*Crash Course in Pentesting + Capture the Flag*
Join us for the Women's Society of Cyberjutsu (WSC) Cybersecurity Workshop hosted from our Washington, DC location. This is a hands-on, practical workshop where you will put into practice those things you may have read or covered in a class. This is also a great way to keep your skills fresh if you're a veteran.
Every workshop addresses beginner and advanced topic material. Beginners are encouraged to watch and learn as much as possible even though you may not have a clue. Exposure to new tools and techniques by watching will advance your learning process a lot quicker than trying to learn on your own. You will get to ask questions and see how it's done in the real world. Advanced attendees are encouraged to share and help answer "noob" questions as much as possible so everyone can learn from them.
The Crash Course in Pentesting workshop is designed for people that are new to the field or have an interest in getting into the field of Penetration Testing. The focus of the workshop is to give participants a “fingers on the keyboard“ introduction to both network and web application penetration testing. There will be very little theory – well over 90% of the class will be spent with the instructor Joe McCray walking the participants through attacking several hosts in the target network.
This workshop starts off quickly with network scanning and enumeration, it then moves into exploitation (both remote and client-side), and then finally post-exploitation relying heavily on the features included in the Metasploit Framework. Web Application penetration testing will be covered as well with focus on practical exploitation of sql injection, and cross-site scripting (XSS).
Network Pentesting concepts that will be covered:
• Penetration Testing Fundamentals
• Scope of Modern Pentests
• Compliance Testing (PCI, HIPAA, ISO 27000)
• Blackbox vs. Whitebox
• Full Scope
Web Application Pentesting concepts that will be covered:
• Transitioning from Network to Web App Penetration Testing
• Similarities & Differences
• What Makes up a Web Application Assessment
• Web Application Security Threat Classification
• OWASP Testing Guide
12p - 1p Lunch
1p - 6p Workshop
6p - 7p Dinner
8p - 10p CTF Competition
We are excited to have Joe McCray present this workshop. Joe is an Air Force Veteran and has been in security for over 10 years. Joe has been involved in over 150 very high level pentesting assessments and has some major hacking accomplishments that he can share with his classes. His extensive experience and deep knowledge, mixed with his comedic style has lead Joe to be one of the most highly sought after speaking experts in the industry. Joe makes speaking appearances and gives seminars at major events in the security community such as Black Hat, DefCon, BruCon, Hacker Halted and more. Joe is the recipient of the 2009 EC-Council Instructor Circle of Excellence Award and the 2010 EC-Council Instructor of the Year Award. Joe is the founder and CEO of http://strategicsec.com an IT Security consulting firm that provides in-depth technical security assessments of your network, web application, and regulatory compliance gap analysis.
You must bring your own laptop. No less than 2GB of RAM.
Must be installed with Vmware Player or Workstation (trial version is fine). Mac users install Vmware Fusion (trial version is fine).
Download Kali Linux virtual machine in ISO format.
Register Nessus with Home Feed.
Knowledge of basic networking and IT.Good attitude, willingness to learn and share.
This workshop will not be offered remotely.
We only have room for 34 onsite so register early.
Refunds are offered if:
The workshop is cancelled
You cancel at least 1 day before the workshop; by 1200 pm Friday (10/11)
Use front door. POC:[masked]
Earn CPE's towards your certification
Food & beverages are provided