只提供英語版本
We always hear about the term of “Pentest”, what is it about? What is it used for? How do we carry out penetration test against various servers and systems?
In this advanced workshop, we shall share our “Kung Fu” with you such that you can apply the techniques learnt to uncover system vulnerabilities before attackers do.
Course Objectives
Penetration test (pentest) is used to uncover the vulnerabilities of the system and the tester can carry out further exploitation to see whether he/she could gain any confidential information and restricted access.
During the workshop, students will work in groups to dig out vulnerabilities and report their findings. Participants are required to complete assigned mission through hands-on exploration and creative thinking.
We will use BackTrack which is a free live CD with various penetration test tools to carry out all the hands-on exercises.
Hands-on missions experience real-world penetration test techniques.
Course Content
Penetration Test Process
- Penetration test framework, process, methodology and ethics
- OWASP top 10 vulnerabilities reload
- Common vulnerabilities and misconfiguration of web application and network
- Web application and network penetration test as well as Scripting Kungfu
- Get to know a vulnerability
- Further Attack: Metasploit – An exploit framework and post-exploitation with Meterpreter scripting
- More on scripting stuff in Python, NMap Script Engine and Meterpreter Scripting
Prerequisite
- lBasic Linux and Win32 commands
- lBasic knowledge in TCP/IP and networking concepts
- lProgramming and scripting experience but not mandatory
- lInterested in offensive techniques to dig some flaws out
Target Trainees
- Anyone with an interest in penetration testing
- IT auditors, system administrator, software developers
Date
25-26 March 2021
Time
09:30 – 17:00
Venue
1/F, HKPC Building, 78 Tat Chee Avenue, Kowloon, Hong Kong
Medium
Cantonese with English terminology
Fee
Early Bird Price (deadline on 25 February 2021):
– Non-member: HK$6,500 per person
– Member of Organiser/Supporting Organisations: HK$6,400 per person
Regular Price:
– Non-member: HK$6,600 per person
– Member of Organiser/Supporting Organisations: HK$6,500 per person
RTTP Approved Course
This course is an approved Reindustrialisation and Technology Training Programme (RTTP), which offers up to 2/3 course fee reimbursement upon successful applications. For details: https://rttp.vtc.edu.hk.
The application deadline is 11 March 2021. Late submission will NOT be considered.
Certificate of Training
Participants who have attained 75% or more attendance will be awarded Attendance Certificate.
Trainer
Mr Anthony LAI
Founder & Security Researcher, VX Research Limited
Anthony LAI who has hybrid experience in application development, code security, penetration test, threat analysis and audit areas for 14 years. He has done vulnerability assessment, penetration, IT audit and training for government and various corporates. He is now a lead consultant and threat advisor of several MNCs. He acts as a researcher in Knownsec for Web security.
Anthony has spoken in Blackhat USA 2010, DEFCON 18-20, AVTokyo 2011-2012, 2013.5, HITCON 2010-2011 as well as Codegate 2011. He has set up a security research group called VXRL (www.vxrl.org) in Hong Kong, which connects various whitehats and security researchers.
He is a SANS GWAPT, GREM and GCFA holder.