“Battle School” Offers Unique Hacker Training at RSA Conference - April 20 - 24 San Francisco

Share Article

Security Compass, a leading web and mobile software security firm, announces "Battle School" at the RSA Conference, April 20-24 in San Francisco, booth #445. Battle School is a hands-on hacking lab that teaches key areas like physical attacks, web vulnerabilities, DDoS and mobile threats.

Battle School - a hands-on hacking lab at the RSA Conference

Battle School was designed as the ultimate hands-on hacker training booth, allowing participants to learn core skills, plus new tricks and vulnerabilities.

How hard is it to hack a keypad? What is the best way to avoid triggering corporate alarms in a denial-of-service attack? Is it possible to weaponize a phone’s NFC feature? These are just a few of the hacking scenarios that will be covered in a new hands-on “Battle School” training booth, hosted by Security Compass at the RSA Conference in San Francisco, April 20-24, 2015.

Battle School will be held at RSA booth #445.

“We’ve designed Battle School as the ultimate hands-on hacker training booth, allowing participants to learn core skills, as well as new tricks and vulnerabilities while gaining CPE (Continuing Professional Education) credits through relevant and up to date industry related scenarios,” said Nish Bhalla, CEO of Security Compass. “For corporate IT and security officials, it’s important to understand the full range of attack vectors that expose their organizations, whether it’s physical attacks, such as keypad bypasses, or intrusion detection evasion, DDoS, web vulnerabilities and much more. Battle School offers a safe test environment for all of these threats and gives IT and security pros a chance to see the wide range of vulnerabilities that can be exploited by malicious hackers to better help them understand how to stay protected.”

Battle School is a four-stage event that covers the top threats facing businesses and government agencies today: physical hacking and break-ins, Web-based attacks and social engineering, distributed denial-of-service (DDoS) and mobile threats. At each station, participants must complete a set of hacking challenges that will teach them important skills and vulnerabilities criminals use to attack corporate systems. At the end of the training, participants will put their skills to the ultimate test in a corporate data heist simulation.

Here is the breakdown of the Battle School hacker course:

  • Division 1 - Physical - Participants will learn how to hack physical infrastructure such as door locks, keypads and logic circuits.
  • Division 2 - Web - Participants will try to obtain the credentials of a particular user on a website. In order to do so, participants will have to use OWASP Top 10 vulnerabilities to gain access to another account.
  • Division 3 - DDOS - Participants will learn about different DDOS attack vectors and how to overwhelm a corporate monitoring system that alerts security staff about these attacks.
  • Division 4 - Mobile - Participants will learn how NFC-enabled phones can be hacked, as well as how to weaponize the NFC feature to attack other devices.

But that’s just the beginning. Once participants complete the four training divisions, they then enter the “Battle Room,” where they can put these skills to the test. Battle Room is an extreme hacking simulation, the goal of which is to exfiltrate “corporate” data without getting caught. It consists of several escalating security challenges, which participants will have to overcome:

  • Pick the main door lock
  • Bypass a keypad alarm system
  • Hack a network camera administrator page to disable motion sensors
  • Scan an NFC tag to get employee credentials to log onto server
  • Exfiltrate data, while also using a custom DDoS tool to thwart administrator attempts to log onto the system
  • Avoid intrusion detection by corporate IT team by performing UDP floods to block admins trying to VPN in; HTTP floods to stop admins from accessing the monitor system web page; and database exhaustion attack to prevent admins from querying the database for server logs.

As a new addition to Battle School, Security Compass has partnered with Educredu to allow IT and Security pros keep track of the CPE Credits (Continuing Professional Education) as they complete each division. The Educredu app can be downloaded here: http://www.educredu.com

Battle School will be open from 11am-5pm April 20 - 24 at booth # 445 at the RSA conference in San Francisco. Learn more about Battle School at http://battle-school.securitycompass.com.


Security Compass is a leading information security firm specializing in web, mobile and IoT software security for Fortune 10s-500s in the financial, technology, energy, manufacturing, retail, healthcare, insurance and media industries. In addition to conducting penetration tests and security audits, Security Compass also guides corporate teams in building highly secure software applications. Its secure application lifecycle management tool, SD Elements, was selected for Ovum's 2014 “On the Radar” report and recognized by Gartner’s 2014 Cool Vendors in Application and Endpoint Security. The company is headquartered in Toronto. Website: http://www.securitycompass.com


Educredu is a Software as a Service (SaaS) company with offices in both Toronto and Hamilton catering to the needs of professionals who maintain credentials, as well as those of educational events and accreditors. Its mobile application software and web platform are designed to streamline the process of finding and registering for relevant educational events and activities, submitting the required evidence to accrediting organizations, networking with fellow professionals, and tracking the status of the education credits needed for their credentials. Its product provides an elegant and intuitive solution to a cumbersome process faced by millions of professionals globally. Educredu is a part of The Forge, an accelerator partnership between the Innovation Factory and McMaster University. They can be found online at http://www.educredu.com

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Christine MacDonald
Visit website