Real-World Penetration Testing

Hands-On Training -- OWASP New Zealand Day-2019

This fast-paced course will teach you how to leverage bleeding edge toolsets and techniques to conduct effective, in-depth penetration tests on the latest, real world network, web and application components. This highly intense, completely hands-on lab based curriculum has been created by our team of industry leading experts with experience in training thousands of professionals from Fortune 500 enterprises, defense and law enforcement agencies.

The class will be conducted on our cloud based, state of the art lab platform where attendees will be doing ​30 unique lab exercises in class​​! Over 90% of class time will be spend on these hands-on, live penetration tests!

In addition to the presentation PDFs, lab handouts, workbooks, video solutions, etc., we will be providing all students 60 Days of free access to our online lab platform after the class! This will ensure you have enough time to revisit the concepts, and work through the exercises again later.

Learning Objectives

In this course, attendees can expect to:

• Learn how to interact with, and conduct penetration tests against, new technology
• Learn how to approach the problem in hand
• Learn scripting and automation of tools
• Practice each challenge, with hands-on assistance from instructors on a dedicated cloud environment
• Continue practicing the skills learned, through 60 days of continued free access to the Web-based lab environment

Course Topics

Topics to be covered during the training include, but are not limited to:

• New age network, Web, and application components: evolution and challenges
• Deployment complexities: server farms, cloud hosted and hybrid environments
• Reconnaissance, Analysis, Data Exfiltration, and Exploitation of:
  • Web servers: Apache, Nginx, Tomcat, Gunicorn, Tornado, Node/JS
  • Frameworks: Ruby on Rails, Django, Node/JS
  • Caching servers: Memcache
  • Distributed queues and brokers: RabbitMQ, Celery, Kafka, ActiveMQ
  • Datacenter: ESX, KVM, Docker, Kubernetes attack vectors
  • Serverless technologies: Amazon Lambda
  • Cloud services: AWS, Azure, GCP based applications and services
  • SQL Databases: MySQL, PostgreSQL, SQLite
  • NoSQL Databases: MongoDB, CouchDB, ArangoDB, Couchbase
  • Distributed Database: Apache Ignite
  • Log analysis and SIEM platform attack vectors: ELK, Graylog
  • Attacking VoIP systems: Traffic analysis, decryption, and recovery
• Privilege escalation exercises on Linux servers, Web, and network applications
• Pivoting tools and techniques: Double, triple, and beyond
• Advanced lateral movement, persistence, and data exfiltration
• Subverting network defenses: Network and Host Firewalls, Anti-Virus, and HIDS
• Uncovering C&C: Botnets, traffic encapsulation, and tunnelling
• IoT networks, protocols, and exploitation: MQTT, CoAP, AMQP, etc.
• Securing the infrastructure and apps: Hardening techniques

Course Details

Date: Thursday, 21 February 2019

Time: 8:45 a.m. to 5:30 pm.

Course Fee: $500.00 (NZD)

Registration Site: https://owaspnz2019-training.eventbrite.com

Location: University of Auckland School of Business, 12 Grafton Road, Auckland - Lower Level

Skill Level: Basic - Challenges of all difficulty levels will be included, so this course is suitable for attendees of all skill levels. We start from the basic level, and move towards advanced levels

Required Materials: Each attendee is required to bring their own laptop computer. Prior to arriving at the class, attendees should ensure their Web browser has been updated to the latest available version (Google Chrome is recommended for interaction with the Web-based lab site)

Instructors: Vivek Ramachandran and Nishant Sharma

Instructors' Organisation: Pentester Academy

Your Instructors

Vivek Ramachandran - Vivek is the founder and CEO of Pentester Academy, AttackDefense.com, and Hacker Arsenal. He discovered the Caffe Latte attack, broke WEP Cloaking (a WEP protection schema), conceptualised enterprise Wi-Fi Backdoors and created Chellam, the world's first Wi-Fi Firewall. He is also the author of multiple five star-rated books, which have together sold over 20,000 copies worldwide and have been translated to multiple languages. Vivek started Pentester Academy in 2013, which now serves thousands of customers from over 90 countries. He also conducts in-person training in the US, Europe, and Asia. Vivek's work on wireless security has been quoted in BBC online, InfoWorld, MacWorld, The Register, IT World Canada etc. places. He has spoken/trained at top conferences around the world including Black Hat USA, Europe and Abu Dhabi, Defcon, Hacktivity, Brucon, SecurityByte, SecurityZone etc. Vivek has over a decade of experience in security, and has keen interest in the areas of Wireless, Mobile, Network and Web Application Pentesting, Shellcoding, Reversing and Exploit Research. He loves programming in Python, C and Assembly.

Nishant Sharma - R&D Manager at Pentester Academy and AttackDefense,com. He is also the Architect at Hacker Arsenal, where he leads the development of multiple gadgets for WiFi pentesting such as WiMonitor, WiNX and WiMini. Nishant also handles technical content creation and moderation for Pentester Academy TV. He has more than six years of experience in information security, including over four years in WiFi security research and development. He has presented/published his work at Blackhat USA/Asia, Wireless Village, IoT village and Demo labs (DEFCON). Prior to joining Pentester Academy, he worked as a firmware developer at Mojo Networks, where he contributed in developing new features for the enterprise-grade WiFi access points and maintaining the state-of-the-art WiFi Intrusion Prevention System (WIPS). He has a Masters degree in Information Security from IIIT Delhi. He has also published peer-reviewed academic research on HMAC security. His areas of interest include WiFi and IoT security, AD security, Forensics and Cryptography.