Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Black Hat USA
July 31 - August 5, 2021
Las Vegas, NV, USA
SecTor
November 4 - October 30, 2021
Toronto, ON, Canada
Black Hat Europe
November 8-11, 2021
Virtual Event
3/8/2019
11:00 AM
Black Hat Staff
Black Hat Staff
Event Updates
50%
50%

Sign Up Now for Practical, Hands-On Training at Black Hat Asia

These multi-day Trainings provide excellent hands-on technical skill-building opportunities, but you have to act fast -- many are almost sold out.

With just weeks to go until Black Hat Asia kicks off in Singapore, organizers want to quickly remind you that you can still sign up for two and four-day Training sessions -- but you have to hurry, because many are almost sold out.

Often designed exclusively for Black Hat, these multi-day Trainings provide hands-on technical skill-building opportunities, making them a great way to efficiently level up your skillset under the tutelage of top security experts.

Pentesting Industrial Control Systems”, for example, is a 2-day Training that will teach you everything you need to start pentesting industrial control networks. You’ll cover the basics to help you understand the most common ICS vulnerabilities, then spend some time learning and exploiting Windows & Active Directory weaknesses (as most ICS are controlled by Windows systems).

The Training will end with a challenging hands-on exercise: A capture-the-flag challenge in which you capture a real flag! Using your newly acquired skills, you will try to compromise a Windows Active Directory, then pivot to an ICS setup to take control of a model train and robotic arms.

Tactical OSINT For Pentesters” is another promising 2-Day Training that will help you become a better pentester by teaching you how to effectively reconnoiter a target using open-source intelligence (OSINT).

Covering critical topics like attack surface mapping, employee profiling, and identifying hidden injection points, this Training aims to help you effectively protect clients against the latest threats. You’ll be provided with a framework to manage and prioritize all the data collected during the course, as well as private lab access for one month so you can practice what you learned. Don’t miss it!

If you’re looking for something a bit more advanced, consider “Advanced Infrastructure Hacking - 2019 Edition”, a fast-paced 2-Day Training that covers a wide variety of neat, new and ridiculous techniques to compromise modern operating systems and networking devices.

This is a condensed and streamlined version of a 4-Day Training, and to fit the entire training material within 2 days, some of the exercises have been replaced by demos shown by the instructor. It offers a lot of practical, hands-on learning. Plus,  students will receive a free month of lab access to practice each exercise after the class.

While most of the 4-Day Trainings at Black Hat Asia are now sold out, there’s still a little room left to sign up for “Adversary Tactics- Red Team Ops,” an intense course that will walk you through how to perform Red Team operations and defend against modern threats.

You’ll be immersed in a simulated enterprise environment, with multiple domains, up-to-date and patched operating systems, modern defenses, and active network defenders responding to Red Team activities. You’ll also learn about all phases of a Red Team engagement in depth: advanced attack infrastructure setup and maintenance, user profiling and phishing, advanced Kerberos attacks, data mining, and exfiltration. Sign up quick -- only a few spaces remain!

Black Hat Asia returns to the Marina Bay Sands in Singapore March 26-29, 2019. For more information on what's happening at the event and how to register, check out the Black Hat website.

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
Commentary
Cyberattacks Are Tailored to Employees ... Why Isn't Security Training?
Tim Sadler, CEO and co-founder of Tessian,  6/17/2021
Edge-DRsplash-10-edge-articles
7 Powerful Cybersecurity Skills the Energy Sector Needs Most
Pam Baker, Contributing Writer,  6/22/2021
News
Microsoft Disrupts Large-Scale BEC Campaign Across Web Services
Kelly Sheridan, Staff Editor, Dark Reading,  6/15/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-35210
PUBLISHED: 2021-06-23
Contao 4.5.x through 4.9.x before 4.9.16, and 4.10.x through 4.11.x before 4.11.5, allows XSS. It is possible to inject code into the tl_log table that will be executed in the browser when the system log is called in the back end.
CVE-2021-27649
PUBLISHED: 2021-06-23
Use after free vulnerability in file transfer protocol component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2021-29084
PUBLISHED: 2021-06-23
Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in Security Advisor report management component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2021-29085
PUBLISHED: 2021-06-23
Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in file sharing management component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2021-29086
PUBLISHED: 2021-06-23
Exposure of sensitive information to an unauthorized actor vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to obtain sensitive information via unspecified vectors.