Special Event - Penetration Testing Workshop

Charlotte Metro ISSA

Cost
<UL>
<LI>ISSA Members - $225.00 Includes $25 Food Court gift card for breakfast and snacks and includes a Complimentary ticket to the May 2, 2019 Infosec Summit</LI>
<LI>Non-Members - $350.00 Includes $25 Food Court gift card for breakfast and snacks and discounted ticket (Member pricing of $45.00) to the May 2, 2019 Infosec Summit.</LI>
</UL>
Course Description This workshop is designed to introduce IT and cyber security professionals and students the mindset and tactics of malicious attackers in order to better defend networks against cyber attacks. One only has to look to the daily news cycle to not only see the number of security attacks that occur on a regular basis, but also the damage done to organizations by such attacks. Attackers continue to leverage old attacks while also introducing new tactics, which present a real and present danger against any organization, its clients, shareholders and employees. Every corporation needs IT professionals that understand how an attacker thinks and acts, as well as someone that can successfully integrate such knowledge into their daily job responsibilities. 
Over the course of two days, participants will gain an understanding of how attackers work to compromise a target network and its resources, including an in-depth look at the Attacker Methodology. For those wishing to demonstrate their newly acquired cyber security knowledge, this course is designed to help participants prepare for penetration testing related exams such as the Certified Ethical Hacker (CEH) and CompTIA’s Pentest+ exams. It can also act as a strong jumping off point on the journey to the Offensive Security Certified Professional (OSCP) certification.
Target Audience 
<UL>
<LI>Information Technology professionals and students looking to gain a better understanding of how attackers gain access to networks and how to defend against such tactics.</LI>
<LI>Security professionals looking to better understand the penetration testing process and gain additional information on how to defend their networks from attackers today.</LI>
<LI>Participants interested in learning more about the Information Security field.</LI>
</UL>
Prerequisites While an understanding of basic networking concepts is useful, this course is designed to serve as a standalone learning experience. Experienced attendees should also find valuable tips on how to best defend against different security attacks seen today while brushing up on technical skills perhaps not used on a daily basis. 
Minimum System Requirements:  CPU: 2.0+ GHz processor or higher (64-bit preferred)  RAM: 4 GB (Gigabytes) of RAM or higher 
<UL>
<LI>The more RAM the better.  Some laptops require 8GB+ to not have any performance issues </LI>
</UL>
Hard Drive Space: 30 gigabytes of free disk space  
<UL>
<LI>50+ gigabytes of free disk space preferred </LI>
</UL>
Other: 
Wireless Ethernet 802.11  USB ports (3.0 recommended)  Oracle VirtualBox installed and running (setup instructions will be provided prior to the course)  
<UL>
<LI>Participants may choose to use VMware as an alternative though instructions provided are for VirtualBox </LI>
</UL>
Administrative access of main operating system  
<UL>
<LI> Some exercises will require anti-malware applications to be disabled temporarily to function correctly </LI>
</UL>
Software to complete the self-contained labs will be provided on a course USB for each student. 
Setup instructions will be sent out prior to the course for those students that want to have their system preconfigured prior to coming to class. 
Speaker Bio Michael Holcomb is the Director of Information Security for Fluor, a Fortune 500 organization that is one of the world's largest construction, engineering and project services companies with 60,000 employees around the world. In his role at Fluor, Michael is responsible for penetration testing, vulnerability management, incident detection/response, and industrial controls for the global organization. In addition to his role at Fluor, he is the Founder and President of the Greenville ISSA Chapter and BSides Greenville.
 He also teaches cyber security as an adjunct instructor at Greenville Technical College and helps students, career transitioners and others that are new to cyber security at becomeacybersecuritypro.com. 
Course Outline & Learning Objectives DAY ONE: Module 1: Introduction to Penetration Testing In the first module, the concept of “ethical” or “professional” hacking is introduced, including a discussion on penetration testing, the different phases of the Pentesting process and an overview of the formal penetration testing frameworks that exist today.
Module 2: Capturing Network Traffic One essential skill for penetration testers and IT professionals alike is the ability to capture, examine and manipulate network traffic. This section covers the basics of using Wireshark to capture and examine network traffic, especially traffic generated by the various attacks launched during testing which can help such efforts become more successful. 
Module 3: Reconnaissance This module introduces the participant to the first step of the Attacker Methodology – Reconnaissance. This critical first step focuses on the penetration tester gaining as much relevant information about a target using various methods, including a collection of open source tools and information made publicly available on the Internet such as WHOIS records and social media postings.
Module 4: Open Source Intelligence (OSINT) Coupled with the previous module on performing reconnaissance which primarily focuses on pure network security, this section looks to the broader world of OSINT and the different resources and techniques which are available in assisting IT and security practitioners in conducting their own OSINT investigations into discovering more about the people working in a target organization and the company itself.
Module 5: Social Engineering Once additional information is discovered about a target organization’s employees and other human resources, social engineering tactics can be employed to gain access. This section will cover common techniques such as phishing and vishing, social engineering attacks conducted over email and phone calls.
A wide range of best practices to deploy in your own company will be discussed to help strengthen your organization against social engineering attacks.
DAY 2: Module 6: Scanning & Enumeration This module will look at the different types of scanning techniques used by attackers while participants learn how to conduct network scans to identify live hosts, applications and potential vulnerabilities. Once an attacker has performed initial reconnaissance and has identified live systems, the next step is to conduct more detailed port scans to determine which services are running on a target system and if those services can be potentially exploited.
Module 7: Exploitation & Gaining Access Once an attacker has identified systems and specifics on the various services that are exposed on these systems, the attacker or professional penetration tester will attempt to exploit any discovered vulnerabilities to gain access to the system. One of the most common exploitation frameworks, Metasploit, will be reviewed in this section while also walking through the creation of an exploit. 
Module 8: Wireless Security Most organizations have wireless networks deployed to enable their employees to easily access company networks without being tethered by physical cables. While wireless networks bring many conveniences, organizations and penetration testers alike need to be aware of recent developments in wireless security which could expose many networks deployed today. We will discuss a wide variety of concerns related to wireless networks, including more recent developments in wireless attacks in 2019. 
Module 9: Web Application Attacks Web applications are one of the most popular routes attackers will use to gain access to a network. This module will cover an overview of the OWASP Top 10 web application attacks such as SQL injection which is used to manipulate web apps which leverage a database backend. Poorly written and unprotected web applications can be susceptible to different attacks which can allow an attacker to bypass different traditional security controls and gain control of internal resources.

Charlotte Convention Center

Our {communityGuidelinesLink} describe the sort of content we prohibit on Eventbrite. If you suspect an event may be in violation, you can report it to us so we can investigate.

To report other categories of prohibited or illegal content, submit {link}

Special Event - Penetration Testing Workshop

More events from Charlotte Metro ISSA

Discover more events from Charlotte Metro ISSA, from Business to other experiences you might love.

Still looking for the right event?

Explore all events in Charlotte and filter by date, category, and more to find the perfect fit.

Special Event - Penetration Testing Workshop

More events from Charlotte Metro ISSA

Discover more events from Charlotte Metro ISSA, from Business to other experiences you might love.

You might also like...

Browse more events with different dates, prices, and formats to find your next great experience.

Still looking for the right event?

Explore all events in Charlotte and filter by date, category, and more to find the perfect fit.