References

The NATO C3 Agency Case

In October 2009, we delivered Penetration Testing course at NATO C3 Agency, The Hague, The Netherlands. We delivered them a very cool training so that they can learn as much as they can. It was a real pleasure to work together with highly educated and motivated NATO staff eager to learn!

 

Getting the NATO as a client happened in two steps. First we had one "Agent" from the NATO C3 Agency attending our regular Certified Ethical Hacker course to check our skills and training ability to decide whether or not we are good enough. (We were quite happy having a NATO employee in the classroom - we did not know we were under testing.)

Fortunately we proved to be good enough :)

They invited us to teach Penetration Testing to a whole group of IT Pros and programmers, 16 "students" altogether. The first day it turned out they already knew a lot. We were there with a 500 pages of training material with nothing new in it for them. We had to decide: go on with the material we have and let them fall asleep or go beyond. We choosed the hard way. We dug deep in the well known techniques in order to show them new things.

  • Simple buffer overflow? Forget it! What about format string exploits?
  • Simple SQL Injection attack? Go beyond! How to steal everybits from a database by using SQL error messages?
  • Click here-click there in Metasploit? Childish. Let's see how to integrate a new exploit into the framework! Ruby script ruleZ.
  • Well known exploits? Come on! Let's find a zero day in some service using Fuzzing!

To summarize: it was the most challenging but in the same time the funniest training we ever delivered. We did not sleep five days in a row. We wish so enthousiastic students to every trainers like NATO C3 Agency. Unforgettable experience!

NetAcademia Training Center 1075 Budapest (Hungary, Europe), Kazinczy utca 24-26. Tel: +36-1 696-0787 Fax: +36-1 700-2235 FMK registration number: 00114-2011