Learn real-world cyber security skills from active industry experts in Anaheim. Save $150 thru 12/18.

Webcasts

To attend this webcast, login to your SANS Account or create your Account.

Shellshock hands-on

  • Wednesday, February 25th, 2015 at 3:00 PM EST (20:00:00 UTC)
  • Eric Conrad
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.

You can now attend the webcast using your mobile device!

Overview

In this talk we will walk you through the Shellshock bash exploit, from Proof of Concept to shell access. We'll explain the vulnerability in detail. Then we will show you how automated tools like Metasploit work their magic, break it down step-by-step, and then manually upload, install, execute, and log into a remote shell on a web server. This webcast will feature a live demonstration of the exploit, and leave you better prepared to test your systems for the Shellshock vulnerability.

Speaker Bio

Eric Conrad

Certified SANS instructor Eric Conrad's career began in 1991 as a Unix sysadmin for a small oceanographic communications company. He gained experience in a variety of industries, including research, education, power, Internet, and healthcare, and has worked with companies such as Mitsubishi Electric Research Labs, Boston University, The Open Group, Navipath, and Caritas Christi Health Care. He is now an independent information security consultant focusing on intrusion detection, incident handling, and penetration testing. He is a graduate of the SANS Technology Institute with a Master of Science degree in information security engineering. In addition to the CISSP, he holds the prestigious GIAC Security Expert (GSE) certification as well as the GIAC GPEN, GCIH, GCIA, GCFA, GAWN, and GSEC certifications. He is a contributing author to SANS HIPAA Security Implementation. Eric also blogs about information security at http://www.ericconrad.com.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.