Training



Application Security

Application Security: For Hackers and Developers

Trainer: Jared DeMott
Jared DeMott is a PhD candidate at Michigan State University and a security researcher for Harris Crucial Security,Inc. He has spoken at security conferences such as Black Hat, Defcon, ToorCon, Shakacon, and DakotaCon.He is active in the offensive security community by teaching his Application Security course, and has co-authored a book on Fuzzing. Mr. DeMott has been an invited lecturer at prestigious institutions such as the United States Military Academy, and prior to Harris worked for the National Security Agency.

 

Description:
There are four technical skills required by security researchers, software quality assurance engineers, or developers concerned about security: Source code auditing, fuzzing, reverse engineering, and exploitation. All these skills and more are covered. C/C++ code has been plagued by security errors resulting from memory corruption for a long time. Problematic code is discussed and searched for in lectures and labs.
Fuzzing is a topic book author DeMott knows about well. Mutation file fuzzing and framework definition construction (Sulley and Peach) are just some of the lecture and lab topics. When it comes to reversing C/C++ (Java and others are briefly discussed) IDA pro is the tool of choice. Deep usage of this tool is covered in lecture and lab. Exploitation discussions and labs are the exciting final component. You’ll enjoy exploiting BSD local programs to Win7 browsers using the latest techniques.
 
Reverse Engineering
Students focus on learning to reverse compiled software written in C and C++, though half-compiled code is mentioned as well. The IDA pro tool is taught and used throughout. Callingconventions, C to assembly, indentifying and creating structures, RTTI reconstruction arecovered. Students will also use IDA’s more advanced features such as flirt/flare, scripting, and plug-in creation.
 
Source Code Auditing
Understanding how and when to audit source code is key for both developers and hackers.Students learn to zero in on the important components of each language. Automated tools are mentioned, but auditing source manually is the focus, since verifying results is a required skill even when using the most advanced tools. Spotting and fixing bugs is the focus.
 
Fuzzing
Fuzzing is a runtime method for weeding out bugs in software, with a growing footprint within security companies and research communities. Techniques such as dumb file fuzzing, all the way up to intelligent network protocol fuzzing will be covered. Students will write and use various fuzzers to find bugs.
 
Exploitation
Students will walk out of this class knowing how to find and exploit bugs in software. This is useful to both developers and hackers. The exploit component will teach each common bug type including: stack overflows, function pointer overwrites, heap overflows, off-by-ones, FSEs, return to libc, integer errors, uninitialized variable attacks, heap spraying, and ROP. Shellcode creation/pitfalls and other tips and tricks will all be rolled into the exciting, final component.

 
 
 
DOWNLOAD the entire Syllabus and Class Schedule.

 
No hard prerequisites, but helpful if:
  • College Degree in a computer related disciple or equivalent work experience
    •
  • If desired read “Introduction to Application Security”
    •
  • Programming (C/C++/.asm) and security experience will help, but you will still get a lot out of the course if you lack that, so no fears. All questions are good questions in my classes. We have a fun but instructive and intense learning experience. You won’t walk away disappointed.
    •

     

    Course Requirements:

  • Laptop with at least 4GB of free HD space and should have at least 2GB of RAM.
  • VMware workstation/player for Windows or Fusion for the Mac.

    • In addition to course materials, some of the tools you get:

  • XP, Win7, and FreeBSD VMs.
  • Visual Studio Express
  • WinDbg and Immunity Debugger
  • PowerPoint or Office viewer to follow along with the slides
  • Used only for Day 1 homework — FireFox (optional plug-ins: Tamper Headers, Firebug, andLive headers)
  • IDA pro 6.x DEMO
  • Python (From Sulley installer. pydbg works with 2.4 by default in this installer)
  • 010 hex editor (trial available)
  • And much more…

    • Course Length & Location:
    Dates: September 25 & 26, 2012
    Meeting Time: 8:30 AM – 5:00 PM
    DeVos Place (Room TBA) 303 Monroe Ave. Grand Rapids, MI 49503
     

    Registration:

    Price $1,400, Includes GA ticket for GrrCON      
     
    Registration is OPEN

       



         

    Malware

    Introduction to Malware Analysis

    Trainer: Tyler Hudak
    Tyler Hudak is a senior security consultant for KoreLogic Security that has extensive real-world experience in malware analysis and incident handling for Fortune 500 firms. He has spoken and taught at a number of security conferences on the topics of malware analysis, incident response and penetration testing. Tyler brings his front line experience and proven techniques to bear in the training.

     

    Description:
    Due to the prevalence and business impact of malware, security professionals increasingly need the skills necessary to analyze worms, bots and trojan horses. This course teaches the same concepts, techniques and processes for analyzing malware that are used by senior malware analysts and incident handlers. Students will take multiple “from-the-wild” malware samples in a hands-on environment and learn how to analyze their characteristics and behavior to determine what they do and what risk they present pre-requisites to successful remediation.
     

    Course Content:
    The following is an outline of the course content, but is not indicative of the only material that will be presented:

  • Introduction to Malware Analysis
  • Setting up a Lab
  • Static Analysis
  • Packers
  • Dynamic Analysis
  • Process Analysis
  • Network Analysis and Monitoring
  • Sandnets and Automation
  • Advanced Malware Analysis Topics
  • Malware Analysis Challenge
    • DOWNLOAD the Syllabus and Class Schedule.

     
    Prerequisites:
  • Technical Skills:

    • No previous experience in malware analysis is necessary as this course is designed for those who have never performed it before. High-level understanding of malware is recommended.
     

    Course Requirements:

  • Tools:

    • Students will be required to bring their own laptops for the class. Laptops will need a VMWare Workstation or VirtualBox installation with an install of Windows XP as the guest OS prior to the class. If the base OS is Windows, an installation of Cygwin may be helpful as well. All other tools will be provided.
     

    Participants will get:

  • How to safely create a malware analysis lab
  • How to analyze malware to determine what it is and how it behave
  • Refreshments provided
  • Attendees will also receive a notebook containing class handouts; malware analysis manual and reference materials; CD containing tools; KoreLogic SWAG

    •  
    Course Length & Location:
    Dates: September 25 & 26, 2012
    Meeting Time: 9:00 AM – 5:00 PM
    DeVos Place (Room TBA) 303 Monroe Ave. Grand Rapids, MI 49503
     

    Registration:

    Price $750, Includes GA ticket for GrrCON      
     
    Registration is OPEN

             


    Advanced Wi-Fi Penetration Testing

    Advanced Wi-Fi Penetration Testing

    Trainer: Vivek Ramachandran
    Vivek has been involved in security research, product development, penetration testing and evangelism for over a decade now. He discovered the Caffe Latte attack and also broke WEP Cloaking, a WEP protection schema in 2007 publicly at Defcon and introduced the concept of pure Wi-Fi based malware and worms. He is also the author of the book “Wireless Penetration Testing using BackTrack 5″ which has received great appreciation by the worldwide security and hacker community. His second book – “Metasploit Megaprimer ” is due for launch in February 2012.
     
    Vivek’s work on wireless security has been quoted in BBC online, InfoWorld, MacWorld, The Register, IT World Canada etc. places. This year he is speaking or training at a number of security conferences, including Blackhat USA and Abu Dhabi, Defcon, Hacktivity, Brucon, C0C0n, SecurityZone, SecurityByte etc.

     

    Description:
    Wi-Fi has become ubiquitous in our lives today. However, the flexibility and mobility provided by Wi-Fi comes at a cost – inherent insecurity! This workshop will provide a highly technical and in-depth treatment of Wi-Fi security. The emphasis will be to provide the participants with a deep understanding of the principles behind various attacks and not just a quick how-to guide on publicly available tools. We will start our journey with the very basics by dissecting WLAN packet headers with Wireshark, then graduate to the next level by cracking WEP, WPA/WPA2 and then move on to real life challenges like orchestrating Man-in-the-Middle attacks, creating Wi-Fi Backdoors and solving some live CTF style challenges together!
     

    Course Content:

    A non-exhaustive list of topics include:
    Wireless LAN Basics:

  • 802.11 WLAN Packet Types and Headers
  • WLAN Authentication and Encryption
  • Wireless Lab Setup
  • Analyzing Wireless Traffic with Wireshark
  • Wireless Sniffing and War Driving
  • Bypassing WLAN Authentication
  • Shared Key Authentication
  • Hidden SSID
  • Mac Address Filtering
    • Breaking WLAN Encryption:
  • WEP
  • WPA/WPA2 Personal
  • WPA/WPA2 Enterprise
    • Different Scenarios for Cracking:
  • AP-less Cracking
  • Client-less Cracking
    • Attacking the WLAN Infrastructure:
  • Network discovery and enumeration
  • Misconfigured Access Points
  • Rogue Devices
  • Evil Twins
  • Denial of Service attacks
  • Replay Attacks
  • Man-in-the-middle attacks
    • Attacking the Wireless Client:
  • Mis-Association attacks
  • Denial of Service attacks
  • Ad-Hoc network attacks and Viral SSIDs
  • Honeypot attacks
  • Hotspot attacks
  • Caffe Latte attack
  • Fragmentation Attacks
  • Hirte attack
  • Viral SSIDs and Ad-Hoc network attacks
  • Wi-Fishing
  • Enumerating security settings
    • Hacking Enterprise Security:
  • 802.1x basics
  • Hacking 802.1x authentication
  • RADIUS, EAP, LEAP, PEAP attacks
  • Rogue Servers
    • Advanced Wireless Attacks:
  • Wi-Fi Malware – Windows 7, Vista, XP, OSX, Linux
  • Breaking into the client with Metasploit and SET
  • SSL MITM over Wireless
  • Evading Wireless IDS/IPS
    • Scripting Wireless Tools:
  • Programming Wireless Injectors and Sniffers
  • Automating Wi-Fi attacks
  • Extending existing tools like Aircrack-NG for fun and profit
    • Wireless Forensics:
  • Analyzing Wi-Fi traffic
  • Attack analysis with Wireshark and other tools
  • Reconstructing attacks
    • Wireless best practices:
  • Access Points
  • Clients
  • Network Architecture
  • Wireless Intrusion Prevention systems
  • Roadmap for further study
    • Salient Features:
  • Over 25 hands on lab sessions for the participants
  • 5 pure Wi-Fi CTF challenges during the training

    •  
    Course Material:
  • Full course content slides
  • Over 10 hours of HD quality video lectures with hands-on demonstrations
  • Alfa Networks Wi-Fi Card
  • Backtrack 5 Wireless Penetration Testing Beginners Guide

    •  
    Prerequisites:
  • Wireless LAN basics
    •
  • Should know how to configure WLANs – access points and client
    •
  • Familiarity with Linux
    •
     

    Course Requirements:

  • Laptop with at least 4GB of free HD space and should have at least 2GB of RAM.
  • VMware workstation/player for Windows or Fusion for the Mac.
    •

    Participants will learn:

  • Basic to Advanced Wireless LAN security
  • Be able to audit wireless networks for security vulnerabilities
    •
  • Demonstrate different Wi-Fi attacks as Proof of Concepts
    •
  • Propose best practices to create a secure wireless network
    •


     
    Course Length & Location:
    Dates: September 25 & 26, 2012
    Meeting Time: 8:30 AM – 5:00 PM
    DeVos Place (Room TBA) 303 Monroe Ave. Grand Rapids, MI 49503
     

    Registration:

    Price $1,500, Includes GA ticket for GrrCON      
     
    Registration is CLOSED

     

         

    Teensy

    Teensy programming for everyone

    Trainer: Nikhil Mittal
    Nikhil Mittal is a hacker, info sec researcher and enthusiast. His area of interest includes penetration testing, attack research, defense strategies and post exploitation research. He has many years of experience in Penetration Testing of many Government Organizations of India and other global corporate giants.

    He specializes in assessing security risks at secure environments which require novel attack vectors and “out of the box” approach. He has worked extensively on using HID in Penetration Tests and is creator of Kautilya, a toolkit which makes it easy to use Teensy in penetration tests. In his free time, Nikhil likes to scan full IP ranges of countries for specific vulnerabilities, writes some silly Metasploit scripts and does some vulnerability research. He has spoken at Clubhack’10, Hackfest’11, Clubhack’11, Black Hat Abu Dhabi’11, Troopers’12 and Black Hat Europe’12
     

     

    Description:
    Getting into systems is getting harder by day using traditional methods. As a penetration tester or a security administrator you should know what methods an attacker may use to compromise a system. The emphasis of this training will be on using Teensy which is a Human Interface Device. It is an Arduino board based device which can be programmed and used as a keyboard and mouse. Details about Kautilya will be discussed which is a toolkit developed by the trainer which eases the use of Teensy in Penetration Tests. The participants will learn about programming Teensy as per their need using Arduino and also to customize Kautilya. There will be lots of attack vectors, discussions, hands on and fun. Participants should be able to program their own devices after the training.
     

    Course Content:

  • Introduction to Teensy
  • Basics of Arduino Development Environment (ADE)
  • Installing and configuring ADE to use with Teensy
  • Understanding the basics of programming using ADE
  • Writing Hello World
  • Basic usage and programming of Teensy
  • Introduction to Kautilya
  • Demonstration of Payloads in Kautilya
  • Program and perform attacks on a Windows machine
  • Program and perform advanced attacks on a Windows machine
  • Program and perform attacks on Linux Machin
  • Program and perform advanced Attacks on Linux Machines
  • Program and perform attacks on OS X Machines/li>
  • Program and perform advanced attacks on OS X Machines/li>
  • Understanding structure of and automation using Kautilya
  • Understanding Integration of payloads in Kautilya

    •  

     
    Prerequisites:
  • Basic understanding of any programming and/or scripting language could be helpful but not mandatory.
    •
  • An open mind
    •
     

    Course Requirements:

  • System with at least 2GB of RAM
  • Ability to run virtual machines/operating systems
    •
  • A Teensy++ 2.0 device
    •

    Participants will get:

  • Understanding how a Human Interface Device could be used to compromise systems
  • Understanding of Teensy as an attack vector
  • Realize that an Operating System can be used against itself and built-in tools and commands could be very useful during penetration tests
  • Realize that inherent trust for Human Interface Devices by Operating Systems could be dangerous
  • Learning how above can be implemented using Kautilya
  • Learning how payloads in Kautilya can be customized as per requirements for targeted usage during penetration tests
  • Writing their own code and payloads for usage in Penetration Tests
    •
  • Every attendee will receive a free Teensy++ board with USB Cable
    •


     
    Course Length & Location:
    Dates: September 25 & 26, 2012
    Meeting Time: 9:00 AM – 5:00 PM
    DeVos Place (Room TBA) 303 Monroe Ave. Grand Rapids, MI 49503
     

    Registration:

    Price $1,500, Includes GA ticket for GrrCON & Free Teensy++ board with USB Cable      
     
    Registration is OPEN

             
             




    C|EH

    Certified Ethical Hacker (CEH) V7 (Courseware Included)

    Provided by: TBA

    Description: This class will immerse the student into an interactive environment where they will be shown how to scan, test, hack and secure their own systems. Students then learn how intruders escalate privileges and what steps can be taken to secure a system.
    This course environment gives each participants in-depth knowledge and practical experience with the current essential security systems. They will also learn about Intrusion Detection, Policy Creation, Social Engineering, DDoS Attacks, Buffer Overflows and Virus Creation.

    You Will Receive With This Course: Free Certified Ethical Hacker Courseware Free admission to GrrCON (details to be provided in class)

    Who Should Attend:
    This course will significantly benefit security officers, auditors, security professionals, site administrators, and anyone who is concerned about the integrity of the network infrastructure.

    Course Length: Dates: TBA
    Time: TBA

    Course Location: TBA

    Registration: TBA
    Registration is not yet open