Free Ethical Hacking Course – What Happened

On Thursday August 4th And Tuesday the 9th, 2011 I gave the Free Hands-On Ethical Hacking Course at Mkit Argentina offices.

The course was posted on several important Computer Security portals in the Spanish-Speaking communities such as Segu-Info and DragonJAR, and it was also posted on Taringa, achieving a massive broadcast.

Thanks to that, I can happily say that we reached

1700 Registrations!!!

A true record, of which we couldn't be more proud.

People from all these countries assisted the course:

• Argentina
• Brazil
• Chile
• Uruguay
• Paraguay
• Bolivia
• Peru
• Colombia
• Venezuela
• Ecuador
• Panama
• Costa Rica
• Puerto Rico
• Nicaragua
• Honduras
• El Salvador
• Cuba
• Dominican Republic
• Mexico
• USA
• Italy
• Spain
• Portugal

From the Onsite assistants, we can underline the presence of Daniel Monastersky, attorney at law specialized in Computer Crimes and CEO of Identidadrobada, the leading community in Argentina and Latin America over issues related to Digital Identity theft.

The course lasted for 8 hours, since on the last day we extended the class 1 hour. Not only people didn't complaint, but they asked for more contents!!

During the course we covered these subjects:

• Active and Passive Reconnaissance: We showed the techniques, methods and tools needed to be able to find more information over the Internet about our target, than we could normally found.
• Vulnerability Analysis: After establishing the inclusion and coverage parameters, we conducted a vulnerability analysis about our target system, discovering the different possible exploiting and remote acces points
• Phishing: We analyzed the different possibilities to conduct this social engineering attack, finishing the lab with the creation of a 100% functional forged website in a matter of minutes.
• Man In The Middle: We explored in detail this wonderful information theft technique and were able to extract credentials from a completely unnoticed user, without raising suspicion or alert
• Exploiting: By using the perfect tools for the job, we were able to exploit system vulnerabilities on a target system, achieving remote access to it and arbitrarily manipulating it's executions
• SQL Injection and XSS: With only the help of a Web Browser we were able to manipulate the orders that a Web application sends to a Database, managing to extract critical access information and opening access tunnels that allowed us to include information into the host Web Server, finishing the attack with a Full Defacement

The course was fantastic, assistants from all over the world were very happy and the concepts delivered arrived to the audience with an excellent level of acceptance.

And of course, it was quite fun!!

Without doubts it was an excellent event, and we will soon do it again.

Here are some pictures of the event:

See you at the next one!!

Bye!