$350

Special Event - Penetration Testing Workshop

Event Information

Share this event

Date and Time

Location

Location

Charlotte Convention Center

501 South College Street

Charlotte, NC 28202

View Map

Refund Policy

Refund Policy

Refunds up to 1 day before event

Event description

Description

Cost

  • ISSA Members - $225.00 Includes $25 Food Court gift card for breakfast and snacks and includes a Complimentary ticket to the May 2, 2019 Infosec Summit
  • Non-Members - $350.00 Includes $25 Food Court gift card for breakfast and snacks and discounted ticket (Member pricing of $45.00) to the May 2, 2019 Infosec Summit.

Course Description
This workshop is designed to introduce IT and cyber security professionals and students the mindset and tactics of malicious attackers in order to better defend networks against cyber attacks. One only has to look to the daily news cycle to not only see the number of security attacks that occur on a regular basis, but also the damage done to organizations by such attacks. Attackers continue to leverage old attacks while also introducing new tactics, which present a real and present danger against any organization, its clients, shareholders and employees. Every corporation needs IT professionals that understand how an attacker thinks and acts, as well as someone that can successfully integrate such knowledge into their daily job responsibilities.

Over the course of two days, participants will gain an understanding of how attackers work to compromise a target network and its resources, including an in-depth look at the Attacker Methodology. For those wishing to demonstrate their newly acquired cyber security knowledge, this course is designed to help participants prepare for penetration testing related exams such as the Certified Ethical Hacker (CEH) and CompTIA’s Pentest+ exams. It can also act as a strong jumping off point on the journey to the Offensive Security Certified Professional (OSCP) certification.

Target Audience

  • Information Technology professionals and students looking to gain a better understanding of how attackers gain access to networks and how to defend against such tactics.
  • Security professionals looking to better understand the penetration testing process and gain additional information on how to defend their networks from attackers today.
  • Participants interested in learning more about the Information Security field.

Prerequisites
While an understanding of basic networking concepts is useful, this course is designed to serve as a standalone learning experience. Experienced attendees should also find valuable tips on how to best defend against different security attacks seen today while brushing up on technical skills perhaps not used on a daily basis.

Minimum System Requirements:
CPU: 2.0+ GHz processor or higher (64-bit preferred)
RAM: 4 GB (Gigabytes) of RAM or higher

  • The more RAM the better. Some laptops require 8GB+ to not have any performance issues

Hard Drive Space: 30 gigabytes of free disk space

  • 50+ gigabytes of free disk space preferred

Other:

Wireless Ethernet 802.11
USB ports (3.0 recommended)
Oracle VirtualBox installed and running (setup instructions will be provided prior to the course)

  • Participants may choose to use VMware as an alternative though instructions provided are for VirtualBox

Administrative access of main operating system

  • Some exercises will require anti-malware applications to be disabled temporarily to function correctly

Software to complete the self-contained labs will be provided on a course USB for each student.

Setup instructions will be sent out prior to the course for those students that want to have their system preconfigured prior to coming to class.

Speaker Bio
Michael Holcomb is the Director of Information Security for Fluor, a Fortune 500 organization that is one of the world's largest construction, engineering and project services companies with 60,000 employees around the world. In his role at Fluor, Michael is responsible for penetration testing, vulnerability management, incident detection/response, and industrial controls for the global organization. In addition to his role at Fluor, he is the Founder and President of the Greenville ISSA Chapter and BSides Greenville.


He also teaches cyber security as an adjunct instructor at Greenville Technical College and helps students, career transitioners and others that are new to cyber security at becomeacybersecuritypro.com.

Course Outline & Learning Objectives
DAY ONE:
Module 1: Introduction to Penetration Testing
In the first module, the concept of “ethical” or “professional” hacking is introduced, including a discussion on penetration testing, the different phases of the Pentesting process and an overview of the formal penetration testing frameworks that exist today.

Module 2: Capturing Network Traffic
One essential skill for penetration testers and IT professionals alike is the ability to capture, examine and manipulate network traffic. This section covers the basics of using Wireshark to capture and examine network traffic, especially traffic generated by the various attacks launched during testing which can help such efforts become more successful.

Module 3: Reconnaissance
This module introduces the participant to the first step of the Attacker Methodology – Reconnaissance. This critical first step focuses on the penetration tester gaining as much relevant information about a target using various methods, including a collection of open source tools and information made publicly available on the Internet such as WHOIS records and social media postings.

Module 4: Open Source Intelligence (OSINT)
Coupled with the previous module on performing reconnaissance which primarily focuses on pure network security, this section looks to the broader world of OSINT and the different resources and techniques which are available in assisting IT and security practitioners in conducting their own OSINT investigations into discovering more about the people working in a target organization and the company itself.

Module 5: Social Engineering
Once additional information is discovered about a target organization’s employees and other human resources, social engineering tactics can be employed to gain access. This section will cover common techniques such as phishing and vishing, social engineering attacks conducted over email and phone calls.

A wide range of best practices to deploy in your own company will be discussed to help strengthen your organization against social engineering attacks.

DAY 2:
Module 6: Scanning & Enumeration
This module will look at the different types of scanning techniques used by attackers while participants learn how to conduct network scans to identify live hosts, applications and potential vulnerabilities. Once an attacker has performed initial reconnaissance and has identified live systems, the next step is to conduct more detailed port scans to determine which services are running on a target system and if those services can be potentially exploited.

Module 7: Exploitation & Gaining Access
Once an attacker has identified systems and specifics on the various services that are exposed on these systems, the attacker or professional penetration tester will attempt to exploit any discovered vulnerabilities to gain access to the system. One of the most common exploitation frameworks, Metasploit, will be reviewed in this section while also walking through the creation of an exploit.

Module 8: Wireless Security
Most organizations have wireless networks deployed to enable their employees to easily access company networks without being tethered by physical cables. While wireless networks bring many conveniences, organizations and penetration testers alike need to be aware of recent developments in wireless security which could expose many networks deployed today. We will discuss a wide variety of concerns related to wireless networks, including more recent developments in wireless attacks in 2019.

Module 9: Web Application Attacks
Web applications are one of the most popular routes attackers will use to gain access to a network. This module will cover an overview of the OWASP Top 10 web application attacks such as SQL injection which is used to manipulate web apps which leverage a database backend. Poorly written and unprotected web applications can be susceptible to different attacks which can allow an attacker to bypass different traditional security controls and gain control of internal resources.

Share with friends

Date and Time

Location

Charlotte Convention Center

501 South College Street

Charlotte, NC 28202

View Map

Refund Policy

Refunds up to 1 day before event

Save This Event

Event Saved