Penetration Testing Training Day Northampton

20th June 2015

The University of Northampton invited us to return for a second year to run our successful penetration testing training day and this year proved successful again. Based on feedback from last year we adjusted our talks and labs to provide a varied day covering both Linux and Windows systems.

Files for Download




Show full event description

Penetration Testing Training Day Northampton

 

The University of Northampton invited us to return for a second year to run our successful penetration testing training day and this year proved successful again. Based on feedback from last year we adjusted our talks and labs to provide a varied day covering both Linux and Windows systems.

Our chair, Sarith Chandra, opened the day with a brief talk on the methodology and careers in the penetration testing industry and reminded attendees to only test systems they owned or had (written) permission to work on. The tools we use are "dual purpose", being used for both "good and evil", so it's vital to remember to remain legal, no matter the temptations.

Next followed a talk on how to enumerate and investigate the network we're testing, starting by explaining our scenario: a company has been bought out by a larger corporation and a security audit will be performed. Attendees assumed the role of penetration testers contracted by the existing Network Manager to find and fix the problems before the official audit.

For some attendees this was their first experience of the Kali Linux security distribution so time was taken to provide a brief tour and showing some key differences between Linux and Windows. By the end of this session attendees had a mental map of the network, built using tools such as ping, Nmap and Wireshark.

Once the enumeration phase was complete, Cristian took the delegates through the processes needed to obtain control over the system being investigated. Continuing in the Kali Linux environment attendees were shown how to exploit vulnerabilities using the Metasploit Framework. Cristian also provided a brief explanation of how some exploits work.

We finished the day with a "free for all", allowing delegates to experiment with tools they'd used earlier in the day to investigate additional virtual machines. It was encouraging to see some attendees gained administrative access to these new assets.

Overall the event received positive feedback and it was fantastic to engage with those interested in the Information Security field.


Date: Tuesday 20 June 2015
Time: Registration 09:20 for 09:30 start
End 18:00 approx
Venue: BCS Northampton (map and directions)
Cost: Free Event

About our Speakers




Back to Top