All too often, we at Attack Research have found that students are not being taught, or are not allowed, to properly perform real-world scenarios. For example, they want to run vulnerability scanners on penetration tests! When we say they are not allowed to perform real-world scenarios, some would say it’s the government or the company that doesn't want the real-world scenario. This might be very true, but those governments and companies received the understanding somewhere that running vulnerability scanners on a penetration test was a good idea, and this understanding came through some form of education. Think of network security back in the late 90's to early 2000's: Real-world attacks really did combine scanning for a vulnerability and then exploiting it. Sasser came along and changed the game, and we then had firewalls, improvements in host configurations, etc. In the early 2000's, we started to see what we currently recognize as training in the industry. This training was based upon the attacks in that time period. Well, the evolution of attack has changed, and so has the defense.
Don't get me wrong; the training industry has also evolved, but not at the rate it did when it first started back in the late 90's and 2000's. Back then, there really wasn't a standard for delivering attack-based training. We have certainly had our fair share of standards since then, but when there is no set standard, it is easier to create a new one than it is to change the current one. Well, it’s time to change that!
Classes at Attack Research are designed to help students with real-world problems. We hope to work at a grass roots level and a management level to change the way governments and companies approach network security. This is why our classes are designed to teach technical-level, real-world content. Not only from an offensive perspective but a defensive one as well. Students will come out of our classes ready to use the skills they learned. They will learn not only how a certain tool is used but the fundamentals behind it so that when they have differing results from the tools, they will know how to handle it or, better yet, they will not use the tool and write their own!
We are proud to announce that Attack Research will be at a
number of
conferences and locations in 2013. Last week, we announced our
partnership with
Trail of Bits to offer training in the New York City area in
January, April,
and June.
Along with our annual training at Black Hat Las Vegas, we have
joined with
Source Conference to provide training at all their conferences.
At Source
Boston, we will be offering a 2-day version of our Offensive
Techniques
training. We will also be at BruCON in September!
Attack Research can transport any of its classes around the
world or at your
own company. If you are interested in private trainings, please
drop us a line
at training@attackresearch.com
Starting in 2013, we will hold trainings at Attack Research
headquarters in New
Mexico, where we will be offering reduced rates for all classes.
The majority
of our classes will be offered at this location, and they are
scheduled to
begin January 29-30. We will debut our brand new class, Operational Post Exploitation. You can register for this class here.
Our list of available classes is:
Offensive Techniques –
Offensive
Techniques offers students the opportunity to learn real
offensive cyber-operation
techniques. The focus is on recon, target profiling and
modeling, and exploitation
of trust relationships. The class will teach students
non-traditional methods
that follow closely what advanced adversaries do, rather than
compliance-based
penetration testing, and will also teach students how to break
into computers
without using exploits.
Operational
Post-Exploitation – This
class explores what to do after a successful penetration into a
target,
including introducing vulnerabilities rather than back doors for
persistence. Operational
Post-Exploitation covers
such techniques as data acquisition, persistence, stealth, and
password
management on many different operating systems and using several
scenarios.
Rapid Reverse Engineering
– Rapid Reverse
Engineering is a must
these days with APT-style attacks and advanced adversaries. This
class combines
deep reverse engineering subjects with basic rapid triage
techniques to provide
students with a broad capability when performing malware
analysis. This course
will take the student from 0 to 60, focusing on learning the
tools and key
techniques of the trade for rapidly reverse engineering files.
Students will
understand how to assess rapidly all types of files.
Attacking Windows — Attacking Windows is
Attack Research’s
unique approach to actually securing Windows. Students will
become proficient
in attacking Windows systems, learning the commands that are
available to help
move around systems and data, and examining and employing
logging and
detection. It will also cover authentication mechanisms,
password storage and
cracking, tokens, and the domain model. Once finished with this
course, students will have a foundation on how attack models on Windows actually happen and how to secure against them.
Attacking Unix — Attacking Unix is Attack Research’s unique
approach to actually
securing Unix. Students will become proficient in attacking Unix
systems,
focusing mostly on Linux, Solaris and FreeBSD. SSH, Kerberos,
kernel modules,
file sharing, privilege escalation, home directories, and
logging all will be
covered in depth. Once finished with this course, students will have a foundation on how attack models on Unix actually happen and how to secure against them.
Web Exploitation — The
web is one of
the most prevalent vectors of choice when attacking targets
because websites
reside outside the firewall. Web
Exploitation will teach the basics in SQL injection, CGI
exploits, content
management systems, PHP, asp, and other back doors, as well as
the mechanics of
exploiting web servers.
MetaPhishing – MetaPhishing is a class designed to teach the
black arts for
targeted phishing operations, file format reverse engineering
and infection,
and non-attributable command and control systems. Once
completing this class,
students will have a solid foundation for all situations of
phishing.
Basic Exploit Development
— In order
to use the tools, one must have an understanding of the basics
of how they
work. Basic Exploit Development will cover the step-by-step
basics, tools, and
methods for utilizing buffer/heap overflows on Windows and Unix.
Advanced Exploitation
- Reliable
exploitation on newer Windows systems requires advanced
techniques such as heap
layout manipulation, return oriented programming, and ASLR
information leaks.
In addition, robust exploitation necessitates repairing the heap
and continuing
execution without crashing the process. Advanced Exploitation
focuses on
teaching the principles behind these advanced techniques and
gives the students
hands-on experience developing real-world exploits.
This full listing is available on our website as well under the
services/training section. Along with each class, there is a
place to allow for
notification of when the class will be offered next, either at
Attack Research
HQ or at a different location.
I will be releasing some example modules from some of our
classes over the next
few weeks so you can get a feel for what we are offering. If you
have any
questions, please don't hesitate to contact us at training@attackresearch.com
Hi...
ReplyDeleteGreat to learn about your training offerings, and I plan to do it when the time comes.
Just a suggestion/request if you could have some training back-to-back for overseas trainee like me.
It will be convenient, and of course cost savings. :-)
I think you are right. The use of vulnerability scanners is an old technique, but due to time and budget constraints, they are necessary. If an organization is willing to pay me for 6 months to do a pen test, then I would not use the vulnerability scanners. Right now my assessments average 3 to 5 days. The only real argument against using scanners is the fact that they are loud. Well, in the assessments that I have done, that does not matter. They already know my team and I are there so stealth is not really an issue.
ReplyDeleteAre you saying that no vulnerability testing should be done during a pentest? If that is true, I would say I disagree with you. If you are referring to red teaming/black box testing, then you are right. The purpose of those test is to attack without getting caught. I do not think that is an effective way of providing usable data to a client that wants to know the security holes that are on their network. Don't get me wrong, its cool and sexy, it may not be the best method of conducting pentests. All the assessments I do are time bound. All of them have objectives that align with the business objectives of the organizations I am assessing. If I were to go do a pentest, find one vulnerability and exploit it, then still all the data off the network without being caught, then I have failed as a pentester. What happens to my credibility if I don't find a critical vulnerability that is exploited by a an attacker after I report my findings to my client? I know if I were an executive and it happened to me, I would want my money back. I say all that to say, to be thorough and to meet the time constraints, vulnerability assessments are necessary for white/grey penetration testers.
ReplyDeleteI totally agree with you. Real-time, interactive test should be completed to give attendees of classes experience. It gives them the same sense of urgency and importance as when a real attacking is going down. Thanks for your insight.
ReplyDelete