• BCS Asia 2007
• BCS Asia 2006
• BCS Asia 2005

Hacking by Numbers - Sensepost

Bellua Cyber Security Asia 2005 - The Workshops,

• Bootcamp Edition
• Combat Edition
• About the Tutors

Sensepost
Hacking by Numbers: Bootcamp Edition

This course is really popular with beginners and usually sells out, register now!
Date:	21st-22nd March 2005 8:00AM
Length:	2 Days
Venue:	Hotel Borobudur, Jakarta - Indonesia.
Cost:	US$2000 including refreshments, lunch, materials and certificate of completion.
Pre-Requisites:
This course is practical and of an extremely technical nature, so a basic understanding of networking, security, Unix and Windows is a course prerequisite.
Students must provide their own laptop to complete class laboratories. All software will be provided.
Overview:
Reality, Theory and Practice. This course is the "How did they do that?" of modern hacking attacks.
From start to finish we will lead you through the full compromise of a company's IT systems, explaining the tools and technologies, but especially the thinking, strategies and the methodologies for every step along the way.
Having evolved with the industry over a number or years, "Hacking By Numbers: Bootcamp Edition" will give you a complete and practical window into the methods and thinking of hackers.
Who Should Attend:
Students who have already completed the Hacking By Numbers: Bootcamp Edition will find that the Combat Edition is the natural next step. Security auditors, consultants and administrators with advanced skill, as well as seasoned penetration testers and the nice people from government agencies will all benefit from this hands-on course.
Approach:
This course has a unique approach, which has made it a definitive favorite in this space.
We've adopted the following philosophy: Our course is focused on tuning the mind. How does one *think* when attempting to compromise a network from the Internet. Our reasoning is as follows Work according to a methodology Determine your strategy Select your tools Execute your attack From this you can see that the emphasis is not on the tools and how to use them. But on the *thinking* behind the tools. Our course is strongly method based. We perform all of our assessments according to a strict methodology that we believe ensures the best chances of a successful compromise. The course is delivered exactly according to this strict methodology, thereby giving you a systematic approach to attack and penetration. Our course is strongly practical. We base each lesson on a real life scenario and allow students to practically test our thinking and techniques in the lab and on the 'net. Our course is *less* tools based. Although the course is extremely practical and technical in nature, it probably focuses less on the use of specific tools and utilities then other courses. Our thinking is that tools come and go and that anyone with a browser and a basic understanding of English can find and use the right tool for a specific job. Sometimes the 'right' tool doesn't exist and it needs to be built. In either case, our focus is on teaching the student how to decide what tool to use at various points of an attack, and how those tools should be applied to complete the job at hand. Our course is 100% real-world. Each trainer spends all the time that he's not giving training, actually performing assessments and penetration tests. i.e. the other 25 days of the month. Therefore, our course is not about how *hackers* break into networks, its about how *we* break into networks. Our trainers are all highlyexperienced security practitioners that are globally recognized in the field.
What You Will Learn:
This course will teach you by means of real examples, solid theory and hands-on exercises how a hacker would go about breaking into your network. Armed with this knowledge you can test and ensure that your systems are secure against these kinds of threats and attacks. Delegates will perform all hands on exercises using pre-configured laptops and will gain practical experience with the tools and utilities that are used everyday by industry analysts and underground specialists in the field.
If you're a security person this course will open up a whole new world for you. See and understand for the first time how attacks really work, see for yourself how an attacker operates and understand the impact your defenses will have on his success.
How it Will Work:
For two days the SensePost trainers will walk you, step-by-step, through real-life hacking attacks. Each principle taught is practiced in a structured lab exercise that will allow you to test the concepts and push the limits of your skill. We'll start by identifying the target systems, teach you how to breach the target perimeter, and demonstrate how to extend these attacks in order to completely compromise the internal networks. Each student will be provided with a state-of-the-art laptop for the duration of the course. We'll use machines that are loaded with a UnixTM and a MicrosoftTM operating system and are pre-configured with the vast range of tools, documents, software and other utilities required for the practical components of the course. Our dedicated lab environment and a direct connection to
Date:	21st-22nd March 2005 8:00AM
Length:	2 Days
Venue:	Hotel Borobudur, Jakarta - Indonesia.
Cost:	US$2000 including refreshments, lunch, materials and certificate of completion.

Sensepost
Hacking by Numbers: Combat Edition

This course is really popular with beginners and usually sells out, register now!
Date:	21st-22nd March 2005 8:00AM
Length:	2 Days
Venue:	Hotel Borobudur, Jakarta - Indonesia.
Cost:	US$2200 including refreshments, lunch, materials and certificate of completion.
Pre-Requisites:
This course does require a high level of skill, however, so newcomers to this field are advised rather to start with the Bootcamp Edition before progressing to Combat
Students must provide their own laptop to complete class laboratories. All software will be provided.
Overview:
This course is the most technical of the Hacking by Numbers series. From the first hour, to the final minutes students are placed in different attacker scenarios as they race the clock to "capture the flag". In the SensePost tradition, the solutions lie much more in technique and an out-of-box thought process than in the use of "skriptz" or "toolz".
Each exercise is designed to teach a specific lesson and will be discussed in detail after they are completed. In this way you learn from your instructors, your colleagues and your own successes and failures.
Approach:
The "Capture the Flag" exercises have all been designed to replicate real-life scenarios with real-life-hacker stumbling blocks along the way. Students will have to deal with multiple firewalls, IDS devices and homespun red herrings in their quests to complete the challenge. During the exercises SensePost's leading technical specialists will discuss possible attacks, possible alternatives and even possible defenses for the scenario in question.
The exercises range from simple layer one attacks to more complex attacks requiring combinations of Web Application vulnerabilities and TCP/IP covert channels. All tools, documentation and required reading material will be provided to the students.
What You Will Learn:
This course is designed to stretch your technical skill to the limit. You will learn more about technology and how it works. You will new skills and hacking techniques. You will learn new defensive strategies and, most importantly. You will learn to think, think, think, in new and innovative ways about the hacking and computer security.
How It Will Work:
The course is essentially a series of structured lab exercises, each one designed to teach a specific skill or principle. Students are explained the problem, the skill being taught and the layout of the test environment and are then assigned an exercise to complete.
The exercises are generally complex and based on real-life scenarios. Students can measure their progress against predefined milestones and request assistance when they get stuck. At the end of the exercise the question in discussed in detail. The instructor will explain the correct approach and discuss the thinking and skills that should be applied. Other possible solutions to the problem will also be explored.
At the end of the course students will be rated based on their success in all the labs. The rating system is in continual development and aspires to provide an accurate measure of how well you faired, even if you didn't complete all the exercises.
Date:	21st-22nd March 2005 8:00AM
Length:	2 Days
Venue:	Hotel Borobudur, Jakarta - Indonesia.
Cost:	US$2000 including refreshments, lunch, materials and certificate of completion.

Sensepost
About the Tutors

Charl van der Walt is a founder member of SensePost.

He studied Computer Science at UNISA, Mathematics at the University of Heidelberg in Germany and has a Diploma in Information Security from the Rand Afrikaans University. He is an accredited BS7799 Lead Auditor with the British Institute of Standards in London. Charl has a number of years experience in Information Security and has been involved in a number of prestigious security projects in Africa, Asia and Europe.

He is a regular speaker at seminars and conferences nationwide and is regularly published on internationally recognized forums like SecurityFocus.

Roelof Temmingh is the technical director of SensePost where his primary function is that of external penetration specialist.

Roelof is internationally recognized for his skills in the assessment of web servers. He has written various pieces of PERL code as proof of concept for known vulnerabilities, and coded the world-first anti-IDS web proxy "Pudding".

He has spoken at many International Conferences and in the past year alone has been a keynote speaker at SummerCon (Holland) and a speaker at The BlackHat Briefings (New Orleans). Roelof most recently contributed a chapter to "Special Ops: Host and Network Security for Microsoft, UNIX, and Oracle and authored the revolutionary Wikto CGI security scanner.

Haroon Meer is currently SensePost's director of Development. He specializes in the research and development of new tools and techniques for network penetration and has released several tools, utilities and white-papers to the security community. He has been a guest speaker at many Security forums including the BlackHat Briefings.

Haroon most recently contributed a chapter to "Special Ops: Host and Network Security for Microsoft, UNIX, and Oracle".

---

PT Bellua Asia Pacific - Bellua Cyber Security Conferences & Workshops