Workshop 9 - Pentest Kungfu 2018
|Speaker:||Mr. Anthony Lai||
|HKPC Building, 78 Tat Chee Avenue, Kowloon, Hong Kong|
|Date:||4 - 5 Oct 2018 (2 days)||
|09:30 - 17:00|
||HK$6,600 (Early Bird: HK$6,400)|
|Member Fee for Organizer/Supporting Organization||HK$6,400 (Early Bird: HK$6,200)|
Medium of Instruction
Cantonese with handout in English
Nature & Objectives
Penetration test (pentest) is used to uncover the vulnerabilities of the system and the tester can carry out further exploitation to see whether he/she could gain any confidential information and restricted access.
During the workshop, students will work in groups to dig out vulnerabilities and report their findings. Participants are required to complete assigned mission through hands-on exploration and creative thinking.
We will use BackTrack which is a free live CD with various penetration test tools to carry out all the hands-on exercises.
Hands-on missions to experience to real-world penetration test techniques.
Penetration test process
- Penetration test framework, process, methodology and ethics
- OWASP Top 10 vulnerabilities reload
- Common vulnerabilities and misconfiguration of web application and network
- Web application and network penetration test as well as Scripting kungfu
- Get to know a vulnerability
- Further Attack: Metasploit - An exploit framework and post-exploitation with Meterpreter scripting
- We will discuss over more scripting stuff in Python, NMap Script Engine and Meterpreter Scripting
Who Should Attend
- Basic Linux and Win32 commands
- Basic knowledge in TCP/IP and networking concepts
- Programming and scripting experience but not mandatory
- Interested in offensive techniques to dig some flaws out
- Anyone with an interest in penetration testing
- IT auditors, system administrator, software developers
Requirement for Participant
Each participant is required to bring a laptop with Kali Linux VM 64 bit installed, and power cord. Participants must complete the installation of Kali Linux VM 64 bit(Version 2018.2) in Vmware Player or VirtualBox before the workshop.
Mr. Anthony Lai
Valkyrie-X Security Research Group (VXRL)
Researcher, Valkyrie-X Security Research Group (VXRL)
Anthony Lai who has hybrid experience in application development, code security, penetration test, threat analysis and audit areas for 14 years. He has done vulnerability assessment, penetration, IT audit and training for government and various corporates. He is now a lead consultant and threat advisor of several MNCs. He acts as a researcher in Knownsec for Web security.
Anthony has spoken in Blackhat USA 2010, DEFCON 18-20, AVTokyo 2011-2012, 2013.5, HITCON 2010-2011 as well as Codegate 2011. He has set up a security research group called VXRL (www.vxrl.org) in Hong Kong, which connects various whitehats and security researchers.
He is a SANS GWAPT, GREM and GCFA holder.