The Charlotte ISSA chapter is committed to providing the Information Security professionals of Charlotte opportunities to grow both technically and professionally through training, meetings and summits.
PowerShell has established itself as the language of choice for anyone that works with Windows and this isn’t limited to just Systems Administrators. Cutting edge Windows attacks and techniques are being developed in PowerShell and are being seen in the wild. As Penetration Testers, it is our job to stay relevant and represent a realistic threat to an environment and now that means knowing how to use PowerShell to attack a network.
This two day course is designed to take people with little to no scripting knowledge and help them learn how to effectively use PowerShell to test a network's security. You’ll learn not just how to use existing offensive tools, but how to create your own scripts and modules to handle various stages of an engagement. We’ll cover common Windows attacks in depth, including how token impersonation works and how relay attacks work. To wrap the course up, you’ll learn about how you can detect PowerShell attacks so that you can defend against them in your own network.
This workshop will go through using PowerShell with offensive and defensive methodologies. Students will learn about existing scripts and tools as well as how to write their own tools for both offense and defense. The first part of the course will focus on attacking followed by how to detect and defend against the attacks. By going through both the offensive and defensive parts with PowerShell, the student will gain a new understanding of both sides of security which will help reinforce and strengthen their current understanding of security. By focusing on PowerShell attacks, the students will be able to focus attacking systems directly from memory as well as how to detect and deflect these types of attacks without having to use any other tool.
Mainframes, and specifically z/OS, represents a massive blind spot when it comes to penetration testing. People lack the capabilities and language to properly test the security of these corporate mainstays. As it stands today these system sit largely untouched by IT security professionals, until, that is, a breach occurs, such as the breach of a bank and government mainframe in Europe leading to the potential loss of a million USD. If your company has a mainframe chances are it’s never been given it’s proper day in the sun. We’ve heard all the excuses ranging from “system outage” to “we don’t know how”. This training aims to tackle the excuses by demonstrating that mainframes are just computers like everything else, providing the attendees with the language and knowledge to start testing their own mainframes. Arming them with the appropriate responses and tools to tackle every excuse in the book.