Here at Hack All The Things, our development team has been working around the clock for more than 18 months to bring you the best professional training for zero-day exploit development and mitigation available on the market. We're proud to present Dr. Owen Redwood's completely revamped Offensive Computer Security Course, as well as our entirely new and innovative SQL injection workshop. In addition to the course and workshop, we've developed various tools, some of which are publicly available on github, with the remainder available privately for our pre-launch customers. For pricing or questions about these offers, you can reach out by emailing sales [at] hackallthethings.com or through Twitter or Reddit. Interested parties may also simply comment on this blog post, and we will respond via email without publishing your comment. For news and updates, follow our twitter and subscribe to /r/hackallthethings.
As we will be launching very soon, we've decided to offer pre-launch specials (including exclusive pre-launch discounts and add-ons) on two of our products: the interactive SQL injection workshop (available for pre-order), and Dr. Redwood's Offensive Computer Security 2.0 (available for immediate access). As well as receiving the normal pre-launch order bonuses, each course offers its own exclusive pre-launch benefits.
Pre-launch offers are subject to bulk and/or academic pricing with competitive discounts.
Offensive Computer Security 2.0's Pre-launch Sale Benefits
All pre-launch purchases of the OCS courseware exclusively include individualized instructor feedback and grading by Dr. Redwood, and access to the Hack All The Things academic "CTF Summer Sessions" workshop videos. These workshop videos are currently exclusively offered to university students (.edu) over the course of 2016, and are hosted live for the 3-time CCDC champions: HackUCF. The CTF Summer Session workshop videos start by covering the fundamental offensive cybersecurity topics, then dive in deep with hands-on walkthroughs on real CTF exploitation challenges. There are limited seats available for this pre-launch special due to the time intensiveness of individualized instruction and manual grading. Enroll now to secure your seat!
SQL Injection Workshop Pre-order Benefits
The SQL injection workshop pre-orders will provide exclusive pre-release access to our feature-rich SQL injection proof-of-concept script (video demo). When watching the video, keep a keen eye out for visibility notices, which it prints as it retrieves multiple bits per request from blind injections!
Pre-orders will also grant immediate access to our innovative SQL injection sandbox, which allows the user to choose from in-band, error-based, second-order, partial-blind, and full-blind vulnerability types. The vulnerability sandbox also provides an interface to configure the vulnerable input's data type, and multiple types of bareword and character filters (as well as the way these are filtered). It also contains a debug panel showing the user the application-generated SQL query and any SQL errors it may have caused.
All features of the proof-of-concept script are fully documented in the workshop, along with the basics of SQL and the anatomy of a SQL injection. Additionally, the workshop explains countermeasures to SQL injection and methods of circumventing several of them. The workshop also details the ways in which multi-byte characters can remove sanitizing from an input.
Offensive Computer Security 2.0
This course is for anyone who wants to become an incident responder, penetration tester, security professional, forensics professional, or vulnerability researcher. It includes ten assignments, two tests, and a final exam. Upon successful completion of the course, students will have found their own 0-day vulnerability and obtained a CVE for it. Books that will be used throughout the course are Hacking: The Art of Exploitation (2nd edition - Jon Erickson), and The Web Application Hacker's Handbook (2nd edition - Dafydd Stuttard).
Graduates will be able to identify, classify, exploit, and mitigate a variety of vulnerability types, including:
- Stack and heap buffer overflows
- Integer overflows/underflows
- Use-after-free vulnerabilities
- Format string vulnerabilities
- Pointer-based vulnerabilities
- SQLi vulnerabilities
- XSS vulnerabilities
- XSRF vulnerabilities
- Metacharacter injection vulnerabilities
- Network protocol vulnerabilities
Dr. Redwood's Offensive Computer Security course materials are currently being taught at multiple universities across the world. The courseware has been used by CTF clubs to improve the skills of their members, and professors have utilized the course as an additional elective towards information security degrees.
The Interactive SQL Injection Workshop
This workshop is for anyone who wants to become a better defender, incident responder, security professional or vulnerability researcher regardless of experience level. It also provides explanations of SQL injection techniques in MySQL, PostgreSQL, Microsoft SQL Server, and Oracle environments. Each segment provides interactive examples of the techniques provided in the workshop through the SQL injection sandbox. The student is provided with interactive CTF-style skill assessments and quizzes through the sandbox between sections. This ensures they are learning and retaining the material as they proceed through the various segments of the course.
This workshop fully explains the methods in which out-of-band vulnerabilities can allow the attacker to retrieve multiple bits per request, both with partial blind injections and fully blind (timing-based) injections.
The proof of concept video shows these techniques in action. Combined with the interactive sandbox and the proof of concept, this workshop takes education on SQL injection to the next level!