Event Details

Instructor-Led Courses (online, in-person)

Loading Events

« All Events

Mobile Security Toolkit – Ethical Hacking Workshop – Dallas, TX

October 29 @ 8:00 am - October 30 @ 5:00 pm CDT

To register for this event, click Buy Now,
if you are interested but still have questions, click Contact Us.

Days – 2

Who Should Attend?

IT Admins who are interested in cybersecurity, Ethical Hackers, Pen Testers

What is the Mobile Security Tool Kit?

EC-Council’s Mobile Security Toolkit (Better known as the STORM!) is a fully-loaded pen-test platform which comes equipped with a customized distro of Kali loaded onto a portable Raspberry Pi-based touchscreen device.

EC-Council rolled out the STORM as a mobile tool to enhance our certification course offerings by giving online asynchronous students a mobile training option. In this option, the video lectures are loaded directly onto the STORM.

INCLUDES:

  • keyboard
  • carry case
  • STORM T-shirt
  • STORM Sticker
  • Access to the STORM Resource Center (Video Demos, Support, ISO Image Download)

What is the Mobile Security Tool Kit Workshop?

The course content was derived by pulling carefully selected modules from EC-Council’s Certified Network Defender (CND) and Certified Ethical Hacker (CEH) certification courses.

Course includes:

  • e-Book
  • Certificate of Attendance (.pdf)
  • STORM device
  • keyboard
  • carry case
  • STORM T-shirt
  • STORM Sticker

What Students should bring:

  • Laptop (Micro SD card Reader a plus)
  • Enthusiasm for Learning knowledge of Linux a major plus!

Storm in the Classroom:

Mobile Security Toolkit Workshop at INNOTECH Conference Dallas, TX

Mobile Security Toolkit Workshop in Huntsville, AL

Here is what some of our STORM class students had to say:

“I really enjoyed the class, thanks for working with the chapter to get this delivered to the group. Hope we can do something similar next year.” – Anne-Marie Colombo, SAP

“It was a smashing success. In January we should have you talk to the ISSA Board and see how we do more.” – Justin Orcutt, NCC Group

“Everyone enjoyed what EC-Council brought to BSides Huntsville! The STORM Device is so cool and we have attracted a new audience because of EC-Council” – Cary Pool, NAISSA President

“I’ve taken all of EC-Council Courses at TakeDownCon. This was a nice addition to BSides and it was great to sit in a new EC-Council Class and learn a new device!” – Chad Holton, State of AL Alcoholic Beverage Control Board

“It was my first time working with EC-Council and It was great to bring a workshop from such a reputable certification body, this added tremendous value to BSides Tampa and I look forward to working with you all again in 2019!”- Derek Thomas, BSides Tampa Organizer

“The HACKNYC 2018 event has truly changed my Information Security outlook and has greatly improved my overall skills in every aspect. Connecting with Elite Cyber Security Professionals in the private sector and federal government to the 2-day “all-out” Mobile Security Hacking with the Storm Tool in conjunction with the iLabs, and Kevin Cardwell (my trainer) made this a true exceptional Cyber Security training and experience.

The Mobile Security tool kit with Storm 2-day boot camp allows each trainee to focus their attack vectors in hacking web applications, servers, cloud, and use virtualization as your very own cyber range (off-line) and connect your Storm device to it and do pen-testing or allow you to use it as another live node. The instructor was very confident and capable as he thought a wide range of students with various information security experiences and I must say I learned so much. His patience and due-diligence, integrity, dedication, and excitement. While not surprising, EC-Council has provided me a very strong platform to prove my Information Security skills and enhance my overall knowledge.

I’m particularly impressed with how the modules in iLabs taught you how to use the latest cyber-attacks without compromising real networks. You get confidence in the tools, and virtualization is secured and more than ready to take anything you throw at it. The conference (HACKNYC 2018) and Mobile Security Tool Kit hacking with Storm has prepared made me a better-rounded cybersecurity professional. C|EH has taught me about vulnerability testing in a real-world environment, E|CSA is teaching me pen-testing, and Mobile Security with Storm has taught me virtualization, pen-testing capabilities, and the possibilities with this tool are truly amazing.” – Isaac Feliciano, New York Air National Guard

“Just wanted to say thanks to both you and Kevin for providing a quality experience for myself and my fellow learners! It was great to be able to take a day to develop my ethical hacking skills, and be able to head out with tools in hand for further practice for the CEH exam. That said, I can’t wait for the upcoming training sessions. In the meantime, I’ll be studying and sharing the word about EC-Council to my colleagues!”– Jason Scoon, DevOps Engineer at NYU Langone Health

 Day One Course:

In this course you will learn the procedures to use a virtual bridge and connect to a physical network. How to run virtual software and bridge it to your Storm device as well as how to isolate the Storm with the bridge. Con gure secure remote access, and connect from the Internet Do your assessments from your backyard with no airport security checks! Following this you will learn network monitoring, and protocol analysis. Performing the hacking and penetration testing methodology and using the device as your attack platform.


Module 01

Module 01: Technical Introduction to the Storm

  • Hardware Assembly and Chipsets
  • Imaging Techniques
  • Linux ARM Distro options
  • Management of Modules and Meta Packages
  • Industry tips and best practices
  • LAB: Backing up and restoring the Storm image



Module 02

Module 02: Network Traffic Monitoring and Analysis

  • Network Traffic Monitoring and Analysis(Introduction)
  • Advantages of Network Traffic Monitoring and Analysis
  • Network Monitoring and Analysis: Techniques
  • SNMP Monitoring
  • Network Traffic Signatures (normal and attack)
  • Categories of Suspicious Traffic Signatures
  • Attack Signature Analysis Techniques
  • LAB: Using the Storm device for network traffic monitoring and analysis



Module 03

Module 03 Hacking Concepts, Types, and Phases

  • What is Hacking
  • Who is a hacker?
  • Hacker Classes
  • Hacking Phases
  • Ethical Hacking Concepts and Scope
  • Skills of an Ethical Hacker
  • The Hacking Methodology
  • Footprinting
  • Scanning
  • Enumeration
  • Identify Vulnerabilities
  • Exploitation
  • LAB: Using the Storm Device to perform the hacking methodology and penetration testing



Module 04

Module 04: Exploring the Hacking Methodology

  • Footprinting Concepts
  • What is Footprinting
  • Objectives of Footprinting
  • Footprinting methods
  • Overview of Scanning
  • Abstract Scanning Methodology
  • Live Systems
  • Ports
  • Services
  • Enumeration
  • Identify Vulnerabilities
  • Exploit
  • Introduction to System Hacking
  • Cracking passwords
  • Privilege escalation
  • Rootkits
  • LAB: Gaining and maintaining access using your Storm device



Day Two Course

In this course you will learn the procedures to use a virtual bridge and connect to a physical network. How to run virtual software and bridge it to your Storm device as well as how to isolate the Storm with the bridge. Configure secure remote access, and connect from the Internet and do your assessments from your backyard with no airport security checks! You will learn methods of protocol analysis to identify intrusions. How to identify weaknesses and vectors of attack for both wired and wireless networks using the device. The hacking and penetration testing methodology will be conducted using the device as the main attack platform to gain access to the network and machines that you have targeted. In the course you will perform against a set of targets using the device and knowledge learned from the course.


Module 01

Module 01: Technical Introduction to the Storm

  • Overview, benfits and integration
  • Hardware Assembly and Chipsets
  • Imaging Techniques
  • Linux ARM Distro options
  • Management of Modules and Meta Packages
  • Configuring and customizing your LCD
  • Launching Android and popular hacking tools
  • Industry tips and best practices



Module 02

Module 02: Network Traffic Monitoring and Analysis

  • Essential Terminologies
  • Threats
  • Vulnerabilities
  • Attacks
  • Network Security Concerns
  • Why Network Security Concern Arises?
  • Fundamental Network Security Threats
  • Types of Network Security Threats
  • Types of Network Security Attacks



Module 03

Module 03 Network Traffic Monitoring and Analysis

  • Network Traffic Monitoring and Analysis(Introduction)
  • Advantages of Network Tra c Monitoring and Analysis
  • Network Monitoring and Analysis: Techniques
  • SNMP Monitoring
  • Network Tra c Signatures (normal and attack)
  • Categories of Suspicious Tra c Signatures
  • Attack Signature Analysis Techniques
  • Using the Storm device for network tra c monitoring and analysis



Module 04

Module 04: Network Risk and Vulnerability Management

  • What is Risk?
  • Risk Levels
  • Risk Matrix
  • Risk Management Bene ts
  • Risk Management Phase
  • Risk Identi cation
  • Risk Assessment
  • Enterprise Network Risk Management
  • Vulnerability Management
  • Discovery
  • Advantages of Vulnerability Assessment
  • Requirements for E ective Network Vulnerability Assessment
  • Network Vulnerability Assessment Tools
  • Manual Vulnerability Assessment Techniques
  • Vulnerability Assessment using your Storm device



Module 05

Module 05: Hacking Concepts, Types, and Phases

    • What is Hacking
    • Who is a hacker?
    • Hacker Classes
    • Hacking Phases
    • Ethical Hacking Concepts and Scope
    • Skills of an Ethical Hacker
  • The Hacking Methodology
    • Footprinting
    • Scanning
    • Enumeration
    • Identify Vulnerabilities
    • Exploitation
  • Using the Storm Device to perform the hacking methodology and penetration testing



Module 06

Module 06: Exploring the Hacking Methodology

    • Footprinting Concepts
    • What is Footprinting
    • Objectives of Footprinting
    • Footprinting methods
    • Overview of Scanning
    • Abstract Scanning Methodology
      • Live Systems
      • Ports
      • Services
      • Enumeration
      • Identify Vulnerabilities
      • Exploit
    • Introduction to System Hacking
      • Cracking passwords
      • Privilege escalation
      • Rootkits
    • Gaining and maintaining access using your Storm device

 



Module 07

Module 07: Wireless Network Threats and Attacks

      • Wireless Network Threats
      • Wireless Hacking Methodology
      • Wireless Traffic Analysis
      • Launch Wireless Attacks
      • Crack Wi-Fi Encryption
      • Wireless Hacking Tools on the Storm Device
      • Introduction to Tactical Wireless Attack Capabilities of the Storm Device



Workshop in Huntsville, Alabama

Workshop in New York, New York

Workshop in Dallas, Texas

Tool kit Specs

  • 64 Bit – Quad Core Mobile System with Case
  • 1 GB RAM
  • 7 inch touch screen display
  • 64 GB MicroSD – Preloaded w/Custom Linux Hacking OS
  • 100Mb Ethernet port
  • 4 USB ports
  • 802.11n wireless
  • Bluetooth 4.1
  • Combined 3.5mm audio jack and composite video
  • Camera interface (CSI)
  • Display interface (DSI)
  • VideoCore IV 3D graphics core
  • Full HDMI
  • USB 2.0 A to B Micro Power Cable. [The Storm can be powered from a 5V micro-USB source, Power Supply not included with base package.]
  • Rollup water resistant keyboard
  • Field Case Organizer for all your gear

Introducing the STORM!

Case Study – STORM Workshop in New York

CyberServices NYC ethical penetration test against a client’s wifi network, of which was compromised by a blackhat cell operating in NYC.

My name is Mike.  I am the founder/president of CyberServices NYC. We are a small cyber security group operating in NYC.  My team consists of nine other employees, specializing in various areas of penetration testing, ethical hacking, risk assessment, cyber threat analysis and information warfare.

Our client base is mainly small to medium sized businesses, healthcare facilities and local and federal government requests (off-book engagements).  In May of this year, I was fortunate enough to attend HACKNYC and buy the EC-Council’s Mobile Security Tool Kit (Storm device.)  EC-Council also had a two-day workshop on using the Storm device.

The live penetration test:

I was contacted by the CEO of a medium sized business.  She was concerned about the WLAN part of her network, particularly the public facing WiFi access system.  She had been hacked, her network compromised through an attack vector involving this sub-system.

No surprise or fancy technical stuff here.  This was just a common, easy hack that a 12 year old could pull off.  The difference here is that when we saw the screen capture provided to us by their IT staff (using Snort), a team member saw a familiar “signature” in the traffic.  These hackers were after their PCI database. They didn’t get it. This was a group, a cell we’ve seen before.

After all the contract discussions with the CEO and the Head IT guy were agreed on, our “get out of jail card” and emergency contacts numbers exchanged, our pentest would begin on a Friday at 23:59 hrs, and end Monday at 06:00 hrs. We went to the local police precinct and informed the desk sergeant of
our intentions and contact numbers.

So, we used the Storm device for the entire test.  After some recon of the area and OSINT of the company, we had our network map of their wireless system.  We used Kismet for the usual wireless details.  Then it was on to the Aircrack-ng suite, (sudo airmong-ng start wlan).  You folks get the rest. we got output from airodump-ng.  Back to Kismet for comparison and targeting. So, we confirmed our target and it’s details.

Now, from our earlier recon, we discovered the make and model of their routers. (yes, there was a little social engineering after we sealed the deal with the client).  Google really is your best friend. So, is ToR. So, we downloaded the most commonly used passwords and defaults used by that manufacturer and CUPP since we did a behavioral profile on the Head IT guy.  Along with OSINT, we had a good idea of his general personality.  Our dictionary.txt was created.  Time to fire for effect.

“sudo mdk3 mon0 p -c 2 -t {MAC address here} -f {our dictionary.txt here}”

This was a hybrid brute force attack, obviously. Our profile help out.  The password was a mix of the IT guy’s personal  and family’s PII. The user ID was obvious. We entered the info on the SSO screen and that’s it.Thanks for playing, game over. Now, this was a very simple real life test.  No big deal.  The point here is we used the Storm device for every step of this hack. And, since our after action report given to the CEO was met with satisfaction (the head IT guy, not so much), we got our agreed upon bankers’ check.

Summary:

The Storm device performed admirably in the field. We had our usual laptop with us just in case but we didn’t use it. Now, since the Storm unit is Raspberry 3+ based it is slower than the regular hardware of the trade. It also runs hotter depending the length of use. We put small heat sinks on the two main processors. We also had the A/C on in our van.  In the theater of battle, the Storm did the job and did it well.

When you get one, do the usual mods on Kali. Clear out the # in sources.list (cd /etc/apt. then nano sources.list). Then run sudo apt-get update.  Set the correct time and date for your time stamp on screen shots. We used an Alpha AWUSO36NEH NIC card. Configure your Storm device for your external NIC.  (ifconfig, etc, etc). Make sure network settings and USB settings recognizes your card. Hack your own system for a test.

Get a wireless miniMouse. It’s easier to click on the tools in Kali on the Storm unit. Finally, we used a 2400 milliAmp rechargeable USB battery with a back-up for power.  We used only one for this pentest. They do last.

Remember, like a hand-held two way radio, the Storm unit is a field device.  If you expect HP laptop multi-core, hyper processor speed from this unit, then, well just go away and find another career.  Storm works. It works well.

So, get one. Pack the bag in comes in with your rubber duckies, LAN turtles, USB drives and other stuff you’ll use with it and make some money.

Interested but still have questions?

Details

Start:
October 29 @ 8:00 am
End:
October 30 @ 5:00 pm
Event Category:

Venue

Gaylord Texan Resort & Convention Center
1501 Gaylord Trail
Grapevine, TX 76051 United States
+ Google Map