Offensive cyber security training

Hone your cyber security skills with these hands-on, lab based, training courses. Learn the skills and knowledge of tools and techniques used by bug hunters, penetration testers and security researchers to identify and exploit vulnerabilities in software. The trainings suit attendees from wide range of skills and software knowledge within the IT industry as the courses focus on the fundamental methodology behind skills like source code review, fuzzing and exploit writing rather than focussing on specific software to achieve the task.

The courses use known vulnerabilites in various software to illustrate how these vulnerabilities can be identified and exploited. Trainings are classroom based and usually offered at security conferences (see schedule), however private sessions can be arranged. Use the contact form below for corporate or group training enquires.

Trainer

Eldar "Wireghoul" Marcussen

Eldar is a lead security researcher and penetration tester. He is a long time bug hunter with a large number of published advisories, exploits and conference presentations at leading security conferences all over the world. He was a recipient of the first CVE 10K candidate numbers.

In addition to finding vulnerabilities he contributes to and maintain several open source projects in his spare time aimed at web application security and penetration testing. These include graudit, doona, lbmap, dotdotpwn, nikto and more. His tools and research are featured in most security oriented linux distros as well as many industry leading books.

Courses

Bughunting bootcamp - 2 Day training

This intense two day, lab based, course will teach you the skills to find new security bugs, evaluate the root cause, assess impact and write exploits to prove the existence of vulnerabilities in applications. The course will cover both manual and automated vulnerability hunting in web applications, source code and compiled binaries.

Additionally we will cover how to chain bugs together to achieve unauthenticated remote code execution, vendor notification, vulnerability disclosure and how to obtain a CVE. The training prioritizes real world vulnerabilities across several languages.

Detailed Outline

Students will learn how to identify and exploit common security vulnerabilities in open and closed source software.

Attendees will be provided

The course is aimed at beginners and security professionals alike, with a variety of targets to practice bug hunting skills, so the attendee will find something suitable for their skill level. Students are expected to be somewhat familiar with the Linux command line as well as OWASP Top 10 & CWE-25. Basic scripting knowledge is recommended, but not required.

Attendees must bring a laptop capable of running a virtual machine (virtualbox) in order to complete this course

 

Bughunting bootcamp - 3 Day training

This intense three day, lab based, course will teach you the skills to find new security bugs, evaluate the root cause, assess impact and write exploits to prove the existence of vulnerabilities in applications. The course will cover both manual and automated vulnerability hunting in web applications, source code, embeded systems, firmware and compiled binaries.

Additionally we will cover how to chain bugs together to achieve unauthenticated remote code execution, vendor notification, vulnerability disclosure and how to obtain a CVE. The training prioritizes real world vulnerabilities across several languages.

Detailed Outline

Students will learn how to identify and exploit common security vulnerabilities in open and closed source software.

Attendees will be provided

The course is aimed at beginners and security professionals alike, with a variety of targets to practice bug hunting skills, so the attendee will find something suitable for their skill level. Students are expected to be somewhat familiar with the Linux command line as well as OWASP Top 10 & CWE-25. Basic scripting knowledge is recommended, but not required.

Attendees must bring a laptop capable of running a virtual machine (virtualbox) in order to complete this course

Testimonials

I've attended this before and it was top-notch. I learned some cool technical stuff, but more importantly evolved the way I thought about hunting bugs. Highly recommended!

Just finished @wireghoul's Bug Hunting Bootcamp. Great training. Had lots of fun, learned some new tricks. A++++ seller, would buy again.

Training with @wireghoul started to clear a lot of cobwebs formed over the last year with his excellent bug hunting training

Thanks for your fantastic Bug Hunting Bootcamp training @wireghoul - highly recommended! 🦄🦄🦄

Thanks for a fun and educational 2 days of bug hunting 0day.

Schedule

2023

2019

Contact

Use the form below for commercial training enquires and group bookings. For individuals wanting training, please see the schedule.