SPECIALIZED TRAINING COURSES

Bulb Security provides hands-on security training at security conferences around the world. Contact us today to book a training at your event.

Past Conference Trainings:

Derbycon
Brucon
The Blackhat Briefings
Hack in Paris
Security Bsides
Security Zone
Skydogcon

Example Classes:

Abstract:

In this class we will start with introductory exploit development for Windows and Linux platforms. In class you will gain hands on experience finding vulnerabilities, writing working exploits from scratch, and porting public exploit code to meet your needs. We will start with the basics of stack based buffer overflows including saved return pointer and structured exception handler overwrites. We will look at dealing with space issues for shellcode such as egghunting and relative jumps. Then we will move onto bypassing more advanced anti-exploitation measures such as stack cookies, ASLR, DEP, etc. In addition to writing exploits from scratch we will look at public exploit code and porting it to fit our environment’s needs. We will also look at writing Metasploit modules and porting our exploits into Metasploit. Hands on labs for both Windows and Linux will be covered, exploiting real vulnerable programs. No previous programming or exploitation experience is required. Exploit skeletons will be provided for each exercise allowing students to focus on the attack string rather than programming syntax.

Outline:

Module 1: Stack Based Buffer Overflow Basics

Module 2: Structured Exception Handler Overwrites

Module 3: Simple Fuzzing

Module 4: Porting Public Exploit Code

Module 5: Writing Metasploit Modules

Module 6: Space Issues: Relative Jumps

Module 7: Space Issues: Shellcode Splitting

Module 8: Space Issues: Egghunter

Module 9: Bypassing ASLR

Module 10: Bypassing Data Execution Prevention

Prerequisites:

  • Laptop capable of running at least 2 virtual machines simultaneously.
  • Vmware product (Player, Workstation, or Fusion)
  • Kali Linux Virtual Machine: http://www.kali.org
  • No programming experience is required. Exploit skeletons will be provided for each exercise.

Students will be provided with:

  • Target virtual machines (Windows XP, Windows 7, Ubuntu, ARM). Windows virtual machines will be 30 day trials that will expire unless the student provides a license key. If possible, download details will be made available a week prior to class.
  • Detailed Slides
  • Lab Manual

Abstract:

This course will give you hands-on experience in many facets of penetration testing. We will briefly touch on the basics of using Kali Linux as well as programming and scripting. We will study the Metasploit Framework before using it and supporting tools to simulate a penetration test against target virtual machines. Starting with information gathering, we will move through the phases of penetration testing. The class will begin with basic, easily exploitable vulnerabilities, but will also cover the latest client side issues being exploited in the wild. This course will heavily focus on post exploitation techniques such as privilege escalation, lateral movement, and pivoting. We will study advanced techniques such as bypassing anti-virus and IDS systems. The basics of developing exploits manually will be covered. We will turn our custom exploits into Metasploit modules. Finally, we will take a look at the rapidly developing field of mobile hacking. The course will finish with a live capture the flag environment where students can test what they have learned.

Outline:

Module 1: Using Kali Linux

Module 2: Programming

Module 3: Using Metasploit

Module 4: Information Gathering

Module 5: Vulnerability Identification

Module 6: Capturing Traffic

Module 7: Exploitation

Module 8: Password Attacks

Module 9: Client Side Attacks

Module 10: Social Engineer Toolkit

Module 11: Bypassing Detection

Module 12: Post Exploitation

Module 13: Web Application Assessments

Module 14: Wireless Attacks

Module 15: Exploit Development

Module 16: Developing Metasploit Modules

Module 17: Mobile Attacks

Module 18: Capture the Flag

Prerequisites:

  • Laptop capable of running at least 2 virtual machines simultaneously.
  • Vmware product (Player, Workstation, or Fusion)
  • Kali Linux Virtual Machine: http://www.kali.org
  • Linux will be used extensively in this class. We will cover the basics briefly in the first module, but some prior knowledge is helpful. Likewise no prior programming knowledge is required though it will be helpful in the exploit development module. Some programming and scripting will be covered at the beginning of class.

Students will be provided with:

  • Target virtual machines (Windows XP, Windows 7, Ubuntu). Windows virtual machines will be 30 day trials that will expire unless the student provides a license key. If possible, download details will be made available a week prior to class.
  • Detailed Slides
  • Lab Manual
  • Access to an online VPN with additional targets for capture the flag. Additional online lab time will be provided after class.