August 7, 2019 - 9:00am to August 8, 2019 - 6:00pm
Connect with AttackIQ at Black Hat 2019. Black Hat is the most technical and relevant global information security event series in the world. For more than 18 years, Black Hat has provided attendees with the very latest in information security research, development, and trends in a strictly vendor-neutral environment.
Join EFF at Black Hat Briefings! Be sure to stop by our information booth in the Business Hall to find out about the latest developments in protecting digital freedom. You can even sign up as an EFF member and pick up some great swag! As in past years, EFF staff attorneys will be present to help support the community. If you have legal concerns regarding an upcoming talk or sensitive InfoSec research that you are conducting at any time, please email [email protected] and we will do our best to get you the help that you need.
![Black Hat 2019 Black Hat 2019](/uploads/1/2/5/5/125533337/857597634.png)
Registration is open! Secure your pass and come see us at #BHUSA 2019! Use code 19eff4 to save $200 off Briefings: https://www.blackhat.com/us-19/registration.html
Check back closer to the event for information on community workshops and other ways to support EFF at Black Hat.
About Black Hat USA
Now in its 22nd year, Black Hat USA is the world's leading information security event, providing attendees with the very latest in research, development and trends. Black Hat USA 2019 opens with four days of technical Trainings (August 3 – 6) followed by the two-day main conference (August 7 – 8) featuring Briefings, Arsenal, Business Hall, and more.
NotSoSecure team will return to Black Hat USA and this year (2019), we will be running the following classes:
Basic Tracks:: Basic Infrastructure Hacking and Basic Web Hacking.
Advanced Tracks:Advanced Infrastructure Hacking and Web Hacking - Progressive Edition.
Advanced Tracks:Advanced Infrastructure Hacking and Web Hacking - Progressive Edition.
Basic/Intermediate Classes
At Black Hat USA 2019, we are running two basic level classes (Basic Infrastructure Hacking and Basic Web Hacking). These classes are designed as an introductory level class to help those who wish to build their Infrastructure and Web hacking skills.
Basic Web Hacking
This class familiarizes the attendees with a wealth of tools and techniques needed to breach the security of web applications. The class starts from the very basic and gradually build up to the level where attendees can not only use the tools and techniques to hack various components involved in web application hacking, but also walk away with a solid understanding of the concepts on which these tools work. The class also covers the industry standards such as OWASP Top 10, PCI DSS and contain numerous real life examples to help the attendees understand the true impact of these vulnerabilities. This class is constantly updated on a regular basis to ensure that the latest exploits and vulnerabilities are available within the hacklab and taught in this course.
Link for Registration:
Weekend Class (3-4 August 2019) : https://www.blackhat.com/us-19/training/schedule/index.html#basic-web-hacking-14048
Weekend Class (3-4 August 2019) : https://www.blackhat.com/us-19/training/schedule/index.html#basic-web-hacking-14048
Basic Infrastructure Hacking
This class familiarizes the attendees with a wealth of hacking tools and techniques. The class starts from the very basic and gradually build up to the level where attendees can not only use the tools and techniques to hack various components involved in infrastructure hacking, but also walk away with a solid understanding of the concepts on which these tools work.
Link for Registration:
Weekend Class (3-4 August 2019): https://www.blackhat.com/us-19/training/schedule/index.html#basic-infrastructure-hacking-14049
Weekday Class (5-6 August 2019): https://www.blackhat.com/us-19/training/schedule/index.html#basic-infrastructure-hacking-140491547069424
Weekend Class (3-4 August 2019): https://www.blackhat.com/us-19/training/schedule/index.html#basic-infrastructure-hacking-14049
Weekday Class (5-6 August 2019): https://www.blackhat.com/us-19/training/schedule/index.html#basic-infrastructure-hacking-140491547069424
Attendees are encouraged to combine Basic Infrastructure Hacking in succession with our Basic Web Hacking class, in a 4 day format for a wider coverage of issues spanning both network and applications.
A short course preview video can be seen here:
Advanced Classes
This year, we have two of our advanced classes available at Black Hat USA: Advanced Infrastructure Hacking and Web Hacking - Progressive Edition. These classes allow you to take your learning to the next level and gain much needed confidence in exploiting networks and web applications.
Advanced Infrastructure Hacking
The advanced class teaches the audience a wealth of hacking techniques to compromise various operating systems, networking devices and everything in between. This 2019 edition of Advanced Infrastructure Hacking course is a complete revamp of our class and covers a wide variety of neat, new and ridiculous techniques to compromise modern Operating Systems and networking devices that include OSINT, hacking with PowerShell, Shell breakouts, NoSQL DB, Docker Breakouts, Applocker Breakouts and many more.
Like past years we will be running a regular pace and a fast pace class as listed below:
Link for Registration:
4 day regular pace class (3-6 August 2019) https://www.blackhat.com/us-19/training/schedule/index.html#advanced-infrastructure-hacking----edition--day-14046
2 day Fast pace class
Weekend (3-4 August 2019) (https://www.blackhat.com/us-19/training/schedule/#advanced-infrastructure-hacking----edition--day-14047 and
Weekday (5-6 August 2019)https://www.blackhat.com/us-19/training/schedule/index.html#advanced-infrastructure-hacking----edition--day-140471547498406
4 day regular pace class (3-6 August 2019) https://www.blackhat.com/us-19/training/schedule/index.html#advanced-infrastructure-hacking----edition--day-14046
2 day Fast pace class
Weekend (3-4 August 2019) (https://www.blackhat.com/us-19/training/schedule/#advanced-infrastructure-hacking----edition--day-14047 and
Weekday (5-6 August 2019)https://www.blackhat.com/us-19/training/schedule/index.html#advanced-infrastructure-hacking----edition--day-140471547498406
Learn advanced techniques to compromise the following:
- Operating systems (Windows, Linux)
- OSINT for launching attacks
- DVCS and CI-CD Server hacks
- Multiple Databases, Web and App servers
- Switch
- Routers
- VLAN
- VoIP
- VPN
- Docker
- Kubernetes
- AWS/Azure/GCP specific attacks
Advanced Infrastructure Hacking Promo Video
Web Hacking - Progressive Edition
Much like the Advanced Infrastructure Hacking class, this class talks about a wealth of hacking techniques to compromise web applications, APIs and associated end-points. This class focus on specific areas of app-sec and on advanced vulnerability identification and exploitation techniques. The class allows attendees to practice some niche and advanced hacks which affected real life products and have found a mention in real bug-bounty programs. The vulnerabilities selected for the class either typically go undetected by modern scanners or the exploitation techniques are not so well known.
We will be running a regular pace and a fast pace class as listed below
We will be running a regular pace and a fast pace class as listed below
Link for Registration:
4 day regular pace Class (3-6 August 2019): https://www.blackhat.com/us-19/training/schedule/index.html#web-hacking---progressive-edition---day-14050
2 day fast pace class
Weekday (5-6 August 2019): https://www.blackhat.com/us-19/training/schedule/index.html#web-hacking---progressive-edition---day-14051
2 day fast pace class
Weekday (5-6 August 2019): https://www.blackhat.com/us-19/training/schedule/index.html#web-hacking---progressive-edition---day-14051
Learn advanced techniques to compromise the following:
- Authentication Bypass
- Logical Bypass / Boundary Conditions
- SAML / OAuth 2.0 / JWT Attacks
- Password Reset Attacks
- Breaking Crypto
- Business Logic Flaws / Authorization flaws
- Advanced SQL Injection
- Remote Code Execution (RCE) IN JAVA/Node/PHP/Rails/Ruby and more
- Server Side Request Forgery (SSRF)
- Unrestricted File Upload
- HTTP Parameter Pollution (HPP)
- A Collection of weird and wonderful XSS and CSRF attacks.
- Attack Chaining
Advanced Web Hacking Promo Video