Only a Ninja Can Stop a Ninja

+hitB trainings

21, 22, 23 & 24 November – Onsite & Online

    x86-64 All You Can Learn Buffet!
    US$ 4,299
    x86-64 All You Can Learn Buffet!

    This class is run a little different from most classes. We provide you purpose-built recorded lectures instead of trapping you in realtime with live-lectures. But fear not, the instructor is always right there eagerly waiting to mingle with the students and answer any questions you have. (The instructor really likes being asked questions. It shows you're paying attention ;)). One of many benefits is that you can watch lectures at 2x speed and zoom ahead of the other students and get to the hands on labs quicker. Or if there's bits of material you already know, you can just skip them and move on to the bits you don't know! Another big benefit is that you get to take the full lectures and labs with you! That means if you forget stuff and then need it in 6 months, you can quickly re-bootstrap yourself! Or you can watch the class twice, to really grow those neural connections and cement it in your brain! And unlike live lectures, our lectures are always getting more factually accurate, by having any accidental errors edited out.


    Go HERE to join the 2-day x86-64 Assembly class. Or,
    Go HERE to join the 2-day x86-64 OS Internals class. Or,
    Go HERE to join the 4-day x86-64 Reset Vector Firmware class.
    4-Day Training Hybrid
    x86-64 Reset Vector Firmware
    US$ 2,299
    x86-64 Reset Vector Firmware

    This class is designed to give you all the background you need to understand how x86-64 reset vector firmware works, and what the most common security misconfigurations are. It will prepare you to be able to read and understand the existing attack and defense research in the space, taking an explicit walk through of the attack and defense moves and counter-moves threat tree. And as always, this classes teaches you to be comfortable with Reading The Fun Manual (RTFM!) to go seek out the most accurate details of how things work, and to see out new problems in new areas that no one's read yet with a security mindset.

    You can also opt to attend this class on 23 & 24 Nov instead. To do so, just email info@cyberweek.ae

    Go HERE to join the 2-day x86-64 Assembly class. Or,
    Go HERE to join the 2-day x86-64 OS Internals class. Or,
    Go HERE to join the 4-day x86-64 All You Can Learn Buffet class.
    2-Day Training Hybrid
    x86-64 OS Internals
    US$ 2,299
    x86-64 OS Internals

    This class teaches you about the fundamental hardware mechanisms which all operating systems, virtualization systems, and firmware *must* interact with in order to run successfully on x86 hardware. This is taught in a *mostly* OS-agnostic way focusing on Intel-isms rather than OS-isms (albeit with using Windows as reinforcement, thanks to its excellent kernel-level debugging support.) This class also teaches you to be comfortable with Reading The Fun Manual (RTFM!) to give you self-sufficiency when seeking out the most accurate details of how things work.

    You can also opt to attend this class on 23 & 24 Nov instead. To do so, just email info@cyberweek.ae

    Go HERE to join the 2-day x86-64 Assembly class. Or,
    Go HERE to join the 2-day x86-64 Reset Vector Firmware class. Or,
    Go HERE to join the 4-day x86-64 All You Can Learn Buffet class.
    2-Day Training Hybrid
    x86-64 Assembly
    US$ 2,299
    x86-64 Assembly

    This class teaches you how to disassemble binaries, read x86-64 assembly language, and debug black-box binaries in WinDbg and GDB. This knowledge of assembly is the fundamental skill which is required to learn reverse engineering and vulnerability exploitation. Reverse engineering is in turn a fundamental skill which is required for malware analysis and vulnerability hunting.

     

    You can also opt to attend this class on 23 & 24 Nov instead. To do so, just email info@cyberweek.ae

     
    Go HERE to join the 2-day x86-64 OS Internals class. Or,
    Go HERE to join the 2-day x86-64 Reset Vector Firmware class. Or,
    Go HERE to join the 4-day x86-64 All You Can Learn Buffet class.  
    2-Day Training Hybrid
    In & Out – Linux Attack, Detection & Hunting with PurpleLabs
    US$ 2,299
    In & Out – Linux Attack, Detection & Hunting with PurpleLabs
    The primary goal of this training is to show and teach you how to generate offensive attack events/symptoms against Linux boxes that you will detect in parallel by using PurpleLABS SOC stack powered by Sigma Rules – the open standard event description ruleset – and the rest of the dedicated, Open Source security solutions in use. Participants will thoroughly familiarize themselves with the content of the available Sigma detection rules and their structure, better understand the essence of offensive actions in Linux subsystems, learn the low-level relationships between data sources, and thus achieve knowledge in creating their own detection rules (and eventually bypassing them).
    2-Day Training Hybrid
    In & Out – Windows Attack, Detection & Hunting with PurpleLabs
    US$ 2,299
    In & Out – Windows Attack, Detection & Hunting with PurpleLabs
    Participants will thoroughly familiarize themselves with the content of the available Sigma detection rules and their structure, better understand the essence of offensive actions, learn the low-level relationships between data sources, and thus achieve knowledge in creating their own detection rules (and eventually bypassing them).
    2-Day Training Hybrid
    IC Reverse Engineering & Code Extraction
    US$ 2,299
    IC Reverse Engineering & Code Extraction

    This training is designed to give to Integrated Circuit professionals as well as newcomers a deep understanding of the complete Reverse-Engineering and Exploitation chain for various purposes such as building more secure designs, choosing the right device for a given application, improving the security risk assessment by taking the embedded firmware into consideration but also to find vulnerabilities in « Secure Elements » so as to conduct forensics analysis.

     

    ALL TRAINEES WILL BE ENTITLED TO APPLY FOR A 30-DAY CHIPJUICE LICENSE BY TEXPLAINED

     
    2-Day Training Hybrid
    AI and ML for Fraud Detection
    US$ 3,299
    AI and ML for Fraud Detection
    The course will not focus on the mathematics or theory, but on the practical applications: the course will provide a mix of technical and theoretical insights and shows you how to practically implement fraud detection models.Moreover, during the course you will understand how to deal with the typical challenges of the fraud analytics task (e.g., data scarcity and imbalancing) and will get advice from real-life experience to help you prevent making common mistakes in the fraud detection domain.
    3-Day Training Hybrid
    IoT Security Training by TechMaker
    US$ 2,399
    IoT Security Training by TechMaker
    During this two day training we are going to discuss threat model of IoT devices with backend interaction. Our examples are based on STM32 and ESP32 microcontrollers, SDR demonstrations are done with bladeRF 2.0.
    YOU WILL BE USING YOUR HITB BADGE AS AN IOT HACKING DOLL AND YOU’LL BE ABLE TO PUMP YOUR SKILLS BY SOLVING OVER A DOZEN SPECIALLY CRAFTED CTF-LIKE CHALLENGES!
    2-Day Training Hybrid
    Sensepost: Hands-On Hacking Fundamentals
    US$ 2,299
    Sensepost: Hands-On Hacking Fundamentals
    This is an introductory course for those starting the journey into penetration testing or those working in environments where understanding how hackers think and the tools, tactics and techniques they use are of essence. The course presents the background information, technical skills and basic concepts required to those desiring a foundation in the world of information security. By the end of the course, you will have a good grasp of how vulnerabilities and exploits work, how attackers think about networks and systems and have compromised several of them, from infrastructure, web applications to Wi-Fi.

    INCLUDES IN-TRAINING ACCESS TO YOUR OWN INDIVIDUAL LAB, POST-TRAINING SUPPORT, AND CREDENTIALS TO SENSEPOST’S WEB CLASS PORTAL CONTAINING SLIDES, WALKTHROUGHS AND TOOLS!

    2-Day Training In-person
    SensePost: Unplugged: Modern WiFi Hacking
    US$ 4,299
    SensePost: Unplugged: Modern WiFi Hacking
    If you want to learn how to understand and compromise WiFi networks, this is your course. If you want to really understand what’s going on and master WiFi attacks in such a way that you can vary them when you encounter real world complexities, this course will teach you what you need to know. This course is highly practical, with concepts taught through theory delivered while your hands are on the keyboard, and semi-self-directed practicals at the end of each section to reinforce the learning.

    INCLUDES IN-TRAINING ACCESS TO YOUR OWN INDIVIDUAL LAB, POST-TRAINING SUPPORT, AND CREDENTIALS TO SENSEPOST’S WEB CLASS PORTAL CONTAINING SLIDES, WALKTHROUGHS AND TOOLS!

    2-Day Training Virtual
    SensePost: Web Application Hacking
    US$ 2,299
    SensePost: Web Application Hacking
    This course will teach you how to analyse web applications for vulnerabilities and exploit them. SensePost has been conducting penetration tests against web applications for nearly two decades and has distilled their approach into this course. Providing a thorough and scientific approach, techniques to maximise coverage of an application will be taught. Whether you're a developer looking to better understand how to defend your applications or a penetration tester looking to enhance your web application bug hunting, this course is for you.

    INCLUDES IN-TRAINING ACCESS TO YOUR OWN INDIVIDUAL LAB, POST-TRAINING SUPPORT, AND CREDENTIALS TO SENSEPOST’S WEB CLASS PORTAL CONTAINING SLIDES, WALKTHROUGHS AND TOOLS!

    2-Day Training In-person
    In & Out – COMBO Attack, Detection & Hunting with PurpleLabs
    US$ 4,299
    In & Out – COMBO Attack, Detection & Hunting with PurpleLabs
    Participants will thoroughly familiarize themselves with the content of the available Sigma detection rules and their structure, better understand the essence of offensive actions, learn the low-level relationships between data sources, and thus achieve knowledge in creating their own detection rules (and eventually bypassing them).
    4-Day Training Hybrid
    Applied Data Science and Machine Learning for Cyber Security
    US$ 3,299
    Applied Data Science and Machine Learning for Cyber Security
    This interactive course will teach security professionals how to use data science techniques to quickly manipulate and analyze network and security data and ultimately uncover valuable insights from this data.

    WITH POST-TRAINING 30-DAY SUPPORT BY THE INSTRUCTOR
    3-Day Training Virtual
    Car Hacking Training: Automotive Cybersecurity and In-Vehicle Networks for Beginners
    US$ 2,299
    Car Hacking Training: Automotive Cybersecurity and In-Vehicle Networks for Beginners
    This training introduces the learner to the world of automotive security and car hacking, and gives an opportunity to learn about in-vehicle networks - the nervous system of a vehicle - hands-on. Students will learn the fundamentals of in-vehicle networking, the most common technologies used, and how to use a CAN bus using accessible hardware and software available to anyone for further research and education. With automotive security becoming a legal requirement in more and more countries, there is no better time to begin learning how to hack (and of course, defend) a vehicle!
    2-Day Training In-person
    Software Deobfuscation Techniques
    US$ 3,299
    Software Deobfuscation Techniques
    This class is intended for students who have basic experience in reverse engineering and have to deal with obfuscated code. Furthermore, the course is also interesting for experienced reverse engineers who aim to deepen their understanding in program analysis techniques and code (de)obfuscation.
    3-Day Training Virtual
    Red Team Exercises for IoT Security
    US$ 2,299
    Red Team Exercises for IoT Security
    This course will explain the concept and architecture of IoT devices, and then jump into legit “in the wild” / real hacking techniques and analysis used against real targets.  We will also review the real world exploit, as a framework for how these security issues start through development, so that students can get a glimpse of the world of IoT security.
    2-Day Training Virtual
    Defending Enterprises
    US$ 2,299
    Defending Enterprises
    New for 2021, in.security's 2-day Defending Enterprises training is the natural counterpart to their popular Hacking Enterprises course. From SIEM monitoring, alerting and threat hunting, you’ll play a SOC analyst in their cloud-based lab and try to rapidly locate IOA’s and IOC’s from an enterprise breach. You’ll use a combination of Microsoft Azure Sentinel and Elastic platforms to perform practical exercises. In each instance, filters and/or expressions will be supplied for both platforms (where applicable).

    14-DAYS FREE LAB TIME AFTER CLASS AND DISCORD SUPPORT
    2-Day Training Virtual
    Finding Vulnerabilities in Java Code for Defenders and Attackers for JVM and Android
    US$ 2,299
    Finding Vulnerabilities in Java Code for Defenders and Attackers for JVM and Android
    Keeping software free of vulnerabilities is a cat-and-mouse game, because of the multiple layers where security bugs can hide within the software stack of an application. Therefore we show techniques to discover bugs in both, source code, bytecode and native code, as needed in real life.
    2-Day Training In-person
    Black Belt Pentesting / Bug Hunting Millionaire: Mastering Web Attacks with Full-Stack Exploitation
    US$ 2,299
    Black Belt Pentesting / Bug Hunting Millionaire: Mastering Web Attacks with Full-Stack Exploitation
    Modern web applications are complex and it’s all about full-stack nowadays. That’s why you need to dive into full-stack exploitation if you want to master web attacks and maximize your payouts. Say ‘No’ to classical web application hacking. Join this unique hands-on training and become a full‑stack exploitation master.

    COMES WITH FREE ACCESS TO DAWID CZAGAN'S 6x ONLINE COURSES:

    • “Start Hacking and Making Money Today at HackerOne”
    • “Keep Hacking and Making Money at HackerOne”
    • “Case Studies of Award-Winning XSS Attacks: Part 1”
    • “Case Studies of Award-Winning XSS Attacks: Part 2”
    • “DOUBLE Your Web Hacking Rewards with Fuzzing”
    • “How Web Hackers Make BIG MONEY: Remote Code Execution”
     
    2-Day Training Virtual
    Malicious Document Analysis
    US$ 2,299
    Malicious Document Analysis
    This course explains through practical and real examples how to analyze malicious documents, which are the main vector of infection by malware in the current days and, different of the common intuition, can be very hard to analyze. During the class, students will learn how to perform static and dynamic analysis of different types of documents such as pdf, doc/docx, xls/xlsx, rtf, msi, and so on, which adversaries use many anti-forensic tricks such as obfuscated shellcodes, embedded documents, obfuscated scripts, and many other tactics.
    2-Day Training Virtual
    Rust Security Audit and Fuzzing
    US$ 3,299
    Rust Security Audit and Fuzzing
    This course will give you all the prerequisites to understand which kind of vulnerability can be found inside Rust code. You will learn how to find low hanging fruits bugs manually and automatically using Rust auditing tools. Finally, you will discover how to build custom Rust fuzzers, triage/debug crashes and improve your code coverage using different techniques. This training offers participants multiple hands-on exercises allowing them to internalize concepts and techniques taught in class.
    3-Day Training In-person
    The Art of Kleptography: Practical Backdoor Hiding Techniques in Public Key Cryptosystems
    US$ 2,299
    The Art of Kleptography: Practical Backdoor Hiding Techniques in Public Key Cryptosystems
    This course explains through practical and real examples how to identify and hide backdoors in asymmetric cryptographic protocols using modified random number generators. This class is focusing on practical examples and real life case studies. During the course we will analyze and implement fully undetectable and indistinguishable backdoors in common applications such as SSH, HTTPS, PGP and VPN.
    2-Day Training Hybrid
    Abusing Active Directory
    US$ 2,299
    Abusing Active Directory
    In this course we introduce common Active Directory misconfigurations, what their root cause is and how they can be abused. The course focuses on abusing real life misconfigurations and steers away from the traditional penetration testing tools and methodologies.
    2-Day Training Hybrid
    Advanced Fuzzing and Crash Analysis
    US$ 4,299
    Advanced Fuzzing and Crash Analysis
    This class is designed to introduce students to the best tools and technology available for automating vulnerability discovery and crash triage with a focus on delivering a practical approach to finding vulnerabilities in real world targets.
    4-Day Training Virtual
    Linux Heap Exploitation
    US$ 4,299
    Linux Heap Exploitation
    This 4-day course will give an in depth examination of a variety of current heap allocators in the context of exploit development, including glibc’s ptmalloc2, Chrome’s PartitionAlloc, JEMalloc, TCMalloc, and embedded allocators such as avr-libc, newlib, or dietlibc, and those used in Linux Docker images such musl and uClibc.  
    4-Day Training Virtual
    TEEPwn: Breaking TEEs by Experience
    US$ 4,299
    TEEPwn: Breaking TEEs by Experience
    The TEEPwn experience takes an offensive perspective and dives into the darker corners of TEE security. It is designed with a system-level approach, where you will experience exploitation of powerful vulnerabilities specific for TEE technology. Moreover, it’s hands-on, well-guided and driven by an exciting jeopardy-style game format.
    4-Day Training Hybrid
    A Practical Approach To Malware Analysis, Hunting And Memory Forensics
    US$ 3,299
    A Practical Approach To Malware Analysis, Hunting And Memory Forensics
    This hands-on training teaches concepts, techniques and tools to understand the behavior and characteristics of malware by combining two powerful techniques, malware analysis and memory forensics. This course will introduce attendees to basics of malware analysis,reverse engineering, Windows internals and memory forensics, it then gradually progresses deep into more advanced concepts of memory forensics.
    3-Day Training Virtual