Mainframes, and specifically z/OS, represents a massive blind spot when it comes to penetration testing. People lack the capabilities and language to properly test the security of these corporate mainstays. As it stands today these system sit largely untouched by IT security professionals, until, that is, a breach occurs, such as the breach of a bank and government mainframe in Europe leading to the potential loss of a million USD. If your company has a mainframe chances are it’s never been given it’s proper day in the sun. We’ve heard all the excuses ranging from “system outage” to “we don’t know how”. This training aims to tackle the excuses by demonstrating that mainframes are just computers like everything else, providing the attendees with the language and knowledge to start testing their own mainframes. Arming them with the appropriate responses and tools to tackle every excuse in the book.
This workshop will go through using PowerShell with offensive and defensive methodologies. Students will learn about existing scripts and tools as well as how to write their own tools for both offense and defense. The first part of the course will focus on attacking followed by how to detect and defend against the attacks. By going through both the offensive and defensive parts with PowerShell, the student will gain a new understanding of both sides of security which will help reinforce and strengthen their current understanding of security. By focusing on PowerShell attacks, the students will be able to focus attacking systems directly from memory as well as how to detect and deflect these types of attacks without having to use any other tool.
PowerShell has established itself as the language of choice for anyone that works with Windows and this isn’t limited to just Systems Administrators. Cutting edge Windows attacks and techniques are being developed in PowerShell and are being seen in the wild. As Penetration Testers, it is our job to stay relevant and represent a realistic threat to an environment and now that means knowing how to use PowerShell to attack a network.
This two day course is designed to take people with little to no scripting knowledge and help them learn how to effectively use PowerShell to test a network's security. You’ll learn not just how to use existing offensive tools, but how to create your own scripts and modules to handle various stages of an engagement. We’ll cover common Windows attacks in depth, including how token impersonation works and how relay attacks work. To wrap the course up, you’ll learn about how you can detect PowerShell attacks so that you can defend against them in your own network.
This introduction to the world of exploit development will teach you how to start writing stack based exploits on the Linux and Win32 platforms. We will break out a couple debuggers to see what buffer overflows look like and discuss methods that take advantage of them. You will learn how basic protection mechanisms behave, such as canaries, and discover ways to circumvent them. In the process, you will come to love how Assembly looks in the dim glow of your monitor and that moving bytes around a stack is not as scary as it sounds. This will be a hands-on class, so prepare to get your feet wet. If you are willing to take the red pill, I'll help you discover how deep the rabbit hole can go.
We are excited to announce that the Charlotte ISSA Annual Summit is scheduled for May 19th 2016 at the Charlotte Convention Center. It is shaping up to be an incredible event with a variety of talks and educational presentations in addition to our stand out keynote speakers.
More details about the summit can be found on our homepage: https://www.charlotteissa.org
This is an introductory class into specific protocols and technologies that are used on corporate networks around the world focusing on the point of view of an attacker. Things like how DNS, HTTP, SMTP and other basics of networking, then moving on to “Layer 7″ with IIS/Sharepoint, VPNs, Windows Active Directory, and Unix services.
About The Instructor
Rob Fuller @mubix is a Senior Red Teamer. His professional experience started from his time on active duty as a United States Marine. He has worked with devices and software that run the gambit in the security realm. He has a few certifications but the title he holds above the rest is FATHER, HUSBAND, and United States Marine.
Prerequisites: No previous experience in pentesting is necessary as this course is designed for entry level. Students must be experienced with their OS of choice as well as have a basic understanding of Kali Linux.
Class Requirements: Students will be required to bring their own laptops for the class. Laptops will need a VMWare Workstation (NOT VMWARE PLAYER) or VirtualBox installation with an install of Windows 7 and Kali Linux as the guest virtual machines prior to the class. All other tools will be provided.
Click here to register.
Have you ever been working on a penetration test, and encountered a problem for which there is no perfect tool? Maybe you know how to step through a test sequence manually but don’t have a way to automate it. Python is a versatile, cross-platform, well documented language with an enormous amount of support through pre-existing libraries. This makes it very useful for a variety of penetration testing tasks as well as everyday system administration. This course introduces intermediate Python concepts and libraries to the novice Python scripter in a series of practical lab exercises.
- A basic understanding of programming structure (i.e. variables, conditionals, functions, loops, etc…)
Attend a basic Python course that covers elementary Python concepts. Suitable options include:
Codeschool’s “Try Python” course (currently free):http://campus.codeschool.com/courses/try-python
CodeAcademy’s Python track (free): https://www.codecademy.com/
Or for the quick-study or review, watch the Professionally Evil Python Primer:https://www.youtube.com/watch?v=fami0WJCH1U
Click here to register for the class.
All Charlotte ISSA members are encouraged to participate in our first meeting for the year! Join us January 28th at Bravo! Cucina Italiana, we'll provide drinks and snacks while we get organized for the year ahead. We'll also be holding elections the following positions on our board.
- Vice President
- Communications Director
If you would like to submit a name for the ballot, please send us an email at [email protected]
You can register for the event on our eventbrite here
Learn to rip apart malware like a pro with the one and only Paul Burbage. After this class you can expect to run your own malware empire selling zero days to highest bidder while maintaining your bitcoin mining botnet of millions of unsuspecting routers and thermostats. This course is literally your ticket to unending power and the complete annihilation of your foes.
This course provides customized training on the latest open source tools and manual techniques for performing end-to-end web application penetration testing engagements. After a quick overview of the penetration testing methodology, the instructor will lead students through the process of testing and exploiting a target web application using the techniques and approaches developed from a career of real world application penetration testing experiences. Students will be introduced to the best open source tools currently available for the specific steps of the methodology, including Burp Suite Pro, and taught how these tools integrate with manual testing techniques to maximize effectiveness. A major goal of this course is teaching students the glue that brings the tools and techniques together to successfully perform a web application penetration test from beginning to end, an oversight in most web application penetration testing courses.