As part of the 2011 Rochester Security Summit we are pleased to offer three sessions of the Ethical Hacking training this year in a format that combines a presentation format with hands-on practice labs. After registering for the Rochester Security Summit, additional pre-registration is required for these training sessions, and class size is limited to 20 individuals in each session. You may register for only one of the sessions; there are 2 different training courses, with different expectations and requirements, so please read the descriptions carefully. No prior ethical hacking experience is required for either class. There are no additional fees for the Ethical Hacking Training session, however you must register for the Security Summit, then you will be given instructions for registering for the optional Ethical Hacking Training. Each session is limited to 20 attendees, so be sure to register early.
You may sign up for only one session. Please read the descriptions below carefully and understand the expectation and requirements for the training sessions.
| # | Training Session | Schedule |
|---|---|---|
| 1 | Beginners Introduction to Ethical Hacking and Penetration Testing by Dennis Allen of CERT | Tuesday Oct 4 10:30 am – 12:20 pm |
| 2 | Network Exploitation for Penetration Testers by Rob Fuller & JP Bourget |
Tue Oct 4 1:30 pm – 4:30 pm Continued Wed Oct 5 9:30 am - 11:30 am |
Learn basic Ethical Hacking techniques in this hands-on workshop with CERT - Software Engineering Institute of Carnegie Mellon. The workshop utilizes XNET, the same training and simulation platform used in multiple cyber defense exercises conducted by the U.S. government and the International Cyber Defense Workshop. The workshop will be approximately two hours, and will introduce attendees to the basic techniques of network port scanning, vulnerability scanning, exploitation with Metasploit, and if time allows, password cracking and possibly other penetration test techniques. In order to access the training and participate in the course, all attendees must bring their own laptops with an 8'-12' ethernet cable, screen resolution of 1280x800 or greater, and a web Browser that allows Microsoft's signed ActiveX Remote Desktop Control OR CERT's signed Java Applet.
Dennis M. Allen:
Dennis M. Allen, CISSP, leads a group of talented information security professionals in the development and implementation of cyber security training programs for the Software Engineering Institute's CERT® Program. He has 18 years of experience providing technology and security solutions to small businesses, Fortune 500 companies, government organizations, and the U.S. military. In addition to professional experience Dennis served 14 years in the U.S. Army reserves where he participated or led multiple cyber defense exercises and information assurance missions. His active memberships include the Rochester ISSA Chapter, ACM, and (ISC)².
This class walks through the basics of networking protocols, their use and exploitation as part of the penetration tester's bag of tricks. No 0-day exploits being dropped or crazy web application bugs being exploited, just old school tricks that still work. There should be something for everyone, even some tricks that even the more experienced testers might not know. We’ll cover a variety of network protocols including SMTP, SSH, HTTP and DNS and RDP. We’ll talk about how they work and how they are exploited, and you’ll have plenty of hands-on lab opportunities to try out these exploits on vulnerable systems from your own laptop on a local network. Prior Ethical Hacking or Penetration Testing experience is NOT required. If time permits other topics may be explored, such as Information Operations, Vulnerability Hunting, More Exploitation, Persistence, and Pivoting. Total time for the sessions is about 4 hours.
Important: If you wish to participate in the lab environment you will need to bring your own laptop, a 8'-12' network cable and have a Linux distribution either installed, bootable, or in a virtual machine. Your laptop needs a working wired network connection. We will be using the Linux shell command line, and digging into internal protocol details, while this is not an advanced class, it is one for "Penetration Testers" so basic usage of Linux is required. Metasploit Framework(or Express/Pro), netcat or telnet, dig, nmap, miredo, THC-IPv6 tool package (http://www.thc.org/thc-ipv6/) needs to be installed and tested prior to class starting. Downloading and testing a bootable or virtual version of back-track 5 (www.backtrack-linux.org) is one way of getting the tools you'll need.
Rob Fuller | Mubix
Rob is a Penetration Tester at Rapid7. (Rob @mubix) He has worked for Applied Security as a Network Attack Operator, a Penetration Tester for the Department of Defense, a Senior Incident Response Analyst for the Department of State and multiple Information Security Positions in the United States Marine Corps. During his service in the United States Marine Corps he was a team lead for the Marine Corps' Incident Response Team and a Security Test Engineer for the Marine Corps' R&D section. He has extensive experience in full-scope penetration testing, Web application assessments, wireless security, incident response, and related development. Rob's blog is at Room362.com and his twitter handle is mubix.
JP Bourget
Jean Paul (JP) Bourget (JP @punkrokk), BS IT, RIT 2005; MS Computer Security and Information Assurance, RIT 2008; CISSP; MCSE, CSSA. JP has six years experience in computer networking, system administration, and information security. During the day JP is responsible for Network and Security Management for a medium size global company based in the US. JP is also adjunct faculty at Rochester Institute of Technology where he teaches Networking and Security undergraduate classes. In his spare time, JP snowboards, rides motorcycles, mountain bikes and enjoys fixing up older homes. JP also contributes spare time to the Board of Neighborworks Rochester.