Blackhat Training Reviews

SaSkiller

So despite how many posts I see every few years about how corporate and not worth it blackhat is, they certainly get people in there for the training. The only issue is we don't seem to get much in the way of course reviews.

Now I see that most years we have a post about training and people say they are interested, but i've only seen one actual review on this forum

http://www.techexams.net/forums/security-certifications/80072-review-ultimate-hacking-black-hat-edition-foundstone.html

and just a few elsewhere that are... underwhelming just in the way they are written.

So I am begging the universe, (i.e. you guys and gals) please let us know if you have ever taken a blackhat conference training course and what you thought of it?

EDIT: For Posterity, i'll link the other two reviews I've found

https://boredwookie.net/blog/m/black-hat-adaptive-penetration-testing-course-review

https://www.ethicalhacker.net/features/root/course-review-dark-side-ops-custom-penetration-testing

Other:

https://www.youtube.com/watch?v=oY9cylPr2Bw

Found one that is really good, what I would like to see more of.

http://www.redblue.team/2015/09/black-hat-usa-2015-course-review.html

TechGromit

I took "Network Forensics: Continuous Monitoring and Instrumentation" at Blackhat in 2016. It's my understanding that it was originally developed for SANS, but the authors were not satisfied compensation for the course SANS offered in favor of an arrangement from BlackHat. SANS went on to develop there own version of the course, SEC511: Continuous Monitoring and Security Operations.

While I feel the training was good, it was a tad tough for me. The lab training assumed a higher knowledge level of Linux that I possessed. In the labs they would tell you to something like search logs or analyze a packet, but not provide you with detailed instructions like SANS does in there labs. In a way, it was good to challenge myself to come up with the answers, rather than reading step by step instructions like SANS has. The answers were in the back of the Lab book, some really were advanced Linux commands. Some of the labs I was able to muddle though in a round about way, others I had no clue and had to follow the answers in the back of the lab book.

The training first concentrates on analyzing logs, so you know where to start your forensics. Then analyzing packets. It assumes a minimal understanding of wireshark. I tried to familiarize myself with wireshark before attending the course, which did help. The course included a USB stick VM of the labs, a lab book, workbook. and also included a hardback text book, "Network Forensics: Continuous Monitoring and Instrumentation", but we didn't even open the book. The course only touched on parts that were in the book, it would take weeks to get though the entire hardback text book.

Unfortunately no certification is available for the course, which is a why SANS training may be a better value in the long run, but the textbook would be very valuable in refining your skills and you can pick it up from amazon at a reasonable price. While the course was cheaper than a typical SANS course, $4,500, when you add in the cost of the Blackhat conference of $2,000, it ended up being more expensive. I felt the two day Blackhat conference was a colossal waste of money, sure there were lots of speakers, an awesome vendor area, in the end I really didn't see any benefit attending the conference itself. I can't see myself going back, I'll spend my companies money on worthwhile training in the future. It was a neat experience, but I have no desire to repeat it. I'll stick with smaller regional security events, like BSides.

chrisone

This year will be my first at blackhat. I am taking the Dark Side Ops: Custom Pentesting course by Silent Break Security. read very good reviews about it.
https://www.blackhat.com/us-17/training/dark-side-ops-custom-penetration-testing.html
https://silentbreaksecurity.com/

They have some very good courses by some very reputable people / companies.
https://www.blackhat.com/us-17/training/index.html

I heard this course was awesome and highly recomended. It was sold out the first week registration opened
Adaptive Red Team Operations
https://www.blackhat.com/us-17/training/adaptive-red-team-operations.html

Definitely some very good courses here.

BlackBeret

Here's the thing with the BlackHat hands on training. It's almost always courses that are available from the trainers at other locations or in other formats without the price tag. Sometimes it's condensed to meet Blackhat's 2-4 day schedule, but mostly it's the same material. Are you looking for reviews on the course itself, or how the live training is conducted at Blackhat?

Take for example the Offensive IoT course from Blackhat 2016: https://www.blackhat.com/us-16/training/offensive-hands-on-internet-of-things-iot-exploitation.html

Now, I can't give a review of the hands on course as it was taught at blackhat, but I can give a review of the same course as taught via Pentester Academy (one of their best courses so far). Offensive Internet of Things (IoT) Exploitation

It's a difference between $3,000 and $250 to get the same material where you can go at your own pace. The instructor is very responsive via social media, so asking questions isn't difficult. That's why it's hard to find reviews of "blackhat training". Just look for reviews of the courses themselves offered at other conferences or from the vendor.

Danielm7

They do a PWK/OSCP course there too. You pay around $5K for a few days. You can take the OSCP on your own and get 3 months of access for about a quarter of that. The course also doesn't include the online access or the exam attempt.

https://www.blackhat.com/us-16/training/penetration-testing-with-kali-linux.html

I seem to remember it selling out very quickly last year too, crazy.

chrisone

Same concept for other IT technology courses as well
online cheaper/self paced, bootcamp more expensive/instructor lead.

So whats the difference, same topics covered right? well you have an instructor to help you understand the topics and answer your questions with bootcamps and in class sessions.

Also check out this link. Very interesting take on which courses for red teaming.
https://blog.cobaltstrike.com/2015/03/26/training-recommendations-for-threat-emulation-and-red-teaming/

SaSkiller

TechGromit, thanks for your review, that is really helpful.

Chris, Good luck, really interested to hear your review later, looks like CEH is your most relevant cert, so it will be interesting to see how you fare.

BlackBeret, In my limited experience in the past when I have looked at the courses, they haven't really been available outside of BlackHat. Like the Foundstone courses they used to have a while ago, I don't think they were really available. The OSCP live course, BH isn't the only place it's given, along with AWE and AWAE. Half the companies listed don't seem to exist like Abilities Inc. Veris Group doesn't have a training section on their website. Some companies do have the training listed on their site, but good luck trying to get in without a company (NotSoSecure).

The IoT course, how do I know it is the same course that is taught at Pentester Academy? Their name isn't on the page, the course author doesn't have them in his profile on the BH page. Looking at his site, it looks like its only for companies outside of BH.

See what I am getting at?

If everyone learned best on their own there would be no need for in person training, some people prefer it, some thrive on it. I've got a million pentesting books and i've enrolled in many online courses, but in my experience, for me, few things match up with ILT. Some courses are getting better, i'm liking this pentester academy course i'm taking now, I like it more than the PTP which has relatively few videos and waay too many slides.

As far as whether i'm looking for a review of the courses vs the course at blackhat, More of the first than the second. When someone wants to attend the course they really need to understand if the course is for them. I was reading one of the course descriptions, it sounded really good, but the review says "they are focusing on these two tools"... hold on a second, I'm seeking knowledge of how to do the job in general, and get really good at it. That could be a waste of my time because it sounds like its focused on experienced people who can improve their craft by utilizing these two tools. A benefit for a review of the course.

Now in the case of the PWK course, I would be interested in a review of the course at Blackhat It says on the page that it isn't a standard enrollment so I know I dont get the lab access and cert attempt, which is why i'm interested to hear what it is like. Is it more ILT, a different feel from going through a bunch of low quality and difficult to hear and understand videos? Is there more structure to the training, a methodology presented? I have the content from the PWB course, not a big fan of it, the question for me is (assuming it wasn't sold out...), would this version of the course provide me a leg up next time I go through it because I had ILT for 4 days answering questions and explaining things.

chrisone

SaSkiller wrote: »

Chris, Good luck, really interested to hear your review later, looks like CEH is your most relevant cert, so it will be interesting to see how you fare.

Thanks SaS, by the time July comes around, I plan on having eCPPT and OSCP completed. So I plan on having more experience by then. After Blackhat, I plan on signing up for SANS Netwars continuous online, which is a 4 month course. Seems like very good stuff as well.

If you can get your employer to pay for any blackhat course I would not hesitate to take it.

BlackBeret

SaSkiller wrote: »

The IoT course, how do I know it is the same course that is taught at Pentester Academy? Their name isn't on the page, the course author doesn't have them in his profile on the BH page. Looking at his site, it looks like its only for companies outside of BH.

To answer this question, The Pentester Academy use to advertise it as such, but it does look like that's been removed. Of course the course author and instructor listed on both being the same person, who is also the founder of Attify Security, which is the company listed on BH it's not a logical jump. Clicking the "Author Bio" tab on the Pentester Academy page and then looking at the same section on BH and having the same exact bio listed helps. I don't know about most people, but before dropping $3k for a course I look at what I'm getting and how it compares to other possibilities.

I'm not saying there's no benefit to attending the BH courses or having live training. Just pointing out why you see so few reviews on this site. Most of the people here are focused on self study and finding resources to prepare for tech exams. If everyone had a habit of just dropping $3k and taking a course to prepare for every exam this site wouldn't be here.

SephStorm

I plan on the eCPPT, but i'll likely be waiting until after BlackHat for the OSCP. I hadn't thought about netwars, that is an interesting option too.

I don't yet know if the company will reimburse me, I'm hoping they will, but I can take the one time hit if not. The experience gained from the classes, networking opportunities, free swag all are what i'm looking for.

BlackBeret,

Thanks, I get it, I just approach it from a different perspective I think. I know I want to go to BlackHat, so i'm looking at the training given to determine what I should do. I need to hurry up and decide!

docrice

I've taken several courses at Black Hat USA (including the Foundstone one mentioned/reviewed in the original post). My best experience was with Offensive Countermeasures (now re-labeled/extended as "Active Defense") when it was still a two-day course. I've taken a few others and in some cases they seem to be classes not generally offered elsewhere.

As a whole, Black Hat Trainings might make sense if you work for a company who will only send you to some kind of on-site training once a year, and having it bundled with a generalized conference with speakers, etc. fills in a practical checkbox in the training budget. The Black Hat/DEFCON combination can get pretty immersive if you really want to surround yourself with the infosec culture.

As a training motivator, I suspect there are a lot of people who will opt for in-person training since it keeps them buried neck-deep with up-close-and-personal relation with the instructors and other students. Many people likely will drift off/get distracted when they're doing a self-study, at-home course. When you're mid-career, work/family emergencies and other stresses can really distract you from the mission.

That said, for me I will likely completely skip out on Black Hat/DEFCON or any SANS conference this year. I'm too busy for the travel and likely will opt for SANS OnDemand for the first time in a while.

SaSkiller

Does anyone know if a training pass gets you access to the vendors/swag at blackhat?

I'm getting ready to make my final choices on classes and honestly I don't have much use for the briefings themselves. it would save me some money if I could access the vendor area with a training pass.

chrisone

BlackBeret wrote: »

I'm not saying there's no benefit to attending the BH courses or having live training. Just pointing out why you see so few reviews on this site. Most of the people here are focused on self study and finding resources to prepare for tech exams. If everyone had a habit of just dropping $3k and taking a course to prepare for every exam this site wouldn't be here.

At the end of the day if the content is the same for both the live course and online course, ANY review for the self paced online "cheaper" course should give you a hint on how the live course will be, since the material is the same.

I know people just put in thier two cents regarding the price of self-paced vs live courses at a conference, but that wasn't the topic, nor the question. The OP is just looking for reviews about these courses if they are any good, does it really matter if its online or live? especially if you get an employer to pay for it?

@SasKiller - just find any review for the online version of the course you want to attend in person. You will have all your questions answered.


/FIN

Danielm7

SaSkiller wrote: »

Does anyone know if a training pass gets you access to the vendors/swag at blackhat?

I'm getting ready to make my final choices on classes and honestly I don't have much use for the briefings themselves. it would save me some money if I could access the vendor area with a training pass.

https://www.blackhat.com/us-17/registration.html#pricing

That says the Trainings pass gives you access to the business hall, which is the vendor area.