Media Archives

Barnaby Jack: Jackpotting Automated Teller Machines Redux get media »

Nathan Hamiel, Marcin Wielgoszewski: Constricting the Web, Offensive Python for Web Hackers get media »

Shawn Moyer, Nathan Keltner: Wardriving the Smart Grid, Practical Approaches to Attacking Utility Packet Radios get media »

Black Hat Announcements

Craig Williams, Mike Caudill & Kevin Timm, Cisco Systems

Register Now // july 24 - 27

USA 2010 Weekend Training Session //July 24-25

USA 2010 Weekday Training Session //July 26-27


When testing an intrusion prevention system (IPS), security engineers tend to evaluate speed, accuracy, and ease of use. Although speed and ease of use are important for a security device, customers are paying for protection; thus, the accuracy of the signature base is critical. Evasion techniques are constantly evolving, it is imperative that IPS devices have the ability to detect both ordinary exploits and their obfuscated cousins.

This hands-on course will cover everything from older, well understood evasion techniques to newer, cutting edge ones. We will apply these techniques using penetration testing tools and public proof-of-concept exploit code. The purpose of this course is to learn to test any IPS, not expose a flaw of a specific vendor. To that end the actual IPS devices we are testing will not be identified.

Students will learn how to modify attacks to accurately evaluate the detection capability of a device. Emphasis will be placed on determining if a signature is specific to a vulnerability or exploit, as well as its resistance to additional layers of evasions. The course will also cover the intricacies of performance testing and the impact that a heavy load can have on an IPS. Newer technologies such as reputation will be discussed as they apply to detection.

By the end of the course, students will have detailed knowledge of evasion techniques and be able to properly gauge the performance of a device and avoid IPS testing pitfalls. The key factor in successful IPS testing is having properly trained, knowledgeable staff conducting the test. With the ever-present threat to network security, it is imperative to fully understand the level of protection that an IPS device provides and the level of insight required to maximize its capabilities.

teaching methods:

Lecture, group exercises, and demos.

Student Requirements, experience/expertise

  • Basic IPS experience required with a major IPS platform (Cisco, TippingPoint, ISS, Sourcefire, Entrasys, etc.)
  • Basic shell scripting programming experience is recommended.
  • Basic familiarity with VMWare products.
  • Basic regular expression familiarity.
  • Optional: While Ruby/Python/Perl experienced is not a prerequisite, students with this background will probably be more comfortable with the material.

What to bring:

A laptop capable of running vmware infrastructure client (aka windows or windows vm) or RDP

What we provide:

  • Copy of slides
  • Remote access to 2 VMware infrastructure servers (hosting attacker & victim vm’s) setup on an inline IPS network
  • 3 switches (assuming 3 rows of tables 1 switch per table)
  • Cisco IPS
  • 30 Ethernet cables
  • Traffic generator capable of dosing an ips


Craig Williams is a senior research engineer for Cisco Systems where he is part of the Cisco Security Research & Operations organization. Craig specializes in exploit and malware analysis, reverse engineering, IPS signature design, vulnerability research, attack obfuscation and evasion, and network programming. Since joining Cisco in 2004, Craig has made significant contributions to the IPS signature team including a pending patent involving obfuscated traffic inspection. His current research involves malware, specifically improving the detection and mitigation of botnets.

Mike Caudill is a Program Manager and Incident Manager for Cisco Systems where he is part of the Cisco Security Research & Operations organization. Since joining Cisco in 1998, Mike has worked as an Incident Manager for the Cisco PSIRT where he responded, resolved, and disclosed security vulnerabilities in affected Cisco products. Mike has held leadership roles in both FIRST and ICASI, international organizations whose missions focus on vulnerability and security incident response in order to improve the state of security on the Internet. Mike has a relentless passion to protect customers and Internet users from vulnerabilities and attacks and today is helping to find new ways to detect, identify, mitigate, and respond to those attacks.

Kevin Timm is a security researcher at Cisco Systems where he is part of the Cisco Security Research & Operations organization. Kevin’s current work focuses the automation of malware analysis using virtualization. Over the past decade, Kevin has authored several security-related white papers and articles as well as presented at Cisco Networkers. Prior to joining Cisco in 2004, Kevin held senior roles in the Managed Security and Managed Hosting industries.

Ends Jul 23


$ 2000

$ 2200

$ 2400

$ 2600

$ 2900

Black Hat Announcements

Jared DeMott, Crucial Security / Harris Corporation

Register Now // july 24 - 27

USA 2010 Weekend Training Session // SOLD OUT

USA 2010 Weekday Training Session // SOLD OUT


There are four technical skills required by security researchers, software quality assurance engineers, or developers concerned about security: Source code auditing, fuzzing, reverse engineering, and exploitation. All these skills and more are covered. C/C++ code has been plagued by security errors resulting from memory corruption for a long time. Problematic code is discussed and searched for in lectures and labs. Web auditing is covered using WebGoat. Fuzzing is a topic book author DeMott knows about well. Mutation file fuzzing and framework definition construction (Sulley and Peach) are just some of the lecture and lab topics. When it comes to reversing C/C++ (Java and others are briefly discussed) IDA pro is the tool of choice. Deep usage of this tool is covered in lecture and lab. Exploitation discussions and labs are the exciting final component. You’ll enjoy exploiting BSD local programs to Vista browsers using the latest techniques.

Reverse Engineering

Students focus on learning to reverse compiled software written in C and C++, though half- compiled code is mentioned as well. The IDA pro tool is taught and used throughout. Calling conventions, C to assembly, indentifying and creating structures, RTTI reconstruction are covered. Students will also use IDA's more advanced features such as flirt/flare, scripting, and plug-in creation.

Source Code Auditing

Understanding how and when to audit source code is key for both developers and hackers. Students learn to zero in on the important components of each language. Automated tools are mentioned, but auditing source manually is the focus, since verifying results is a required skill even when using the most advanced tools. Spotting and fixing bugs is the focus.


Fuzzing is a runtime method for weeding out bugs in software, with a growing footprint within security companies and research communities. Techniques such as dumb file fuzzing, all the way up to intelligent network protocol fuzzing will be covered. Students will write and use various fuzzers to find bugs.


Students will walk out of this class knowing how to find and exploit bugs in software. This is useful to both developers and hackers. The exploit component will teach each common bug type including: stack overflows, function pointer overwrites, heap overflows, off-by-ones, FSEs, return to libc, integer errors, uninitialized variable attacks, heap spraying, and more. Shellcode creation/pitfalls and other tips and tricks will all be rolled into the exciting, final component.


  • College Degree in a computer related disciple or equivalent work experience
  • Programming (C/C++/.asm) and security experience will help, but you will still get a lot out of the course if you lack that, so no fears. All questions are good questions in my classes. We have a fun but instructive and intense learning experience. You won’t walk away disappointed.
  • If desired read "Introduction to Application Security" :


By the end of this course, you will be able to: research and develop an exploit from scratch by auditing code or fuzzing an application, reverse engineering the issue, and developing an exploit for the vulnerability you discovered. This knowledge will help developers produce better code, and will help security researchers or malware analysts in their daily tasks.

What to bring:

  • Nearly all the work will be done in XP (you provide) and the BSD image (I provide)
  • - Vista is not required but is referenced for the final exercise if you have it
  • - If you have Vista/7, you’ll be ok for most of the exercises but will have additional pains
  • Cygwin (include: vim, make, gcc, perl, python, netcat, ruby, man pages, ndisasm, and whatever else you like)
  • VMware workstation/player for Windows or Fusion for the Mac
  • Visual Studio (Express is fine if don’t have full)
  • WinDbg and Immunity Debugger
  • Used only for Day 1 homework - FireFox (optional plug-ins: Tamper Headers, Firebug, and Live headers)

What you will get:

The following will be provided on Course DVD, and will be installed in class:

  • IDA pro 5.x (I have the 5.5 demo for install on DVD, can also get from
  • Python (From Sulley installer. pydbg works with 2.4 by default in this installer)
  • Keep at least 1.5GB free HD space to install the course materials and FreeBSD VM

Course Material:

The course material will be provided to you at class check on day 1, normally as a DVD or thumb drive that you keep along with any printed material. As soon as you receive the course material extract4 and test the BSD image. There is a BSD survival guide in the AppSec_A-ZExploitation folder with the user and password (and more). All the material you need to do the BSD labs in already in the image so you shouldn’t need to transfer any information to the image.

The course material is in 4 directories: SrcAudit, Fuzzing, Reversing, and Exploitation. In each directory you’ll find a wealth of knowledge from documents, tools, labs, and lectures. There’s so much we won’t go over it all, but leave further study as bonus material5 to the student. Harris marked material cannot be directly reproduced or used for profit, but can be shared to internal co-workers within the organization that sponsored your seat in the course, if credit is noted.

There is a feedback from in the base directory that should be filled out on the final day if the conference does not provide a custom form for feedback. Any other comments can be sent directly to the instructor at [email protected]

suggested textbooks:

  • Grey Hat Hacking: The Ethical Hacker's Handbook, 2nd Edition. Harris, Harper, Eagle, and Ness
  • Fuzzing for Software Security and Quality Assurance, by Takanen, DeMott, Miller
  • The Art of Software Security Assessment, by Mark Dowd, John McDonald, and Justin Schuh
  • The IDA Pro Book, by Chris Eagle


Jared DeMott is a Principal Security Researcher for the Crucial Security business area at Harris Corporation and PhD candidate at Michigan State University. Crucial provides state-of-the-art technical engineering and security services to the most elite branches of the Federal Government’s law enforcement and intelligence communities, engineering solutions to meet their demanding requirements. Mr. DeMott previously worked for the NSA and currently teaches computer security at university and professionally. He has spoken at security conferences such as Black Hat, Defcon, ToorCon, and Shakacon. This background provides an ideal blend of skills for teaching cutting edge security material, in a fun and instructive manner.

Ends Jul 23


$ 1800

$ 2000

$ 2200

$ 2400

$ 2700

Black Hat Announcements

Mati Aharoni & Chris Hadnagy, Offensive Security

Register Now // july 24 - 27


This is an intensive, hands-on Security class by the creators of Backtrack especially designed for delivery in BlackHat Trainings. "Pentesting with BackTrack" is designed for network administrators and security professionals who need to get acquainted with the world of Offensive Security. The course introduces the latest hacking tools and techniques using the world renowned BackTrack 4.

A experienced and seasoned team of Security Professionals will help you take your skills a few steps further. "Common" hacking techniques are revisited from a professional and practical approach for a better and more efficient pentest. The course is heavily laced with the "do it yourself" approach, and will expose you to the raw underlying mechanisms of the various attack vectors.

We keep our classes small to maximize each students learning potential. This also gives the instructors the ability to spend more time with each student.

Are you up the challenge? Are you ready to Try Harder?

Course Topics:

  • Advanced Information Gathering Techniques
  • Data Mining with Maltego
  • DIY ARP Spoofing
  • Fuzzing
  • Windows Buffer Overflows
  • Client Side Attacks
  • Metasploit Kung-Fu
  • Reverse Tunneling Techniques
  • Password Attacks
  • Web Application Attacks
  • Trojans and Various Windows Oddities

Lab Description

This course includes complex hands-on labs throughout the training. All students will be provided with pre-configured VMware machines for the duration of the course for a personal and in-depth learning experience.

Who should attend?

This is a highly technical course aimed at security professionals. People with entry level "hacking" security certifications in need of modern and practical real world penetration testing experience and insights should attend.


  • Students need to be comfortable in Linux ‐ We'll be using BackTrack during the whole course as our attacking platform. Navigating through directories, executing scripts and tools and writing basic bash scripts are the basic skills expected from the student.
  • A solid understanding of TCP/IP and various network services (DNS, DHCP, etc)
  • Knowledge of a scripting language (Perl, Python, Ruby) is recommended, but not required.
  • A desire for moderate pain and suffering

What to bring:

Students are required to bring their own laptops with a minimum 1 GB RAM installed.

  • VMware Server or Workstation installed.
  • At least 60 GB HD free
  • Network Support - cables will be provided
  • DVDROM / USB 2.0 support

Course Length:

Four days. All course materials, custom BackTrack CD's, lunch and two coffee breaks will be provided. A Certificate of Completion will be offered.


Mati Aharoni is the core developer of the BackTrack liveCD and an active member in remote‐ Mati is a seasoned security professional with over 10 years of experience as a professional penetration tester. Mati has uncovered several major security flaws and is actively involved in the offensive security arena. In addition, he is the lead trainer and developer of the internationally acclaimed security courses, Offensive Security PWB, WIFU and Cracking The Perimeter.

Chris Hadnagy aka loganWHD, has been involved with computers and technology for over 13 years. Presently his focus is on the "human" aspect of technology such as social engineering and physical security. Chris has spent time in providing training in many topics and also has had many articles published in local, national and international magazines and online journals. Chris has been training this course with Mati for a few years and he is the lead developer of the framework.

Ends Jul 23


$ 3600

$ 3800

$ 4000

$ 4200

$ 4500

Black Hat Announcements