Courses

Much of the security industry is focused on the vulnerable code implemented in current applications and devices. Often times the real world knowledge of the exploits and techniques is limited because the act of exploitation is regarded as a “dark art” and confusing to learn without prior knowledge. This course is meant to teach exploitation from the ground up in a way that few other classes do: beginning with a firm grounding in concepts of computer architecture. Starting with the assumption that the student has no prior understanding of assembly or exploitation techniques. In this course exploitation is built on a real understanding of what is taking place, rather than a blind reliance on fuzzing which leaves a student with little in the way of applicable skills. Students will reverse engineer and build exploits for applications during the course.

Reverse engineering is a staple skill in the computer security field. Inspecting malware, confirming a patch fixes insecure code, and black box exploitation are all based on the ability to properly disassemble binaries. This course is designed to utilize a pattern recognition based approach to teach the skills and confidence necessary to reverse engineer black box binaries in the wild in a time limit. Ideas and concepts discussed will not be limited to a single set of specific tools or Operating Platform, however, the course will focus on the x86 processor and instruction set. Students do not need any familiarity with OS specifics or low level languages, and in fact it is preferred if they attempt to forget what they have learned about them in the past.

Linux exploitation is the usually the starting point for the learning and exploration of common exploitation techniques. Many security researchers have a difficult time expanding into the closed source and often times undocumented Microsoft Windows operating system. This course is designed to immerse the novice exploit developer in the world of Microsoft. Starting with the systematic reverse engineering of patches, through the development of simple proof of concept code, finally to the robust exploit which may utilize advanced techniques such as IDS evasions.

The complexity of web applications continues to grow, and with a significant amount of current technologies being implemented with expedited timelines, there is a disconnect with the importance of the secure implementation of data driven web applications. In order to build secure applications a deep understanding of the various vulnerabilities and potential outcomes of a real world exploitation is required. The course will not only explain how the attacks work in detail, but will also offer students hands on experience at performing the different attacks. After this course students will better understand how current web vulnerabilities work and as a result how to better protect against them. The material will cover conventional web attacks such as: Cross Site Scripting, SQL injection, and Arbitrary Command Execution. More advanced topics will cover Blind SQL Injection, XPath injection, filter evasion and much more.

This course will cover a wide variety of the publicly-available exploit tools and how they can be used specifically against a Cisco infrastructure. A majority of the course time will be spent in practical labs. Therefore, a certain level of Cisco expertise will be expected. The training will also cover the possible defenses against these attacks. Students will be using 2651 routers, and 1900 switches for their labs. The lab core will consist of 3600s, 2900s, 2500s and servers of various flavors. Students will be required to bring their own laptops to attach to the labs (with appropriate caution). This course will focus on Cisco router and switch vulnerabilities and will not be covering PIX firewalls, VPN concentrators, or IDS tools.

Modern enterprises use modern infrastructure systems, including smart buildings, advanced door/access systems, and state of the art security monitoring. All these technologies are migrating to network-based deployment. This class discusses convergence (physical/infrastructure+network) technologies and how they can be attacked and exploited. The class will address physical security systems as network attack targets. It will first cover the application of classic techniques to infrastructure targets, and then will move on to cover specifics on this class of targets, including IP Video systems, and follow up with how to apply conventional network defense techniques to harden a network-based infrastructure.

This class will cover basic crypto technologies as deployed in the modern internet. It will discuss how these crypto technologies are applied to common protocols such as SSL. Cryptographic concepts that will be covered include public key cryptography, symmetric encryption algorithms, hashing, digital signatures, code signing. The class will present how these crypto solutions are used in practice and will introduce the basics of operating crypto systems in a network. Lab exercises will cover SSL, SSH, PGP, IPSec, and digital certificates.

This class will cover the application of modern crypto technologies to enterprise networks. It will discuss authentication systems, two-factor authentication, PKI deployments, key management. It will also address advanced crypto applications including IPSec VPN's, disk encryption, tape encryption, and digital rights management. The class will include lab exercises with simulated deployments of a PKI, a VPN, data at rest encryption (disk and tape), and a digital signature/drm lab.

Modern network-based attacks can be subtle enough that conventional network troubleshooting techniques are not always sufficient for tracking down problems. This class discusses advanced techniques to apply state of the art network management technologies for network forensic purposes. The class will start with the use of classic tools (syslog, wireshark, snmp) for forensic purposes and then will cover traffic analysis using PCAP, IPFix/Netflow, and other advanced tools. The course will include labs on network trace forensics, log forensics, network managment tools, and network trace analysis.