Overview
Join us for an interactive in-person workshop on Penetration Testing and to think like an attacker and how systems are really compromised.
Penetration Testing Workshop: From Zero to Exploit
The Kentucky ISSA Chapter, in partnership with Ellipsis Information Security LLC, is excited to present an immersive, hands-on information security workshop focused on Penetration Testing. This day-long event offers a unique opportunity to learn directly from a globally recognized application security expert, who brings over a decade of experience teaching professionals of all skill levels.
Why Attend?
Think like an attacker. Learn how systems are really compromised.
This immersive workshop introduces the fundamentals of penetration testing and ethical hacking through real-world attacks in a fully controlled lab environment. This is not a lecture-only session. You will actively compromise multiple intentionally vulnerable systems using the same tools and techniques used by professional penetration testers. No prior experience required.
What You’ll Do
You will work from a Kali Linux attacker machine and compromise a series of target systems, starting with very easy and progressing toward more challenging environments:
Metasploitable-2 — beginner friendly
Basic-Pentesting-1 — introductory exploitation
DC-1 — intermediate challenge
Stapler — advanced challenge
Each participant runs the entire lab locally on their own laptop using VirtualBox for maximum reliability and hands-on experience.
Topics Covered
• Core penetration testing methodology
• Scanning & enumeration (Nmap, service discovery, fingerprinting)
• Exploitation fundamentals
• Credential attacks and privilege escalation
• Understanding vulnerabilities through real compromise
• How attackers chain weaknesses into full system compromise
• Defensive insights: what these attacks reveal about real systems
Hands-On Labs
• Full attack walkthroughs on multiple real targets
• Kali Linux attacker workstation provided as a ready-to-run VirtualBox VM
• All required tools preinstalled and configured
• Students perform every attack themselves
• Safe, legal, fully offline training environment
What You Need to Do Before the Workshop
All students receive a download package after registration containing:
• Kali Linux attacker VM
• Metasploitable-2
• Basic-Pentesting-1
• DC-1
• Stapler
You must install VirtualBox, import all VMs, and verify that Kali boots successfully before arriving. Estimated preparation time: 1.5–2.5 hours Setup instructions will be provided immediately after registration.
Reserve Your Spot
Space is limited to ensure individualized support and hands-on learning.
This event is expected to sell out.
Register early to secure your seat.
Registration: https://www.eventbrite.com/e/issa-kentuckiana-penetration-testing-workshop-tickets-1980416765858?aff=oddtdtcreator
Where:
12501 Lakefront Place Louisville, KY 40299
(Farm Credit Mid-America Building - Schoolhouse East (132); Schoolhouse West (130))
When:
Friday, February 20th, 2025
8:30 AM - 4:00 PM
Cost:
Normally $500.00
Special ISSA Kentuckiana Subsidized Price $150.00
ISSA Kentuckiana Chapter Members $50! ($100 off w/ use of member discount code!)
Info on ISSA Kentuckiana Chapter membership benefits available here: https://www.issa-kentuckiana.org/membership
Costs are subsidized by the ISSA Kentuckiana Chapter to make high quality training available for everyone!
Refunds not available for this event.
CPEs
Attendees will recieve 6 CPE Credits for this event
Who:
Jeremy Druin
Certified Security Penetration Tester & Cloud Security Architect
Google PCSE|OSCP|GPCS|GCLD|GXPN-GOLD|GPEN-GOLD|GWAPT-GOLD|GCIH-GOLD|GMOB|GSEC|GISF|Sec+
Jeremy is the Distinguished Cybersecurity Architect for the largest multi-national transportation logistics company in the world. Jeremy is also the owner of Ellipsis Information Security and teaches courses for Ellipsis and SANS Institute. As a Director of Education for the Kentucky ISSA chapter, Jeremy presents on application security, penetration testing and defense along with operating the "webpwnized" YouTube video channel. Additionally, Jeremy develops the open-source OWASP Mutillidae II training environment. Jeremy has a Bachelor of Science in Computer Science from Indiana University, a Graduate Certificate in Cybersecurity and Master of Computer Science and Engineering from the University of Louisville and is a GIAC-certified Web, API, Mobile and Network Security Penetration Tester, and Cloud Security Architect.
