Loading…
HACK NYC 2015 has ended
SECURITY TRAINING
2-Days MARCH 18th & 19th 2015
$1500.00 Per Seat - Register Now Space Is Limited!

FREE OWASP Project Summit

2-Days March 18th & 19th 2015

The OWASP Foundation is a new kind of organization. Our freedom from commercial pressures allows us to provide unbiased, practical, cost-effective information about application security. OWASP is not affiliated with any technology company, although we support the informed use of commercial security technology.  Similar to many open-source software projects, OWASP produces many types of materials in a collaborative and open way. The OWASP Foundation is a not-for-profit entity that ensures the project’s long-term success. 

HACK NYC 2015 is a hands on instructor led hard training.  Come to NYC for St. Patricks Day on March 17th and then stay for two days of hard-core training, space is very limited!

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Wednesday, March 18
 

10:00am EDT

*FREE* OWASP Project Summit - Break into project teams and lets advance existing and new projects
Limited Capacity seats available

During HACKNYC 2015  we will be hosting a collaboration summit at the hotel that is FREE and OPEN to all people concerned with software security.  During this time we will focus on creating new, updating existing and planning future OWASP projects.

Wednesday 10am-4pm

Pick a OWASP Project and lets work on it

1.  OWASP Mobile - https://www.owasp.org/index.php/OWASP_Mobile_Security_Project

2.  OWASP IR Top Ten - https://www.owasp.org/index.php/OWASP_Incident_Response_Project

3.  OWASP ASVS - https://www.owasp.org/index.php/Category:OWASP_Application_Security_Verification_Standard_Project

4.  OWASP OPEN SAMM - https://www.owasp.org/index.php/Category:Software_Assurance_Maturity_Model

 All attendees should bring their laptop as this is a working session.

PART II Wednesday 6pm - 9pm

OWASP Chapter Meeting, we will review accomplishments of the day and feature trainers and speakers don't miss this event collaboration!

==

The Open Web Application Security Project (OWASP) is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of software. Our mission is to make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks. 

Everyone is free to participate in OWASP and all of our materials are available under a free and open software license. You'll find everything about OWASP here on or linked from our wiki and current information on our OWASP Blog. OWASP does not endorse or recommend commercial products or services, allowing our community to remain vendor neutral with the collective wisdom of the best minds in software security worldwide.


Wednesday March 18, 2015 10:00am - Thursday March 19, 2015 4:00pm EDT
Room #4

10:00am EDT

Hack IT, Track IT (2 Full Days) | Penetration Testing Workshop
Limited Capacity seats available
You need this ticket from Eventbrite to sign up: Hack IT, Track IT.
Most pentesters have little knowledge regarding the residual trace data left behind by their activities. Likewise, most forensic investigators have only a rudimentary knowledge of how the attacks they investigate actually took place.

What if you could see things from both sides?

What if you could see both the attack as it happened, as well as the indicators of compromise (IOCs) left behind by the breach? Well, now you can. In Hack it, and Track it, experts from the Network Penetration Testing team, and Digital Forensics and Incident Response team will provide you with the opportunity to both compromise a target and forensically investigate that breach.

You will use cutting edge tools and techniques from both disciplines which will undoubtedly help make you either a better penetration tester, or a better forensic investigator. Through the use of virtual machines, you will be led through three different real world scenarios typically seen by the experts. In each scenario, you will have to use your skills to compromise a host, and extract target data. Then, you will utilize the IOCs and trace evidence left behind by your activities to “tell the story” of what took place and how. This is the one of kind class and not to be missed! It will open up the eyes and minds of even the most seasoned pentesters or forensics investigators to a world of knowledge they likely no very little about.

Do not miss your opportunity to Hack it, and Track it.

Typically this is a (5) Day Course however during this BOOT-CAMP you will learn important topics to help you be more successful in both breaking and defending what matters most.

INTRODUCTION TO FORENSICS AND PENETRATION TESTING • Windows and Linux fundamentals • Windows and Linux command line • Forensics and penetration testing INTRODUCTION • Instructor and student introductions • Nuix overview • Class rules and maximizing value • Lab setup and overview  HACK IT – BRUTE FORCE • Scanning for targets • Enumerating ports and service • Finding and generating passwords • Brute forcing FTP, SSH, and POP3 • Linux post-exploitation basics  TRACK IT – BRUTE FORCE • Processing image files • Identifying logs and log types • Parsing logs • Identifying brute force indicators of compromise • Reporting basics HACK IT – ADMINISTRATIVE CONSOLES • Identifying administrative consoles • Enumerating web vulnerabilities • Finding and executing packaged exploits • Escalation and pivoting • Data exfiltration  TRACK IT – ADMINISTRATIVE CONSOLES • Approaching complex cases • Finding attack patterns • Mining web logs • Finding file system artifacts • Volatile data collection • Building timelines HACK IT – SQL INJECTION • Web vulnerability scanning • Manually identifying SQL injection • Basic SQL injection attacks • Using sqlmap to gain access to data • Data exfiltration TRACK IT – SQL INJECTION • Log file pattern recognition • Identifying malicious agents • Keyword identification and searching • Understanding SQL queries HACK IT – FILE INCLUSION ATTACKS • Finding vulnerable applications • Enumerating users and permissions • Bypassing content restrictions • Injecting code and remote execution  TRACK IT – FILE INCUSION ATTACKS • Pulling techniques together • Malware identification • Analysis of malware • Network analysis • Mining packet capture files 

Instructors
avatar for Grayson Lenik

Grayson Lenik

Principal Security Consultant, Nuix
Grayson Lenik is a Principal Security Consultant with the Cyber Threat Analysis team at Nuix where he leads the Forensics and Incident Response support team and teaches clients Incident Response and Digital Forensics Methodoology. Grayson spent almost 5 years with Trustwave SpiderLabs... Read More →
avatar for Ryan Linn

Ryan Linn

Ryan Linn is a Senior Consultant with Nuix focused on penetration testing, incident response, and application security. Ryan is a penetration tester, an author, a developer,and an educator. He comes from a systems administration and Web application development background, with many... Read More →
avatar for Chris Pogue

Chris Pogue

Head of Partner Programs, Nuix
Chris Pogue has 14 years’ experience in digital forensic investigation, having worked with Trustwave SpiderLabs, the IBM/ISS X-Force incident response and ethical hacking teams and the US Army Signal Corps. Over the past decade, Chris has been a cybercrimes investigator, law enforcement... Read More →


Wednesday March 18, 2015 10:00am - Thursday March 19, 2015 6:00pm EDT
Room #5