Custom Training

SEC617: Wireless Penetration Testing and Ethical Hacking

This course is designed for professionals seeking a comprehensive technical ability to understand, analyze, and defend the various wireless technologies that have become ubiquitous in our environments and, increasingly, key entrance points for attackers.

ICS410: ICS/SCADA Security Essentials

This course provides a foundational set of standardized skills and knowledge for industrial cybersecurity professionals. The course is designed to ensure that the workforce involved in supporting and defending industrial control systems is trained to keep the operational environment safe, secure, and resilient against current and emerging cyber threats.

SEC642: Advanced web app penetration testing, ethical hacking, and exploitation techniques

This course is designed to expand past the methodology and the ‘how’ when we are presented with the challenges of web penetration testing, and dig into the more esoteric ‘why’ these techniques and tools work, so that you can adapt as needed in your assessments.

SEC560: Network Penetration Testing and Ethical Hacking (Mentor Session)

SEC560 is designed to get you ready to conduct a full-scale, high-value penetration test and at the end of the course you’ll do just that. After building your skills in comprehensive and challenging labs, the course culminates with a final real-world penetration test scenario. You’ll conduct an end-to-end pen test, applying knowledge, tools, and principles from throughout the course as you discover and exploit vulnerabilities in a realistic sample target organization, demonstrating the skills you’ve gained in this course.

A PURPLE TEAM VIEW – ATTACKING AND DEFENDING LINUX, DOCKER, AND KUBERNETES

Learn how to attack and thoroughly lock down Linux and container-based systems from Jay Beale, the creator of Bastille Linux, the Center for Internet Security’s first Linux Security Benchmark, and Kubernetes security projects including Bust-a-Kube. In this fully hands-on course, you’ll get a laptop to keep, filled with capture-the-flag (CTF) virtual machines, which you will attack and defend. Every single topic in the class has an attack exercise, where you use Kali Linux to compromise a system, and a matching defense exercise, where you will use new skills to break that attack, confident that it will break other attacks. In this expanded and updated 4-day version of the well-reviewed Aikido on the Command Line class, we focus strongly on attacking Linux containers, Docker and the container orchestration system, Kubernetes! 

ASSESSING AND EXPLOITING CONTROL SYSTEMS AND IOT

This is not your traditional SCADA/ICS/IIoT security course! How many courses send you home with a $500 kit including your own PLC and a set of hardware/RF hacking tools?!? This course teaches hands-on penetration testing techniques used to test individual components of a control system, including embedded electronic field devices, network protocols, RF communications, Human Machine Interfaces (HMIs), and various forms of master servers and their ICS applications. Skills you will learn in this course will apply directly to systems such as the Smart Grid, PLCs, RTUs, smart meters, building management, manufacturing, Home Area Networks (HAN), smart appliances, SCADA, substation automation, synchrophasors, and even IoT.

Hacking and Defending Kubernetes

With microservices’ rise, Kubernetes gain adopters every day. It’s time for information security specialists to learn how to attack and defend container orchestration systems.

This talk will demonstrate attacks on Kubernetes clusters, then defenses that break those attacks. Attendees will be able to download the cluster used in the demos, as well as the YAML files used to break the attacks.

Learning Objectives:
1: Understand how to attack Kubernetes and other container orchestration platforms.
2: Understand how to defend Kubernetes, at a deep, hands-on level.
3: Understand the Kubernetes attack surface and security features and those of Linux/Docker containers.

Pre-Requisites:
Attendees must have experience in using Docker or other Linux containerization systems. Attendees should have a passing knowledge of Kubernetes or another container orchestration system, such as Docker Swarm, CoreOS Swarm, Mesosphere Marathon, Cloud Foundry, the Borg, ACS, ECS or GKE.

Practical kubernetes security

Let’s share our experiences in attacking Kubernetes, working on the security in Kubernetes or container orchestration environments/projects, and defending/hardening Kubernetes. Bring your experiences and ideas you’ve seen work, or come to learn! Attendance is strictly limited to allow for a small group experience.