Instructor-Led Courses (online, in-person)

Loading Events

« All Events

Mobile Security Toolkit – Ethical Hacking Workshop – CyberSecJobs – San Antonio, TX

February 13, 2019 @ 8:00 am - 4:00 pm CST

To register for this event, click Buy Now,
if you are interested but still have questions, click Contact Us.

Days – 1

Who Should Attend?

IT Admins who are interested in cybersecurity, Ethical Hackers, Pen Testers

What is the Mobile Security Tool Kit?

EC-Council’s Mobile Security Toolkit (Better known as the STORM!) is a fully-loaded pen-test platform which comes equipped with a customized distro of Kali loaded onto a portable Raspberry Pi-based touchscreen device.

EC-Council rolled out the STORM as a mobile tool to enhance our certification course offerings by giving online asynchronous students a mobile training option. In this option, the video lectures are loaded directly onto the STORM.

INCLUDES:

  • keyboard
  • carry case
  • STORM T-shirt
  • STORM Sticker
  • Access to the STORM Resource Center (Video Demos, Support, ISO Image Download)

What is the Mobile Security Tool Kit Workshop?

The course content was derived by pulling carefully selected modules from EC-Council’s Certified Network Defender (CND) and Certified Ethical Hacker (CEH) certification courses.

Course includes:

  • e-Book
  • Certificate of Attendance (.pdf)
  • STORM device
  • keyboard
  • carry case
  • STORM T-shirt
  • STORM Sticker

What Students should bring:

  • Laptop (Micro SD card Reader a plus)
  • Enthusiasm for Learning knowledge of Linux a major plus!

Storm in the Classroom

Resume Reviews (2pm to 6pm)

These are quick 5-minute sessions with Army veteran and author of the Six Second Resume, Bill Branstetter. Offered on a first-come, first-serve basis.

Tips for a Successful Job Fair

Be sure to register and upload your resume before the job fair. Recruiters receive a pre-registrant resume file before the job fair and may contact you to set up an interview. Don’t be discouraged if you don’t hear from an employer before the event, as not all employers will have time to review resumes beforehand.
A job fair is a networking event filled with hundreds of people with information about jobs. You’re here to network with job seekers as well as employers to move your job search forward by making connections and gathering information.

Get in the right frame of mind. If you ask recruiters about the importance of attitude in a job search on a scale of 1 to 10, most of them answer 11. We all get nervous, but focus on being upbeat and friendly when talking to recruiters and other job seekers.

Learn More https://cybersecjobs.com/job-fair/fair/75

Mobile Security Toolkit Workshop at INNOTECH Conference Dallas, TX

Mobile Security Toolkit Workshop in Huntsville, AL

Here is what some of our STORM class students had to say:

“I really enjoyed the class, thanks for working with the chapter to get this delivered to the group. Hope we can do something similar next year.” – Anne-Marie Colombo, SAP

“It was a smashing success. In January we should have you talk to the ISSA Board and see how we do more.” – Justin Orcutt, NCC Group

“Everyone enjoyed what EC-Council brought to BSides Huntsville! The STORM Device is so cool and we have attracted a new audience because of EC-Council” – Cary Pool, NAISSA President

“I’ve taken all of EC-Council Courses at TakeDownCon. This was a nice addition to BSides and it was great to sit in a new EC-Council Class and learn a new device!” – Chad Holton, State of AL Alcoholic Beverage Control Board

“It was my first time working with EC-Council and It was great to bring a workshop from such a reputable certification body, this added tremendous value to BSides Tampa and I look forward to working with you all again in 2019!”- Derek Thomas, BSides Tampa Organizer

“The HACKNYC 2018 event has truly changed my Information Security outlook and has greatly improved my overall skills in every aspect. Connecting with Elite Cyber Security Professionals in the private sector and federal government to the 2-day “all-out” Mobile Security Hacking with the Storm Tool in conjunction with the iLabs, and Kevin Cardwell (my trainer) made this a true exceptional Cyber Security training and experience.

The Mobile Security tool kit with Storm 2-day boot camp allows each trainee to focus their attack vectors in hacking web applications, servers, cloud, and use virtualization as your very own cyber range (off-line) and connect your Storm device to it and do pen-testing or allow you to use it as another live node. The instructor was very confident and capable as he thought a wide range of students with various information security experiences and I must say I learned so much. His patience and due-diligence, integrity, dedication, and excitement. While not surprising, EC-Council has provided me a very strong platform to prove my Information Security skills and enhance my overall knowledge.

I’m particularly impressed with how the modules in iLabs taught you how to use the latest cyber-attacks without compromising real networks. You get confidence in the tools, and virtualization is secured and more than ready to take anything you throw at it. The conference (HACKNYC 2018) and Mobile Security Tool Kit hacking with Storm has prepared made me a better-rounded cybersecurity professional. C|EH has taught me about vulnerability testing in a real-world environment, E|CSA is teaching me pen-testing, and Mobile Security with Storm has taught me virtualization, pen-testing capabilities, and the possibilities with this tool are truly amazing.” – Isaac Feliciano, New York Air National Guard

“Just wanted to say thanks to both you and Kevin for providing a quality experience for myself and my fellow learners! It was great to be able to take a day to develop my ethical hacking skills, and be able to head out with tools in hand for further practice for the CEH exam. That said, I can’t wait for the upcoming training sessions. In the meantime, I’ll be studying and sharing the word about EC-Council to my colleagues!”– Jason Scoon, DevOps Engineer at NYU Langone Health


CyberSecJobs.com is a veteran-owned career site and job fair company for professionals and students seeking careers in the cyber security community. Learn more www.cybersecjobs.com/job-fair for more information.

 Day One Course:

In this course you will learn the procedures to use a virtual bridge and connect to a physical network. How to run virtual software and bridge it to your Storm device as well as how to isolate the Storm with the bridge. Con gure secure remote access, and connect from the Internet Do your assessments from your backyard with no airport security checks! Following this you will learn network monitoring, and protocol analysis. Performing the hacking and penetration testing methodology and using the device as your attack platform.


Module 01

Module 01: Technical Introduction to the Storm

  • Hardware Assembly and Chipsets
  • Imaging Techniques
  • Linux ARM Distro options
  • Management of Modules and Meta Packages
  • Industry tips and best practices
  • LAB: Backing up and restoring the Storm image



Module 02

Module 02: Network Traffic Monitoring and Analysis

  • Network Traffic Monitoring and Analysis(Introduction)
  • Advantages of Network Traffic Monitoring and Analysis
  • Network Monitoring and Analysis: Techniques
  • SNMP Monitoring
  • Network Traffic Signatures (normal and attack)
  • Categories of Suspicious Traffic Signatures
  • Attack Signature Analysis Techniques
  • LAB: Using the Storm device for network traffic monitoring and analysis



Module 03

Module 03 Hacking Concepts, Types, and Phases

  • What is Hacking
  • Who is a hacker?
  • Hacker Classes
  • Hacking Phases
  • Ethical Hacking Concepts and Scope
  • Skills of an Ethical Hacker
  • The Hacking Methodology
  • Footprinting
  • Scanning
  • Enumeration
  • Identify Vulnerabilities
  • Exploitation
  • LAB: Using the Storm Device to perform the hacking methodology and penetration testing



Module 04

Module 04: Exploring the Hacking Methodology

  • Footprinting Concepts
  • What is Footprinting
  • Objectives of Footprinting
  • Footprinting methods
  • Overview of Scanning
  • Abstract Scanning Methodology
  • Live Systems
  • Ports
  • Services
  • Enumeration
  • Identify Vulnerabilities
  • Exploit
  • Introduction to System Hacking
  • Cracking passwords
  • Privilege escalation
  • Rootkits
  • LAB: Gaining and maintaining access using your Storm device



Workshop in Huntsville, Alabama

Workshop in New York, New York

Workshop in Dallas, Texas

Tool kit Specs

  • 64 Bit – Quad Core Mobile System with Case
  • 1 GB RAM
  • 7 inch touch screen display
  • 64 GB MicroSD – Preloaded w/Custom Linux Hacking OS
  • 100Mb Ethernet port
  • 4 USB ports
  • 802.11n wireless
  • Bluetooth 4.1
  • Combined 3.5mm audio jack and composite video
  • Camera interface (CSI)
  • Display interface (DSI)
  • VideoCore IV 3D graphics core
  • Full HDMI
  • USB 2.0 A to B Micro Power Cable. [The Storm can be powered from a 5V micro-USB source, Power Supply not included with base package.]
  • Rollup water resistant keyboard
  • Field Case Organizer for all your gear

Introducing the STORM!

Case Study – STORM Workshop in New York

CyberServices NYC ethical penetration test against a client’s wifi network, of which was compromised by a blackhat cell operating in NYC.

My name is Mike.  I am the founder/president of CyberServices NYC. We are a small cyber security group operating in NYC.  My team consists of nine other employees, specializing in various areas of penetration testing, ethical hacking, risk assessment, cyber threat analysis and information warfare.

Our client base is mainly small to medium sized businesses, healthcare facilities and local and federal government requests (off-book engagements).  In May of this year, I was fortunate enough to attend HACKNYC and buy the EC-Council’s Mobile Security Tool Kit (Storm device.)  EC-Council also had a two-day workshop on using the Storm device.

The live penetration test:

I was contacted by the CEO of a medium sized business.  She was concerned about the WLAN part of her network, particularly the public facing WiFi access system.  She had been hacked, her network compromised through an attack vector involving this sub-system.

No surprise or fancy technical stuff here.  This was just a common, easy hack that a 12 year old could pull off.  The difference here is that when we saw the screen capture provided to us by their IT staff (using Snort), a team member saw a familiar “signature” in the traffic.  These hackers were after their PCI database. They didn’t get it. This was a group, a cell we’ve seen before.

After all the contract discussions with the CEO and the Head IT guy were agreed on, our “get out of jail card” and emergency contacts numbers exchanged, our pentest would begin on a Friday at 23:59 hrs, and end Monday at 06:00 hrs. We went to the local police precinct and informed the desk sergeant of
our intentions and contact numbers.

So, we used the Storm device for the entire test.  After some recon of the area and OSINT of the company, we had our network map of their wireless system.  We used Kismet for the usual wireless details.  Then it was on to the Aircrack-ng suite, (sudo airmong-ng start wlan).  You folks get the rest. we got output from airodump-ng.  Back to Kismet for comparison and targeting. So, we confirmed our target and it’s details.

Now, from our earlier recon, we discovered the make and model of their routers. (yes, there was a little social engineering after we sealed the deal with the client).  Google really is your best friend. So, is ToR. So, we downloaded the most commonly used passwords and defaults used by that manufacturer and CUPP since we did a behavioral profile on the Head IT guy.  Along with OSINT, we had a good idea of his general personality.  Our dictionary.txt was created.  Time to fire for effect.

“sudo mdk3 mon0 p -c 2 -t {MAC address here} -f {our dictionary.txt here}”

This was a hybrid brute force attack, obviously. Our profile help out.  The password was a mix of the IT guy’s personal  and family’s PII. The user ID was obvious. We entered the info on the SSO screen and that’s it.Thanks for playing, game over. Now, this was a very simple real life test.  No big deal.  The point here is we used the Storm device for every step of this hack. And, since our after action report given to the CEO was met with satisfaction (the head IT guy, not so much), we got our agreed upon bankers’ check.

Summary:

The Storm device performed admirably in the field. We had our usual laptop with us just in case but we didn’t use it. Now, since the Storm unit is Raspberry 3+ based it is slower than the regular hardware of the trade. It also runs hotter depending the length of use. We put small heat sinks on the two main processors. We also had the A/C on in our van.  In the theater of battle, the Storm did the job and did it well.

When you get one, do the usual mods on Kali. Clear out the # in sources.list (cd /etc/apt. then nano sources.list). Then run sudo apt-get update.  Set the correct time and date for your time stamp on screen shots. We used an Alpha AWUSO36NEH NIC card. Configure your Storm device for your external NIC.  (ifconfig, etc, etc). Make sure network settings and USB settings recognizes your card. Hack your own system for a test.

Get a wireless miniMouse. It’s easier to click on the tools in Kali on the Storm unit. Finally, we used a 2400 milliAmp rechargeable USB battery with a back-up for power.  We used only one for this pentest. They do last.

Remember, like a hand-held two way radio, the Storm unit is a field device.  If you expect HP laptop multi-core, hyper processor speed from this unit, then, well just go away and find another career.  Storm works. It works well.

So, get one. Pack the bag in comes in with your rubber duckies, LAN turtles, USB drives and other stuff you’ll use with it and make some money.

Interested but still have questions?

Details

Date:
February 13, 2019
Time:
8:00 am - 4:00 pm
Event Categories:
,

Venue

Marriott Courtyard Westover Hills
11605 State Highway 151
San Antonio, TX 78251 United States
+ Google Map