Training

This section of the web site provides security training resources for infosec professionals based in or around the Northern Virginia (NoVA), DC, and MD areas. If there are any mistakes or information we should add, please let us know through our Contact Us form. For recent posts regarding this information, see the Recent Posts area below. Look for a complete list of all related posts on the Training category page.

Northern Virginia Infosec Training

Hacking Challenges

A key part of being a good infosec profession is understanding what attackers are currently doing. Therefore, we have created this hacking challenges/practice section to collect some of local reputable offerings.

  • ShmooCon Contests: As part of the annual ShmooCon conference in Washington, DC, the organizers usually sponsor a Hack-or-Halo challenge. The Hack part of the contest involves a number of puzzles and challenges. If you can’t make it to the conference, the puzzles are usually available online afterwords. Have a look through our postings below for announcements of their availability. For more information on ShmooCon, see its description on our Infosec Conferences page.

Courses/Training at Conferences

  • SANS Training: SANS provides intensive, immersion training designed to help you and your staff master the practical steps necessary for defending systems and networks against the most dangerous threats – the ones being actively exploited. The courses are full of important and immediately useful techniques that you can put to work as soon as you return to your offices. They were developed through a consensus process involving hundreds of administrators, security managers, and information security professionals, and address both security fundamentals and awareness, and the in-depth technical aspects of the most crucial areas of IT security. SANS training can be taken in a classroom setting from SANS-certified instructors, self-paced over the Internet, or in mentored settings in cities around the world. Each year, SANS programs educate more than 12,000 people in the US and internationally. Several times a year SANS offers live instruction in the metropolitan DC area. Classes range from a few days up to an entire week. Additionally, many certified local SANS instructors offer similar training in a once-a-week fashion versus a week long session. Each of their training sessions can lead to certification. Two of SANS’s larger events, SANSFIRE (July) and SANS Cyber Defense Initiative December, typically occur in Washington, DC. Additionally, courses are usually offered in various locations such as Tyson’s Corner and Reston. For more information on SANS, see its description on our Infosec Organizations page.
  • OWASP AppSec Training: As part of their AppSec conferences OWASP typically offers 1 and 2 day courses related to web application security. For more information on OWASP, see its description on our Infosec Organizations page. For more information on the OWASP AppSec conferences, see its description on our Infosec Conferences page.
  • BlackHat DC: Although their briefings get all the press, BlackHat also offers top training from various security vendors. Their DC conference is no exception.
  • Offensive Security Training: Periodically Offensive Security offers courses in and around NoVA tailored for System Administrators and Security Professionals who want to learn how to get the most out of the popular BackTrack CD. Their two flagship online courses are “Offensive Security 101” and “BackTrack to the Max”. For more information on Offensive Security, see its description on our Infosec Organizations page.
  • Foundstone: Part of Foundstone’s offerings includes security training. Periodically, they give training throughout the NoVA area. For more information on Foundstone, see its description on our Infosec Organizations page.

Formal Education

Many local universities offer bachelor and graduate level specializations in infosec. Here is a list of local universities along with links to their related programs:

  • George Washington University*: This university offers numerous Bachelor and Graduate level infosec courses as summarized on their main infosec page. If you don’t want to get a formal degree they also offer Graduate Certificates. For example, the Computer Security and Information Assurance one provides a coordinated four-course sequence in computer security and information assurance that emphasizes concepts in Computer Security augmented with current industry standard techniques and challenges. This certificate is even offered as part of an Accelerated Program at the GWU Virginia Campus.
  • George Mason University*: TBD
  • Virginia Tech (Fall Church campus)*: TBD
  • Georgetown: Although not on NSA’s list this university offers numerous programs in information security – TBD.

Around DC many universities are certified as Center of Academic Excellence in Information Assurance as part of a program with the NSA. Through this program they offer a certificate. Typically, the student takes four to five graduate level courses in a range of infosec topics. The universities marked with a star (*) indicate they are part of this program.

Other Security Training

Since training can be done locally as well as from afar now a days, here is a list of virtual offerings.

OSes

  • DE-ICE.net Penetration Test LiveCDs: This site is the open source project center for the Penetration Test LiveCD project supported by the commercial training offerings at Heorot. The PenTest LiveCDs provide those interested in learning how to PenTest the opportunity to practice and learn against servers in a real-world scenario. Essentially the LiveCDs are “targets” that provide you with pen test challenges. This project has been presented at security conferences across the US, and is detailed in the new book: “Penetration Tester’s Open Source Toolkit, Vol. 2,” (Chapter 9) released by Syngress Publishing in October, 2007. In addition, it can be found referenced in “Metasploit Toolkit for Penetration Testing, Exploit Development, and Vulnerability Research” (Appendix B) published by Syngress in September, 2007. For more information on Heorot, see its description on our Infosec Organizations page.
  • Damn Vulnerable Linux: Damn Vulnerable Linux (DVL) is a Linux-based tool for IT-Security initiated for training tasks during university lessons by the IITAC (International Institute for Training, Assessment, and Certification) and S2e – Secure Software Engineering in cooperation with the French Reverse Engineering Team. DVL is a Linux distribution made to be as insecure as possible and contains a collection of IT-Security tools. Additionally it includes a full-scaled lesson based environment for attack & defense on/for IT systems for self-study or teaching activities during university lectures. It comes as a Live Linux Distro, which means it runs from a bootable CD in memory without changing the native operating system of the host computer. It can also be run within virtual machine environments, such as qemu or vmware. Its sole purpose in life is to put as many security tools at your disposal with as many training options as it can. DVL is highly integrated into the community project crackmes.de and is frequently updated with new community provided lessons. New lessons can be obtained from or submitted to the DVL site. The distribution is ideal for both novices and professionals but a basic knowledge of Linux is needed.

Web Applications

  • Foundstone: For more information on Foundstone, see its descriptionon our Infosec Organizations page.
    • Hacme Bank: Hacme Bank is designed to teach application developers, programmers, architects and security professionals how to create secure software. Hacme Bank simulates a “real-world” web services-enabled online banking application, which was built with a number of known and common vulnerabilities. This allows users to attempt real exploits against a web application and thus learn the specifics of the issue and how best to fix it. The web services exposed by Hacme Bank are used by our other testing applications including Hacme Books and Hacme Travel.
    • Hacme Travel: Foundstone Hacme Travel is designed to teach application developers, programmers, architects, and security professionals how to create secure software. Hacme Travel simulates a real-world travel reservation system, which was built with a number of known and common vulnerabilities such as SQL injection and buffer overflows. This allows users to attempt real exploits against a client-server type of application written in C++.
    • Hacme Shipping: Foundstone Hacme Shipping is a web-based shipping application developed by Foundstone to demonstrate common web application hacking techniques such as SQL Injection, Cross Site Scripting and Escalation of Privileges as well as Authentication and Authorization flaws and how they are manifested in the code. Written in ColdFusion MX 7 using the Model-Glue framework and a MySQL database, the application emulates the on-line services provided by major shipping companies.
    • Hacme Casino: Foundstone Hacme Casino is a learning platform for secure software development and is targeted at software developers, application penetration testers, software architects, and anyone with an interest in application security. This extensible online casino platform is written using Ruby on Rails and demonstrates the security problems that can potentially arise in these applications.
    • Hacme Books: Foundstone Hacme Books is a learning platform for secure software development and is targeted at software developers, application penetration testers, software architects, and anyone with an interest in application security. As a full-featured J2EE application, Hacme Books is representative of real-world J2EE scenarios and demonstrates the security problems that can potentially arise in these applications.
  • Damn Vulnerabile Web App: Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment.
  • Mutillidae: A deliberately vulnerable set of PHP scripts that implement the OWASP Top 10.
  • OWASP’s WebGoat: WebGoat is a deliberately insecure J2EE web application maintained by OWASP designed to teach web application security lessons. For more information on OWASP, see its description on our Infosec Organizations page.
  • Web Security Dojo: From Maven Security, This is a free open-source Virtual Box self-contained training environment for web application security penetration testing. It contains both the necessary tools and targets. It basically contains various web application security testing tools and vulnerable web applications that were added to a clean install of Ubuntu v9.10.
  • Moth: Moth is a VMware image with a set of vulnerable Web Applications and scripts, that you may use for: Testing Web Application Security Scanners, Testing Static Code Analysis tools (SCA), and Giving an introductory course to Web Application Security.
  • OWASP Broken Web Applications Project: Well you could either install and configure all the applications above or just load up this VM which not only offers many of the apps above but also versions of others (e.g., WordPress) that have vulnerabilities. This is an effort to provide a wealth of applications with known vulnerabilities for those interested in: learning about web application security, testing manual assessment techniques, testing automated tools, testing source code analysis tools, observing web attacks, and testing WAFs and similar code technologies. All the while saving people interested in doing either learning or testing the pain of having to compile, configure, and catalog all of the things normally involved in doing this process from scratch.

Irongeek also maintains a similar list of resources in his article – Deliberately Insecure Web Applications For Learning Web App Security.

Online Web Applications

  • TestFire: This is the Altora Mutual online bank that is open for people to play with.
  • Hack This Site: Hack This Site is a free, safe and legal training ground for hackers to test and expand their hacking skills. More than just another hacker wargames site, they are a living, breathing community with many active projects in development, with a vast selection of hacking articles and a huge forum where users can discuss hacking, network security, and just about everything.

Challenges

  • SpotTheVuln: This site was designed to give developers more insight into designing code with security in mind. Every Monday at 8:00am PST a new vulnerable code snippet will be posted. Over the week feel free to leave your thoughts and comments on what you think is wrong with the code snippet and why. You can be as thorough or as simplistic as you would like. If you feel like it, go ahead and post what the fix should be. On Friday at 8:00am PST, the fix will be posted along with a description of how it was fixed.
  • Applied Security: At the past two ShmooCons they’ve provided some very interesting challenges; just wish I could find them. For more information on Applied Security, see its description on our Infosec Organizations page.
  • Learn Security Online: As part of their comprehensive training offerings, LSO offers loads of free and subscription based games and challenges for you to sharpen your skills on. For more information on Learn Security Online, see its description on our Infosec Organizations page.
  • Ed Skoudis’s Monthly Challenges on The Ethical Hacker Network: Test your hacking skillz with these challenges created and managed by Intelguardians. Every other month, your host, Ed Skoudis of Counter Hack Reloaded fame, will bring you entertaining scenarios with just enough evidence to get you going. The rest is up to you.
  • SploitCast: They had some challenges at the most recent ShmooCon so there may be more.
  • Games: TBD (got any good ideas, please contact us)
  • For individual offerings as well as challenges from other providers, have a look through our postings for announcements of their availability.

Courses/Training at Conferences

  • SANS Training: Beyond the local offers mentioned above, SANS offers various geographic and virtual training. For more information on SANS, see its description on our Infosec Organizations page.
  • Offensive Security Training: Beyond the local offers mentioned above, Offensive Security offers various geographic and virtual courses as well. For more information on Offensive Security, see its description on our Infosec Organizations page.
  • Infosec Institute: This organization provides training in various security and related areas including information security and assurance, virtualization, and OS administration. Some of their most popular courses include prep for certifications (e.g., CISSP, CEH, and Security+) as well as several standalone courses (e.g., forensics, data recovery, reverse engineering and SCADA security). Infosec Institute offers both online and offline training formats to accomodate students.
  • Heorot Pen Test Training: Heorot offers commercial training based on their DE-ICE.net Penetration Test LiveCDs. They offer a comprehensive training roadmap that starts with beginner skills (i.e., a fundamentals course – PenTesting Fundamentals Course, two live CD challenges, and several videos) and continues on with intermediate skills (two live CD challenges, an intermediate course – Intermediate PenTesting Course, a harder live CD challenge, and several videos). For the advanced student Heorot offers various week-long regional (primarily in Colorado) training opportunities that focus on pen testing enterprise networks. Courses currently include Firewall and IDS Evasion and Exploitation, Wired and Wireless Network Assessments and Attacks, Advanced Web Hacking Techniques, and Database Testing and Exploitation. For more information on Heorot, see its description on our Infosec Organizations page.
  • BlackHat: Beyond their local offerings mentioned above, they offer similar training at all of their conferences.
  • CanSecWest: (training available? if you know, please contact us)
  • ChicagoCon: Throughout the conference The Digital Construction Company has organized training courses through top security vendors such as SANS. For more information on The Digital Construction Company, see its description on our Infosec Organizations page.
  • Foundstone: As with their local offerings, they provide training all over the world. For more information on Foundstone, see its description on our Infosec Organizations page.
  • Learn Security Online Courses: Learn Security Online offers a fairly comprehensive training regimen that includes tutorials, games and challenges, courses, and labs and competitions assembled in a very thought out learning model. You can start off with written articles and tutorials and then progress to computer simulators and interactive tutorials. Next you can continue on with online games and finally move to challenge servers. To support your progression Learn Security Online offers self-paced or instructor led courses as well as research/practice labs and competitions. As part of this regimen, they offer a variety of online short and long courses as well as mentor-led custom training. For more information on Learn Security Online, see its description on our Infosec Organizations page.
  • RSA Conference: (training available? if you know, please contact us)

Training Videos/Webinars

  • Learn Security Online Hack Videos: LSO also offers video demonstrations of using common attack tools as part of their comprehensive training offerings. For more information on Learn Security Online, see its description on our Infosec Organizations page.
  • SANS WebCasts: SANS WebCasts are live web broadcasts that allow you to hear a knowledgeable speaker while viewing presentation slides that you download in advance. Additionally, SANS offers Tool Talks that are special webcasts that offer an opportunity for you to hear from information security vendors. They also have a nice SANS Webcasts RSS feed for you to conveniently keep up to date with their upcoming webcasts. For more information on SANS, see its description on our Infosec Organizations page.
  • DE-ICE.net Video Clips: Supported by the commercial training offerings at Heorot, they also feature several security related training videos. For more information on Heorot, see its description on our Infosec Organizations page.
  • Offensive Security Videos: Offensive Security offers several videos featuring the BackTrack live CD. For more information on Offensive Security, see its description on our Infosec Organizations page.
  • For individual offerings as well as videos from other providers, have a look through our postings for announcements of their availability.

Formal Education

  • (still working on this, e.g., online infosec degrees) (got any good ideas, please contact us)

Recent Posts

[catlist=41]

For a complete list of all related posts see the Training category page.

Leave a Reply

Your email address will not be published. Required fields are marked *