuring the user is either a security consultant, security researcher, or security enthusiast).
• After 3 – 6 month a board of directors will be established to vet new members, and manage the day to day issues associated with the lab network

The Cost

• The lab network access cost is $100 per dollars per month for unrestricted access.
• The lab network access cost is $50 per dollars per month for unrestricted access if you contribute 1 virtual machine configured with a security product.
• The lab network access cost is $50 per dollars per month for unrestricted access if you contribute an article that provides a step-by-step walkthrough for bypassing a security mechanism that is in the lab network. The screenshots for this document must be taken using the lab network hosts.
• The lab network access will be free if you donate 2 or more VMs with security products configured, or 2 or more articles detailing how to bypass a security mechanism that is in the lab network, or at least one of each.
• You must sign up for the $100 per dollars per month access and when you donate either an article or a VM with a security product you won’t be charged for the upcoming month.

After you complete your tasks, send an email to joe(at)strategicsec(dot)com with
publicly viewable links to the completed activities.

Here are the entry activities:

- Tweet about this giveaway (3 points)
- Follow @j0emccray on twitter (1 point)
- Follow @strategicsec on twitter (1 point)
- Friend j0emccray on facebook [facebook.com/j0emccray] (1 point)
- Add gplus.to/j0emccray to one of your circles on Google+ (1 point)
- Like this page on facebook (1 point)
- +1 this Hacking in Paradise page on Google+ (1 point)
- Blog about this class (3 points)
- Google+ post about this class (3 points)
-
a Rafflecopter giveaway

THIS IS A SECURITY TRAINING EXPERIENCE COMBINED WITH A 3-DAY BAHAMAS VACATION – THE ONLY COST TO YOU IS YOUR MEALS!

Event Dates and Times

September 6th  – Arrival and hotel check-in

September 7-8th – do your choice of fun activities on Saturday the 7th, relax and enjoy the entire day Sunday for yourself.

There are tons of things you can from absolutely nothing at all to jet skiing, kayaking, swimming with dolphins, jeep safaris and so much more.

September 9 – 11, 2013

After your built-in 3day vacation in the Bahamas you can settle in to the training will be held from 8:30am to 4:30pm each day. The class will be broken down into 50 minute sessions, 10 minute breaks, and 1 hour for lunch each day.

Event Location

British Colonial Hilton Nassau hotel
One Bay Street, Nassau, N-7148, Bahamas TEL: 1-242-322-3301

http://www.bchiltonnassauhotel.com/

Accommodations

“Taken from the hotel website”

Activities

It’s time to have a real vacation – I’m talking fun in the sun. There are tons of things you can from absolutely nothing at all to jet skiing, kayaking, swimming with dolphins, jeep safaris and so much more.

We’re making sure that you have plenty of time for activities – you’ll arrive on Friday the 6^th of September and you’ll have the entire weekend before the training starts to relax or to have some SERIOUS FUN. Your package deal will include your choice of jet-skiing, clear bottom kayaking, swimming with dolphins, or a Jeep safari.

Get there on Friday the 6th of September, do your choice of fun activities on Saturday the 7th, relax and enjoy the entire day Sunday for yourself and do the training from Monday to Wednesday – fly home on Thursday.

Companion Airfare:

Ok – let’s be real. There is no way your wife/girlfriend/husband/boyfriend or (significant other) is going to let you go to this without them. Yes, we can do that. Just contact Joe McCray for a quote.

Workshop choices:

Workshop 1:   Metasploit  (Great for beginners and intermediate students) – taught by @georgiaweidman

or

Workshop 2:  Cyberwar (Great for  intermediates and advanced students)- taught by @j0emccray

These workshops run in parallel.  Workshop 1 is designed for IT and IT Security Professionals that want more exposure to network and application penetration testing. Workshop 2 is designed for IT Security Professionals and Penetration Testers that want to take their skills to the next level.

Metasploit Short Description

The class will begin with the basics of using the Metasploit Framework and then continue on following the Open Source Security Testing Methodology Manual (OSSTMM) to exploit vulnerable systems in a lab network. Quickly moving on from the basic concepts the class will move into advanced topics such as writing your own Metasploit modules and creating sophisticated client side attacks with Metasploit and the Social Engineering Toolkit. This class is ideal for beginning pentesters looking to pick up many skills and become comfortable using the common tools of the trade.

Students will be introduced to finding and exploiting vulnerabilities in both Windows and Linux-based systems, attacking web applications with Metasploit and additional pentesting tools such as Maltego, Nmap, and Nikto will also be covered.

CyberWar Short Description

This course picks up where the wildly successful “Advanced Penetration Tester: Pentesting High Security Environments” left off. Taking Intrusion Detection System (IDS) evasion, and Anti-virus bypass to the next level.  There are a few things to note that will be different from the “Advanced Penetration Tester: Pentesting High Security Environments” and from any other hacking course for that matter:

1. Per student request there will be NO Windows 2000, no Windows XP, or Vista in the course. Only Windows 7, Windows 8, and Server 2008 RC2, and new Linux distributions as the targets for students to go after.

1. Students attack a network of fully patched, and hardened Windows 7, Server 2008 RC2 hosts. Each target computer will be running a Host-Based Intrusion Detection System (HIDS), updated Anti-Virus, and a logging agent that reports to a Security Information and Event Management (SIEM) solution.

1. There will also be a Network Intrusion Detection System (NIDS), a web content filtering proxy, and a stateful inspection firewall as well.

1. The classroom will have 4 projectors running to show in real time the events triggered by the HIDS, NIDS, Proxy, and the logs so the student can learn exactly what attacks and defenses really work in today’s high security environment.

Download The Complete Hacking In Paradise Package Description Document By Clicking HERE

All Inclusive Pricing (Training, Airfare, Lodging)

US Based All-Inclusive Packages (Meaning you are traveling from the US):

• Metasploit, Flight, Hotel, and Activities                          $3,500USD
  • Click here to purchase the Metasploit All-Inclusive Package
• CyberWar, Flight, Hotel, and Activities                           $3,500USD
  • Click here to purchase the CyberWar All-Inclusive Package

Europe Based All-Inclusive Packages (Meaning you are traveling from Europe):

• Metasploit, Flight, Hotel, and Activities                          $4,500USD
  • Click here to purchase the Metasploit All-Inclusive Package
• CyberWar, Flight, Hotel, and Activities                           $4,500USD
  • Click here to purchase the CyberWar All-Inclusive Package

Asia/Austrailia/Africa Based All-Inclusive Packages (Meaning you are traveling from Asia/Austrailia/Africa):

• Metasploit, Flight, Hotel, and Activities                          $5,000USD
  • Click here to purchase the Metasploit All-Inclusive Package
• CyberWar, Flight, Hotel, and Activities                           $5,000USD
  • Click here to purchase the CyberWar All-Inclusive Package

Prices listed above are valid if purchased before May 31^st, 2013

All-Inclusive Packages (Prices below if purchased between 31 May and 31 July, 2013):

US Based All-Inclusive Packages:

• Metasploit, Flight, Hotel, and Activities                          $4,500USD
• CyberWar, Flight, Hotel, and Activities                           $4,500USD

Europe Based All-Inclusive Packages:

• Metasploit, Flight, Hotel, and Activities                          $5,500USD
• CyberWar, Flight, Hotel, and Activities                           $5,500USD

Asia/Austrailia/Africa Based All-Inclusive Packages:

• Metasploit, Flight, Hotel, and Activities                          $6,000USD
• CyberWar, Flight, Hotel, and Activities                           $6,000USD

NOTE:

If you are interested in purchasing the training without travel and lodging please contact Joe McCray directly.

About The Metasploit Instructor: Georgia Weidman

Georgia Weidman is a penetration tester, security researcher, and trainer. She holds a Master of Science degree in computer science, secure software engineering, and information security as well as holding CISSP, CEH, NIST 4011, and OSCP certifications. Her work in the field of smartphone exploitation has been featured in print and on television internationally. She has presented her research at top conferences around the world including Shmoocon, Blackhat, Hacker Halted, and Bsides. Georgia has delivered highly technical security training for conferences, schools, and corporate clients to excellent reviews. Building on her experience, Georgia founded Bulb Security LLC (http://www.bulbsecurity.com), a security consulting firm specializing in security assessments/penetration testing, security training, and research/development. She was awarded a DARPA Cyber Fast Track grant to continue her work in mobile device security, culminating in the release of the Smartphone Pentest Framework (SPF).

 About The CyberWar Instructor: Joe McCray

Joe McCray is an Air Force Veteran and has been in security for over 10 years. Joe has been involved in over 150 very high level pentesting assessments and has some major hacking accomplishments that he can share with his classes. His extensive experience and deep knowledge, mixed with his comedic style has lead Joe to be one of the most highly sought after speaking experts in the industry. Joe makes speaking appearances and gives seminars at major events in the security community such as Black Hat, DefCon, BruCon, Hacker Halted and more. Joe is the recipient of the 2009 EC-Council Instructor Circle of Excellence Award and the 2010 EC-Council Instructor of the Year Award. Joe is the founder and CEO of http://strategicsec.com an IT Security consulting firm that provides in-depth technical security assessments of your network, web application, and regulatory compliance gap analysis.

Who To Contact For More Information

You can contact Joe McCray at:

Toll Free:                     1-866-892-2132

Email:                          joe@strategicsec.com

LinkedIn:                    http://www.linkedin.com/in/joemccray

Twitter:                       http://twitter.com/j0emccray

Website:                      http://strategicsec.com

What I’ll be doing this time is basically focusing on Pentester Headaches:

• Intrusion Prevention Systems
• Web Application Firewalls
• Anti-Virus

I’ll also cover ways to implement penetration tester tactics such as:

• Lateral movement
• Data-Driven Testing
• Persistence

Specific tools and techniques I’ll be covering will be:

• Nmap Scripting Engine
• Windows Credential Editor and Mimikatz
• New Pass-The-Hash functionality in Firefox

Like the last workshop this one is also designed to be an attack lab style of class.

Students will be given a VMware image with all of the attack tools preloaded to download, and VPN credentials to log into the Strategic Security lab network.

NOTE: This is NOT the same network as the last workshop (different network network, different targets).

Like the previous workshop’s target network there will be vulnerable hosts running Windows 2000, XP, Vista, Windows 7, Server 2003, Server 2008, and various flavors of Linux. There is also a snort IDS, and an AlienVault SEIM in the network as well so students can look to see which of their attacks are being detected.

The workshop will be LIVE via GotoWebinar again, and I will be walking the students through the various attacks, and answering student questions.

Students will be given a lab manual that walks them through the various attacks.

The workshop will be held on Saturday the 11th of August, 2012 from 12 noon EST to 4 pm EST at a cost of $50 USD

The students will be allowed to maintain their VPN access until the end of the month of August.

A few things to note that will be different from the last workshop:

• The attack VM will be made available for students to download within 4 hours of workshop purchase
• The VPN credentials, IRC channel info, and lab manual for the target network made available to the students on Monday the 6th of August at noon EST via email or within 4 hours of workshop purchase if you purchased after the 6th
• From 6pm – 9pm EST on the 10th of August Strategic Security rookies will be in an IRC channel assisting people with connecting to the Strategic Security Lab network.
• From 9am – noon EST on the 11th of August Strategic Security rookies will be in an IRC channel assisting people with connecting to the Strategic Security Lab network.

Click HERE to register for this workshop.

Well that’s about it – hope to you in the workshop.

Schedule:
1) Ashburn, VA February 23, 2012 8:30am – 11:30am
Topic: Web Application Security
Joe McCray will be covering both manual and automated vulnerability testing of Web Applications. This workshop will focus on vulnerabilities like SQL Injection, Cross-Site Scripting, and LFI/RFI vulnerabilities. You’ll also learn how to test applications built on .NET, J2EE and other frameworks. This workshop will be 90% hands-on.

Cost:  $100

Address:

45195 Research Pl, Suite 120
Ashburn, VA 20147

2) Greenbelt, MD March 7, 2012 8:30am – 11:30am
Network Vulnerability Testing
Joe will be covering both manual and automated vulnerability testing of networked hosts running all of the major platforms XP/Vista/Win7 and Server 2003/2008 – as well as popular Linux platforms. You’ll learn the newest methods for attacking these types of hosts and dealing with defensive technologies such as Anti-Virus, IDS, IPS, etc. This workshop will be 90% hands-on.

Cost:  $100

Address:

7833 Walker Drive, Suite 520C
Greenbelt, Maryland 20770

Pentester’s Workshop

This is a HOW/WHY class. We’ll be covering the common penetration testing related subjects such as:

• Scanning
• Enumeration
• Exploitation
• Post-Exploitation
• Web Application Testing

This workshop is designed to be an attack lab style of class.

Students will be given a VMware image with all of the attack tools preloaded to download, and VPN credentials to log into the Strategic Security lab network.

The target network will contain vulnerable hosts running Windows 2000, XP, Vista, Windows 7, Server 2003, Server 2008, and various flavors of Linux. There is also a snort IDS in the network as well so students can look to see which of their attacks are being detected.

The workshop will be LIVE via GotoWebinar, and I will be walking the students through the various attacks, and answering student questions.

Students will be given a lab manual that walks them through the various attacks.

The workshop will be held on Saturday the 14th of April, 2012 from 4 pm – 6pm EST at a cost of $50 USD

The students will be allowed to maintain their VPN access until midnight April 30th of April, 2012.

A few things to note that will be different from the first workshop:

• The attack VM will be made available for students to download on Wednesday the 9th of April
• The VPN credentials, IRC channel info, and lab manual for the target network made available to the students on Friday the 13th of April at noon EST via email
• From 6pm – 9pm EST on the 13th of April Strategic Security rookies will be in an IRC channel assisting people with connecting to the Strategic Security Lab network.
• From noon EST to 4pm on the 14th of April Strategic Security rookies will be in an IRC channel assisting people with connecting to the Strategic Security Lab network

If you’ve ever struggled in a programming class because you wanted the instructor to put programming concepts in plain and simple english – this class is for you.

If you’ve ever tried to learn programming from a book thought the book spent too much time on math, and writing absolutely programs like a CD collection database – this class is for you.

If you’ve ever wanted a programming course to be about stuff you could actually use at work – this class is for you.

This is a functional programming course focused on programming concepts that can be used to accomplish common security tasks such as log parsing, password cracking, port scanning, vulnerability testing, web application security testing, malware analysis, and exploit development. There won’t be a bunch of math, no CD collection databases, and no useless programming mumbo jumbo.

Each day the students will learn a few basic programming concepts, and then use some sample code (skeleton scripts) to perform security tasks. The students will keep the skeleton
scripts so that when they get back to work they’ll have something that they can use a crib sheet to do other security tasks.

Day 1:     Programming Concepts, Parsing Files, Logs, and PCAPs

•     Python Basics
•     Text File Parsing
•     Log Parsing
•     PCAP Parsing

Day 2:    System Administration and Password Cracking

•     Windows and *nix Administration
•     Password Cracking
•     Netcat-like Functionality
•     Port-Scanning

Day 3:    Network and Web Application Vulnerability Testing

•     Vulnerable Service Identification
•     SQL Injection
•     XSS
•     RFI/LFI

Day 4:    Forensics and Malware Analysis

•     Memory Analysis
•     Identifying/Classifying Malware
•     HexEditing/Dissabling Malware

Day 5:    Reverse Engineering, Fuzzing and Exploit-Dev

•     Debugging
•     Protocol Fuzzing
•     File Format Fuzzing
•     Exploiting Software

Course Instructor:
The course instructor is security consultant and trainer Joe McCray. Joe McCray has over 10 years of experience in the security industry with a diverse background that includes network and web application penetration testing, incident response, and forensics in the both DoD community and the private sector. Joe is also a frequent trainer/presenter at security conferences such as Black Hat, Def Con, ToorCon, BruCON, LayerOne, TechnoSecurity, and TechnoForensics.

General Course Info:
Course dates are 13th – 17th Febrary 2012. The course will be comprised of 5 days of 50 minute sessions with 5-10 minute breaks, and an hour for lunch.

Pre-requisites:
Students must be familiar with IT Security best practices, and have a good understanding of TCP/IP and common web technologies.

• Basic Windows administration for both servers and workstations
• Basic Linux/*NIX system administration skill
• Basic command-line proficiency on both Windows and *NIX systems

Training Location:
Academy of Computer Education
7833 Walker Drive, Suite 520C
Greenbelt, Maryland 20770
Phone: (301) 220-2802
Toll-Free: (877) 564-TRAIN

http://www.trainace.com/

Pricing: $2,000

All software and necessary equipment is provided.

Need a hotel for the week of your class?

For a discounted hotel rate please contact us. ACE has pre-negotiated a discounted stay for Python For Security Professionals students in the Greenbelt Hilton Garden Inn.
The Hotel is located approximately 200 yards from the school.

All Inclusive Python For Security Professionals Class Pricing:

If you are flying in from out of town for the Python For Security Professionals training class, we have an all-inclusive bootcamp style package which includes your flight, hotel, and breakfast each day for $3,000

Like every course that Joe McCray teaches – this is NOT your normal Hacking course. You won’t be attacking unpatched Windows 2000 Servers, and you won’t be learning a bunch of outdated tools like most Hacking courses. The over-arching focus of the is Secure Network Architecture and design principles.

Each day you will be tasked with attacking and defending an increasingly complex network. On the first day you’ll start with both attacking and defending an environment with basic firewalling, and simple network segmentation.  On the second day you’ll add VLANs, and network based IDS. On the third and fourth days you’ll add content filtering web proxies, reverse proxies, host–based IDS, WAFs, NAC, and a SIEM solution. Finally, on the fifth day will be an attack and defense based capture the flag event that incorporates all of the security solutions in place with multiple projectors in the room so each security system will be projected on the wall like a SOC environment.

The attack portion of the course starts with attacking heavily protected environments from the outside and dealing with things like Load Balancing, Deep Packet Inspection, and Network-Based IDS/IPS. Next is attacking web applications and dealing with common application security measures in PHP/ASP.NET, and Web Application Firewalls.

Then the course moves on to attacking from the LAN, dealing with NAC solutions, locked down workstations/GPOs, and Host-Based IDS/IPS. Then finally the last section of the course covers gaining control of Active Directory.

In ANSA, just like the advanced penetration testing courses that Joe McCray teaches you will be learning how to attack new operating systems such as Windows Vista, Windows 7, Windows Server 2008, and the latest Linux servers. All of these servers will be patched, and hardened. Both Network and Host-based Intrusion Detection/Preventions systems (IDS/IPS) will be in place as well.

Like all of the advanced courses that Joe McCray teaches the learning curve is high, but the rewards are astronomical. Attacking/Defending Complex Networks is NOT a death by powerpoint course. Over 90% of class is hands-on labs.

Students that are Network/System Administrators with three or more years experience working in environments such as financial institutions, DoD networks, or similar high security environments will benefit greatly from this course.

Course Instructor
The course instructor is security consultant and trainer Joe McCray. Joe McCray has over 10 years of experience in the security industry with a diverse background that includes network and web application penetration testing, incident response, and forensics in the both DoD community and the private sector. Joe is also a frequent trainer/presenter at security conferences such as Black Hat, Def Con, ToorCon, BruCON, LayerOne, TechnoSecurity, and TechnoForensics.

General Course Info

Course dates are 9th – 13th January 2012. The course will be comprised of 5 days of 50 minute sessions with 5-10 minute breaks, and an hour for lunch.

Pre-requisites:
Students must be familiar with IT Security best practices, and have a good understanding of TCP/IP and common web technologies.
* Basic Windows administration for both servers and workstations
* Basic Linux/*NIX system administration skill
* Basic command-line proficiency on both Windows and *NIX systems

Students should be familiar with the following web technologies and languages:
* HTML
* Javascript
* ASP
* PHP
* SQL

Students should also be familiar with Metasploit, and VMWare.

Training Location
Academy of Computer Education
7833 Walker Drive, Suite 520C
Greenbelt, Maryland 20770
Phone: (301) 220-2802
Toll-Free: (877) 564-TRAIN

http://www.trainace.com/

Pricing: $2,000

All software and necessary equipment is provided.

Need a hotel for the week of your class?

For a discounted hotel rate please contact us. ACE has pre-negotiated a discounted stay for ANSA students in the Greenbelt Hilton Garden Inn.
The Hotel is located approximately 200 yards from the school.

All Inclusive ANSA Class Pricing:

If you are flying in from out of town for the ANSA training class, we have an all-inclusive bootcamp style package which includes your flight, hotel, and breakfast each day for $3,000

We get a lot of requests from people that just want us to take a look quick look at their company website. Not as deep as a full on web application security assessment, but not just as trivial as a scan with a vulnerability scanner either.

We’ve created a service to address this need. Basically it’s web app vulnerability scan with a few different types of automated scanners and security tools, and eight (8) hours of manual testing by one of our application security consultants.

This will let you know if you are on the right track as far as security is concerned, or if you actually need to allocate more resources to securing your website. The cost of the service is trivial, we start the next business day after purchase, and give you the report on 3rd business day.

So if you:

• Have an audit coming up and are concerned about the security of a particular server
• Recently deployed a server and are curious if the right security measures are in place
• Need to be able to answer questions about the security of a server for an upcoming meeting
• Want to verify that your IT, or IT security team is taking the right precautions when they deploy a server

If you fall into any of these categories listed above than this service offering is for you. The cost is $1,500USD. It doesn’t cost you an arm and a leg, it’s quick, no fuss, and most importantly there’s no bait and switch upsell crap.

It’s simple – you need someone to take a quick look at your website security and let you know either:

a) Yes, it looks good. Keep on doing what you are doing

b) No, found a few security issues so you need to spend some time on this and look at it more closely

It’s 2 minutes to purchase, 1 day for a quick synopsis, and 3 business days for the full report.

How to get started:

1. Click here to purchase the Quick Look: Web App service

2. We will email you an Statement of Work (SOW) for the project, and the project will begin on the next business day after we received the signed SOW.

These common “reverse engineering” courses have you run malware and answer the questions:

1. Where is it connecting to?
2. Does it modify the registry?

3. Does it modify the file system?
4. Does it modify any running processes or start any new ones?
You don’t need a class to teach you these things.

The goal of the AMA training class is to provide a methodical hands-on approach to reverse-engineering by covering both behavioral and code analysis aspects of the analytical process.

The course begins by looking into PE headers and how to  handle DLL interactions. Then it moves on to the fundamentals of x86 architecture assembly. Next you learn to examine malicious code in order to understand the program’s key components and execution flow. You then learn to identify common malware characteristics by looking at Windows API use patterns, and will examine excerpts from bots, rootkits, key loggers, and downloaders. From there you move on to standard and custom packers and other tools and techniques for bypassing anti-virus, and then on to malware with anti-debugging/anti-analysis capabilities. Then the class is concluded with obfuscated browser scripts.

You can purchase this course by clicking here.

Day 1: Basic Forensics

• Analyzing a hard drive image
• Recovering deleted files
• Decrypting encrypted files

Day2: Bypassing Anti-Virus

• Using Hex Editors to bypass AV
• Using packers to bypass AV
• Using debuggers/disassemblers to bypass AV

Day3: Network/Browser Forensics

• Advanced pcap analysis
• De-obfuscating malicious javascript

Day4: Memory Analysis

• Memory analysis
• Malicious pdf file analysis
• DLL injection

Day5: Reverse Engineering

• Binary modification/patching techniques
• Anti-Debugging/Anti-Analysis techniques
• Exploit development

Course Instructor
The course instructor is security consultant and trainer Joe McCray. Joe McCray has 10 years of experience in the security industry with a diverse background that includes network and web application penetration testing, incident response, and forensics in the both DoD community and the private sector. Joe is also a frequent trainer/presenter at security conferences such as Black Hat, Def Con, ToorCon, BruCON, LayerOne, TechnoSecurity, and TechnoForensics.

General Course Info

Course dates are October 3rd – 7th. The course will be comprised of 5 days of 50 minute sessions with 5-10 minute breaks, and an hour for lunch.

Pre-requisites:
Students must be familiar with IT Security best practices, and have a good understanding of TCP/IP and common web technologies.

* Basic Windows administration for both servers and workstations

* Basic Linux/*NIX system administration skill

* Basic command-line proficiency on both Windows and *NIX systems

Students should be familiar with the following web technologies and languages:
* HTTP
* HTML
* Javascript
* ASP
* PHP
* SQL

Training Location
Academy of Computer Education
7833 Walker Drive, Suite 520C
Greenbelt, Maryland 20770
Phone: (301) 220-2802
Toll-Free: (877) 564-TRAIN
http://www.trainace.com/

Pricing $2,000

All software and necessary equipment is provided.

Need a hotel for the week of your class?

For a discounted hotel rate please contact us. ACE has pre-negotiated a
discounted stay for AMA students in the Greenbelt Hilton Garden Inn.
The Hotel is located approximately 200 yards from the school.

All Inclusive AMA Class Pricing:

If you are flying in from out of town for the AMA training class, we
have an all-inclusive bootcamp style package which includes your flight,
hotel, and breakfast each day for $3,000

This type of assessment differs from traditional security assessments in that the organization is rated by the level of attacker sophistication it is able to detect and respond to. These types of security assessments have a lot of value if your Information Assurance program IS mature because they help organizations determine how effectively they have utilized their IT Security budget.

Crash Course In Pentesting

This workshop will cover some of the newer aspects of penetration testing such as Open Source Intelligence Gathering with Maltego and other Open Source tools.

Basic Network Scanning, Enumeration, Exploitation (remote and client-side), and Post-Exploitation relying heavily on the features included in the Metasploit Framework will also be covered.

Basic Web Application penetration testing will be covered as well with focus on practical exploitation of sql injection, and cross-site scripting (XSS).

Workshop 1 Outline

Day 1:

• Penetration Testing Fundamentals
• Scope of Modern Pentests
• Compliance Testing (PCI, HIPAA, ISO 27000)
• Blackbox vs. Whitebox
• Full Scope
• The Down & Dirty
• Open Source Intelligence (OSINT)
• Maltego, and other tools
• Scanning
• Stealth Scanning Techniques
• Scanning from the outside
• Scanning from the inside
• Enumeration
• Host/Network Enumeration
• Vulnerability Testing
• Using Nessus
• Correlating Scan results to public exploits
• Owning Boxes for Fun and Profit
• Exploitation
• Remote Exploits
• Post-Exploitation (Old School)
• Setting up a workshop
• Metasploit (MSF)
• MSF Basics

Day 2:

• Transitioning from Network to Web App Penetration Testing
• Similarities & Differences
• What Makes up a Web Application Assessment
• Web Application Security Threat Classification
• OWASP Testing Guide
• Injection Vulnerabilities
• SQL Injection
• Error-based
• Platform Specifics
• SQL Server (2000/2005)
• Abuse of Trust Vulnerabilites
• Cross-Site Scripting

Workshop 2: Description

CyberWar: Emulating Advanced Persistent Threat in Pentests

This workshop will focus on hacker tactics and techniques commonly referred to as Advanced Persistent Threat (APT). Some examples of APT have been the high profile intrusions in companies such as Google, Sony, Lockheed Martin, CitiBank, and too many others to list here. The key thing to note is that all of these companies have robust IT Security programs with patch management, configuration management, network monitoring systems, and intrusion detection systems.

This workshop will focus on attacking and defending highly secured environments
such as 3-letter agencies, DoD, financial organizations, federal organizations, and large companies.

Emphasis throughout the entire workshop will be placed on being as stealthy as possible, and dealing with popular defensive technologies such as:

• Network Intrusion Detection/Prevention Systems
• Host-Based Intrusion Detection/Prevention Systems
• Web Application Firewalls
• Anti-Virus
• Content-Filtering Proxies
• Locked Down (Hardened)Workstations

Students that are Network/System Administrators with three or more years experience working in environments such as financial institutions, DoD networks, or similar high security environments will benefit greatly from this course.
It is however primarily designed for Network/Web Application Penetration testers that are looking for the little tips and tricks that will help them better attack high security environments.

Workshop 2 Outline

Day 3:

• Attacking interesting stuff (Oracle & JBoss)
• Web App to a command shell (SQL Injection, XSS)
• Bypassing Security mechanisms (magic quotes, and ASP.NET Request Validate)
• Filter/IDS/Web Application Firewall Evasion (Client-Side Filtering, Alphanumeric Filtering, IDS Signature Evasion, Dealing with Web Application Firewalls)

Day 4:

• Bypassing a locked down desktop
• Attacking Windows 7
• Advanced Network Vulnerability Scanning: Nmap Scripting Engine (NSE), Metasploit Auxiliary Modules
• Advanced Network Enumeration: Net Commands, Data-Mining Active Directory
• Advanced Post-Exploitation: Pivoting, Persistence
• Finding all of a company’s intellectual property and stealing it

Student Requirements:

Each student must bring his own laptop with no less than 2GB of RAM, with a DVD drive, and be running Windows XP/Vista/7 or a recent Linux distribution such as:

• Fedora
• RHEL
• Gentoo
• Ubuntu

Software packages that should be installed prior to attending the workshop are:

• Metasploit: www.metasploit.com
• Nessus: http://nessus.org/download/ (with home feed and all plugins loaded)
• Nmap: nmap.org/download.html
• VMPlayer: www.vmware.com/products/player/

• Current version of Firefox and the following add-ons:

• Passive Recon:
• ShowIP:
• ServerSpy:
• Tamper Data:
• Live HTTP Headers:
• AccessMe:
• XSSMe:
• SQL Inject Me:
• Firebug:

Training Dates and Times

Workshop 1:  Oct 17-18, 2011

Workshop 2:  Oct 19-20, 2011

The training will be held from 8:30am to 4:30pm each day. The class will be broken down into 50 minute sessions, 10 minute breaks, and 1 hour for lunch each day.

Training Costs With Payment Links

Workshop 1: $1,000

http://tinyurl.com/HackingHawaii-W1

Workshop 2: $1,500

http://tinyurl.com/HackingHawaii-W2

Workshops 1 & 2: $2,000

http://tinyurl.com/HackingHawaii-W1-2

College student, ISSA, ISACA, and Infragard member discounts

Workshop 1:  $800

http://tinyurl.com/HackingHawaii-W1WD

Workshop 2:  $1,200

http://tinyurl.com/HackingHawaii-W2WD

Workshops 1 & 2: $1,600

http://tinyurl.com/HackingHawaii-W1-2WD

Training Location

The workshops will be held at Hawaii Imin International Conference Center in Honolulu, Hi.

The address is:

1777 East-West Road
Honolulu, Hi 96822

About The Course Sponsor SecureDNA

Secure DNA is a company focused on improving the security of organizations globally.  This focus is exhibited in the commitment to the city and state where we are headquartered by being the primary organizer of Shakacon.  Shakacon is a security conference that brings global security experts and trainers to Hawaii in order to increase the security knowledge of our neighbors.

Strategic Security has teamed up with Net-Square to provide the most comprehensive exploit development course package available to the public. Occasionally similar courses are offered privately to various three letter agencies and large financial institutions.

Exploit development is often considered the most difficult area of focus in the entire field of IT security. It requires both a broad range of skills and deep level of knowledge in Networking, Operating Systems, and Programming. Now you too can learn what has long been thought to be “Black Magic” by many from one of the top practitioners and trainers in the world.

How is this course put together?

The course is actually a 2 week package deal designed to both teach the fundamentals of modern exploit development and give the student ample guided practice time with the instructor to actually get proficient.

Benefits:

• Takes the student from relative beginner in exploit development to writing weaponized exploits against real world applications that run on both 32bit and 64bit architectures and utilize modern exploit mitigations such as DEP, ASLR.

• Is lower priced than other similar courses, and offers much more labs and practice time. The student will learn how to do it instead of just learn about it as in other courses.

• Course is taught by a skilled practitioner, and trainer that is well regarded in the IT Security community.

• Focuses more writing exploits against applications using modern mitigations than other courses.

• Doesn’t require the student to know Assembly prior to attending the course

Full Course Description & Syllabus

http://strategicsec.com/Exploit-Dev-Courses-Oct-2011.pdf <– Old course. Will be updated soon.

Training Dates and Times

Workshop 1:  Oct 29th – Nov 2nd, 2012

Workshop 2:  Nov 5th – Nov 9th, 2012

The training will be held from 8:30am to 4:30pm each day. The class will be broken down into 50 minute sessions, 10 minute breaks, and 1 hour for lunch each day.

Training Costs (with TinyURL payment links)

Workshop 1:  $7,000

http://tinyurl.com/SS-EDNAR

Workshop 2:  $8,000

http://tinyurl.com/SS-EDTP

Workshops 1 & 2  $12,500

http://tinyurl.com/SS-EDNAR-TP

Defense contractor, Active Duty Military, FBI, CIA, Secret Service, College student, ISSA, ISACA, former ACE student, and Infragard member discounts.

Workshop 1:  $5,000

http://tinyurl.com/SS-EDNAR-D

Workshop 2:  $6,000

http://tinyurl.com/SS-D-EDTP

Workshops 1 & 2  $8,500

http://tinyurl.com/SS-EDNAR-TP-D

Training Location

The workshops will be held at “The Academy of Computer Education” in Greenbelt, MD.

The address is:

7833 Walker Drive, Suite 520C
Greenbelt, Maryland 20770

About The Instructor

Saumil Shah is the founder and CEO of Net-Square, providing cutting edge information security services to clients around the globe. Saumil is an internationally recognized speaker and instructor, having regularly presented at conferences like Blackhat, RSA, CanSecWest, PacSec, EUSecWest, Hack.lu, Hack-in-the-box and others. He has authored two books titled “Web Hacking: Attacks and Defense” and “The Anti-Virus Book”. Before Net-Square, he worked with Foundstone Inc and Ernst & Young in the US, and is currently a guest faculty at the Indian Institute of Management, Ahmedabad for their Management Development Programmes. Saumil graduated with an M.S. in Computer Science from Purdue University, USA and a B.E. in Computer Engineering from Gujarat University. He spends his leisure time traveling around the world and taking pictures.

- Transitioning from Network to Web App Penetration Testing
- Similarities & Differences

- What Makes up a Web Application Assessment
- Web Application Security Threat Classification
- OWASP Testing Guide

- Injection Vulnerabilities
- SQL Injection
- Error-based
- Union-based
- True/False Blind
- Time Based Blind

- Platform Specifics
- SQL Server (2000/2005)
- MySQL
- Oracle

- Abuse of Trust Vulnerabilites
- Cross-Site Scripting
- Cross-Site Request Forgery

- File Handling/Redirection Vulnerabilities
- Remote File Includes
- Local File Includes
- File Upload
- Null Byte Injection

- Filter/IDS/Web Application Firewall Evasion
- Client-Side Filtering
- Alphanumeric Filtering
- IDS Signature Evasion
- Dealing with Web Application Firewalls

Joe’s Web Application Assessment Attack Methodology
- Stepping Through A Web App
- Automated Tools
- Commercial Tools
- Open Source Tools

- Manual Analysis
- How to look at a Web App
- Common Headaches
- Tips & Tricks

- Labs
- HackMe Bank
- MackMe Books
- WebMaven
- WebGoat

Popular Testing Guides & Methodologies
- Can You Use The Open Source Testing Methodology Manual (OSSTMM) for Web App Testing
- Simplifying The OWASP Testing Guide into something managable

When and how to Threat Model
- Popular Methodologies
- Stride vs Dread

Web Application Security Reporting
- Don’t just hand the scanner results to the customer

Course Prequisites
Students should have some basic familiarity with the following web technologies and
languages:

- HTTP
- HTML
- Javascript
- ASP
- PHP
- SQL

How Is The Course Delivered & What Do You Get
All of the courseware will be delivered in PDF format

- 5 sets of powerpoint slides in PDF format
- 1 document (103 page course document) in PDF format
- 1 web app tools install walkthrough document
- 4 lab documents

Basic tutorial documents (each ranging from 20 – 50 pages in length)
- HTML
- PHP
- ASP
- CSS
- XML
- SQL

All labs must be performed on your own machine (NOT IN THE STRATEGIC SECURITY LAB NETWORK).

Advanced Scanning, Enumeration, Exploitation (remote and client-side), and Post-Exploitation relying heavily on the features included in the Metasploit Framework will also be covered.

Emphasis throughout the entire workshop will be placed on being as stealthy as possible, and dealing with popular defensive technologies such as:

• Network Intrusion Detection/Prevention Systems

• Host-Based Intrusion Detection/Prevention Systems

• Web Application Firewalls

• Anti-Virus

• Content-Filtering Proxies

Topics

Penetration Testing Fundamentals
- Scope of Modern Pentests
- Compliance Testing (PCI, HIPAA, ISO 27000)
- Blackbox
- Whitebox
- Full Scope

The Down & Dirty
- Open Source Intelligence (OSINT)
- Maltego, and other tools

(more…)

This is NOT your normal Ethical Hacking course. You won’t be attacking unpatched Windows 2000 Servers, and you won’t be learning a bunch of outdated tools like most Ethical Hacking courses.

In APT, you will be learning how to attack new operating systems such as Windows Vista, Windows 7, Windows Server 2008, and the latest Linux servers. All of these servers will be patched, and hardened. Both Network and Host-based Intrusion Detection/Preventions systems (IDS/IPS) will be in place as well.
The learning curve is high, but the rewards are astronomical.

The course starts with attacking heavily protected environments from the outside and dealing with things like Load Balancing, Deep Packet Inspection, and Network-Based IDS/IPS. Next is attacking web applications and dealing with common application security measures in PHP/ASP.NET, and Web Application
Firewalls.

Then the course moves on to attacking from the LAN, dealing with NAC solutions, locked down workstations/GPOs, and Host-Based IDS/IPS. Then finally the last section of the course covers gaining control of Active Directory.

Pentesting High Security Environments is NOT a death by powerpoint course. Over 80% of class is hands-on hacking labs.

Students that are Network/System Administrators with three or more years experience working in environments such as financial institutions, DoD networks, or similar high security environments will benefit greatly from this course.
It is however primarily designed for Network/Web Application Penetration testers that are looking for the little tips

and tricks that will help them better attack high security environments.

APT Course Syllabus

Stealth Scanning
1. Bypassing IDS/IPS

Attacking From the Web
1. XSS to command-shell
2. SQL Injection to command-shell
Oracle
3. File Handling to command-shell
File Upload to command-shell
command-shell

Client-Side Pentesting
1. Bypassing Antivirus
Packing Binaries
Modifying Binaries with OllyDBG
Custom Trojans
2. Email Collection & Web Server Setup
3. Pivoting into the LAN

MS-SQL

MySQL

RFI to command-shell

LFI to

Writing

Attacking From the LAN
1. Bypassing Port Security
2. Bypassing NAC Solutions

Breaking out of Restricted Environments
1. Citrix in Kiosk Mode
2. Restricted Desktops
3. Group Policy Object Restricted Applications

Bypassing Network-Based IDS/IPS
1. Enumerating the network
2. Defeating IDS/IPS Signatures

Privilege Escalation

1. Privilege Escalation in Windows XP
2. Privilege Escalation in Windows Vista\Windows 7

Post-Exploitation
1. Remote Command Execution
2. Automating Tasks
3. Enabling RDP/VNC
4. Persistence

Course Instructor
The course instructor is security consultant and trainer Joe McCray. Joe McCray has 10 years of experience in the security industry with a diverse background that includes network and web application penetration testing, incident response, and forensics in the both DoD community and the private sector. Joe is also a frequent
trainer/presenter at security conferences such as Black Hat, Def Con, ToorCon, BruCON, LayerOne, TechnoSecurity, and TechnoForensics.

General Course Info

Course dates are 13th – 17th December 2010. The course will be comprised of 5 days of 50 minute sessions with 5-10 minute breaks, and an hour for lunch.

Pre-requisites:
Students must be familiar with IT Security best practices, and have a good understanding of TCP/IP and common web technologies.
* Basic Windows administration for both servers and workstations
* Basic Linux/*NIX system administration skill
* Basic command-line proficiency on both Windows and *NIX systems

Students should be familiar with the following web technologies and languages:
* HTML
* Javascript
* ASP
* PHP
* SQL

Students should also be familiar with Metasploit, and VMWare.

* HTTP

Training Location
Academy of Computer Education
7833 Walker Drive, Suite 520C
Greenbelt, Maryland 20770
Phone: (301) 220-2802
Toll-Free: (877) 564-TRAIN

http://www.trainace.com/

Pricing $2,500

All software and necessary equipment is provided.

Need a hotel for the week of your class?

For a discounted hotel rate please contact us. ACE has pre-negotiated a discounted stay for APT students in the Greenbelt Hilton Garden Inn.
The Hotel is located approximately 200 yards from the school.

All Inclusive APT Class Pricing:

If you are flying in from out of town for the APT training class, we have an all-inclusive bootcamp style package which includes your flight, hotel, and breakfast each day for $3,500

Strategic Security’s client had recently failed a compliance audit and the newly appointed CIO faced a task list from his CEO that was a mile long with less then one month to complete.

The tasks included:

Develop a security awareness training program

Develop a secure coding training program for the development team

Develop a disaster recovery plan

So What????

Strategic Security Consultants worked with the entire IT staff (CIO, network admins, system admins, developers, techs, help desk) and HR to develop a full blown Information Assurance Program that far exceeded the initial regulatory compliance concerns.

Now the client’s IT security budget was aligned with its business goals.

A business continuity plan had been developed.  The plan included a business impact assessment, a risk assessment and a disaster recovery plan.  Each plan was created in a modular fashion so that the plan could be quickly updated.

Old policies and procedures were rewritten; and new ones were developed where applicable. All documents were created in a modular fashion so they could be quickly updated.

A change control board was developed and new processes were put in place to allow the new information assurance program to develop, grow and change as needed.

Of course, they passed their next compliance audit!

Major Investment Bank hired Strategic Security for a Web Application Security Assessment

The bank had created a portfolio management application that was intended to have several thousand customers accessing it daily. The Strategic Security consultants identified several critical security flaws that could have cost the bank millions of dollars in losses.

So What????

Strategic Security Consultants showed the client how to secure the application source code.

The client had already wanted to integrate security into their software development lifecycle (SDLC) but really didn’t know where to start.

Strategic Security Consultants showed the development team how to fix the flaws in the application.

Strategic Security Consultants also provided a 4-day secure coding course for the developers and a 1 day building security into your SDLC course for the developers, security group and senior management.

With Strategic Security’s help the bank developed a comprehensive Software Security Framework (SSF) that included internal secure development training, automated and manual security testing, secure code metrics which resulted in 41% decrease in security vulnerabilities per 1,000 lines of code written.

The hospital’s primary concerns were HIPAA compliance and the overall state of IT security.

Strategic Security consultants gained access to the their:

Medication tracking & dispensing applications
Patient Medical Records
Administrative control over entire IT infrastructure

So What????

Strategic Security Consultants showed the client how to secure the infrastructure at no additional cost:

The client had been trying to request budget for a $60,000 security system.

Strategic Security Consultants showed the client how to gain the same level of security using technology that was already in place.

Strategic Security Consultants provided training to the IT staff to better implement security practices and policies that were already in place.

The hospital used the training they received from Strategic Security to develop and integrate security metrics into their information assurance program allowing them to cut security spending by 21% over the course of the next year while actually increasing security effectiveness.

Some examples of Strategic Security Consulting Packages are:

• Capability-Based Security Assessment
• Security Assessment Ride Along
• Incident Response/Forensic Analysis & Security Assessment
• Compliance Assistance

Capability-Based Security Assessment (Emulating Advanced Persistent Threat)

This type of assessment differs from traditional security assessments in that the organization is rated by the level of attacker sophistication it is able to detect and respond to. These types of security assessments have a lot of value if your Information Assurance program IS mature because they help organizations determine how effectively they have utilized their IT Security budget. Please use the contact-us to request more information about this service.

Security Assessment Ride Along

This type of security assessment is a value added combination of training and the actual assessment. Joe McCray will teach you or your IT staff network or web application penetration testing in your environment. No more sending your people away for training and only being able to send one or two people, no more sitting in a classroom, and no wondering if what youÂ’re learning works in your environment. Now your organization can build this competency, and develop this skill-set in house.

This offering is a modular solution allowing the customer to choose both the scope of the security assessment being performed, and the scope of the training for the company employees. The customer can choose between a Network Security Assessment, a Web Application Security Assessment, a Wireless Security Assessment, or any combination of them. Please use the contact-us to request more information about this service.

Incident Response/Forensic Analysis/Training & Security Assessment

Get immediate crisis response. Strategic SecurityÂ’s Emergency Incident Response Team investigates, assesses, and contains security breaches. Strategic SecurityÂ’s Forensic Investigation Team hunts down digital data and provides the investigative expertise and tools to answer your data breach questions. Strategic Security will also provide training to help you and your team understand the techniques to identify, respond to, and recover from both insider and outsider attacks in this in-depth computer forensics course. Please use the contact-us to request more information about this service.

Compliance Assistance

Strategic Security can assist you with regulatory compliance gap analysis (ex: PCI, HIPAA, ISO 27000, etc). Please use the contact-us to request more information about this service.

Advanced Network Security Architecture (9 Jan 2012) in Maryland

Advanced Malware Analysis (Feb 2012) in Maryland

Hacking in Hawaii (Oct 17 – 20)

2 Exploit Development Classes (Oct 31 – 4 Nov & 7 – 11 Nov) in Maryland

All of the online classes come in 3 basic packages:

Level 1: Courseware, Labs, forums, videos $100
Level 2: Live Online (Nights/Weekends) $500
Level 3: Live Online (5-Day weekdays) $1500

Pentesting

We have 2 major categories of Pentesting classes (Network and Web App).

Network Pentester Night School  Web App Pentester Night School

Defensive

We have 2 major categories of Defensive classes (Malware Analysis and IDS Signature Writing).

Malware Analysis  IDS Signature Writing

Scripting

We have 2 major categories of Scripting classes (Python and Powershell).

Python  Powershell

Advanced

We have 2 major categories of advanced classes (CyberWar and Exploit Development).

CyberWar  Exploit Development

Check out the calendar below to see what online courses we have available.

Strategic Security offers online, on-site and class-room led instruction all over the world.

Contact Joe McCray at joe[at]strategicsec[dot]com for pricing.

In a Mobile Security Assessment, Strategic Security conducts an extensive review of your mobile application from the perspective of a malicious hacker and finds the security holes before they can be exploited by hackers.

The Strategic Security difference evaluates business risk aligned with IT security risks and develops a comprehensive action plan.

Having a Mobile Security Assessment performed will allow you to:

Reduce Your Security Costs:

• Align costs with business risk
• Decrease operating expenses and overhead

Focus on Your Business Objectives:

• Measure security risk level and tolerance
• Free internal IT staff for other priorities

Contact Joe McCray for a sample Mobile Security Assessment report.

In a Web Application Security Assessment, a Strategic Security consultant looks at a web site from the perspective of a malicious hacker and finds the security holes before they can be exploited by hackers or disgruntled employees.

Just like a Network Assessment, having a Web Application Security Assessment performed will allow you to:

Reduce Your Security Costs:

• Align costs with business risk
• Decrease operating expenses and overhead

Focus on Your Business Objectives:

• Measure security risk level and tolerance
• Free internal IT staff for other priorities

Strategic Security offers 3 different Web Application Security Assessments:

1. Quick Look – A two (2) day assessment that lets you know if you are on the right track with your website security

2. Standard – A five (5) day assessment that is very thorough and can be used to show compliance with industry best practices,

3. Custom – This can be anything from an assessment that includes source code review, to web services, custom protocols and whole lot more.

An experienced or motivated attacker can take advantage of system vulnerabilities and mis-configurations to gain unauthorized access to the system or other detailed information that can lead to privilege escalation on a critical target. A Network Security Assessment emulates the same process that an attacker would follow to exploit multiple security weaknesses that individually are not critical, but in the aggregate allow an attacker to compromise business-critical data.

In a Network Security Assessment, Strategic Security conducts an extensive review of your network from the perspective of a malicious hacker and finds the security holes before they can be exploited by hackers or disgruntled employees.

The Strategic Security difference evaluates business risk aligned with IT security risks and develops a comprehensive action plan.

Having a Network Security Assessment performed will allow you to:

Reduce Your Security Costs:

• Align costs with business risk
• Decrease operating expenses and overhead

Focus on Your Business Objectives:

• Measure security risk level and tolerance
• Free internal IT staff for other priorities

Contact Joe McCray for a sample Network Security Assessment report.

A Network Security Assessment emulates the same process that an attacker would follow to exploit multiple security weaknesses which individually are not critical but in aggregate allow an attacker to compromise business-critical data.

An experienced or motivated attacker can take advantage of system vulnerabilities and mis-configurations to gain unauthorized access.  This access may be exploited to attain further detailed information which may be used to escalate privileges on a critical target and potentially compromise additional systems.

How Does A Network Security Assessment Differ From A Web Application Security Assessment?

As more organizations utilize the Internet for business and commercial transactions, attackers are targeting web applications in order to penetrate corporate security controls.  Historically, developers have focused on functionality over security. This lack of attention towards integrating security into the development process presents an entirely new venue for attackers to launch exploits and compromise systems.

In a Web Application Security Assessment, Strategic Security inspects a web site from the perspective of a malicious hacker and identifies the security weaknesses so that remediations can be made to circumvent exploitation by hackers or disgruntled employees.

What is a Mobile Application Security Assessment?

Increasing numbers of mobile devices are being used in business, but the measures organizations take to secure the data stored on and accessed by these devices are often inadequate. In the same manner as a network attack, or a web application attack an experienced or motivated attacker can take advantage of vulnerabilities and mis-configurations in a mobile application.

In a Mobile Security Assessment, Strategic Security conducts an extensive review of your mobile application from the perspective of a malicious hacker and finds the security holes before they can be exploited by hackers.

“I love how Joe translates Geekenese to English. He really has a unique ability to make business sense out of complex technological problems.”
Network Manager
Major Law Firm

“Not only did Joe identify our security issues, he showed us how to improve our security posture and save money doing it! Joe is a wizard with security budgets.”
IT Director
Major Las Vegas Hotel & Casino

“This guy Joe McCray is by far the most amazing security guy I’ve ever met.
In one week he revamped and streamlined our whole IT Security program and saved us a ton of money. He just makes it look too easy!”
IT Security Manager
Large Retail Chain

“We hired a big four firm last year, and this year we hired Strategic Security.
The difference was amazing. They did nearly triple the work in half the time at nearly half the cost! We changed our policy of switching IT Security companies each year because of Joe McCray.”
IT Directory
Financial Services Firm

“Joe’s team was great. They gave us training that really helped our team get up to speed with secure software development.”
Lead Developer
Software Development Company

Case Study 1

Case Study 2

Case Study 3

Strategic Security is an Information Technology (IT) Security consulting firm that provides in-depth technical security assessments of your networks or web applications, regulatory compliance gap analysis (ex: PCI, HIPAA, ISO 27000, etc), guidance on integrating security into your software development life cycle, building an enterprise security program, and much more.

Although these services are offered by most security consulting firms, implementing and maintaining an effective information security management practices involves more than just security testing and compliance. Today’s organizations must first identify how they use information to meet their strategic business goals and then determine the best ways to protect their information assets throughout the information security life cycle.

Strategic Security’s highly skilled practitioners employ tremendous skill in the areas of penetration testing and compliance auditing, but the real skill – the real value Strategic Security brings to the table is the ability to understand our client’s business vision, mission, goals and strategic business objectives. By assessing our client’s enterprise security posture, we can effectively ensure that critical security areas are aligned with organizational business objectives taking into account associated business risks and reducing operating expenses. We welcome you to browse the website. Please read the case studies, testimonials, and feel free to contact us for more information including references, work samples. More importantly, if your organization is interested in learning more about  how Strategic Security can help achieve your business goals while ensuring that your company’s security is aligned with them, contact us today.

Our Professional Services team balances the benefits of strategic consulting with a tactical, hands-on approach to technology consulting and security training to help customers mitigate and manage the digital security risks inherent in doing business today.

See what our customers are saying about us:

Case Studies

Testimonials

Strategic Security provides in-depth technical security assessments of your network, web application, and regulatory compliance gap analysis. We also provide guidance on integrating security into your software development life-cycle, developing an enterprise information assurance program, and much more…

Strategic Security helps organizations identify how they use information to meet their strategic business goals; then determine the best ways to protect their information assets throughout the information security life-cycle.