It is found that Javascript is disabled in your browser.
Please enable Javascript, or you cannot get access to Registration page.

   Workshops


 FULL

Workshop 9 - Pentest Kungfu 2018


Speaker: Mr. Anthony Lai

Venue:

HKPC Building, 78 Tat Chee Avenue, Kowloon, Hong Kong
Date: 4 - 5 Oct 2018 (2 days)

Time:

09:30 - 17:00
Non-member Fee
HK$6,600 (Early Bird: HK$6,400)
Member Fee for Organizer/Supporting Organization HK$6,400 (Early Bird: HK$6,200)

Medium of Instruction

Cantonese with handout in English


Nature & Objectives

Penetration test (pentest) is used to uncover the vulnerabilities of the system and the tester can carry out further exploitation to see whether he/she could gain any confidential information and restricted access.

During the workshop, students will work in groups to dig out vulnerabilities and report their findings. Participants are required to complete assigned mission through hands-on exploration and creative thinking.

We will use BackTrack which is a free live CD with various penetration test tools to carry out all the hands-on exercises.

Hands-on missions to experience to real-world penetration test techniques.


Course Outline

Penetration test process

  • Penetration test framework, process, methodology and ethics
  • OWASP Top 10 vulnerabilities reload
  • Common vulnerabilities and misconfiguration of web application and network
  • Web application and network penetration test as well as Scripting kungfu
  • Get to know a vulnerability
  • Further Attack: Metasploit - An exploit framework and post-exploitation with Meterpreter scripting
  • We will discuss over more scripting stuff in Python, NMap Script Engine and Meterpreter Scripting


Who Should Attend

Pre-requisites:

  • Basic Linux and Win32 commands
  • Basic knowledge in TCP/IP and networking concepts
  • Programming and scripting experience but not mandatory
  • Interested in offensive techniques to dig some flaws out

Target audience:

  • Anyone with an interest in penetration testing
  • IT auditors, system administrator, software developers


Requirement for Participant

Each participant is required to bring a laptop with Kali Linux VM 64 bit installed, and power cord. Participants must complete the installation of Kali Linux VM 64 bit(Version 2018.2) in Vmware Player or VirtualBox before the workshop.


Speaker

Mr. Anthony Lai
Researcher
Valkyrie-X Security Research Group (VXRL)

Mr. Anthony Lai | Information Security Summit 2018 | issummit.org align=

Researcher, Valkyrie-X Security Research Group (VXRL)

Anthony Lai who has hybrid experience in application development, code security, penetration test, threat analysis and audit areas for 14 years. He has done vulnerability assessment, penetration, IT audit and training for government and various corporates. He is now a lead consultant and threat advisor of several MNCs. He acts as a researcher in Knownsec for Web security.

Anthony has spoken in Blackhat USA 2010, DEFCON 18-20, AVTokyo 2011-2012, 2013.5, HITCON 2010-2011 as well as Codegate 2011. He has set up a security research group called VXRL (www.vxrl.org) in Hong Kong, which connects various whitehats and security researchers.

He is a SANS GWAPT, GREM and GCFA holder.

Copyright © 2018 Hong Kong Productivity Council. All Rights Reserved.