2012 Training Courses
PaulDotCom Enterprises is proud to offer training courses this year, Offensive Countermeasures - Defensive Techniques That Actually Work and Using and Automating the Metasploit Framework. See below for course offerings at your favorite events and conferences.
Offensive Countermeasures: Defensive Techniques That Actually Work:
Blackhat 2012 (July 21-22 & 23-24)
Course Name: "Offensive Countermeasures: Defensive Measures That Actually Work"
Course Overview
One of the big questions we get is why Offensive Countermeasures are so important. Well, to be honest, you will need it someday. The current threat landscape is shifting. We need to develop new strategies to defend ourselves. Even more importantly, we need to better understand who is attacking us and why. Some of the things we talk about you may implement immediately, others may take you a while to implement. Either way, consider what we discuss as a collection of tools at your disposal when you need them to annoy attackers, attribute who is attacking you and, finally, attack the attackers.
More to the point, the old strategies of security have failed us and will continue to fail us unless we start becoming more offensive in our defensive tacts.
Course Topics
Why Offensive Countermeasures?
Legal Issues
Core Security Concepts most People are Missing
Why Current Security Strategies are Failing
Layers of Defense for the Bad Guy
Observe Orient Decide Act
The Three A's of Offensive Countermeasures (Annoyance, Attribution and Attack)
Fuzzing Attack Tools
DOM-Hanoi
SpiderTrap
Web Labyrinth
DNS Servers from Hell
Honeypots
Dynamic Blacklists from the Command Line for Windows and for Linux
Dealing with Attackers using TOR
Proxychains and TORProxy
How Nmap Really Works with TOR
Metasploit Decloak
Word Web Bugs
Web Application Street Fighting
Browser Exploitation Framework
Evil Java Applications
Social Engineering Toolkit and OCM
Bypassing AV... To Attack the Attackers
Honey Claymores (or, Why did I open that file?)
Student Course Requirements
Basic OS understanding of Windows and Linux and a basic understanding of TCP/IP
Host system with at least 2 Gig of memory, VMware Player, Workstation or Fusion running on Windows XP, Windows 7, or OS X
Course Name: "Using and Automating the Metasploit Framework"
Description
Penetration testing is often a contest between an attacker of limited resources and a target with significant defenses and capabilities. Security tools, including the Metasploit Framework, are designed to extend the capabilities of a single attacker and gain access where none is provided.
This course dives into the basic usage of the Metasploit Framework, Automation of modules for discovery, exploitation and post exploitation with built in tools, Intro to the Metasploit API for the writing of your own plugins, resource scripts and modules so as to further automate tasks with the framework.
PREREQUISITE WARNING Each class has prerequisites for software loads and a laptop is mandatory. These individual class guides will list material the students are expected have knowledge about coming in and software tools that need to be pre-installed before attending so you get the maximum benefit from the focused intermediate or advanced level course. Please pay particular attention to the prerequisites, as the material listed there will not be reviewed in the courses, and will be necessary to get the maximum benefit out of these educational programs.
Prerequisites
Students will need a laptop capable of running version 4.1 of the Metasploit Framework.
Students should have working knowledge of Microsoft Windows and at least one Unix-like operating systems (Linux, Solaris, Mac OS X, etc).
Students should have some experience with one or more scripting language, such as Ruby, Perl, Python, or PHP.
Students should also be familiar with TCP/IP networking and be comfortable configuring TCP/IP settings on Unix and Windows platforms.
Recommendations
A laptop running a recent version of Linux, Windows, or Mac OS X.
Experience using the Metasploit Framework.
Experience with exploits and vulnerability assessment tools.
Experience with the Ruby programming language.
Experience with TCP/IP.