Hacking Classes 75% 75% Hands-on Learning in Our Modern Hack Lab. Written by BlackHat Trainers: Available Globally

(1)

Hacking Classes

75%

75% Hands-on Learning in

Our Modern Hack Lab

Updated Regularly to Include

Trending Techniques

Written by BlackHat

Trainers: Available Globally

(2)

NotSoSecure Global Services Limited (Company Registration 09600047, VAT Registration 215919989) | Trading As NotSoSecure Head Office: CB1 Business Centre, Twenty Station Road, Cambridge, CB1 2JD, UK

Registered Office: Office 75 Springfield Road, Chelmsford, Essex, CM2 6JB, UK

[email protected] Tel: +44 1223 653193

FOUNDATION TRACK FOUNDATION TRACK

THE ART OF HACKING ... PAGE 4

INFRASTRUCTURE HACKING ... PAGE 5

WEB HACKING ... PAGE 6

ADVANCED TRACK

ADVANCED INFRASTRUCTURE HACKING ... PAGE 8

ADVANCED WEB HACKING ... PAGE 9

SPECIALIST TRACK

APPSEC FOR DEVELOPERS ...PAGE 11

ADVANCED MOBILE EXPLOITATION ...PAGE 12

SPECIALIST PLUS

OFFENSIVE IOT EXPLOITATION ...PAGE 15

XTREME EXPLOITATION ...PAGE 17

POWERSHELL FOR PEN TESTERS

FOUNDATION...PAGE 18

INTERMEDIATE ...PAGE 19

ADVANCED ...PAGE 20

=

+

(3)

(4)

NotSoSecure Global Services Limited (Company Registration 09600047, VAT Registration 215919989) | Trading As NotSoSecure | Head Office: CB1 Business Centre, Twenty Station Road, Cambridge, CB1 2JD, UK Registered Office: Office 75 Springfield Road, Chelmsford, Essex, CM2 6JB, UK | web: www.notsosecure.com, email: [email protected], tel: +44 1223 653193

4 5 DAY CLASS

FOUNDATION TRACK

Combination introduction to both infrastructure and

web hacking

Practical, hands-on hack-lab puts you in the driving seat

Experience the journey of assessing web applications and

the platforms they reside on

Leave the class knowing the essential tools and techniques

to continue your own journey

This class teaches the attendees a wealth of hacking techniques to

compromise the security of various operating systems, networking

devices and web application components. The class starts from the very

basic, and builds up to the level where attendees can not only use the tools

and techniques to hack various components involved in infrastructure

and web hacking, but also walk away with a solid understanding of the

concepts on which these tools are based. The class comprises of 3 days of

infrastructure hacking and 2 days of web hacking.

CLASS OVERVIEW

The ideal introductory / intermediate

training that brings together

both Infrastructure Hacking and

Web Hacking into a 5-day “Art of

Hacking” class designed to teach the

fundamentals of what Pen Testing

is all about. This exciting training

was written to address the market

need around the world for a real

hands-on, practical and hack-lab

experience that focusses on what

is really needed when conducting a

Penetration Test. Whilst a variety

of tools are used, they are the

key tools that should be in any

Penetration Tester’s kit bag. This,

when combined with a sharp focus

on methodology will give you what

is necessary to start or formalise

your testing career.

WHO SHOULD TAKE THIS CLASS?

System Administrators, Web

Developers, SOC analysts,

Penetration Testers, network

engineers, security enthusiasts

and anyone who wants to take

their skills to the next level.

The Art of Hacking

DAY 1

Infrastructure Basics

• TCP/IP Basics • The Art of Port

Scanning • Target Enumeration • Brute-Forcing • Metasploit Basics • Password Cracking

DAY 2

Hacking Unix, Databases and Applications

• Hacking Recent Unix Vulnerabilities • Hacking Databases • Hacking Application Servers • Hacking third party applications (WordPress, Joomla, Drupal)

DAY 3

Hacking Windows • Windows Enumeration • Hacking recent Windows Vulnerabilities. • Hacking Third party

software (Browser, PDF, Java) • Post Exploitation: Dumping Secrets • Hacking Windows Domains

DAY 4

Information Gathering, Profiling and Cross-Site Scripting

•

Understanding HTTP protocol

•

Identifying the Attack Surface

•

Username Enumeration

•

Information Disclosure

•

Issues with SSL/TLS

•

Cross Site Scripting

•

Cross-Site Request Forgery

DAY 5

Injection, Flaws, Files and Hacks

•

SQL Injection

•

XXE Attacks

•

OS Code Injection

•

Local/Remote File include

•

Cryptographic weakness

•

Business Logic Flaws

(5)

5 Infrastructure

Hacking

3 DAY CLASS

FOUNDATION TRACK

Introduction into Infrastructure Testing

Gain practical experience with the tools that will last you

well into the future

Learn core Infrastructure techniques

Leave with the basis to take your testing knowledge

forward into more Advanced Infrastructure topics

DAY 1

Infrastructure Basics

• TCP/IP Basics

• The Art of Port Scanning • Target Enumeration • Brute-Forcing • Metasploit Basics • Password Cracking

DAY 2

Hacking Unix, Databases and Applications

• Hacking Recent Unix Vulnerabilities • Hacking Databases

• Hacking Application Servers • Hacking Third Party Applications

(WordPress, Joomla, Drupal)

DAY3

Hacking Windows

• Windows Enumeration • Hacking Recent Windows

Vulnerabilities.

• Hacking Third Party Software (Browser, PDF, Java)

• Post Exploitation: Dumping Secrets • Hacking Windows Domains

This class familiarises the attendees with a wealth of hacking tools

and techniques. The class starts from the very basic and gradually

builds up to the level where attendees not only use the tools and

techniques to hack various components involved in infrastructure

hacking, but also walk away with a solid understanding of the

concepts on which these tools work.

CLASS OVERVIEW

This is an entry-level

Infrastructure Security

and testing class and is a

recommended pre-requisite for

our Advanced Infrastructure

Hacking class. This class

familiarises the attendees with

the basics of network hacking. A

number of tools and techniques

will be taught during this 3-day

class, If you would like to step

into the world of Ethical Hacking

/ Pen Testing this is the right

class for you.

WHO SHOULD TAKE THIS CLASS?

System Administrators, SOC

Analysts, Penetration Testers,

Network Engineers, security

enthusiasts and anyone who

wants to take their skills to the

next level.

(6)

6 2 DAY CLASS

FOUNDATION TRACK

Introduction into Web Application hacking

Practical in focus, teaching how web application security flaws are discovered

Covers leading industry standards and approaches

Builds the foundation to progress your knowledge and move into more advanced

Web Application topics

This class familiarises the attendees with a wealth of tools and

techniques needed to breach the security of web applications. The class

starts from the very basic, and gradually builds up to a level where

attendees can not only use the tools and techniques to hack various

components involved in Web Application hacking, but also walk away

with a solid understanding of the concepts on which these tools are

based. The class also covers the industry standards such as OWASP

Top 10, PCI DSS and contains numerous real life examples to help the

attendees understand the true impact of these vulnerabilities.

CLASS OVERVIEW

This is an entry-level web

Application Security-testing

class and is a recommended

pre-requisite for our Advanced

Web Hacking class. This class

familiarises the attendees

with the basics of Web and

Application hacking. A number

of tools and techniques will be

taught during the 2 day class.

If you would like to step into

the world of ethical hacking /

pen testing with a focus on web

applications, then this is the

right class for you.

WHO SHOULD TAKE THIS CLASS?

System Administrators, Web

Developers, SOC analysts,

Penetration Testers, network

engineers, security enthusiasts

and anyone who wants to take

their skills to the next level.

DAY 2

Injection, Flaws, Files and Hacks

• SQL Injection • XXE Attacks • OS Code Injection • Local/Remote File Include • Cryptographic Weakness • Business Logic Flaws • Insecure File Uploads

DAY 1

Information Gathering, Profiling and Cross-Site Scripting

• Understanding HTTP Protocol • Identifying the Attack Surface • Username Enumeration • Information Disclosure • Issues with SSL/TLS • Cross-Site Scripting • Cross-Site Request Forgery

(7)

(8)

8 Advanced

Infrastructure Hacking

5 DAY CLASS

ADVANCED TRACK

Launched at BlackHat USA – Latest exploits, highly relevant, continuously developed.

5-day practical class, teaching a wide variety of offensive hacking techniques.

Written by real Pen Testers with a world conference reputation (BlackHat, AppSec,

OWASP, Defcon et al).

Whether you are Penetration Testing, Red Teaming, or hoping to gain a better understanding of managing vulnerabilities in your environment, understanding advanced hacking

techniques for infrastructure devices and systems is critical.

The Advanced Infrastructure class will get the attendees familiarised with a wealth of hacking techniques for common Operating Systems and networking devices. While prior Pen Testing experience is not a strict requirement, a prior use of common hacking tools such as Metasploit is recommended for this class.

CLASS OVERVIEW

An Advanced Infrastructure

Hacking class, released at

BlackHat, designed for those who

wish to push their knowledge

… The fast-paced class teaches

the audience a wealth of hacking

techniques to compromise

various operating systems and

networking devices. The class

will cover advanced penetration

techniques to achieve exploitation

and will familiarise you with a

wealth of hacking techniques

for common operating systems,

networking devices and much

more. From hacking Domain

Controllers with MS14-068 to

GHOST local root, VLAN Hopping

to VoIP Hacking, you have got

everything covered.

WHO SHOULD TAKE THIS CLASS?

The class is ideal for those

preparing for CREST CCT

(ICE), CHECK (CTL), TIGER SST

and other similar industry

certifications, as well as those

who perform Penetration Testing

on infrastructure as a day job

and wish to add to their existing

skillset.

DAY 1

Hacking Networks, Databases

• TCP/IP & Network Enumeration • Port Scanning • TCP/UDP Scanning • Windows/Linux

Enumeration

• The Art of Brute-Forcing • Insecure SNMP

Configuration • Database Exploitation

(Oracle, Postgres, Mysql) • Hacking Application servers (Websphere) • Exploiting SSL Vulnerabilities such as Heartbleed • Exploiting Remote Systems via Shellshock • Exploiting Java and PHP

Serialization Bugs

DAY 2

Advanced Windows Hacking • Windows Vulnerabilities • Mastering Metasploit • Latest Remote Exploits • Pivoting within Internal

Network

• Local Privilege Escalation • Custom Payloads • Post-Exploitation

DAY 3

Hacking Windows Domains • Compromising Windows Domain

• Pass the hash • Pass the ticket • Breaking Kerberos • Third party exploits

(browser, java, pdf)

DAY 4

Advanced Linux Hacking

• Linux Vulnerabilities • Finger • Rservices • NFS Hacks • SSH Hacks • X11 Vulnerabilities • Local Privilege Escalation • Kernel Exploits

• Weak File Permissions • SUID/SGID Scripts • Inetd Services

DAY 5

Hacking VLANs, VoIP, Switches & Routers

• VLAN Hopping • Hacking VoIP • Exploiting Insecure VPN Configuration • Switch/Router vulnerabilities

(9)

9 Advanced

Web Hacking

3 DAY CLASS

ADVANCED TRACK

Advanced Web Hacking in a practical “Hack Lab” environment

Gain in-depth expertise with the tools and techniques that

will last you well into the future

Learn core web hacking techniques

DAY 1

• Hacking and Securing web and application servers

• Attacking Authentication

• Advanced Username Enumeration/ • Brute Force Issues

• Exploiting SSO

• Session Management Issues • Business Logic Bypass • Authorization Issues

DAY 2

• Parameter Manipulation Attacks • Cookie Analysis

• SSL Misconfiguration and Man in the Middle Attacks

• XSS: The Concept • Same Origin Policy • Identifying XSS • Exploiting XSS

• Pitfalls in Defending XSS

DAY3

• Identifying Cross Site Request Forgery (CSRF)

• Exploiting CSRF • Fixing CSRF

• Carriage Return & Line Feed (CRLF) injection

• Hacking APIs • SQL Injection

• LDAP, XPATH, XXE Injections • Insecure HTTP Methods • Malicious File Uploads

This class familiarises the attendees with a wealth of advanced web

hacking techniques. Besides covering advanced techniques in common

web application flaws (such as those covered under OWASP Top 10), the

class also covers some neat, new and ridiculous hacks. From mind bending

XSS, to 2nd order SQL Injection; Breaking crypto to finding flaws in SAML/

SSO we have got it all covered. The class has recently been updated to

contain all current topics and modern technology. The lab for the class is

designed based on real life applications in which similar vulnerabilities

have been found in past. For every vulnerability, in-depth solutions and

mitigation strategies are also discussed.

CLASS OVERVIEW

This class familiarises the

attendees with a wealth of

advanced web hacking techniques.

Besides covering advanced

techniques in common web

application flaws (such as those

covered under OWASP Top 10),

the class also covers some neat,

new and ridiculous hacks. From

mind bending XSS, to 2nd order

SQL Injection; Breaking crypto to

finding flaws in SAML/SSO and

APIs we have got it all covered. The

class has recently been updated

to contain all current topics and

modern technology. The class is

ideal for candidates preparing for

CREST ACE cerification.

WHO SHOULD TAKE THIS CLASS?

System Administrators, SOC

analysts, Penetration testers,

network engineers, security

enthusiasts and anyone who wants

to take their skills to next level.

(10)

(11)

11 2 DAY CLASS

SPECIALIST TRACK

Covers latest industry standards such as OWASP Top 10

Insight into latest security vulnerabilities (such as mass

assignment bug in MVC Frameworks)

Thorough guidance on security best practices (like HTTP

header such as CSP, HSTS header etc.)

References to real world analogy for each vulnerability

Hands-on labs

DAY 2

Server Side Issues

• SQL Injection • File Uploads • Server Side Includes • File Inclusion

• Direct Object Reference • OS Code Execution

Best Security practice

• HSTS

• Content Security Policy • Defence in Depth

DAY 1

Authorisation • Session Management • Logical Flaws • Web Server Misconfiguration • Application Server Misconfiguration • HTTP Methods • SSL and MITM attacks

Cross Site Issues

• Cross Site Scripting • Cross Site Request Forgery • Session Fixation

• CRLF Injection

• Flash and Cross Domain Issues

A highly-practical class that targets web developers, pen testers, and

anyone else who would like to learn about writing secure code, or to audit

code against security flaws. The class covers a variety of best security

practices and defense in-depth approaches, which developers should be

aware of while developing applications.

Students will be provided access to infrastructure on which they will

identify vulnerable code and associated remediation. While the class

covers industry standards such as OWASP Top 10 and SANS top 25 security

issues, it also talks about real world issues that don’t find a mention in

these lists. The class does not focus on any particular web development

language / technology but instead on the core principles. Examples include

PHP, .NET, classic ASP and Java.10 and SANS top 25 security issues.

CLASS OVERVIEW

Pen Testing as an activity tends

to capture security vulnerabilities

at the end of the SDLC and

is often too late to be able to

influence fundamental changes in

the way code is written.

We wrote this class because

of the need for developers to

develop code and applications in

a secure manner. It does not need

to be more time consuming, but

it is critical to introduce security

as a quality component into the

development cycle. The class

does not target any particular

web development platform, but

does target the general insecure

coding flaws developers make

while developing applications.

The examples used in the class

include web development

technologies such as ASP, .NET,

JAVA and PHP.

WHO SHOULD TAKE THIS CLASS?

This training is Ideal for:

Software/Web developers, PL/

SQL developers, Penetration

Testers, Security Auditors,

Administrators and DBAs and

Security Managers.

AppSec

(12)

12 All about Android and iOS exploitation

Practical in focus, giving you the tools to understand

platform security for the most common mobile OS types

Packed with tools, techniques, approaches and key

security principles

Very in-depth, focused approach – relevant to any

professional engaged with this most complex and rapidly

growing field of security

Advanced Android and iOS Exploitation: This fast-paced training will

familiarise you with the various Android and iOS exploitation techniques,

as well as bypassing most of the existing security models in both of the

platforms. We will cover topics such as writing your own malware, auditing

complicated and protected applications, automated static and dynamic

analysis, Dex Exploitation, ARM™, OWASP Mobile, Top 10 and a lot more.

Platform Exploitation on which most of the smartphone run these days. In

ARM™, we will cover exploitation techniques such as Stack Based Buffer

Overflows, Gadget Chaining, ROP and Bypassing protections. Finally, for

iOS, we will be looking into the application security auditing, creating a pen

test environment, presenting a sandboxing model, code signing, inspecting

binaries, use-after-free and much more. We will also be looking into

Android rooting and iOS jail breaking exploits, and recreate the scenario

from scratch. Students will also be provided with custom exploitation labs,

which will be preconfigured and loaded with all the tools and scripts which

will be covered during the training.

CLASS OVERVIEW

A 3-day Advanced Mobile

Exploitation class, focusing on

Android and iOS exploitation. If

you want to try exploitation on

new hardware and find security

vulnerabilities, and “0-days” in

IoT devices, then Offensive IoT

Exploitation is the class for you.

At the end of the class, there

will be a final CTF challenge

where the attendees will have to

identify security vulnerabilities

and exploit them, in a completely

unknown device.

WHO SHOULD TAKE THIS CLASS?

The only requirement for this class is

that you bring your own laptop and

have admin/root access. During the

class, we will give you VPN access

to our state-of-the-art hacklab

which is hosted in our datacentre in

the UK. Once you are connected to

the lab, you will find all the relevant

tools/VMs there. We also provide a

dedicated Kali VM to each attendee

on the hacklab, so you don’t need to

bring any VMs with you. all you need

is to install the VPN client and you

are good to go!

Also, note that we will use an

Ethernet/Wired network for this

class. If your laptop does not support

this, please carry the correct adaptor

to ensure you are able to connect to

the wired network.

3 DAY CLASS

SPECIALIST TRACK

Advanced

(13)

DAY 1

Android Basics

• Introduction to Android • Android Architecture • Digging into Android kernel

Android Security Model

• Android Security Architecture • Android Permission model • Application Sandboxing • Bypassing Android Permissions • Android Application Components • Android Debug Bridge

• Creating a Simple Android Application

Setting up the Environment

• Setting up Android Emulator • Setting up a Mobile Pentest

Environment

Dex Labs

• Introduction to Dalvik File Format • In-depth to Smali

• Manipulating smali files and cracking Applications

• Cracking Application Licenses • Dex file manipulation

• Obfuscating applications with dex obfuscator

App Kung-fu

• Application Analysis • Reverse Engineering

• Traffic Interception (Active and Passive)

of Android Applications • OWASP Top 10 for Android • Sniffing Application and phone’s

network data • Unsecure file storage • Having fun with databases

Exploiting Logic and Code flaws in applications

• Exploiting Content Providers • SQL Injection in Android Application • Local File Inclusion/Directory Traversal • Drive by Exploitation

• Tapjacking • HTML 5 Attacks

• Phishing Attacks on Android

Exploitation with Drozer

• Drozer 101

• Exploiting Content Provider vulnerabilities with Drozer • Drozer Scripting

• Exploiting permission protected apps with Drozer

DAY 2

Android Forensics & Malware Analysis

• Extracting text messages, voice mails, call logs, contacts and messages

• Recovering information stored in SD Card • Reversing and Analysing Android malwares

using Apktool, dex2jar and JD-GUI • Introduction to IDA Pro

• Analysing malwares and exploits using IDA

Introduction to ARM™ Exploitation

• Introduction to ARM™ • Instruction set and Registers • Debugging with GDB • Stack Overflows on ARM™ • Format String vulnerabilities • Ret2ZP Attack and ROP • Shellcoding on ARM™

• Exploit Mitigations and Bypasses • ARM™ Based rootkits

Further Exploitation

• Creating custom Bootloaders

• Android Root Exploits – Recreating the exploit

• Fuzzing Android components • Webkit Exploitation

• Use After Free vulnerability and exploitation

• Writing a reliable exploit for Android • More ROP Exploitation

• Finding ROP gadgets and building ROP Chains

• Using GDB for Android debugging • Information Leaks in Android

Being Secure

• Android in the Enterprise • Writing Secure Code • Pen test before you publish

• Writing Python Scripts for automating android pen tests

• Source Code Auditing for Applications

DAY 3

iOS Background

• Understanding iOS Architecture • iOS Security Features

• iOS Application Overview

iOS Security Model

• Code Signing • Sandboxing • Exploit Mitigation • Encryption

Setting up the Environment

• Setting up XCode

• Setting up iPhone/Simulator

iOS Hello-World

• iOS Application components • Introduction to Objective C

• Writing a simple Hello World application in your own iDevice/Simulator

iOS App Analysis

• Reverse Engineering iOS Apps • Decrypting Appstore Binaries • Locating PIE (Position Independent

Executable) • Inspecting Binary • Manipulating Runtime

Auditing Insecure API

• Evaluating the Transport Security • Abusing Protocol Handlers • Insecure Data Storage • Attacking iOS keychain

App Assessments

• Setting up pen testing environment for assessment

• Passive app assessment • Active app assessment • Application analysis

App Kungfu

• Exploiting XSS in Apps (UIWebViews) • Attacking XML processor • SQL Injection • Filesystem Interaction • Geolocation • Logging • Background-ing

Memory Corruption Issues

• Format strings • Object use-after free • ROP for iOS

• Exploit Mitigations in iOS

iOS Forensics

• Analysis of Backed up data in iTunes • Extracting SMS, Call Logs, etc., from an iOS

backup

• Imaging the whole device • Being Secure

iOS App compliance checklist

• Writing Secure Codes

(14)

(15)

15 2 DAY CLASS / 5 DAY BOOTCAMP

A Challenging Series of Fast-Paced IoT Classes

Taught By World-Leading IoT Experts who are

BlackHat Lecturers

Practical & Hands-On on Real Devices

In-Depth Firmware, Chip & Device Focused

Learn to Write Device-Level Exploits

Uniquely tailored Ubuntu IoT exploit platform to take away

“Offensive IoT Exploitation” comprises a brand new series of classes

that offers pen testers and security researchers the ability to assess and

exploit the security of these smart devices. The classes cover a variety

of IoT devices, assessing their attack surfaces and writing exploits. The

2-day hands-on class series (beginner, intermediate and advanced)

provide students with the knowledge to try things for themselves

(rather than just watching the slides). We start from the very beginning

discussing the architecture of IoT devices, and slowly move to firmware

analysis, identifying attack surfaces, finding vulnerabilities and finally,

exploiting these vulnerabilities.

Uniquely, all classes end with a 1-1.5 hour hardware CTF (Capture the

Flag) event (foundation class CTF is a software challenge).

CLASS OVERVIEW

A series of 2-day practical classes

or a 5-day boot camp, exploring the

Internet of Things (IoT), playing with

firmware, finding exploits in common

devices and finding zero days. If you

want to learn hands-on exploitation

techniques on new hardware platforms

and find security vulnerabilities in IoT

devices, then offensive IoT Exploitation

is the class for you. At the end of the

class, there will be a final CTF challenge

where the students will be asked to

test their new knowledge, identify

security vulnerabilities and exploit them

in a completely unknown device.

Offensive IoT Exploitation IoT or the

“Internet of Things” is an upcoming

trend in technology. Many new devices

are coming up every single month,

however very little attention has been

paid to the device’s security until now.

“Offensive IoT Exploitation” is a brand

new and unique class that offers

pen testers and security researchers

the ability to assess and exploit the

security of these smart devices. The

class will cover a variety of IoT devices,

assessing their attack surfaces and

writing exploits. The 2-day hands-on

class series provides students with

the ability to try things for themselves

rather than just watching the slides.

We will start from the very beginning

discussing the architecture of IoT

devices, and slowly moving to firmware

analysis, identifying attack surfaces,

finding vulnerabilities and finally,

exploiting these vulnerabilities.

Offensive

IoT Exploitation

(16)

Foundation

Intermediate

Advanced

This class is designed for individuals who already have a basic understanding of IoT and are familiar with penetration testing on various platforms.

Offensive IoT Exploitation - Intermediate level will get you started with pen testing IoT devices in real world scenarios. During the class, you will work with various IoT devices - analysing, debugging and exploiting firmware, attacking radio communication protocols and performing hardware exploitation.

This class will be valuable for security professionals entering the IoT space, and IoT developers looking to secure their products beter.

Firmware Analysis

• Understanding Device File Systems • Firmware Extraction Techniques • Analyzing and Backdooring Firmware • Emulating Firmwares and Binaries • Remote Live Debugging Firmware

Binaries

• Identifying Vulnerabilities in Firmware

Software Exploitation

• Reversing Mobile Applications • MIPS Assembly Basics • Registers and Flags

• Disassembling and Debugging Binaries

• Common Exploitation Techniques • Exploitation on MIPS

Hardware Analysis and Exploitation

• Introduction to SPI Flash

• Dumping Firmware from a Real Device • JTAG – Introduction and Techniques • Hardware Protection

• Side Channel Attacks

Radio Hacking

• Introduction to Zigbee and ZWave Based Attacks

• Sniffing Bluetooth Low Energy (BLE) • BLE Attack Vectors

• Other Communication Modes & Vulnerabilities

The Advanced edition of Offensive IoT Exploitation is meant for individuals who already have experience with pen testing IoT devices, and want to take their skillsets to the next level. This class will help students use advanced techniques for various aspects such as Radio reversing, exploiting hardware serial interfaces and software RE. This will be a fast paced 2-day class covering topics ranging from JTAG to going in-depth with reversing Zigbee.

The class is meant for security professionals, pen testers, reverse engineers and IoT professionals who want to break complex IoT devices or secure their products.

Firmware Based Exploitation

• Advanced Firmware Analysis and Reversing

• Getting Around with Encrypted Firmware

• Firmware Dumping - via UART and JTAG Debug

• Firmware Exploitation - ROP, Command Injection

• Building Cross-toolchains

Smart Device Hacking

• JTAG Enabling • JTAG Exploitation

• Side Channel and Timing Based Attacks (Theory)

• Pulling Chips from the Device • Automating Exploitation with Custom

Hardware Devices • USB Based Attack Vectors • Fuzzing IoT Devices

• Industrial Grade IoT Ecosystem

Hacking IoT With SDR

• Mapping out IoT Devices Based on Radio Signals

• Reversing Radio Communication Protocols for an IoT Device • Injecting Wireless Packets • Versions and Security Issues • Zigbee Exploitation

• Automotive Exploitation This class is designed for anyone who

wants to get started with the basics of Internet of Things Exploitation. This is the first level of our 3-part Offensive IoT Exploitation class series.

During the class, attendees will be introduced to the tools and techniques that can be used to get started with IoT pen testing. This is a beginner friendly class and students don’t need to have previous experience in IoT or penetration testing. During the 2-days, we will begin with the fundamentals and gradually move towards understanding firmware analysis, mobile app exploitation for IoT, hardware exploitation, wireless analysis and software defined radio.

Getting Started With IoT Security

• Introduction to IoT • Security Architecture

• Getting Familiar with IoT Security and Components

• Case Studies of IoT Vulnerabilities • Attack Vectors for Smart Devices

Conventional Attack Techniques

• IoT Device Attack Surface Mapping • Information Gathering and

Reconnaissance

• Mobile Based Exploitation – Android • Exploitation : Web / Network Services • Insecure Encryption Components • Password Cracking / Other Attacks

Hardware Analysis and Exploitation

• Hardware Hacking 101

• Analyzing Boards and Components • Identifying Serial Interfaces / Pinouts • UART Introduction and Interaction • Serial to Root

Radio Hacking

• Getting started with SDR • Radio Interfaces and Architecture • Commonly used IoT Communication

Techniques

• Pen Test Lab for Radio Hacking • Getting Familiar with GNURadio • Capturing and Streaming Radio • Recording and Replaying Radio Traffic

Designed as an end-to-end class, our 5-day “IoT Boot Camp” immerses our students in a week of intense knowledge acquisition, integrating and compressing the beginner, intermediate and advanced classes into one overall IoT learning experience. Designed for those who wish to drive

their knowledge rapidly in the fascinating and very real world of IoT.

(17)

17 2 DAY CLASS

SPECIALIST PLUS

What to expect

Two days of debugging & disassembling

Only place where pointers are not the

ideal ones

Calc.exe popping up everywhere!

What not to expect

Anything not related to Exploit

Development

Theory and Slides!

DAY 2

• Understanding Heap Spraying • Exploiting a Use-After-Free in

Internet Explorer 6

• Exploiting a Heap Overflow in Adobe Reader 8

• Exploiting Adobe Reader on Windows 7 using ROP chains • Understanding ASLR bypasses

DAY 1

• Basic, yet effectively fuzzing Microsoft • Excel 2007 (XLS)

• Identifying the vulnerability

• Controlling registers and program flow • Popping up calc!

The class is focused on a comprehensive coverage of software

exploitation. It will present different domains of code exploitation and

how they can be used together to test the security of an application.

The participants will learn about different types and techniques

of exploitation, using debuggers to create their own exploits,

understand protection mechanism of the Operating Systems and how

to bypass them.

The class is heavily focused on being hands-on. Reference material

documents will be provided for concepts for further reading. This

class is all hands on, from the word Go! Only code and exploitation

techniques are what you will take home.

CLASS OVERVIEW

Upon completion of this class, participants will be able to:

Understand how exploits works

and different types of software

exploitation techniques

Understand the exploit

development process

Search for vulnerabilities in

closed-source applications

Write their own exploits for

vulnerable applications

WHO SHOULD TAKE THIS CLASS?

Information Security

Professionals

Anyone with an interest

in understanding exploit

development

Ethical Hackers and Penetration

Testers looking to upgrade their

skill-set to the next level

Xtreme

(18)

18 FOUNDATION

/ INTERMEDIATE / ADVANCED

Penetration Tests and Red Team operations for secured environments

need altered approaches. You cannot afford to touch a disk, throw

executables and use memory corruption exploits without the risk of

being ineffective as a simulated adversary. PowerShell is the tool of

choice to enhance offensive tactics and methodologies.

Powershell for

Penetration Testers

SPECIALIST PLUS

Day 1

PowerShell Essentials and Getting a foothold

• Introduction to PowerShell Language Essentials

• Using ISE • Help system

• Syntax of cmdlets and other commands

• Variables, Operators, Types, Output Formatting

• Conditional and Loop Statements • Functions

• Modules

• PowerShell Remoting and Jobs • Writing simple PowerShell scripts • Extending PowerShell with .Net • WMI with PowerShell

• Playing with the Windows Registry • COM Objects with PowerShell • Recon, Information Gathering and the

likes

• Vulnerability Scanning and Analysis Exploitation

• Getting a foothold

• Exploiting MSSQL Servers • Client Side Attacks with

PowerShell

• PowerShell with Human Interface Devices

• Using Metasploit and PowerShell together

Day 2

Post Exploitation and Lateral Movement

• Post-Exploitation – What PowerShell is actually made for

• Enumeration and Information Gathering

• Privilege Escalation

• Dumping System and Domain Secrets

• Kerberos attacks (Golden, Silver Tickets and more)

• Backdoors and Command and Control

• Pivoting to other machines • Poshing the hashesTM • Replaying credentials • Network Relays and Port

Forwarding • Achieving Persistence

• Detecting and stopping PowerShell attacks

• Quick System Audits with PowerShell • Security controls available with

PowerShell

CLASS OVERVIEW

PowerShell has changed the way Windows networks are attacked. It is Microsoft’s shell and scripting language available by default in all modern Windows computers. It could interact with .Net, WMI, COM, Windows API, Registry and other computers on a Windows Domain. This makes it imperative for Penetration Testers and Red Teamers to learn PowerShell. This training is aimed towards attacking Windows network using PowerShell and is based on real world penetration tests and Red Team engagements for highly secured environments.

Attendees will get free one month access to a complete Active Directory environment after the training.

•

In-memory shellcode execution using client side attacks.

•

Exploiting SQL Servers (Command Execution, trust abuse, lateral movement.)

•

Using Metasploit payloads with no detection

•

Active Directory trust mapping, abuse and Kerberos attacks.

•

Windows / Web passwords, Wireless keys, LSA Secrets / other system secrets

•

Shell access and exfiltration: DNS, HTTPS, Gmail etc.

•

Network relays, port forwarding and pivots to other machines.

•

Reboot and Event persistence

•

Bypass security controls like Firewalls, HIPS and Anti-Virus.

(19)

19 Penetration Tests and Red Team operations for secured environments

need altered approaches. You cannot afford to touch a disk, throw

executables and use memory corruption exploits without the risk of

being ineffective as a simulated adversary. PowerShell is the tool of

choice to enhance offensive tactics and methodologies.

Powershell for

Penetration Testers

Day 1

PowerShell Essentials • Introduction to PowerShell • Language Essentials • Using ISE • Help system

• Modules

• PowerShell Remoting and Jobs • Writing simple PowerShell scripts • Extending PowerShell with .Net • Accessing Windows API • WMI with PowerShell

• Playing with the Windows Registry • COM Objects with PowerShell

Day 2

Getting a foothold

• Recon, Information Gathering and the likes • Vulnerability Scanning and Analysis • Exploitation – Getting a foothold

• Exploiting MSSQL Servers • Client Side Attacks with PowerShell • PowerShell with Human Interface

Devices

• Writing shells in PowerShell • Using Metasploit and PowerShell

together

• Porting Exploits to PowerShell

Day 3

Post Exploitation and Lateral Movement

• Enumeration and Information Gathering • Privilege Escalation • Dumping System and

Domain Secrets

• Kerberos attacks (Golden, Silver Tickets and more) • Backdoors and Command

and Control

• Abusing SQL Server Trusts • Pivoting to other machines

• Poshing the hashesTM • Replaying credentials • Network Relays and Port

Forwarding

Day 4

Persistence, Defenses and Bypass

• Achieving Persistence • Clearing Tracks • Bypass Basic Defenses

• Detecting and stopping PowerShell attacks • Bypass Advanced Defenses

• Quick System Audits with PowerShell • Security controls available with PowerShell

CLASS OVERVIEW

•

(20)

20 Penetration Tests and Red Team operations for secured environments

need altered approaches. You cannot afford to touch a disk, throw

executables and use memory corruption exploits without the risk of

being ineffective as a simulated adversary. PowerShell is the tool of

choice to enhance offensive tactics and methodologies.

Powershell for

Penetration Testers

CLASS OVERVIEW

•

• Day1

PowerShell Essentials • Introduction to PowerShell • Language Essentials • Using ISE • Help system

• Modules

• PowerShell Remoting and Jobs • Writing simple PowerShell scripts • Extending PowerShell with .Net • Accessing Windows API • WMI with PowerShell

• Playing with the Windows Registry • COM Objects with PowerShell

Day 2

Getting a foothold

• Recon, Information Gathering and the likes

• Vulnerability Scanning and Analysis • Exploitation – Getting a foothold

• Exploiting MSSQL Servers • Client Side Attacks with PowerShell • PowerShell with Human Interface

Devices

• Writing shells in PowerShell • Using Metasploit and PowerShell

together

• Porting Exploits to PowerShell

Day 3

Post Exploitation and Lateral Movement

• Enumeration and Information Gathering

• Privilege Escalation

• Dumping System and Domain Secrets • Kerberos attacks (Golden, Silver

Tickets and more)

Day 4

Post Exploitation and Persistence

• Backdoors and Command and Control • Abusing SQL Server Trusts • Pivoting to other machines

• Poshing the hashesTM • Replaying credentials

• Network Relays and Port Forwarding • Persistence

• Achieving Persistence • Clearing Tracks

Day 5

Defenses and Bypass

• Bypass Basic Defenses

• Detecting and stopping PowerShell attacks • Bypass Advanced Defenses

• Quick System Audits with PowerShell • Security controls available with PowerShell

(21)

@NotSoSecure Global Services Limited, 2016

NotSoSecure Global Services Limited (Company Registration 09600047, VAT Registration 215919989) | Trading As NotSoSecure Head Office: CB1 Business Centre, Twenty Station Road, Cambridge, CB1 2JD, UK

Registered Office: Office 75 Springfield Road, Chelmsford, Essex, CM2 6JB, UK