Sunday, October 21, 2007

Crash Course In Penetration Testing Workshop at Toorcon

Just got back from doing a workshop with Joe at Toorcon. It was titled Crash Course in Penetration Testing

here is the blurb from the toorcon page:

"This course will start with the basics of pen-testing methodology covering Footprinting, Scanning, Enumeration, and Exploitation which will cover attacking Web Apps, Buffer Overflows, and will set you loose on a set of rootwars challenge servers. The course will come with a complementary USB Harddrive loaded with an attack VM and challenge VM images for you to play with so you can continue to hone your skills and learn new techniques even after the course is finished. Attendees will walk away with a working knowledge of how to pen-test a network, all of the basic tools needed, and a set of exercises that they can use to improve their skills."

All in all, I thought it went really well. we maxed out attendance (actually 2 over), the class was engaged and interested and responsive, so that's always good. What I thought was cool about the workshop is that we gave out 250GB hard disks with all the tools, Virtual Machines, and extra reading to the students. we had a minor issue with the firmware on the drives that they wouldn't mount under linux, so that's a good point for future classes where we do the same thing (not to get those types) but like I said we came away feeling like it went well.

Because Joe is a Pen-tester for his day job, he did most of the talking, but I chimed in when I had something to say and I, of course, did the metasploit section because I am a fanboy.

we really didnt have time to talk Buffer Overflows but we covered the other topics and tried to break them out based on if you are looking at a network internal or external and how to approach it from those perspectives.

I think we are going to run an online version on LSO for members, it will run for about a week each iteration.


XFiles ( said...

Any idea if that drive (250GB) its free or will be free at torrent sites?

CG said...

No we dont plan on releasing it publicly. that was the bonus for their $$$ for the workshop