In a constant effort to provide a better conference, we have decided to run training this year. We have teamed up with 3 providers, who hopefully have something which will appeal to the various mindsets of attendees. In order to book on the course, you will need to pay in full prior to attending the course, however no payments will be taken until we have at least 10 attendees per course. Cut off for achieving this is 2nd June 2017
The training being held on Wed 5th & Thu 6th July. Each person buying training will get a free ticket to the conference, however first come first served will still apply to workshops.
You can sign up for places on Eventbrite.
For all training, each attendee will need to bring their own laptop and be able to use the command line.
All prices exclude VAT.
Red Teaming Bootcamp – Nettitude Group
Cost – £950
Duration 2 days
This course focuses on current attack techniques that are being used within the red teaming arena and will aim to enhance their capability of bypassing and misusing common defensive capabilities used within most modern corporate environments.
The course will cover some theory elements of traditional perimeter and email security measures taken by organisations but will quickly dive into the hands on technical elements of red teaming, including real-world delivery mechanisms with a key focus on lateral movement, pivoting and acting on objectives. The instructors will aim to cover a varying degree of offensive sophistication which includes being covert and using stealthier techniques depending on the type of threat actor that is being mimicked.
While this course focuses heavily on the offensive methods of a red team, it will also include common defensive techniques that are often deployed by the blue team such as logging and monitoring, egress filtering and various endpoint protection mechanisms.
The following individuals are a subset of the red team at Nettitude and spend their lives breaking in to a large number of multinational organisations, including central banks, critical national infrastructure and more. They have decades of real world offensive security experience between them and are passionate about sharing their tradecraft with other members of the community.
- Ben Turner (@benpturner) is a Principal Security Consultant at Nettitude. He specialises in delivering red teaming, STAR and CBEST engagements to a multitude of clients around the world. Ben is both a CREST certified tester (CCT Inf) and a certified attack specialist (CCSAS). He has a keen focus on PowerShell, including being the co-developer of PoshC2.
- Doug McLeod (@b4ggio_su) is a Senior Security Consultant within the UK penetration testing team at Nettitude. Doug has over 15 years’ experience in the information technology sector, 10 of which have been spent specialising in security and focusing on offense and defence. Doug is both a CREST certified tester (CCT Inf) and a certified attack specialist (CCSAS).
- Phil Lynch (@plynch98) is a Principal Security Consultant at Nettitude. Phil has over 20 years’ experience within the information technology sector, specialising in information security for the past 7 years. Phil has engaged in offensive security testing with a large and diverse client base from both the public and private sectors, including UK Government, defence and numerous private sector organisations globally.
- A basic understanding of infrastructure and offensive security
- A laptop which meets the following requirements:
- Local admin access
- The ability to run at least one virtual machine – we recommend VMWare Player or Workstation, or Oracle VirtualBox
- Windows 7 or higher, either as a VM or as the host OS
- Linux, either as a VM or as the host OS. We recommend Kali.
- The ability to connect to a wireless network.
Cost – £950
Duration 2 days
UPDATED FOR 2017:
The course follows chapters 1-9 of the Mobile Application Hacker’s Handbook, with a strong focus on practical attacks. Over the 2-day training course delivered by the lead author of the book, delegates will learn the tricks and techniques to hack and secure mobile applications on the iOS and Android platforms.
Bio of trainer:
Dominic is a director of MDSec and a recognised expert in mobile application security, having developed whitepapers, tools and presentations in this area. He is also the lead author of The Mobile Application Hacker’s Handbook. As part of his day job, Dominic delivers security consultancy and training on mobile security to leading global organisations in the financial, government and retail sectors.
The Best TLS Training in the World & Internet PKI in Depth – Scott Helme (feistyduck)
Cost – £950
Duration 2 days
Day 1: The Best TLS Training in the World
Abstract: Designed by the author of the much acclaimed Bulletproof SSL and TLS, this practical course will teach you how to deploy secure servers and encrypted web applications during a day packed with theory and practical work. We’ll focus on what you need in your daily work to deliver best security, availability and performance. And you will learn how to get an A+ on SSL Labs!
Day 2: Internet PKI in Depth
Abstract: Based on the book Bulletproof SSL and TLS. We’ll start with the basics and the theory, then discuss how the PKI is implemented in the real world, and finish with a practical example of a realistic private certification authority. You will learn methods which you can easily replicate in your own work.
Bio of trainer: Scott Helme is a security researcher, international speaker and blogger. He is also the founder of securityheaders.io and report-uri.io, free tools to help organisations better deploy security.
Requirements for all courses:
Each attendee will need to bring their own laptop with a browser and SSH client. For Mac/Linux users the Terminal is fine and we recommend PuTTY (free) for Windows users or an SSH client of their choice. Each attendee will need to have basic command line skills. Being able to move around folders and edit text files will be sufficient.
The course requires reliable Internet access and ports 22, 80 and 443 as all work is performed on remote, virtual servers.