Introduction to Nexpose, Nexpose Certified Administrator $2,000
Are you a security professional that doesn’t quite know where to begin getting an understanding of what kind of devices are in your environment, or how vulnerable some of them may be? Are you looking to deploy new vulnerability management software for your organization or just personal use? This two-day interactive class, led by a Rapid7 Security Consultant, will walk you through some basic to intermediate product features, best security practices, and techniques for vulnerability scanning various devices within a typical network environment.
Metasploit Pro Certified Specialist $2,000
Metasploit Pro isn’t just for expert penetration testers. This course will provide instructor-led training and labs on Metasploit Pro – from creating a project, to host discovery, service port and operating system identification, exploitation methods, evidence collection, and report creation. At its conclusion, attendees will get to apply their learnings in a simulated penetration testing scenario against a set of target hosts. Instructors will provide an introduction to Metasploit Pro, and will also teach real-world strategies and techniques for network scanning, maintaining access and privilege escalation, web application testing, social engineering, pivot attacks, and more.
Nexpose Advanced Certified Administrator $2,000
This course will cover advanced topics for extending and integrating the Nexpose Vulnerability Management System. Through a combination of lectures, demonstrations, and lab exercises, the instructors will share techniques for developing a better understanding of Nexpose data. Attendees will learn about interacting with the Nexpose API to perform routine tasks, the basics of Ruby scripting and how to leverage the Nexpose Gem, strategies for advanced troubleshooting, and general tips and tricks for optimizing the product.
Manipulating Human Nature $2,200
Manipulating Human Nature is a highly interactive course in which experienced penetration testers will share successful social engineering techniques, demonstrate how to conduct a social engineering attack as part of a penetration test, and discuss methods for developing an effective security awareness program. Topics covered include OSINT gathering; neuro-linguistic programming; pretexting; behavior analysis and body language queues; credential harvesting and exploitation via phishing; lockpicking, keyloggers, and RFID cloning; and security awareness program development.
Network Assault (NWA) $2,200
Network Assault is a course designed to teach attendees the skills for conducting a network penetration test, and will also cover the underlying methodology. The instructors will review penetration testing fundamentals – including pitfalls, methodologies, and toolkits – and will also cover topics such as reconnaissance and OSINT gathering; scanning and enumeration; information gathering; man-in-the-middle attacks; password cracking; buffer overflows; exploiting Windows and Linux environments; post Exploitation; and risk analysis and reporting.
Application Assault $2,200
Application Assault takes a deep dive into application penetration testing, covering everything from tools to fundamental concepts. Attendees will walk away with hands-on application penetration testing skills, as well as a firm understanding of the following: configuring and scanning applications with AppSpider; database exploitation; web protocols for hackers; cross-site scripting; SQL injection; clickjacking; insecure direct object reference; XML external entity attacks; cross-site request forgery; and risk analysis and reporting.
To support the theme of confidence in a chaotic world, sessions at UNITED 2015 provided actionable intelligence on security program strategy, threat exposure management, and incident detection and response. The event began with the ever popular Rapid7 Rapid Fire, with HD Moore, Josh Corman, Dave Kennedy, and Chris Wysopal. You can watch the debate on demand – along with several other sessions, including a keynote that features a Cyber Policy Advisor at the United States Secret Service.