This course is designed to help students build and maintain a truly defensible security architecture, while taking them on a journey towards implementing Zero Trust principles, pillars and capabilities. There will be a heavy focus on leveraging current infrastructure and investment. Students will learn how to assess, re-configure and validate existing technologies to significantly improve their organizations’ prevention, detection and response capabilities, augment visibility, reduce attack surface, and even anticipate attacks in innovative ways. The course will also delve into some of the latest technologies and their capabilities, strengths, and weaknesses. You will come away with recommendations and suggestions that will aid in building a robust security infrastructure, layer by layer, across hybrid environments, as you embark on a journey towards Zero Trust. 23 Hands-On Labs + Capstone Secure the Flag Challenge


SEC530.1: Defensible Security Architecture and Engineering: A Journey Towards Zero Trust
SEC530.2: Network Security Architecture and Engineering
SEC530.3: Network-Centric Application Security Architecture
SEC530.4: Data-Centric Application Security Architecture
SEC530.5: Zero-Trust Architecture: Addressing the Adversaries Already in Our Networks
SEC530.6: Hands-On Secure the Flag Challenge

SEC530: Defensible Security Architecture and Engineering: Implementing Zero Trust for the Hybrid Enterprise

ادامه مطلب

We will look into how we can bypass kASLR, kLFH, and do hands-on exploitation using data-only attack, which effectively bypasses SMEP and other exploit mitigations.

Upon completion of this training, participants will be able to learn:

  • Exploit development process in kernel mode
  • Mitigation bypasses
  • Pool internals & Feng-Shui
  • Arbitrary Read/Write primitive


Day 1

  • Exploit Mitigations
    • Kernel Address Space Layout Randomization (kASLR)
      • Understanding kASLR
      • Breaking kASLR using kernel pointer leaks
    • Supervisor Mode Execution Prevention (SMEP)
      • SMEP concepts
      • Breaking/bypassing SMEP
    • Kernel Page Table Isolation (KPTI/KVA Shadow)
      • KPTI concepts
      • Breaking/bypassing KPTI
  • Exploitation
    • Stack Buffer Overflow (SMEP & KPTI enabled)
      • Understand the vulnerability
      • Achieving code execution
    • Arbitrary Memory Overwrite
      • Understand the vulnerability
      • Achieving privilege escalation

Day 2

  • Revision: Day 1 Concepts
  • Exploitation
    • Memory Disclosure
      • Understand the vulnerability
      • Leak function pointer
      • Calculate driver base address
    • Pool Overflow
      • Understand the vulnerability
      • Finding corruption target
  • Grooming target pool and achieving arbitrary read/write primitive (data-only attack)
  • Gaining local privilege escalation
    • Different places to corrupt
  • Capture The Flag
    • Time to finish the CTF
    • Discuss any other vulnerability class if the students want and time permits
  • Miscellaneous
    • Assignment to write a blog post about the vulnerability exploited during CTF
    • Q/A and feedback

Windows Kernel Exploitation by hacksys

ادامه مطلب

This is a training for experienced Web hackers who want to master their toolbox.

Burp Suite Pro is the leading tool for auditing Web applications at large, but also a complex beast where new features get added every few weeks. Mastering Burp Suite Pro, including its newest features, allows testers to get the most out of the tool, optimizing time spent auditing and testing. Work will be faster (hotkeys!) and much more efficient (more tools, more possibilities!). Attendees will also learn to measure and assess the quality of their attacks, a crucial skill in real-life engagements that can make the difference between a false-negative and a critical finding. – Mastering Burp Suite Pro

ادامه مطلب

A complete introduction to 0-day discovery for Windows targets, focusing on closed-source real-world software, including kernel modules and user code.

Who should take this course?

Anyone looking to get into Windows vulnerability research and fuzzing, although many of the concepts and approaches taught can be used for fuzzing on other platforms (MacOS/Linux, etc), all the exercises will focus on Windows. Also useful for red-teamers looking to add zero-days to their arsenal (with a dedicated section on finding quick 0-days on time-limited engagements).

Most topics are beginner friendly and assume limited or no prior experience with modern fuzzing approaches and Windows vulnerability research, with advanced topics (hypervisors & emulators, for example) presented in an easy-to-understand manner.


Signal Labs – Vulnerability Research & Fuzzing

ادامه مطلب

Full Stack Web Attack is not an entry-level course. It’s designed to push you beyond what you thought was possible and set you on the path to develop your own workflow for offensive zero-day web research.

This course is developed for web penetration testers, bug hunters and developers that want to make a switch to server-side web security research or see how serious adversaries will attack their web based code.

Students are expected to know how to use Burp Suite and have a basic understanding of common web attacks as well as perform basic scripting using common languages such as python, PHP and JavaScript. Each of the vulnerabilities presented have either been mirrored from real zero-day or are n-day bugs that have been discovered by the author with a focus on not just exploitation, but also on the discovery.

So if you want to learn how to exploit web technologies without client interaction for maximum impact, that is, remote code execution then this is the course for you.

Source Incite – Full Stack Web Attack

ادامه مطلب

This is not your traditional SCADA/ICS/IIoT security course! How many courses send you home with a $500 kit including your own PLC and a set of hardware/RF hacking tools?!? This course teaches hands-on penetration testing techniques used to test individual components of a control system, including embedded electronic field devices, network protocols, RF communications, Human Machine Interfaces (HMIs), and various forms of master servers and their ICS applications. Skills you will learn in this course will apply directly to systems such as the Smart Grid, PLCs, RTUs, smart meters, building management, manufacturing, Home Area Networks (HAN), smart appliances, SCADA, substation automation, synchrophasors, and even IoT. This course is structured around the formal penetration testing methodology created by UtiliSec for the United States Department of Energy. Using this methodology and Control Things Pentest Platform (previously SamuraiSTFU), an open source Linux distribution for pentesting energy sector systems and other critical infrastructure, we will perform hands-on penetration testing tasks on user interfaces (on master servers and field device maintenance interfaces), control system protocols (modbus, DNP3, IEC 60870-5-104), RF communications (433MHz, 869MHz, 915MHz), and embedded circuit attacks (memory dumping, bus snooping, JTAG, and firmware analysis). We will tie these techniques and exercises back to control system devices that can be tested using these techniques. The course exercises will be performed on a mixture of real world and simulated devices to give students the most realistic experience as possible in a portable classroom setting. Advances in modern control systems such as the energy sector’s Smart Grid has brought great benefits for asset owners/operators and customers alike, however these benefits have often come at a cost from a security perspective. With increased functionality and addition inter-system communication, modern control systems bring a greater risk of compromise that vendors, asset owners/operators, and society in general must accept to realize the desired benefits. To minimize this risk, penetration testing in conjunction with other security assessment types must be performed to minimize vulnerabilities before attackers can exploit critical infrastructures that exist in all countries around the world. Ultimately, this is the goal of this course, to help you know how, when, and where this can be done safely in your control systems.

ادامه مطلب