SecTor 2013 Registration is Live!
Registration for our 2013 show is live. Standard rate is now in effect. Register now, tickets are limited!
2013 Call for Speakers OPEN!
The first round Call for Speakers is now OPEN! Submit your talk now for early consideration.
2012 Videos Posted!
The Sessions for SecTor 2012 are now available for viewing.
This training, led by experts from Sentry Metrics, will teach you penetration testing essentials using Metasploit Professional. This hands-on training is the perfect for Security professionals within an organization responsible for performing vulnerability and controls validation and/or penetration testing.
In this session, attendees will learn important techniques for preparation, execution, and reporting of real-life penetration testing and validation of vulnerabilities and controls against network infrastructure, web applications, as well as conducting targeted social engineering campaigns.
Attendees should have experience with Windows or Linux Operating System, some understanding of vulnerability management, and basic knowledge of penetration testing concepts.
As an added bonus, Rapid7 and Sentry Metrics will be giving a one-year Metasploit Pro license to one lucky attendee!
|09:00 - 09:30||Welcome, Introduction, Installing & Configuring Metasploit Pro|
|9:30 - 10:00||Pre-Audit Reconnaissance - gather information before the penetration test, including intelligence gathering and development of attack plans.|
|10:00 - 10:15||Active Network Scanning - asset enumeration and importing vulnerability scan results.|
|10:15 - 10:30||Break|
|10:30 - 11:15||Gaining Access - using targeted exploits, automated exploitation, and brute-force attacks to gain system access.|
|11:15 - 12:00||Maintaining Access and Privilege Escalation - exploit client-side systems and learn privilege elevation techniques for local system access, persistence, and creation of backdoor accounts.|
|12:00 - 13:00||Lunch|
|13:00 - 14:30||Abusing Trust Relationships - extend your attack across the network with pivoting, token impersonation, pass-the-hash, and credential dumping methods.|
|14:30 - 14:45||Break|
|14:45 - 15:15||Post-exploitation Reporting - present results with basic and advanced progress, results, and gathered evidence reporting.|
|15:15 - 16:00||Social Engineering - exercise drive-by attacks and spear phishing, to test user awareness and the effectiveness of internal security education efforts.|
|16:00 - 16:30||Advanced Techniques - using the Metasploit Pro console, generating payloads manually, and integrating with other penetration testing tools.|