Offensive cyber security training

Hone your hacker skills with these hands on lab based training courses. Learn the skills, tools and techniques used by security researchers to identify and exploit vulnerabilities in software. The trainings suit attendees from wide range of skills and software knowledge within the IT industry as the courses focus on the fundamental methodology behind skills like source code review, fuzzing and exploit writing rather than focussing on specific software to achieve the task.

The courses use known vulnerabilites in various open source software to illustrate how these vulnerabilities can be identified and exploited. Trainings classroom based and are usually offered at security conferences, however private sessions can be arranged. Use the contact form below for corporate or group training enquires.

Trainers

Eldar "Wireghoul" Marcussen

Eldar is a lead security researcher with DarkMatter. He has worked closely with Bugcrowd in the past and was a recipient of the first CVE 10K candidate numbers.

In addition to finding vulnerabilities he contributes to and maintain several open source projects in his spare time aimed at web application security and penetration testing. These include graudit, doona, lbmap, dotdotpwn, nikto and more.

Courses

Bughunting bootcamp

This intense two day, lab based, course will teach you the skills to find new security bugs, evaluate the root cause, assess impact and write exploits to prove the existence of vulnerabilities in applications. The course will cover both manual and automated vulnerability hunting in web applications, source code and compiled binaries.

Additionally we will cover how to chain bugs together to achieve unauthenticated remote code execution, vendor notification, vulnerability disclosure and how to obtain a CVE. The training prioritizes real world vulnerabilities across several languages.

Detailed Outline

Students will learn how to identify and exploit common security vulnerabilities in open and closed source software.

Attendees will be provided

The course is aimed at beginners and security professionals alike, with a variety of targets to practice bug hunting skills, so the attendee will find something suitable for their skill level. Students are expected to be somewhat familiar with the Linux command line as well as OWASP Top 10 & CWE-25. Basic scripting knowledge is recommended, but not required.

Attendees must bring a laptop capable of running a virtual machine (vmware player, workstation or virtualbox) in order to complete this course

Contact

Please use the form below for enquires regarding training.