Joe McCray has been hacking into the Department of Defense, Federal Agencies, Financial Institutions, and other big companies for years – all legally of course. He’s a Penetration Tester, a consultant that hacks into companies in order to test, measure and demonstrate security weaknesses. He helps identify and fix vulnerabilities that could lead to security breaches.
He is frequently sought out as a trainer, people want to know how he consistently bypasses common IT Security mechanisms. Joe has recently developed a course to teach IT and IT Security professionals how hackers break into systems and bypass these common security mechanisms. Although there are many courses on that claim to do this, Joe says, “I developed the Advanced Penetration Testing course because there were too many security courses out there that are written and taught by people that haven’t actually been pentesters. These teachers are reading word for word from old computer security books and teaching the students hacks that are ten years old. That kind of teaching is fine if you just want to introduce someone to our field and raise awareness, but it does nothing to help people working in the DoD, Federal Agencies, Financial Institutions, and other large companies secure critical systems from attack. ”
Advanced Penetration Testing (APT): Pentesting High Security Environments – is a course that focuses on attacking and defending highly secured environments. This course can be taken as either a five-day course, or a two-day workshop at security conferences. This is not a “death by powerpoint” course, and you won’t be attacking unpatched Windows 2000 Servers, or learning a bunch of outdated tools. In APT, you learn how to attack new operating systems such as Windows Vista, Windows 7, Windows Server 2008, and the latest Linux servers. All of these servers will be patched, and hardened, both Network and Host-based IDS/IPS will be in place as well.
The course starts with attacking heavily protected environments from the outside and dealing with things like Load Balancing, Deep Packet Inspection, and Network-Based IDS/IPS. Next attack web applications and deal with common application security measures in PHP/ASP.NET, then Web Application Firewalls. The course moves on to attacking from the LAN, dealing with NAC, locked down workstations/GPOs, and Host-Based IDS/IPS. Finally, the course covers gaining control of Active Directory.
This course can be taken at the following locations/events:
- Academy of Computer Education in Greenbelt, MD (5-Day Course) http://www.trainace.com/courses/apt/
- TechnoSecurity Conference in Myrtle Beach, SC June 9 – 10, 2010 (2-Day Workshop) http://www.learnsecurityonline.com/offerings/courses/223-apt-workshop-techno-security-2010
- Black Hat Security Conference Las Vegas, NV July 26-27 (2-Day Workshop) http://www.blackhat.com/html/bh-us-10/training/bh-us-10-training_JM-PenHiSecEnviro.html
- BruCON Security Conference Brussels, Belgium 22-23 September (2-Day Workshop) http://2010.brucon.org/index.php/Training#Training_.231:_Pentesting_High_Security_Environments