Jul 28

Special Evening Webcast on Kismet Newcore Thursday!

On Thursday night at 7pm EDT (4pm PDT) I’ll be giving a special evening webcast called “Budget Wireless Assessment using Kismet-Newcore“. I delivered this content at the SANS Denver conference a few weeks ago, but several people have contacted me complaining that they wanted to get in on the new features Kismet has to offer including plugins, new security framework, the new user interface, integrated graph views and more.

For example, did you know that Kismet Newcore has the ability to apply fine-grained channel hopping controls, allowing you to easily configure Kismet to spend more time on commonly used channels (such as channels 1, 6 and 11)? This allows you to focus the data collection process while not missing any AP’s that might on uncommon channels.

Kismet Newcore Channel Configuation

Kismet Newcore Channel Configuation

The webcast will use the SANS vLive! (formerly @Home) setup based on Elluminate. This software gives me the ability to do live demonstrations during the webcast with a Q+A interface and the ability for viewers to ask questions during the session.

What’s more, attendees will get a 10% discount code off my upcoming Ethical Hacking Wireless course, delivered in manageable 3-hour chunks once a week for 12 weeks, starting September 7th. More information on the Ethical Hacking Wireless vLive! course is available at http://www.sans.org/athome/details.php?nid=19608.

Sign up for the webcast today! https://www.sans.org/webcasts/show.php?webcastid=92713


Jul 11

Wireless Ethical Hacking Training at Home – Discount!

As the author and lead instructor for the SANS Ethical Hacking Wireless course, I teach at several conferences a year and at customer’s sites. Between September 2nd and November 18th, I’ll also be teaching the Ethical Hacking Wireless course through the SANS vLive program. Instead of 6 8-hour days of hardcore wireless security training, we break the course up into 12 sections; 3 hours a night once a week for 12 weeks.

The vLive program is great because you get the benefits of live instructor-lead training but in smaller, more manageable chunks. You also save your employer on travel costs. Best yet? Wireless hacking in your PJ’s on your couch.

The vLive offering is an upgrade over the old @Home system SANS has used before. You still get the demonstrations, exploits and attacks with slides and instructor Q+A, just like at a live conference. Miss a class? No problem! You’ll be able to catch the archived session at any point during the 12-week period.

To celebrate the new system, SANS is offering a 20% discount for a limited time. Visit the SANS website to sign up for SANS Ethical Hacking Wireless with vLive. The 20% discount is available until July 31, so sign-up soon.

As always, please send me a note with any questions. Thanks!


May 10

SANS Introduces “Fuzzing for Bug Discovery”

A few minutes ago I submitted what is hopefully the last set of edits for a new day of training material I wrote titled “Fuzzing for Bug Discovery”. This hands-on day of material joins Steve Sims’ Developing Exploits for Penetration Testers and Security Researchers course.

If you haven’t already checked out Steve’s course, I highly recommend it. In just a few days, he has been turning students into exploit developers, using hands-on labs to reinforce focused training materials. The new day of fuzzing material also gives students training on the tools and techniques for software fault testing using canned and custom fuzzing tools. A quick sampling of topics includes:

  • Why fuzzing is needed for security, and how it can be used by Quality Assurance teams, software developers, vendors and penetration testers
  • Building your attack plan, sources for data collection, testing and monitoring techniques and tools
  • Fuzzing techniques including static test case development, randomized fuzzing, mutation and intelligent mutation fuzzing
  • Fuzzing opportunities and common software developer mistakes to target
  • Effective fuzzing through code coverage analysis using available source or closed binaries
  • In-depth coverage on building custom fuzzers with Sulley

If I had to pick, I’d say the best part of the new day are the lab exercises. In the labs, you’ll use a variety of tools including Taof, Gcov/Lcov, Paimei with Pstalker, IDA Pro with the idapython plugin, the Sulley fuzzing framework and a bunch more. In the labs, you’ll definitely find interesting and useful bugs that, at the end of Steve’s course, you’ll be writing exploits for.

Steve is teaching his Developing Exploits for Penetration Testers and Security Researchers course in several upcoming conferences:

As always, I’m more than happy to any answer questions about this day of material. I’ll also try to answer questions about the entire course, though I may defer you to Steve. In the meantime, check out the description and sample topics. Also, my thanks to Steve for the chance to contribute to his awesome course.