September 18, 2014
TrustedSec at Blackhat
Written by
David Kennedy
Training
This year TrustedSec presented a completely redesigned and fresh course for Bypassing Security Defenses - Secret Pentesting Techniques. The course was a blast, we created an entire ecosystem for teaching pentesting including an entirely simulated organization to breach with a domain infrastructure. This year we redesigned the entire thing to be relevant to current networks. All Server 2008 R2, Server 2012 R2 and above along with different flavors and operating systems. We taught our students from the perimeter, what you do in order to attack an organization, profile them, do appropriate intelligence gathering, and from there everything around exploitation and post exploitation.
In order to accomplish this we had two high-powered servers running the simulated environment and students had to break into each of the systems, further compromise and pivot into others all while going through techniques we use on a regular basis. Advanced attack vectors such as AV evasion, application whitelisting evasion, Next-Gen attacks, and others were all covered in the course.
Overall, it was a pleasure doing the training at Blackhat and we had an amazing time. Special thanks to the full TrustedSec crew that made it all possible.
Feedback from Blackhat (thanks to our students):
"Dave Kennedy and his team presented the material in such a clear and concise manner, that even the most inexperienced penetration tester could benefit. I've attended training at Black Hat for five years and this is by far the best. I also liked not having a CTF, as there was ample hands-on-time to practice the concepts. I hope to attend this class next year if it's available as a refresher."
"One word. AWESOME"
"Simply Superb!"
"The trainers were very well prepared. They worked to make sure all class participants had the necessary configurations and worked individually with people if necessary to catch up on certain parts of the instruction. The slides and lab instructions were clear and accessible in multiple formats. The content itself was excellent, demonstrating current methods in penetration testing, as well as the overarching methodology of the testing itself. This was a wonderful class.
This has been an amazing experience. This class filled in the holes in my education on penetrating computer systems perfectly."
"David's training class was rich with information. It was a breath of fresh air to take a training that did not put you to sleep."