Some of these are upcoming some are already done, regardless, check them out.
1) Webcast: Modern Social Engineering – A Vital Component of Pen Testing (click to Register)
The world of Information Security is changing. Budgets are tighter, attacks are more sophisticated, and the corporate network is no longer the low hanging fruit. That leaves web-enabled applications as the vector-du-jour, but that well is quickly drying up for organized crime as well. As they creep up the OSI Model looking for easier ways to steal your corporate assets, they are quickly making their way up the stack to the unspoken 8th layer, the end user. So what is the next step in the never-ending escalation of this cyber war?
To find out, we must do as Sun Tzu taught. “Think like our enemy!” That is, after all, the primary tenet of penetration testing AKA ethical hacking, isn’t it? After years of hardening physical systems, networks, OSs, and applications, we have now come full circle to a new dawn of attack. People are now the target of the advanced hacker, and the cross-hairs are focused squarely on their foreheads… literally. It is only a matter of time before corporations feel the pain of wetware hacking requiring a new approach to testing and defense.
Join world-renowned social engineers, Chris Nickerson of TruTV’s Tiger Team and noted expert and international speaker, Mike Murray, as they prepare you for the future of pen testing. This webcast on Tuesday March 10, 2009 at 11:00 CST is your primer to the world of “Modern Social Engineering.”
2) Pillage the Village: sniffing for better Penetration Tests – Webcast
Pillage the Village: Pilfering & Plundering for better Penetration Tests
Featuring: Mike PoorIn this webcast we will discuss using sniffers and pilfering techniques during a penetration test to gain further access. Sure, sniffing passwords off the wire is good… but how about stealing the RSA seed file? Pulling SSL certs and passphrases. “Sniffing” memory? Join us for an hour of fun and games.
3) “Caught In the Web” Part 1 with Shon Harris, Wayne Burke and Benjamin Böck
I recently watched this, and i have to say, very good stuff. Shon Harris and Wayne Burke didnt do much for this one but the Webapp and SQL injection overviews were awesome. A must watch:
Core Security is pleased to invite you to a complimentary webcast, Part I of “Caught in the Web: Best Practices for Effective Web App Security Assessments,” hosted by Shon Harris of Logical Security, and Wayne Burke & Benjamin Böck of SecureIA.
The webcast series will draw from SecureIA’s upcoming “IA Web Penetration Testing 101” course and present tips for assessing your web infrastructure against the most prevalent online threats today. You’ll see best practices for identifying critical web application vulnerabilities, getting data for efficient risk mitigation, and understanding the business implications of technical exposures.
The Caught in the Web webcast series will cover topics including:
• Using practical threat analysis to identify where your organization is exposed
• Comparing web application penetration testing to “traditional” penetration testing
• In-depth assessment techniques including SQL injection, XSS, CSRF, etc.
• Replacing reactive blacklisting with a proactive approach for staying ahead of attackers
• Comparing manual penetration testing to automated tools
• Pitfalls to avoid when conducting web app security assessmentsYou’ll also learn how to connect technical issues identified during testing with underlying business risks – enabling you to effectively communicate and leverage the benefits of proactive, real-world security testing throughout your organization.
4) Virtual Roundtable with Ed Skoudis and Surprise Panel
Ever want to pull a chair up to the SANS lunch table? Here’s your chance to get some virtual face time with some of the “cool kids” from SANS as they discuss the latest topics on the information security threat horizon, including new attacks to look out for and what to do about them.
Please join SANS expert Ed Skoudis and a surprise panel for a virtual roundtable discussion of threats and attacks making the news and an overview of all the late-breaking security risks. You’ll also have the opportunity to ask questions and contribute your thoughts throughout the duration of the webcast.
5) Preview of Security 610 – Reverse-Engineering Malware: Malware Analysis Tools and Techniques
Lenny Zeltser’s popular malware analysis course has helped hundreds of IT administrators and malware analysts fight malicious code in their organizations. To introduce you to the key concepts from this course, and to showcase SANS’ interactive web-based courseware environment, we’ve set up this live event.
In this free 1-hour preview session, Lenny Zeltser will outline the process for reverse-engineering malicious software. He’ll cover both behavioral and code analysis phases, to make this topic accessible even to individuals with a limited exposure to programming concepts. You’ll learn the fundamentals and associated tools to get started with malware analysis.
6) Special Webcast: The Pen Testing Perfect Storm Part III: Network Reconstructive Surgery
Parts I and II can be referenced at the following links:
Part I – Combining Network, Web App and Wireless into the Ultimate Penetration Test
Part II – Anatomy of a Mutiny
Core Security and SANS are pleased to announce the complimentary webcast, “Network Brain Surgery,” Part III of the Pen Testing Perfect Storm webcast trilogy – featuring the return of SANS Pen Testing surgeons Kevin Johnson, Ed Skoudis and Joshua Wright.
The third and final installment of this popular webcast trilogy will focus on assessing the outside-in attack process, leveraging a seemingly innocuous website bug for full-scale control over the target network infrastructure. You’ll learn how to take advantage of powerful tools including Ratproxy, the soon-to-be-released Yokoso! project and a recent browser exploit, as well as how a pentester can manipulate the not-so-helpful features in enterprise wireless networking systems.
Combining concepts from web app, network, wireless and social-engineering attack techniques, this webcast will present practical tips for succeeding in a penetration test in ways that exceed that of independent analysis steps. In this finale webcast, you’ll also gain insight into predictions by the pentest luminary team on the future of combined penetration tests, including the concept of “no holes barred” pentesting and the effect it will have on the future of enterprise security.
7) Late Breaking Computer Attack Vectors Webcast – Sponsored by Core
Hosted by Paul Asadoorian
Join Paul as he takes a practical look at the most recently identified threats IT Security Professionals face on a daily basis. Rather than narrating a lifeless monologue on the most recent global data correlation, Paul takes an “everyman’s” approach to the Who, What, When, Where and Why of the most recent attack vectors.
Rather than asking Paul to do the impossible and tell us in advance what his topics will be – after all, how “Late Breaking” can that really be? Paul is modifying and editing his presentation up until a few moments prior to the webcast based on the most recently identified attack vectors.
Also
Check out Ed Skoudis’ new Cheatsheets over at inguardians
Windows commandline tools
Netcat Cheat Sheet
Useful Attack Tools, Metasploit commands, HPing, FGDump