TRAINER: PÉTER ZSÍROS
/ IT Security Professional – Freelancer
Professional biography coming soon.
DURATION:
3 days
DATE:
22-24 October 2019
TIME:
08.00 – 17.00
VENUE:
MOM Cultural Center, Budapest
FREE PREMIUM ACCESS TO AVATAO TRAINING PLATFORM
Every Hacktivity Training participant will receive 1 month FREE Premium access to the Avatao training platform. The platform is designed by developers for developers and offers hands-on, job-relevant training exercises that enable users to learn new skills, gain new insights, and practice new approaches in software security.
The platform has over 800 challenges covering the entire SDLC. You will learn how to properly write and review code that will prevent unwanted data breaches and system vulnerabilities.
OVERVIEW:
During this course, we examine advanced hacking techniques in different areas.
On the first day we concentrate to exploit development, we learn does modern windows defending techniques like Control Flow Guard CFG are working, and how to bypass them. Then we learn about the new exploit techniques especially the type confusion exploits. We will write this kind of exploit, and during it learning new bypassing techniques.
Then we continue with networking. In modern networks IDS/IPS systems and WAFs are often used, to detect attacks. We will examine the limitations of IDS/IPS systems and WAFs, what they can detect, and what they can not, to avoid the false illusion of safety.
Finally, we will deal with antiviruses. We will learn, how does a modern antivirus try to detect exploit codes. Then we will use this knowledge to bypass the antivirus system with our exploit. Like in networking case We will examine the limitation of the antivirus systems.
TOPICS COVERED, BUT NOT LIMITED TO:
- Control Flow Guard
- Type confusion attacks
- IDS/IPS and WAF bypass
- Antivirus bypass
WHO SHOULD TAKE THIS COURSE:
- People, who want to develop exploits
- People, who are responsible for IDS/IPS systems, or Antivirus
- People, who want to know the working of the windows better.
STUDENT REQUIREMENTS:
- Generic knowledge of exploitation, and network penetration testing techniques
- Expect to make simple code (with every help and guidance) in C, Python or other script languages.
- understand assembly codes (not necessary to be able to code in assembly, but should be able to follow and understand a debugged assembly code)
WHAT STUDENTS SHOULD BRING:
Students must bring their own laptop with administrative access and containing fully functional USB, and network interfaces. The laptop must be prepared to run Virtualbox virtual machine (min. 100GB free HDD or SSD space, minimum 8GB free RAM). GNS3 installed.
WHAT STUDENTS WILL BE PROVIDED WITH:
- Training slides
- Virtual machines, prepared for the hands-on exercises
- Every necessary application used during the course, for the hands-on exercises