NCC Group will be presenting 4 different training courses at Black Hat USA 2021. Below you will find high level details about each course, as well as a link to a detailed course description and course registration details on the Black Hat website. Join us!
Containers and container orchestration platforms such as Kubernetes have become a common feature of company’s IT platforms, but how do they really work and how can you attack or secure them?
This course takes a deep dive into the world of Linux containers, covering fundamental technologies and practical approaches to attacking and defending container-based systems such as Docker and Kubernetes.
In the 2021 Blackhat Edition of the course we’ve enhanced our core content with the latest in attack and defence from the container world based on the expertise of NCC’s Container Orchestration Security Services Team.
While security awareness and collective experience regarding the Cloud has been steadily improving, one common difficulty is applying theoretical knowledge to real-life scenarios. This training’s goal is to help attendees bridge this gap by understanding how conventional technologies integrate with Cloud solutions. The training is scenario-based and focusses on applied exercises.
Attendees will experience first-hand how security vectors that exist in such ecosystems present opportunities for abuse. Throughout the training, we will also cover detection and mitigation of the attacks covered in the course.
The training is structured as a sequence of scenarios, which mix theory and practical exercises. The theory is imparted gradually, and attendees are be given time to think for themselves and work through the exercises.
Offensive Cloud Security
Secure Coding Training in C and C++ is a four-day course that provides a detailed explanation of common programming errors in C and C++ and describes how these errors can lead to code that is vulnerable to exploitation. This course concentrates on security issues intrinsic to the C and C++ programming languages and associated libraries.
Bad Active Directory (BAD) is a beginner-to-intermediate level training for hacking Windows Active Directory. The hands-on CTF-like exercises we offer aim to simulate real traffic, and the challenges are deployed in AWS. By presenting a realistic exploit chain (minus covert techniques), users will learn about various types of vulnerabilities within an Active Directory environment and how to exploit them, employing different tools and tricks to pivot across machines towards achieving the privileges of Domain Admin.
This training consists of four lab modules based on real attacks we’ve performed on client environments, and each lab would imitate how modern networks look. Each attendee will have access to their own environment, credentials for which will be distributed via a web application. Within each environment, there would be two test machines (a linux host, and a windows host), which the attendees can use to perform the test. All required tools will be pre-installed.