Trainer: Rod Soto
This comprehensive course will go over the tools and methodologies that are used during penetration tests in enterprise network environments. The course will utilize a lab environment for hands on instruction of manual penetration testing methods, as well as training on the use of exploitation frameworks, such as Metasploit. This course will focus on methodology, processes, tools, and techniques. By the end of the course, the student will have an understanding of the underlying workings of network exploitation, and will have experience in the successful execution of attacks.
Minimum Student Requirements:
- A Laptop with at least 4Gb of RAM with the ability to run multiple virtual machines.
- Understanding of Basic Networking Concepts
- Basic Linux Skills
Target Audience: The class is perfect for those seeking to enter the information security career field, as well as those seeking to develop the skills and experience needed to succeed as a penetration tester.
About the Instructor:
Rod Soto is the Secretary of the Board of HackMiami. HackMiami is made up of experienced information security professionals that have years of experience working with large corporations, governments, and small businesses. Members of HackMiami are on the cutting edge of vulnerability research and regularly present at local information security group meetings (ISSA, OWASP) and international hacking conferences around the world (Defcon, HOPE, OWASP AppSec, Hacker Halted)
May 9th 10 AM – 6 PM
Trainer: Nahuel Grisolía
Enter the world of the RFID technology (Radio Freq. ID), focusing on high frequency NFC standard. Also, the low frequency band will be reviewed because
of its well-known use in individual physical access to buildings. From the use of traditional NFC 13.56Mhz readers, their API and proprietary
software, to Proxmark3 hardware, open source software (LibNFC), known attacks and other uses and practical ideas. Part of the course will focus on NXP Mifare Classic technology and hacks. Mifare Classic is widely used for micropayments, building physical security and public transport.At the end, we will discuss some case studies, using different methodologies and lessons learned related to Reverse and Social Engineering.
Minimum Student Requirements
No prior RFID / NFC technology knowledge is required.
It is desirable to have a minimum knowledge of C language – debugging, compiling, and running – (during the course OSX and a Microsoft Windows XP VM will be used). The teacher will conduct the demos with the help of the audience, so it is not a requirement to bring any laptop or other equipment. The attendees may bring their laptops and a compiled version of LibNFC to play with the teacher’s equipment. Any RFID / NFC card is welcome to try some hacks on them.
The class is perfect for those seeking to enter the information security industry specializing in radio frequencies (RFID / NFC) . Serving to Introduce. From Beginner to Intermediate level.
About the Instructor:
Nahuel Grisolía is 28 years old and runs, Cinta Infinita, doing Penetration Testing engagements, Training Courses and Security Research. He has delivered trainings in a couple of conferences around the world: BugCON (Mexico), H2HC (Brazil), Ekoparty (Argentina), OWASP events (Argentina), TROOPERS (Germany), PHDays (Russia). In the research field, he is specialized in Web application security and Hardware Hacking. He has discovered vulnerabilities in McAfee Ironmail, VMWare, Oracle VM, WebSense and Manage Engine Service Desk Plus; also in Free Software projects like Achievo, Cacti, OSSIM, Dolibarr and osTicket. Currently, he is an Information Systems Engineer and holds a C|EH, a Security+ and a Private Pilot certification.
May 9th 10 AM – 6 PM
The major cause of web insecurity is insecure software development practices. This highly intensive and interactive 1-day course provides essential application security training for web application, webservice and mobile software developers and architects.
The class is a combination of lecture, security testing demonstration and code review. Students will learn the most common threats against applications. More importantly, students will learn how to code secure web solutions via defense-based code samples.
We will also explore the use of third-party security libraries and frameworks. This class will highlight production quality API’s from various languages, frameworks, and 3rd party libraries that provide production quality and scalable security controls.
This course will include secure coding information for Java, PHP and .NET programmers, but any software developer building web applications, web services or mobile applications will benefit.
Instructor: Jim Manico
Jim Manico authors and delivers developer security awareness training and has a 20 year history building software as a developer and architect. Jim is also a global board member for the OWASP foundation where he helps drive the strategic vision for the organization. He manages and participates in several OWASP projects, including the OWASP cheat sheet series and several secure coding projects
May 9th. 10AM-6PM
The class will be a 1 day workshop with a live lab environment that can be accessed via the internet using only a web browser. Each student will have access to their own target hosts and a web console that will allow for management of the targets (e.g. rebooting the host), you will not be sharing the target systems with any other students so you won’t have to worry about other students affecting your lab environment.
Targets will be Windows 8 and Server 2012 hosts that have been hardened in accordance with the DISA STIG (Secure Technical Implementation Guides: http://iase.disa.mil/stigs/). They will also have HBSS (Host Based Security System: http://www.disa.mil/Services/
The course areas of focus will be:
Joe McCray is an Air Force Veteran and has been in security for over 10 years. Joe has been involved in over 150 very high level pentesting assessments and has some major hacking accomplishments that he can share with his classes. His extensive experience and deep knowledge, mixed with his comedic style has lead Joe to be one of the most highly sought after speaking experts in the industry. Joe makes speaking appearances and gives seminars at major events in the security community such as Black Hat, DefCon, BruCon, Hacker Halted and more. Joe is the recipient of the 2009 EC-Council Instructor Circle of Excellence Award and the 2010 EC-Council Instructor of the Year Award. Joe is the founder and CEO of http://strategicsec.com an IT Security consulting firm that provides in-depth technical security assessments of your network, web application, and regulatory compliance gap analysis.
This course will walk through the process of identifying and exploiting security issues on Android applications using a wide variety of tools and techniques required for pen-testing of Android Applications. During the training program, participants will be taken through topics such as Android Security Model, Setting up the lab, Rooting, Assembling / Disassembling, Rapid static/dynamic analysis, Intercepting traffic, Network analysis, Memory dump analysis, Inter-Process Communication, etc. In the end, we will also cover countermeasures for most of the commonly found vulnerabilities in Android Apps.
Shubham is Security Consultant at iViZ Security having 3 years of experience in penetration testing. Apart from pen-testing, he loves to work in Mobile Security, big-data intelligence and network monitoring techniques. He also don’t mind bug hunting and he has reported many critical flaws in many prestigious websites including AT&T, Adobe, Yandex, Facebook, Google, etc.
Sudhanshu is Security Consultant at iViZ Security and along with pen-testing, he specializes in OSINT, Mobile Security and Social Network Analysis. He has a keen interest in Reconnaissance and Data Visualization. Having a flair for writing he has contributed to various weblogs such as Recorded Future, InfoSec institute etc.
1 Day training – May 9th. 10 AM – 6PM
In this course you will learn how to attack and compromise an entire Web Server, using different tools, combining results and of course your mind!. Understand how to exploit different vulnerabilities with hands-on exercises from the basics to the advanced exploitation.
This course is 80% technical and 20% theory. Covering:
- Web Technologies
- Attack and Vulnerabilities
- Vulnerability Scanning
- Directory Browsing
- SQL Injection
- Blind SQL Injection
- Cross-Site Scripting (XSS)
- Persistent Cross-Site Scripting (XSS)
- Path Traversal and File inclusion
- Dynamic content modification
- Remote Shell injection
- Command Injection
- DoS and DDoS
May 9th. 10AM-6PM
Instructor: Matias Katz
Matias Katz is a Penetration Tester who specializes Web security analysis. He is the founder of Mkit Argentina, a company that specializes in penetration testing services and hacking training. He loves to build simple tools to perform discovery and exploitation on any software or network. He has spoken at BlackHat, Ekoparty, H2HC, Campus party, OWASP and many important conferences. He is the founder of Andsec conference (www.andsec.org). Also, he is Super Mario World master!!
May 9th 10 AM – 6 PM