SOURCE Boston 2012
April 17-19, 2012
Marriott Tremont
Boston, MA, USA
CFP Status: CLOSED
 SOURCE Seattle 2012
Sept 13-14, 2012
Maritime Event Center
Seattle, WA, USA
CFP Status: OPEN
 SOURCE Barcelona 2012
Training: November
Conference: November
Barcelona, Spain
CFP Status: TBD
SOURCE Boston 2012 Training

SOURCE Boston 2012 Training

REGISTER

April 15-16, 2012

Each Two Day Training is $1995.

Training 1: TEAM JOCH Presents: Lessons In Mobile Penetration Testing

Training 2: Red Team Testing

Hotel/Travel Information

Schedule

 

Learn about the Trainings, Listen to a Podcast

 Click here to listen to a podcast about Training 1: TEAM JOCH Presents: Lessons In Mobile Penetration Testing. This is recorded from their Barcelona session.

 Click here to listen to a podcast about Training 2:: Red Team Testing

 

 

Training Details

Training 1: TEAM JOCH Presents: Lessons in Mobile Penetration Testing, Zach Lanier


CLICK HERE TO REGISTER

This class is designed to provide students with an introduction to penetration testing, reverse engineering, and exploitation on modern mobile platforms. The instructor will cover the security architecture of popular mobile platforms and mobile applications, investigate their weaknesses and vulnerabilities, and give students hands-on experience in analyzing and attacking them. Through lectures and interactive labs, students will walk away armed with the foundational knowledge needed to discover, identify, and exploit vulnerabilities on mobile platforms such as Android, iOS, and Blackberry.

On day one, students will be brought up to speed with penetration testing on mobile platforms, exploring the differences and similarities between mobile and conventional pentesting. Students will be introduced to dynamic and static analysis tools and techniques for gaining the information necessary to reverse engineer, discover vulnerabilities, and plan their attacks against Android, iOS, or BlackBerry applications.

On day two, the training will dive a bit further into practical bug hunting, reverse engineering methods, and exploitation techniques, including replicating case studies from the instructors' experiences in real-world mobile application pentests. Students will also get hands-on experience through several labs including reverse engineering of the top Android security applications, exploiting native code vulnerabilities on the ARM architecture, and developing jailbreak/privilege escalation exploits from scratch and deploying them on real devices.

Requirements:
• Laptop capable of running a VMware Virtual Machine
• Dual core CPU, 2GB+ of RAM recommended
• At least 8GB disk space available
• At least one free USB 2.0 port
• This training course has a strong emphasis on the Android platform, so an actual Android device is recommended, but not strictly required.
• Familiarity with protocol analyzers (e.g. Wireshark, tcpdump), man-in-the-middle techniques, and basic reverse engineering concepts (e.g. debuggers, disassemblers)

Outline:

Day 1

  1. Introduction
  2. Conventional attacks / penetration testing, and why mobile is different
  3. Building an Attack Methodology
  4. Static Analysis Techniques
    1. Tools used
    2. How to identify issues for each platform and what to look for
  5. Dynamic Analysis Techniques
    1. Runtime issues, artifacts, etc.
    2. Network issues, man-in-the-middle
  6. Reverse Engineering Lab (Pt 1.)
    1. Extracting "secrets" and useful data
    2. Patching and rebuilding apps

Day 2

  1. Application Auditing
  2. Reverse Engineering Lab (Pt. 2)
    1. Reversing advanced protection techniques
    2. Deeper bug hunting
    3. ARM exploitation lab
    4. Native code threats and vulnerabilities
  3. Intro to ARM Exploitation
    1. Exploit mitigation across platforms
    2. Real-world vulnerabilities
    3. Exploiting a vulnerable mobile app
  4. Jailbreak/privilege Escalation Lab
    1. Platform-level vulnerabilities
    2. Kernel-level vulnerabilities
    3. Writing your own jailbreak
    4. Post-exploitation persistence
    5. Findings Review

Trainer Bio

Zach Lanier is a Security Researcher with Veracode. Prior to joining Veracode, Zach served as Principal Consultant with the Intrepidus Group, Senior Network Security Analyst at Harvard Business School, and Security Assessment Practice Manager at Rapid7. Zach likes Android, vegan food, and cats (but not as food).

 

Training 2: Red Team Testing - Chris Nickerson & Iftach (Ian) Amit
CLICK HERE TO REGISTER

Red Team testing is the pinnacle of security simulations. It is the most accurate and realistic scenario an organization can use to see how it really fares up against a real-world attacker, without taking the risk of an actual breach or loss.

In this training, you will learn how Red Team (or full scope) testing works, how to create a methodology for using a red team test not just as a one-off "see how I got in" case, but as a repeatable test with metrics and actionable results.

We will go through all elements of a red team test, from planning and scoping, intelligence gathering, target selection, vulnerability analysis, risk analysis, exploitation and execution, resource usage and ad-hoc agent deployment, post-exploitation, documentation and recording of evidence, damage analysis, and reporting.

The training will arm you with not just tools and techniques, but a sustainable methodology which you could update as new tools and techniques are introduced.

Instructors

Chris Nickerson. Chris is a Certified Information Systems Security Professional (CISSP) whose main area of expertise is focused on information security and Social Engineering. In order to help companies better defend and protect their critical data and key information systems. He has created a blended methodology to assess, implement, and manage information security realistically and effectively. At Lares, Chris leads a team of security consultants who conduct Security Risk Assessments, which can cover everything from penetration testing and vulnerability assessments, to policy design, computer forensics, Social Engineering, Red Team Testing and regulatory compliance. Prior to starting Lares, Chris was Director of Security Services at Alternative Technology, a Sr. Auditor for SOX compliance at KPMG, Chief Security Architect at Sprint Corporate Security, and developed an enterprise security design as network engineer for an international law firm.

Iftach Ian Amit. With over 15 years of experience in the information security industry, Iftach Ian Amit brings a mixture of Software development, OS, Network and web security to work on a daily basis. He is a frequent speaker at leading security conferences around the world (including BlackHat, DefCon, OWASP, InfoSecurity, etc…), and have published numerous articles and research material in leading print, online and broadcast media. Ian is currently serving as a partner and the VP Consulting of the security powerhouse Security-Art where he is in charge of all consulting engagement, security research on topics ranging from low-level device-specific security, to policy, regulation and international affairs. Iftach Ian Amit was recently the Director of Security Research for Aladdin, where he created the AIRC (Attack Intelligence Research Center) and led the security roadmap for company as well as the marketing of all security related events. Prior to Aladdin, Iftach Ian held a director position at Finjan, leading it's security research and MCRC group, while positioning it as a leader in the web security market.

Iftach Ian was also the founder and CTO of a security startup in the IDS/IPS arena and developed new techniques for attack interception. Prior to that, he served in a director position at Datavantage (NASDAQ:MCRS) with responsibility for software development, Information security as well designing and building a financial Datacenter. Prior to Datavantage, he managed the Internet application department at Comsec Consulting as well as the Unix Department, where he has been consulting to major banking and industry companies worldwide. Iftach Ian is one of the founders of the Penetration Testing Execution Standard (PTES), its counterpart – the SexyDefense initiative, and a core member of the DirtySecurity crew. Iftach Ian holds a Bachelor's degree in Computer Science and Business Administration from the Interdisciplinary Center at Herzlya.

Cambridge Marriott
Two Cambridge Center, 50 Broadway · Cambridge, Massachusetts 02142 USA

Booking Code is - SRZSRZA

Due to other events that will be taking place in Boston, we will be holding trainings at the Cambridge Marriott. Please note that this is a DIFFERENT hotel from the conference hotel. We apologize for the inconvenience!

We have a very limited room block available, so please book your travel ASAP!

Schedule

April 15-16, 2012

10:00am - 12:00pm

Training

12:00pm - 1:00pm

Lunch

1:00pm - 3:30pm

Training

3:30pm - 3:50pm

Break

3:50pm - 6:00pm

Training

 

 

 
Informational Brochure
Download our informational brochure, with everything you need to know about SOURCE Boston 2012!
Keep In Touch

Mailing List Sign-Up

Email
Name
 


Boston 2012 Sponsors





































Boston 2011 Keynote

SOURCE Boston 2011 Keynote

Video from SOURCE Boston 2011
Keynote - James Beeson, CISO GE
Copyright © 2010, Bitmark Concepts