Join us in Myrtle Beach, SC!

AoE will be sponsoring this year’s Mobile Forensics World and Techno Security Conference! Both events are taking place in Myrtle Beach, SC from
June 2 – June 5, 2013. Our resident SME on Digital Forensics, Courtney Lancaster, will be presenting a talk about the increasing role mobile forensics plays in litigation. We will also be showcasing our Wiretap, Wireless, Mobile Device Forensics, and Snort Fundamentals courses during the event.

This will be the 15th year for Techno Security and the 6th year for Mobile Forensics. Attendees have registered from 52 different countries over the years. Frequent attendees are some of the top practitioners in the world in the fields of Information Security, eDiscovery, Mobile Forensics, Mobile Forensics and Technical Business Continuity Planning. Last year, there were over 1,400 people registered by opening day.

Click Here to find out more information about these conferences.

March 11, 2013

TCS' Art of Exploitation Endorsed by E-C Council

ANNAPOLIS, Md., March 11, 2013 /PRNewswire/ -- TeleCommunication Systems, Inc. (TCS) (TSYS), a world leader in highly reliable and secure mobile communication technology, today announced the EC-Council (International Council of E-Commerce Consultants), the world's largest certification body for information security professionals, has endorsed its Cyber Intelligence Group as an EC-Council Elite Vendor and Endorsed Partner. With this endorsement, TCS' Art of Exploitation™ Bootcamp 2.0 course qualifies as official training for the EC-Council's Certified Ethical Hacking (C|EH) designation, which is listed on the U.S. Department of Defense's (DoD) directive 8570 mandate.

News Facts:

• Under the 8570 mandate, all personnel with "privileged access" to DoD systems must obtain an ANSI-approved commercial certification.
• DoD system integrators who provide support to the information assurance/ cyber security mission can now access TCS' comprehensive, mission-focused training.
• With more than 40 labs, Bootcamp Edition 2.0 is a hands-on course of study that focuses on technical and process skills which align to the knowledge areas contained in the C|EH Objectives. This provides an introduction to the tactics, techniques and methodology required for a network exploitation analyst or operator.
• In addition to the course, its modular design allows individual sections such as Basic O/S Review, Methodology and Vulnerability Identification, to be added, subtracted or taught separately, depending on the requirements of the audience.
• TCS is a participant in the Global CyberLympics, a not-for-profit initiative led and organized by the EC-Council Foundation and endorsed by the United Nation's International Telecommunications Union (ITU) to raise awareness towards increased education and ethics in information security.

Support Quotes:

• Drew Morin, senior vice president and chief technology officer, TCS, said: "The EC-Council is the leader in information security certification, and achieving their endorsement is a significant accomplishment, as fewer than five programs have achieved this level of recognition. Now, DoD cyber/information systems professionals can utilize Bootcamp Edition 2.0 to gain some of the most comprehensive, in-depth cyber security training available."
• Steve Graham, Sr. Director, EC-Council, said: "After undertaking a critical review of TCS' Art of Exploitation curriculum, we found it meets the objectives necessary to help students obtain our Certified Ethical Hacking Certification. TCS' hands-on approach to training and different perspective to the subject matter will add to the valuable education and training programs for our growing base of certified cybersecurity professionals. We congratulate TCS on becoming an EC Council Elite Vendor and Endorsed Partner."

TCS provides focused training in the fields of penetration testing, forensics-defend strategies and vulnerability analysis and ethical hacking, and brings together many of the brightest minds in security as a forum for research, collaboration and building next-generation technologies to protect critical networks. Students learn and experience computer network operations and forensics in a safe and reliable environment and have the opportunity to choose a field of study that will build on and advance the knowledge and skills needed to be successful in their chosen career paths.

About TeleCommunication Systems, Inc.
TeleCommunication Systems, Inc. (TCS) (TSYS) is a world leader in highly reliable and secure mobile communication technology. TCS infrastructure forms the foundation for market leading solutions in E9-1-1, text messaging, commercial location and deployable wireless communications. TCS is at the forefront of new mobile cloud computing services providing wireless applications for navigation, hyper-local search, asset tracking, social applications and telematics. Millions of consumers around the world use TCS wireless apps as a fundamental part of their daily lives. Government agencies utilize TCS' cyber security expertise, professional services, and highly secure deployable satellite solutions for mission-critical communications. Headquartered in Annapolis, MD, TCS maintains technical, service and sales offices around the world. To learn more about emerging and innovative wireless technologies, visit www.telecomsys.com.

About EC-Council
The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in cyber security and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world.

EC-Council has trained over 80,000 individuals and certified more than 40,000 members, through more than 450 training partners globally. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570, National Security Agency (NSA) and the Committee on National Security Systems (CNSS).

EC-Council also operates EC-Council University and the global series of Hacker Halted security conferences. The global organization is headquartered in Albuquerque, New Mexico. For more information about EC-Council, visit the website: www.eccouncil.org.

February 16, 2013

DoD Cyber Workers Undertrained; Fixes Coming

Defense News posted an article on February 16, 2013 discussing the Department of Defense’s concerns on the current level of knowledge and training its employees are receiving. The DoD wants practical application based training and that is what AoE is all about. All of our courses are hands-on training and are taught by Subject Matter Experts who have performed the mission. AoE courses are modular in design so that we can cater to the exact needs of any particular organization. Our BootCamp 2.0 Edition course alone boasts of over 40 practical labs and a final two day capstone that puts the student in the seat of an operator. We don’t just hand out college credits (we’re ACE accredited!), or certifications without being completely sure that the student is going to be able to perform what they have learned by attending an AoE course.

Click here to view the DefenseNews article.

February 15, 2013

American Council of Education CREDIT Recommendation for Eight Cybersecurity Courses

As of February 15, 2013, the American Council on Education College Credit Recommendation Service (ACE CREDIT®) has evaluated and recommended college credit for 8 of our 19 courses:

• Assembly Fundamentals – Five-day course; focus on assembly-level access to processors and storage
• Bootcamp Edition – Nine-day course; 40+ labs; basic tactics of penetration testing and exploitation
• Developers Edition I – Five-day course; technologies and techniques impacting Windows development
• Developers Edition III – Five-day course; analysis of software vulnerabilities
• Mobile Devices Forensics – Four-day course; forensic methodology of mobile technologies and operating systems
• Snort Fundamentals – Three-day course; focus on Snort intrusion and detection systems
• Wireless Edition – Five-day course; WiFi security analysis and penetration testing
• Wiretap Edition – Four-day course; network cyber analysis, regardless of data packet type

ACE CREDIT helps adults gain academic credit for courses and examinations taken outside traditional degree programs. More than 2,000 colleges and universities consider ACE CREDIT recommendations in determining the applicability to their course and degree programs. As a result of the recommendations for the AoE courses, students completing any of these could receive two to three semester hours of academic credit toward a degree.

ACE is the major coordinating body for the nation's higher education institutions and seeks to provide leadership and a unifying voice on key higher education issues and to influence public policy through advocacy, research, and program initiatives. For more than 30 years, colleges and universities have trusted ACE CREDIT to provide reliable course equivalency information to facilitate their decisions to award academic credit. For more information, visit the ACE CREDIT website at www.acenet.edu/credit

February 15 – 17, 2013

ShmooCon IX

AoE is pleased to announce our platinum sponsorship of ShmooCon 2013, and to commemorate our growth we are doubling last year's prizes!

This year we will be holding two separate raffles. The first will give you a chance to win one of two Tablet Pen-testing Suites, both loaded with BackTrack and equipped with an Ubertooth. The second raffle will allow you an opportunity to win one of two seats to our Snort Fundamentals being taught on Feb. 19-21 in Hanover, MD (45 minutes outside of DC).

Attendees will have a chance to win in both raffles!

February, 2013

One shirt at a time

Since 2012 Nathan Magniez has been doing his part to eliminate hunger in the world. So far, he has sold shirts at BlackHat, DEF CON, DerbyCon and ShmooCon to raise money for Hackers for Charity's Food for Work Program. The program was originally started by Johnny Long and funded through the sale of his "No Tech Hacking" book, however the program was put on hold due to lack of funds.

The sale of Hack Hunger shirts provide roughly a $15 donation margin and can fund two parts of the Food for Work program:

• The first part costs roughly $12 and provides a family of four with food for a month as well as a small "kitchen garden", which is essentially a 50lb recycled sack that is filled with soil and can grow vegetables out of it.
• The second part of the program costs roughly $3 and provides farming supplies, such as seeds and fertilizer, to families. How does it all work? This is a "food for work" program whereby able-bodied participants be given plots of land and all the materials and skills needed to plant, maintain and harvest a large personal farm. A portion of the harvest is given to Action for Empowerment (AOET) Kenya for distribution in the community as well as to “buy” another season to work the farm. The bulk of the harvest goes to the farmer, most of who have graduated from the food distribution program and are now doing well enough to work and sustain themselves. The farmer's portion provides enough food to feed their family as well as sell on local markets to provide revenue.

As Nathan said, “I want to affect change in this world. I will no longer hope or wish someone else will be doing something. My goal is to enable others to help eliminate hunger in the world."

To read more about Nathan’s endeavors check out www.gofundme.com/HackHunger, www.hackhunger.com or checkout a portion of Johnny Long's talk at Derbycon 2012 below.

October 19 – 21, 2012

CMAP Baltimore Give Camp

On October 19 – 21 UMBC hosted the second annual Baltimore Give Camp. AoE instructor Aaron Soto along with about 175 other local software developers gathered to donate their time building software and websites for local non-profit organizations. Approximately 25 non-profit organizations requested support and were sent home with solutions like Wordpress blogs, Android applications, and .NET-based websites.

As we’ve learned from previous camps, time is crucial. Developers need to have resources immediately available, so that the majority of their time is spent coding – not troubleshooting. AoE provided gigabit networking infrastructure, virtualized Windows and Linux servers, and pre-imaged laptops for developers who did not have one available. Several teams noted that having on-site development environments made their time more productive.

Once infrastructure was humming along, Aaron was a part of the Pet On Wheels team, a team he’d had the pleasure of working with in previous camps. Pets On Wheels works with local pet owners to bring their pets into hospitals, assisted living facilities, and homeless programs. During the Southern Maryland Givecamp (also supported by AoE), the team was able to send them home with an Android app their volunteers could use to track their visits, hours, and interactions with residents. Due to a backend restructuring and some lost code, the application needed a fair bit of updating. They were also able to add new automation to their volunteer management system.

Aaron and his team worked tirelessly on a long list of requirements to give Pets On Wheels the highest return for their time. The developer community was estimated to have provided over $300,000 worth of development services in just one weekend, bringing praise, applause and a few tears from non-profit representatives during Sunday’s closing ceremonies.

AoE Sponsors DerbyCon

This was Art of Exploitation’s first year attending DerbyCon in Louisville, Kentucky. There were roughly between 1,500-1,700 people in attendance. AoE instructor Nathan Magniez gave a talk on Sunday afternoon on Redirection to bypass firewall, ACLs and/or to remain anonymous. His slides are currently available here: http://www.hackhunger.com/2012/10/derbycon-slides-alice-in-redirection.html. The audience responded very well to Nathan’s topic of discussion, and one person in the audience walked away with their very own AoE Louisville slugger. The rest of the con was a blast for all of the hackers out there and there were some amazing talks that our instructors truly benefited from.

Nathan is heavily involved in the organization Hackers for Charity (HFC) where his shirt was on display and for sale. DerbyCon rose over $33,000 for HFC! Renowned security expert Johnny Long gave a talk at 9am Saturday morning which was about the evolution of HFC. He talked about the past, present and future endeavors which included my efforts to revitalize the Food For Work program which had lost monetary support. In this video snippet he talks about the Hack Hunger and the specific details of what these shirts can do for people. 1 Hack Hunger shirt = 1 month of food, (literal) seed money for farm supplies and small portable kitchen gardens which can help those with literally nothing. The shirt also supplies those that have farm land with farm tools to plant crops which then can be harvested and 50% of the crops go back into funding the project. These shirts are literally providing "seed" money to help people become self-sufficient. It is truly amazing what $20 and some hackers can do for the world! Here is the 3 minute snippet: http://www.hackhunger.com/2012/10/HackHungerOfficiallyFundsHackersForCharity.html

Black Hat / DEFCON 2012

Art of Exploitation was proud to sponsor Black Hat 2012 in Las Vegas, Nevada. This year our instructors were able to attend the conference, host a booth, and promote the latest course offerings. The instructors attended talks on the new Microsoft Windows 8 operating system, Near Field Communications (NFC) and Ruby workshops. The event allowed us to stay in touch with our partners throughout the commercial and government sectors, as well as the opportunity to attend DEFCON 20. We cannot wait to go back in 2013!

August 23, 2012

Cyber Auto Challenge

During the week of August 13th - 17th, Mr. Aaron Soto and Mrs. Courtney Lancaster were invited to join Battelle for their week long Cyber Auto Challenge. Among the attendees were 24 high school students, a number of college students, as well as cyber security specialist and vehicle manufacturers. The goal of the Cyber Auto Challenge was to not only educate students and professionals but to inspire them to think innovatively about the engineering of the vehicles and how it related to cyber security.

Mr. Soto provided his expertise in electronics by providing a comprehensive lecture and subsequently issuing an interesting yet fun challenge. The challenge for the students was to solder and create their very own oscilloscope. This proved to be a big hit with the students as well as the professionals. Mrs. Lancaster took an investigative forensic approach with regards to retrieving user data from vehicles. Like Mr. Soto, Mrs. Lancaster too provided a comprehensive lecture and followed up with having the students utilize various forensic tools to recover user data from multiple sources.