Select Page

The Art of Hacking: Infrastructure Hacking

Workshop Programme
23 May 2017, Tuesday
Venue: Level 4, Orchid 4202 / 4203, Marina Bay Sands
Key Learning Outcomes:

This is an entry-level Infrastructure, hands-on, lab-based, security and testing class and is a recommended pre-requisite for NotSoSecure’s Advanced Infrastructure Hacking class. This class familiarises the attendees with the basics of network hacking. A number of tools and techniques will be taught during this 3-day class, If you would like to step into the world of Ethical Hacking / Pen Testing this is the right class for you.

Anant ShrivastavaAnant Shrivastava
Regional Director APAC
NotSoSecure UK, USA, India
About your Masterclass Leader:
Anant Shrivastava is an information security professional with nearly 10 years of hacking and teaching experience, with expertise in Mobile, Application and Linux Security. He is Regional Director Asia Pacific for NotSoSecure Global Services and has lead hacking training at some of the worlds top security conferences (BlackHat USA/EU/ASIA, Nullcon, g0s, c0c0n). Anant also leads Open Source project AndroidTamer (www.androidtamer.com) and CodeVigilant (www.codevigilant.com).

Highlights:

  • Introduction into Infrastructure Testing
  • Hands-on, with unique Hack-Lab
  • Part of the IEEE CS Certified “Art of Hacking” program
  • Gain practical experience with the tools that will last you well into the future
  • Learn core Infrastructure techniques
  • Leave with the basis to take your testing knowledge forward into more Advanced Infrastructure topics

Who should attend:

  • System Administrators, SOC Analysts, Penetration Testers, Network Engineers, security enthusiasts and anyone who wants to take their skills to the next level.
9.00am Registration: Infrastructure Basics
9.20am Opening Remarks by Workshop Leader
9.30am Session 1: Networking Basics
Learning / Goals:

  • The ability to use tools to find live services
  • The ability to identify specific services and version details
11.00am Morning Break and Refreshments
11.20am Session 2: Online Password Attacks
Learning / Goals:

  • An understanding on which services can be attacked
  • The ability to use various tools to brute-force various services
  • The ability to customise various settings to specific target requirements
12.50pm Lunch Networking
1.50pm Session 3: Databases
Learning / Goals:

  • To be able to identify ports associated with different databases
  • An understanding and awareness of default database accounts
  • The ability to use various tools to brute-force database accounts
3.20am Afternoon Break and Refreshments
3.40am

Session 4: Metasploit Basics
Learning / Goals:

  • To evidence a basic understanding of working with Metasploit specific commands
  • To understand and evidence when auxiliary, exploit and post modules can be used
  • The ability to identify vulnerabilities within a given target and exploit using a module within the framework
  • To correctly identify the target and select a compatible payload

Password Cracking
Learning / Goals:

  • To be able to identify password hashes
  • An ability to use various tools to crack passwords given a set of hashes
5.30pm End of Workshop Day 1
24 May 2017, Wednesday
Venue: Level 4, Orchid 4202 / 4203, Marina Bay Sands
9.00am Registration: Hacking Unix, Databases & Applications
9.20am Opening Remarks by Workshop Leader
9.30am Session 1: Hacking Unix
Learning / Goals:

  • To have an awareness of current platform specific vulnerabilities
  • The ability to use various tools to exploit target systems after identifying the associated vulnerability
11.00am Morning Break and Refreshments
11.20am Session 2: Hacking Application Servers on Unix
Learning / Goals:

  • To be able to identify ports associated with different application servers
  • An understanding and awareness of default application accounts and functionality
  • To identify vulnerable functionality using various tools
  • To exploit vulnerable functionality using various tools
12.50pm Lunch Networking
1.50pm Session 3: Hacking Third Party CMS Software
Learning / Goals:

  • To be able to identify ports associated with different application servers
  • An understanding and awareness of default application accounts and functionality
3.20am Afternoon Break and Refreshments
3.40am Session 4: Hacking Third Party CMS Software (Cont.)
Learning / Goals:

  • To identify vulnerable functionality using various tools
  • To exploit vulnerable functionality using various tools
5.30pm End of Workshop Day 2
25 May 2017, Thursday
Venue: Level 4, Orchid 4202 / 4203, Marina Bay Sands
9.00am Registration: Hacking Windows
9.20am Opening Remarks by Workshop Leader
9.30am Session 1: Windows Enumeration
Learning / Goals:

  • To be able to identify common ports and services used on Windows systems
  • The ability to use tools to determine the version of Windows on a target
  • To identify the roles of various Windows systems within a network
  • To extract user information from a target system using various tools and techniques
11.00am Morning Break and Refreshments
11.20am Session 2: Client Side Attacks
Learning / Goals:

  • To evidence the main differences between a server side and client side attack
12.50pm Lunch Networking
1.50pm

Session 3: Hacking Application Servers on Windows
Learning / Goals:

  • To be able to identify ports associated with different application servers
  • An understanding and awareness of default application accounts and functionality
  • To identify vulnerable functionality using various tools
  • To exploit vulnerable functionality using various tools

Post Exploitation
Learning / Goals:

  • To identify when a specific Metasploit payload could be advantageous, especially during post exploitation challenges
  • Extract credentials (hashes) using various tools
3.20am Afternoon Break and Refreshments
3.40am Session 4: Hacking Windows Domains
Learning / Goals:

  • Evidence how systems can be accessed without plaintext credentials
  • Extract information from a given target
5.30pm End of Workshop Day 3
Fees & Registration
Registration Fees
The fees entitle you access to the registered workshop, lunches, refreshments and CommunicAsia2017 Exhibition.
Early Bird Rate
(Register & pay by
28 April 2017)
Regular Rate
(Register & pay by
19 May 2017)
Onsite Rate
(20 – 25 May 2017)
Overseas Delegate
(SGD)
Local
Delegate*
(SGD)
Overseas Delegate
(SGD)
Local
Delegate*
(SGD)
Overseas Delegate
(SGD)
Local
Delegate*
(SGD)
3-Day Cybersecurity Hacking Technical Workshop
23 – 25 May 2017
(Non-Members Rate)
$3,000.00 $3,210.00 $3,400.00 $3,638.00 $3,700.00 $3,959.00
3-Day Cybersecurity Hacking Technical Workshop
23 – 25 May 2017
(IEEE / CS Members Rate)
$2,800.00 $2,996.00 $3,200.00 $3,424.00 $3,500.00 $3,745.00

*Includes 7% Goods & Services Tax (GST) for all companies registered in Singapore.

Closing Date for Pre-Conference Registration: 19 May 2017
After this date, please register personally onsite at Marina Bay Sands, Level 4 Foyer from 22 – 25 May 2017.

How to Register?

Fax Download the registration form here.

For multiple registrations, please make copies of the form. Complete the form and submit it via: Fax to : +(65) 6233 6633 or email to elaine.dang@sesallworld.com

Mail SINGAPORE EXHIBITION SERVICES PTE LTD
10 Kallang Avenue, #09-16
Aperia Tower 2,
Singapore 339510
Attention: Elaine Dang, Conference Department
Phone Please direct enquiries to Elaine Dang at +65 6233 6627 or email elaine.dang@sesallworld.com

Payment Modes

  1. Credit card – AMEX / VISA / MASTERCARD
  1. Bank draft / cheque, drawn on a Singapore bank account,made payable to Singapore Exhibition Services Pte Ltd.
  1. Telegraphic transfer made to the account of Singapore Exhibition Services Pte Ltd. Please fax a copy of the payment advice upon arrangement of payment. SGD40 should be added to the total fees to cover bank charges.
    Our banker : Standard Chartered Bank (Singapore) Limited
    Battery Road Branch
    6 Battery Road, #01-01 Singapore 049909
    Account number: 010-060-2565-1
    Swift code : SCBLSG22XXX

Note: Please indicate clearly on your cheque/bank draft/telegraphic transfer that payment is for the CommunicAsia2017 Cybersecurity Hacking Technical Workshop. All bank charges and returned cheque charges must be borne by the delegate.

Please click here to download the PDF registration form.

Cancellations / Substitutions
Substitutions or cancellations should be made in writing before 28 April 2017. Refunds will be subjected to an administrative charge of SGD200 and all bank charges to be borne by the registrant. No refunds will be provided for cancellation or no-show after 28 April 2017.

Additional points to note

  1. A confirmation notice will be sent via email to all registrants only after full payment has been received. Please contact Ms Elaine Dang at elaine.dang@sesallworld.com if you do not receive any confirmation one week prior to the event.
  1. Attendance will only be allowed upon full receipt of payment.
  1. The organiser reserves the right to refuse entry to any delegate as it deems fit.
  1. The organiser will make every attempt to accommodate all registered delegates. However it reserves the right to stop registration before the closing date in the event of a full house. In the event of a full house, the organiser will contact unsuccessful delegates to arrange for a refund of any registration fees that may have been paid.
  1. Should there be a need to cancel the event, the organiser will refund delegates for registration fees paid, and will not be held responsible for any travel and/or accommodation costs incurred.
  1. All visitors must be in proper attire. Those in shorts, bermudas, singlet or slippers will not be allowed entry. The organiser reserves the right to refuse entry to delegates who are not properly dressed.

Do you have any queries?
Please contact the conference team now.

Speaker’s Interview

Exclusive Speaker Interview with Anant Shrivastava, NotSoSecure

Anant Shrivastava is an information security professional with nearly 10 years of hacking and teaching experience, with expertise in Mobile, Application and Linux Security. He is Regional Director Asia Pacific for NotSoSecure Global Services and has lead hacking training at some of the worlds top security conferences (BlackHat USA/EU/ASIA, Nullcon, g0s, c0c0n). Anant also leads Open Source project AndroidTamer (www.androidtamer.com) and CodeVigilant (www.codevigilant.com).


  1. Could you briefly share about your company – NotSoSecure Global Service?

    NotSoSecure Global services is an organization built with a clear goal in mind. We focus only on Penetration Testing and Hacking Training keeping to the true roots of being a boutique specialist firm; practical, to the point, relationship oriented. We provide some of the largest trainings at Blackhat Conferences (US/EU/ASIA) and we also offer customized in-house hands-on training.

  2. When did you start hacking and how did you learn?

    I started out as a system and server administrator. Hacking or information security as I prefer to call it came as a natural extension to the job. During the phase when I was preparing to move to information security roles full time I was also dabbling with development. With both software development and server administration knowledge for past 6-7 years I am fulltime into information security domain. As far as learning is concerned a lot of the learning is on job. However, as I said before having a background in defensive roles and development helped a lot. This field is constantly changing and hence there is no space to stop learning; every single day I learn something new.

  3. Why do you think “The Art of Hacking” skills is important?

    Looking at this from a philosophical angle the world is not a simpler place anymore. Attacks are frequent, exploitation is inevitable, the foes are united and strong. If you know and understand the Art of Hacking you will be in a position to assess the security of your own network / application even before the attacker gets a chance to look at it. Do things right, right from the start. The core idea as Sun Tzu has said long ago is “If you know the enemy and know yourself, you need not fear the result of a hundred battles.”. Hence the Art of Hacking skills are essential for all developers and administrators in order to gain and insight into the what/how of attacks. This would act like a stepping stone, the first speed boost into a career in information security.

  4. What trends are emerging?

    Buzz words wise following are making rounds now a days; IOT, Cloud, AI, machine learning. The trend that I see emerging is the huge burst of connected devices which was never even thought about – there are attack surfaces that are being exposed over internet. Nowadays every household seems to be connected to the Internet one way or the other. These connections are established over technological stacks that may be developed very recently or were not ever tested for security and that is leading to various dubious scenarios. Automation via machines is another angle where both the offensive and defensive side is making progress and we are seeing results emerging every single day.

  5. What can companies do to protect themselves from hackers?

    I will give 3 simple pieces of advice:
    1) Know thy system: You should be aware of what are the systems and services you own, and how people can connect to them. In premise, on Cloud, at your employee’s home. Knowing is half the battle won.
    2) Patch thy System: here I am using the word system loosely to represent hardware, software both. It is important that all systems are kept up to date and securely configured.
    3) Test thy System: “Trust but verify” this principle should be followed when looking at anything from security standpoint. We should trust that we have done a good job but that trust should arrive based on conclusive tests that we periodically perform.

  6. What would you advise your peers about attending “The Art of Hacking” workshop?

    The Art of Hacking workshop is designed with beginners in mind; you start your journey into the world of hacking and try to understand how various pieces of puzzle fit together. We have taken a practical hands-on approach with this course and hence every single day you are not just learning but also experiencing and practicing various scenarios on how to deal with real life Penetration Testing. All the challenges are build based on real life Penetration Tests that we have performed as part of our daily operations. This class is a good head start for anyone to jump into the world of penetration testing. The class is equally useful for software developers, system administrator’s, DevOps or DevSecOps practitioners as this will give them a glimpse of how things operate from an adversarial point of view. As I suggested earlier, trust but verify and this class gives a head start on how to verify. More details about the full art of hacking class are available at https://www.notsosecure.com/hackingtraining/the-art-of-hacking/ it includes course overview, a teaser video as well as recommendations for attendees.

Deadline to register: 19 May 2017
(limited seats available)

Register

For registration or other enquiries, please contact elaine.dang@sesallworld.com