Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Black Hat USA
July 31 - August 5, 2021
Las Vegas, NV, USA
SecTor
November 4 - October 30, 2021
Toronto, ON, Canada
Black Hat Europe
November 8-11, 2021
Virtual Event
3/8/2019
11:00 AM
Black Hat Staff
Black Hat Staff
Event Updates
50%
50%

Sign Up Now for Practical, Hands-On Training at Black Hat Asia

These multi-day Trainings provide excellent hands-on technical skill-building opportunities, but you have to act fast -- many are almost sold out.

With just weeks to go until Black Hat Asia kicks off in Singapore, organizers want to quickly remind you that you can still sign up for two and four-day Training sessions -- but you have to hurry, because many are almost sold out.

Often designed exclusively for Black Hat, these multi-day Trainings provide hands-on technical skill-building opportunities, making them a great way to efficiently level up your skillset under the tutelage of top security experts.

Pentesting Industrial Control Systems”, for example, is a 2-day Training that will teach you everything you need to start pentesting industrial control networks. You’ll cover the basics to help you understand the most common ICS vulnerabilities, then spend some time learning and exploiting Windows & Active Directory weaknesses (as most ICS are controlled by Windows systems).

The Training will end with a challenging hands-on exercise: A capture-the-flag challenge in which you capture a real flag! Using your newly acquired skills, you will try to compromise a Windows Active Directory, then pivot to an ICS setup to take control of a model train and robotic arms.

Tactical OSINT For Pentesters” is another promising 2-Day Training that will help you become a better pentester by teaching you how to effectively reconnoiter a target using open-source intelligence (OSINT).

Covering critical topics like attack surface mapping, employee profiling, and identifying hidden injection points, this Training aims to help you effectively protect clients against the latest threats. You’ll be provided with a framework to manage and prioritize all the data collected during the course, as well as private lab access for one month so you can practice what you learned. Don’t miss it!

If you’re looking for something a bit more advanced, consider “Advanced Infrastructure Hacking - 2019 Edition”, a fast-paced 2-Day Training that covers a wide variety of neat, new and ridiculous techniques to compromise modern operating systems and networking devices.

This is a condensed and streamlined version of a 4-Day Training, and to fit the entire training material within 2 days, some of the exercises have been replaced by demos shown by the instructor. It offers a lot of practical, hands-on learning. Plus,  students will receive a free month of lab access to practice each exercise after the class.

While most of the 4-Day Trainings at Black Hat Asia are now sold out, there’s still a little room left to sign up for “Adversary Tactics- Red Team Ops,” an intense course that will walk you through how to perform Red Team operations and defend against modern threats.

You’ll be immersed in a simulated enterprise environment, with multiple domains, up-to-date and patched operating systems, modern defenses, and active network defenders responding to Red Team activities. You’ll also learn about all phases of a Red Team engagement in depth: advanced attack infrastructure setup and maintenance, user profiling and phishing, advanced Kerberos attacks, data mining, and exfiltration. Sign up quick -- only a few spaces remain!

Black Hat Asia returns to the Marina Bay Sands in Singapore March 26-29, 2019. For more information on what's happening at the event and how to register, check out the Black Hat website.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Enterprise Cybersecurity Plans in a Post-Pandemic World
Download the Enterprise Cybersecurity Plans in a Post-Pandemic World report to understand how security leaders are maintaining pace with pandemic-related challenges, and where there is room for improvement.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-38300
PUBLISHED: 2021-09-20
arch/mips/net/bpf_jit.c in the Linux kernel through 5.14.6 can generate undesirable machine code when transforming unprivileged cBPF programs, allowing execution of arbitrary code within the kernel context. This occurs because conditional branches can exceed the 128 KB limit of the MIPS architecture...
CVE-2021-40690
PUBLISHED: 2021-09-19
All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract...
CVE-2021-41073
PUBLISHED: 2021-09-19
loop_rw_iter in fs/io_uring.c in the Linux kernel through 5.14.6 allows local users to gain privileges by using IORING_OP_PROVIDE_BUFFERS to trigger a free of a kernel buffer, as demonstrated by using /proc/<pid>/maps for exploitation.
CVE-2021-23441
PUBLISHED: 2021-09-19
All versions of package com.jsoniter:jsoniter are vulnerable to Deserialization of Untrusted Data via malicious JSON strings. This may lead to a Denial of Service, and in certain cases, code execution.
CVE-2021-41393
PUBLISHED: 2021-09-18
Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x before 7.1.1 allows forgery of SSH host certificates in some situations.