Paid Training List


DEF CON Paid Training

2 day training sessions on the Mon and Tue after DEF CON. There will be an additional cost for these.

DEF CON All Paid Training Forum page




Cloud Security Masterclass Defender’s Guide to Securing AWS &… $2,000 early $1,600 – Abhinav Singh

Paid Training DC Forum Page

URL= https://training.defcon.org/products…infrastructure

Originally posted by URL Name of Training :
Cloud Security Masterclass Defender’s Guide to Securing AWS & Azure Infrastructure

Description :
This is a unique course that is on the cloud and for the cloud. It helps train individuals on cloud terminologies and enables them to build scalable defense mechanisms for their services running in the public cloud. The training explicitly focuses on threat detection, Incident response, malware investigations, and forensic analysis of cloud infrastructure which is still a very less known domain in the market. The training will not use cloud-native security tools, but will focus more on building generic analysis pipelines that can be implemented in any cloud environment.

– Using cloud native technologies to build your own security services for your applications and services running in the cloud.
– Building real-time detection, monitoring and response capabilities for threat tracking and intelligence gathering.
– Building Advanced automated pipelines through Detection-as-code features to defend public cloud infrastructures.

## Who Should Take This Course:

– Red Team members
– Blue team and Purple team members
– Cloud Security Teams
– Incident responders, Analysts
– Malware investigators and Analysts
– Threat intelligence analysts and Responders

Training description :
This hands-on CTF-style training focuses on elevating your security knowledge into the cloud. Learn to defend your AWS & Azure cloud infrastructure by building automated detection, alerting and response pipelines for your workloads by using native cloud services. This training focuses on building security knowledge on the cloud and for the cloud.
This training takes both investigator and builder approach towards security. It teaches you the fundamentals of cloud infrastructure security and focuses on building highly scalable threat detection, monitoring, and response tools by using cloud-native services like serverless, containers, object stores, IAM/AD, logic apps, SQL/KQL queries and much more.

By the end of this training, we will be able to(applies to both AWS & Azure):
* Use cloud technologies to detect & build automated responses against IAM & AD attacks.
* Understand and mitigate advanced identity based attacks like pivoting and privilege escalation and build defense techniques against them.
* Use serverless functions to perform on-demand threat scans.
* Deploy containers to build threat detection services at scale.
* Build notification services to create detection alerts.
* Analyze malware-infected virtual machines to perform automated forensic investigations.
* Define step functions & logic apps to implement automated forensic artifacts collection for cloud resources.
* Build cloud security response playbooks for defense evasion, persistence and lateral movements.
* Perform advanced security investigations through architecting and deploying security data-lake for real-time threat intelligence and monitoring.
* Enforce multi-cloud security strategy through assessments, compliance checks and benchmarking automation.
Hands-on: 65-70%. Lecture: 30-35%.

Day 1: 6 hands-on labs: Approximately 6 hours

Day 2: 5 hands-on labs: Approximately 6 hours.

This has homework or after class exercises: students will be provided with Cloudformation templates for next day’s lessons.
Training provides:
– PDF versions of slides that will be used during the training.
– Complete course guide containing 200+ pages in PDF format. It will contain step-by-step guidelines for all the exercises, labs, and a detailed explanation of concepts discussed during the training.
– 20+ pages of cloud security rulebook to implement cloud security controls in an enterprise.
– 15 day access to Slack channel & CTF platform.
– Infrastructure-as-code templates to deploy the test environments & simulations for continued practice after the class ends.
– Access to Github account for accessing custom-built source codes and tools.
– Collection of test malware samples, forensic images, detection rules and queries.
Keywords: Cloud Security, DevSecOps, Red-team, Blue team, Infrastructure security
Past content:
#### 2022
– Defcon Las Vegas, Aug 2022: https://training.defcon.org/products…nfrastructures
– Hack in Paris June 2022: https://hackinparis.com/trainings/#t…ructure-2-days
– Insomnihack, Geneva, March 2022
– Blackhat EU 2022: https://www.blackhat.com/eu-22/train…tructure-28220
– OWASP Lascon 2022, SaintCon 2022.

#### 2020-2021
– Blackhat EU 2021: https://www.blackhat.com/eu-21/train…tructure-24306
– Troopers 2021, 2020: https://troopers.de/troopers22/trainings/slwggf/
– HITB 2020, 2021.

Trainer(s) bio :
Abhinav Singh is a cybersecurity researcher with a decade long experience working for global leaders in security technology, financial institutions and as an independent trainer/consultant. He is the author of Metasploit Penetration Testing Cookbook (first, second & third editions) and Instant Wireshark Starter, by Packt. He is an active contributor to the security community in the form of patents, open-source tools, paper publications, articles, and blogs. His work has been quoted in several security and privacy magazines, and digital portals. He is a frequent speaker and trainer at eminent international conferences like Black Hat, RSA & Defcon. His areas of expertise include malware research, reverse engineering, enterprise security, forensics, and cloud security.

Trainer(s) social media links :

https://twitter.com/ abhinavbom : @ abhinavbom
https://www.linkedin.com/in/abhinavbom
Outline :
Day 1 :

*Introduction*
– Quick Introduction to AWS & Azure cloud services.
– Basic terminologies: IAM, VPC, AMI, serverless, ARNs etc.
– Introduction to Logging services in cloud.
– Setting up your free tier account.
– Setting up AWS & Azure command-line interface.
*Cloud Attack Surface*
– Cloud service enumeration for attack surface identification.
– Exploiting serverless functions and harvesting cloud credentials.
*Detecting and monitoring against AWS IAM attacks.*
– Identity & Access management crash course.
– Policy enumeration from an attacker’s & defender’s perspective.
– Detecting and responding to user account brute force attempts.
– Building controls against privilege escalation and access permission flaws.
– Attacking and defending against user role enumeration.
– Brute force attack detection using cloudTrail & Athena SQL queries.
– Automated notification for alarms and alerts.
– Exercise on detecting IAM attacks in a simulated environment containing web application compromise and lateral movement.
*Malware detection and investigation on/for cloud infrastructure*
– Quick Introduction to cloud infrastructure security.
– Building clamAV & Yara based static scanner for S3 buckets using AWS lambda.
– Building signature update pipelines using static storage buckets to detect recent threats.
– Malware alert notification through SNS and slack channel.
– Adding advanced context to slack notification for quick remediation.
– Exercise on simulating a malware infection in AWS and building an automated detection & alerting system.

Day 2 :

*Threat Response & Intelligence analysis techniques on/for Cloud infrastructure*
– Integrating playbooks for threat feed ingestion and Virustotal lookups.
– Building a SIEM-like service for advance alerting and threat intelligence gathering using Elasticsearch.
– Creating a Security datalake for advance analytics and intelligence search.
– Building dashboards and queries for real-time monitoring and analytics.
– CTF exercise to correlate multiple logs to determine the source of infection.
*Azure AD Attacks & Defenses*
– Azure AD enumeration & permission gathering.
– Privilege escalation & lateral movement through RBAC, service principals etc.
– Auditing & logging in Azure.
– Detecting attacks through KQL queries.
*Forensic Acquisition & analysis In the Cloud.*
– Building an IR ‘flight simulator’ in the cloud(AWS).
– Creating an API service for automated instance isolation and volume snapshots(AWS).
– lambda functions to perform instance isolation and status alerts(AWS).
– Automating alert using Sentinel(Azure) for threat analysis.
– Automating threat response through Azure logic apps.
– Implementing rulebook for cloud IR in an enterprise.
– Enforcing security measures and policies to avoid instance compromise.
*Multi-cloud Compliance*
– Building a multi-cloud security assessment & monitoring strategy.
– Automatic inventory and change detection in a multi-cloud environment.
– Implementing compliance standards and benchmark standards(CIS) to the cloud environment.

Technical difficulty :
Beginners and Intermediate.

Suggested Prerequisites :
– Free tier account for AWS with command line tools installed.
– Free Tier account for Azure with command line tools installed.
– Read and complete the pre-training briefing document that will be sent a week before the training date.

What students should bring :
– Laptop with Wi-Fi capability.
– Basic understanding of cloud services.
– System administration and linux cli.
– Able to write basic programs in python.
– Familiarity with SQL and KQL queries will be a plus.

DATE : August 14th-15th 2023
TIME : 8am to 5pm PDT
VENUE : Caesars Forum, Las Vegas, NV
TRAINER : Abhinav Singh
– 16 hours of training with a certificate of completion.
– 2 coffee breaks are provided per day
– Note: Food is not included
Registration terms and conditions :

Trainings are refundable before July 1st, the processing fee is $250.

Trainings are non-refundable after July 10th, 2023.

Training tickets may be transferred. Please email us for specifics.

Failure to attend the Training without prior written notification, will be considered a No-Show. No refund will be given.

By purchasing this ticket you agree to abide by the DCT Code of Conduct and the registration terms and conditions listed above.


– API Exploration and Exploitation $2,800

Paid Training DC Forum Page

URL= https://training.defcon.org/products…d-exploitation

Originally posted by URL Name of Training :
API Exploration and Exploitation
Description :
Introduction to APIs, Engaging and exploring APIs, Enumerate the API Attack Surface, Demystifying the OWASP Top 10 for APIs, Exploring GraphQL, Capture The Flag Exercise

Training description :
The use of Application Programming Interfaces (APIs) have increased over the years. Therefore, the threat landscape of organizations increases with the adoption of APIs. The content of the course creates awareness around the various attack vectors used targeting APIs and provides actionable mitigation strategies.
The aim of this course is to empower you to conduct a risk assessment of an API. This hands-on course covers API basics, setting up a test environment, API threat model, API protocols and architectures, typical vulnerabilities, enumerating an attack surface and best practices around security.
Moreover, it focuses on gaining practical experience of the OWASP Top 10 for APIs. In addition, you would be gaining practical experience on exploiting typical vulnerabilities on RESTful (REST) APIs and GraphQL. The course concludes with a capture the flag (CTF) to apply knowledge gained during the course.
This course aims to unpack the security considerations of an API and demonstrate how various attack vectors could be used to impact the security of an API.
More Details:
* 2-day course
* 60% practical and 40% theoretical
* Real-world attacks and methodologies
* Delivered by active penetration testers and red team members
Main modules:
  1. Introduction to APIs
  2. Engaging and exploring APIs
  3. Enumerate the API Attack Surface
  4. Demystifying the OWASP Top 10 for APIs
  5. Exploring GraphQL
  6. Capture The Flag Exercise
Our training is delivered via SensePost, the specialist ethical hacking team of Orange Cyberdefense. We have trained thousands of students for the past two decades about the art of offensive and defensive approaches. It’s safe to say we enjoy teaching others how to pwn networks and applications. Our courses are developed from the work we perform for clients, so that you get a better understanding of how to exploit real-world scenarios.
Join us and hack hard!
Trainer(s) bio :
SensePost Training
SensePost, an elite ethical hacking team of Orange Cyberdefense have been training internationally since 2002. We pride ourselves on ensuring our content, our training environment and trainers are all epic in every way possible. The trainers you will meet are working penetration testers, responsible for numerous tools, talks and 0day releases. This provides you with real experiences from the field along with actual practitioners who will be able to support you in a wide range of real-world security discussions. We have years of experience building environments and labs tailored for learning, after all education is at the core of SensePost and Orange Cyberdefense.
Past content:
This training was delivered at Def Con Trainings 2022 in Las Vegas.
No links to previous training as the Def Con site has been modified.
Trainer(s) social media links :
https://twitter.com/ sensepost_train : @ sensepost_train
https://twitter.com/sensepost : @ sensepost
https://twitter.com/orangecyberdef : @ orangecyberdef

Outline :
Detailed course outline (for Def Con training review use only, please do not share publicly.)

This course consists of 6 High level Modules, +-26 Key concepts and +-30 Practicals.
Module 1: Introduction To API
* What is an API?
* The API ecosystem
* Threat model of an API
* Review of code representing an API endpoint
Practical 1 – What to do with APIs:
This practical engages candidates to look for open APIs and how they could use at least threee APIs withinin a ficticoinal scenario business / operational environment.
Module 2: Engaging with the Target API:
* Setup and configure Postman, cURL and Burp to connect to target API
* Demonstrate the various HTTP headers
* Interacting with Swagger
* Demonstrate the various HTTP methods
* Discuss the use of JWT for authetnication
Practical 2 – Abusing a JWT :
The practical would focus on creating a JWT to authenticate against an endpoint. In addition, the cracking of a JWT to target weak encryption protocols. Lastly how to resign the JWT and use with subsequent abuses.
Module 3: Enumerate API Attack Surface:
* Creating wordlists to enumerate endpoints
* Fuzzing endpoints to identify hidden endpoints
* Use of tools to create wordlists
Practical 3 – Using cewl and mentalist to create a wordlist:
The identification of endpoints are ciritical to enumerate the attack surface of APIs. This practical demonstrates the use of tools to create custom wordlists.
Module 4: Demystify the OWASP Top 10 for API:
Candidates would be exposed to the most common vulnerabilities targeting APIs. These vulnerabilities would be put into context through the use cases and allow candidates to perform the attack to get a better understanding. The focus would also be on identiifying mitigation strategies to address the risk.
* Unpack the OWASP Top 10 for APIs
* Analyze the vulnerability: Broken Object Level Authorization
* Analyze the vulnerability: Broken User Authentication
* Analyze the vulnerability: Broken Function Level Authorization
* Analyze the vulnerability: Excessive Data Exposure
* Analyze the vulnerability: Lack of Resources & Rate Limiting
* Analyze the vulnerability: Mass Assignment
* Analyze the vulnerability: Security Misconfiguration
* Analyze the vulnerability: Injection
* Analyze the vulnerability: Improper Assets Management
* Analyze the vulnerability: Insufficient Logging & Monitoring
Practical 4 – Getting to know the top vulnerabiliites for APIs :
The practicals are part of the module decribing each vulnerability. The use cases were developed to practically demonstrate each vulnerability and give the candidate opportunity to experience each vulnerability. This in turrn would create awareness on how to test for each of these vulnerabilites.
* Practical review of Use Case: Unauthorized Enumeration and Viewing
* Practical review of Use Case: Insecure JSON Web token (JWT) configuration
* Practical review of Use Case: Weak password complexity
* Practical review of Use Case: Authentication susceptible to brute force attack
* Practical review of Use Case: OTP Bypass
* Practical review of Use Case: Escalate Privileges to gain Administrative Access
* Practical review of Use Case: API Response contains Unfilter Data
* Practical review of Use Case: API Response contains Unnecessary Data
* Practical review of Use Case: Impact of Zipbombing
* Practical review of Use Case: Rate Limiting – Abuse Number of Calls to End Point
* Practical review of Use Case: Rate Limiting Enabled
* Practical review of Use Case: Privilege Escalation
* Practical review of Use Case: HTTP OPTIONS Method Enabled
* Practical review of Use Case: Verbose Error Messages
* Practical review of Use Case: Outdated Application Servers
* Practical review of Use Case: Overly permissive Cross-Origin resource sharing (CORS)
* Practical review of Use Case: SQL Injection
* Practical review of Use Case: XXE Injection
* Practical review of Use Case: Command Injection
* Practical review of Use Case: Ennumerate API to identify deprecated endpoints
* Practical review of Use Case: No authentication required to acces endpoint
* Practical review of Use Case: Logging of data
* Practical review of Use Case: Logs containing sensitive data
* Practical review of Use Case: Logs does not have sufficient data
Module 5: Exploring GraphQL from a security perspective:
* Introduction to GraphQL
* Describing the various vulnerabilities associated with GraphQL
* Discuss various techniques to secure GraphQL
Practical 5 – Introspection for the Win
Candidate would be provided with an endpoint to explore the various vulnerabilities. This includes:
  • Abuse the default configuration for GraphQL could expose the supported schema and queries.
  • Explore the impact of IDORs to gain access to information within the context of GraphQL.
Module 6: Capture the Flag:
The course concludes with candidates participating in a capture the flag where secret documents of a target company needs to be found. The candidates would use knowledge acquired during the course to apply this and exploit vulnerabilities within the exposed API.
Technical difficulty :
Intermediate
Suggested Prerequisites :
Requires students to have a solid working understanding of the Linux command line and basic web hacking skills.
This is an intermediate course in penetration testing of APIs. No security related experience is required but a technical understanding of computers, networks, Linux and Windows are a must.
Please ensure you are comfortable with the Linux command line before enrolling for this course. You will be executing some commands from the command line when executing cURL to interact with the APIs.

What students should bring :
You should bring a laptop with a working modern browser like Firefox or Chrome to access the APIs and online lab.
DATE : August 14th-15th 2023
TIME : 8am to 5pm PDT
VENUE : Caesars Forum, Las Vegas, NV
TRAINER : TBA
– 16 hours of training with a certificate of completion.
– 2 coffee breaks are provided per day
– Note: Food is not included
Registration terms and conditions :

Trainings are refundable before July 1st, the processing fee is $250.

Trainings are non-refundable after July 10th, 2023.

Training tickets may be transferred. Please email us for specifics.

Failure to attend the Training without prior written notification, will be considered a No-Show. No refund will be given.

By purchasing this ticket you agree to abide by the DCT Code of Conduct and the registration terms and conditions listed above.


Hacking Organizations: Phishing Not Required $1,500 – Ben Sadeghipour

Paid Training DC Forum Page

URL= https://training.defcon.org/products…g-not-required

Originally posted by URL Name of Training :
Hacking Organizations: Phishing Not Required

Description :
Teach students how to identify vulnerabilities in web applications and digital assets from an external perspective.
Training description :
“Hacking Organizations: Phishing Not Required” is a comprehensive course designed to teach students how to identify vulnerabilities in web applications and digital assets from an external perspective. The first two days of the course is cover the ten most common vulnerabilities found in web applications as well as principles of reconnaissance. On the third day, students will apply these skills to develop a technique for identifying impactful vulnerabilities that potentially allow access to an organization’s internal infrastructure. This training is appropriate for anyone interested in web application penetration testing, bug bounties, or joining a red team with a web and reconnaissance focus.
Past content:
https://hackfest.ca/en/trainings/web/

https://appsecus2018.sched.com/event…step-at-a-time
Trainer(s) bio :
Ben Sadeghipour, also known as NahamSec, is a hacker, content creator, trainer, public speaker, and conference organizer. He has extensive experience in ethical hacking and bug bounty hunting, having identified and exploited thousands of security vulnerabilities for companies such as Apple, Yahoo, Google, Airbnb, Snapchat, the US Department of Defense, and Yelp. Sadeghipour was formerly the head of Hacker Education at HackerOne. In addition to his professional pursuits, Sadeghipour also creates content on YouTube and Twitch to help others get into ethical hacking, bug bounty, web hacking and reconnaissance.
Trainer(s) social media links :
https://twitter.com/NahamSec
https://youtube.com/NahamSec

Outline :
Day 1 :
Burp Suite Basics
HTTP Basic Refresher
Request Types
Headers
Respond Codes
Status Codes
Open Redirects + Labs
Whitelisting
Blacklisting
Basics of open redirects
Cross-Site Scripting (XSS) + Lab Reflected Cross-Site Scripting Stored Cross-Site Scripting Dom Cross-Site Scripting
Blind XSS Break
Cross Site Request forgery (CSRF) + Lab No CSRF token Reusable CSRF token
Insecure Direct Object References (IDOR) + Lab Incrementing IDs Weak encryption (B64) UUID from other vulnerabilities
Local file Read & Path Traversal + Lab
Path Traversal Basics
Local File read
Path traversal bypasses
Advanced Path Traversal and local file read
Server-Side Request Forgery (SSRF) + Lab
Understanding SSRF + Protocols
Local File Read
Blind SSRF and Port Scan
Accessing Local Network via SSRf
White Listing and Black Listing
Exploiting PDF Generators and Similar
Day 2 :
Privilege Escalation + Lab
Understanding user roles
Priv Esc through IDOR
Priv Esc via password brute force
Elevating user access roles
Arbitrary file upload + Lab
Unvalidated upload (php, asp, etc)
Path Traversal in uploaders
XML external entity (XXE) + Lab
Basics of XXE XXE in excel, docx, etc
XXE in PDF Generators
Remote Command / Code Execution
Understanding RCE
RCE via file uploads
Remote Command Injection in URL parsing
Weak or default credentials
Weak or default credential Basics
Wordlists
Looking through previous password dumps
Default Credentials
Password Guessing
Components with Known Vulnerabilities
SSRF
RCE via known vulnerabilities
Image Magick
Tomcat
Struts2
Shellshock
log4j
Reconnaissance – Asset Discovery + Hands on demo
DNS Basics
ASN Ranges (Cloud vs in house)
Subdomain Brute Forcing
Certificate Transparency
3rd Party tools (Shodan, Censys, etc)
Permutation and Environments
Automation Demo
Reconnaissance – Content Discovery + Lab
Creating and maintaining word list
Contextualizing directory/file brute forcing
Port scanning
Information gathering using https
Approaching APIs
Leveraging search engines for reconnaissance
Google Dorking
Leaked credentials
Finding additional information about your target
Methodology
Understanding company infrastructure
Identifying and prioritizing interesting assets
Combining asset discovery and content discovery
Looking for leads (documentation, API specs, etc)
Looking for patterns of mistake across an infrastructure
DNS Misconfigurations (subdomain or DNS takeover)
Understanding SSO
SSO Bypass or priv escalation
Final Lab + Test
Technical difficulty :
Beginner to intermediate

Suggested Prerequisites :
While this training will offer and cover the foundations of web application hacking, it is highly suggested that students have a solid foundation in web application hacking and in web development.
HTTP Basics:
https://developer.mozilla.org/en-US/docs/Web/HTTP
How to set up burp suite:
https://portswigger.net/burp/documen…ad-and-install
Understanding DNS:
https://www.cloudflare.com/learning/dns/what-is-dns
What students should bring :
Students should bring in a laptop (Mac OS, Windows, or a Linux distribution of your choice) with a working browser. Please make sure you have installed Burp Suite and are able to intercept your browsers traffic.
DATE : August 14th-15th 2023
TIME : 8am to 5pm PDT
VENUE : Caesars Forum, Las Vegas, NV
TRAINER : Ben Sadeghipour
– 16 hours of training with a certificate of completion.
– 2 coffee breaks are provided per day
– Note: Food is not included
Registration terms and conditions :

Trainings are refundable before July 1st, the processing fee is $250.

Trainings are non-refundable after July 10th, 2023.

Training tickets may be transferred. Please email us for specifics.

Failure to attend the Training without prior written notification, will be considered a No-Show. No refund will be given.

By purchasing this ticket you agree to abide by the DCT Code of Conduct and the registration terms and conditions listed above.


Cyber Threat Intelligence A… $1,900 – Bobby Thomas, Matthew Lamanna, Kyle Smathers, Nathan Johnson

Paid Training DC Forum Page

URL= https://training.defcon.org/products…nalysis-course

[quote=URL]
Name of Training :
Cyber Threat Intelligence Analysis Course

Description :
This course presents the fundamentals of cyber threat intelligence (CTI) and guides analysts in the application of intelligence to enable proactive defensive operations and support incident response.

Training description :
This course presents the fundamentals of cyber threat intelligence (CTI) and guides analysts in the application of intelligence to enable proactive defensive operations and support incident response. The threat environment is growing more complex and correspondingly, costs to businesses affected by malevolent activity is also increasing. Intelligence is information that has been analyzed and refined to meet the needs of the cyber defenders and/or decision makers. Cyber Threat Intelligence should use the intelligence operations cycle of Planning and Direction, Collection, Processing and Exploitation, Analysis and Production, Dissemination and Integration, and Evaluation and Feedback to facilitate its mission. The end state should characterize, investigate, and attribute indicators of compromise (IOCs) to advanced persistent threats (APTs) and the application of adversarial profiles to tactics, techniques, and procedures (TTPs) in order to proactively defend networks. CTI analysts should work to identify and generate threats relevant to client requirements, illuminating adversary’s exploitation methodology and motivation, applying them in a structured way not only to integrate but to drive an organization’s DCO posture.
This course applies the intelligence cycle to the full-spectrum exercise of proactive network defense. When properly employed, this process fosters a cyber environment of pre-emptive action. Network defenders and operators are provided with the necessary tactics, techniques, and procedures (TTPs) to generate timely and relevant intelligence. Such intelligence informs stakeholders and applies network fortifications before compromise.
Trainer(s) bio :
Deloitte is recognized as a global leader in Security Consulting, Cybersecurity Incident Response Services, Managed Cloud Services, and Strategic Risk Management Consulting. Deloitte is considered one of the “Big Four” accounting firms and is the largest professional services organization in the world.
Bobby Thomas
20+ years of experience in Cyber Security Career Field. Bobby served with the Air Force where he was a Cyber Operator most of his career. He was also a previous Intelligence Analyst with the Air Force. Bobby currently works for Deloitte as a Hunt Instructor. He enjoys working out and traveling with his family. Their favorite vacation spot is anywhere there are relaxing beaches and good restaurants to visit.
CISSP:
Awarded July 04, 2022
ISC2 Member ID 830294
Nathan Johnson
20+ years of experience working in both the government and commercial Cybersecurity industry. Served in the Air Force for 21 years as a Cyber Operator in different operational roles. Nathan most recently worked for the U.S. Space Force (USSF) as the 16 th Air Force Liaison to the USSF Delta 6. Past projects also include implementation and curriculum development for the Air Force Big Data Platform (ELICSAR). Nathan’s current role supports Deloitte’s Strategic Growth Offering as a DCO Hunt curriculum developer and instructor. He is currently enrolled in the SANS Graduate Certificate track in Cybersecurity Engineer (Core) and expects to graduate summer of 2024. His off time includes spending time with family, traveling and cycling.
Security+:
CE Awarded July 02, 2015
Member ID COMP001008448250
ITIL Foundation
Awarded April 18, 2012
Matthew Lamanna
Matt Lamanna is a Specialist Master in Deloitte Risk & Financial Advisory. Current focus areas include business development within New Mexico & Texas as well as being the deputy program manager on the United States Space Force (USSF) Space Operations Command Intelligence and Cyberdefense Enterprise Services (SPICES) contract. Matt is also the cybersecurity lead for a HQ USAF A2/6O Enterprise Digital Transformation project, and Defensive Cyber Operations project. Lastly, he is part of two Deloitte Strategic Growth Offerings; a big data platform and defensive cyber for on-orbit space vehicles.
Before joining Deloitte Matt spent 20 years in the Air Force and retired a Master Sergeant out of the Air Force Operational Test & Evaluation Center, Kirtland AFB, NM. He spent 15 years as a Signals Intelligence Specialist and 5 years in offensive cyberspace operators and cyber threat intelligence.
GSEC, Awarded 2013
GCIH, Awarded 2013
Root9B OCO Operator, Awarded 2013
Kyle Smathers
Battle tested cybersecurity professional, capabilities developer, and leader. Previously an active duty Air Force Officer of 10 years, current Air Force reserve member. Experienced with state-of-the-art cybersecurity platforms, training and missions. Previously served on a Cyber Protection Team as the lead threat hunter, wrote the requirements for the Air Force’s ‘Interceptor’ hunting platform and taught as a formal training instructor.
In my free time I am either with my family, riding my bicycle or working on a house project.
CISSP- Awarded Oct, 2017
Elastic Certified Analyst – Sept 2022
VMWare Certified Professional-Data Center Virtualization – April 2022
Trainer(s) social media links :

Outline :
Day 1 :
  1. Introduction to Threat Intelligence
    1. What is Intelligence?
    2. Intelligence vs. information vs evidence
    3. The intelligence cycle: Information into intelligence
    4. Reducing uncertainty
    5. Bias and Cognition
  2. Planning and Direction
    1. Planning and Direction
    2. Intelligence planning: Strategic, operational, tactical, and technical
    3. PIRs, Irs, EEIs
    4. Cyber Threat Intelligence (CTI)-driven cyber risk management
    5. Risk rating methodologies
    6. Project management for intelligence operations
    7. CTI support to proactive DCO planning
    8. Network discovery/Topology
    9. Threat assessment/gap analysis
  3. Exercise: Risk rating methodology; Explore your security controls; Write and answer a Priority Intelligence Requirements (PIRs)
  4. Collection, Processing, and Exploitation
    1. Collection
    2. Collection Sources
    3. OSINT
    4. Further OSINT resources
    5. Mitigation strategies/Counterintelligence concerns
    6. Dedicated cybersecurity intelligence repositories
    7. The Dark Web
    8. Data collection and analysis
    9. Malware collection and forensics
    10. Memory forensics
    11. Processing and Exploitation
  5. Exercise: Generate Intelligence Collection Requirements (ICRs); Maltego; Research a given domain
Day 2 :
  1. Analysis and Production
    1. Analysis and Production
    2. Analysis overview
    3. CTI Objectives
    4. CTI Models and Frameworks
    5. Structured Analytic Techniques (SATs)
    6. Additional analytic concepts
    7. Production overview: The writing process
    8. Editing and final review
    9. CTI production categories
    10. Intelligence Community Directive (ICD) 203
  2. Exercise: Reporting
  3. Dissemination, Integration, Evaluation, and Feedback
    1. Analysis and Production/CTI report categories
    2. Dissemination and Evaluation/Feedback
    3. Integration
  4. Cyber Threats and Network Security Operations
    1. Cyber Threats
    2. Phishing
    3. Network Security Operations
  5. Final Capstone
Technical difficulty :
Beginner
Suggested Prerequisites :
Basic understanding of defensive cyber operations or basic understanding of security controls.
What students should bring :
Students will need to bring their personal laptops.
DATE : August 14th-15th 2023
TIME : 8am to 5pm PDT
VENUE : Caesars Forum, Las Vegas, NV
TRAINER: Bobby Thomas, Matthew Lamanna, Kyle Smathers, Nathan Johnson
– 16 hours of training with a certificate of completion.
– 2 coffee breaks are provided per day
– Note: Food is not included
Registration terms and conditions :

Trainings are refundable before July 1st, the processing fee is $250.

Trainings are non-refundable after July 10th, 2023.

Training tickets may be transferred. Please email us for specifics.

Failure to attend the Training without prior written notification, will be considered a No-Show. No refund will be given.

By purchasing this ticket you agree to abide by the DCT Code of Conduct and the registration terms and conditions listed above.


​


TCP/IP Deep Dive for Ethical Hackers – Featuring Wireshark $1,400 – Chris Greer

Paid Training DC Forum Page

URL= https://training.defcon.org/products…ring-wireshark

Originally posted by URL Name of Training :

Description :

We’re going to rip open pcaps with Wireshark and learn how this protocol really works.

Training description :

Almost every attack, intrusion, scan, and exfiltration involves the TCP protocol at some point. Whether we are hacking a system and need to better understand how networks/systems are enumerated and IDS’s do their thing, or we are defending our domain from a botnet attack, a deep understanding of the TCP protocol will help us do our jobs better and faster. In this course, get ready to go deep into TCP. We’re going to rip open pcaps with Wireshark and learn how this protocol really works. Don’t worry, there is FAR more to learn past the three-way handshake! We will learn how the MSS works, receive windows, selective acknowledgements, retransmissions, and much, much more! We will examine how TCP scan, OS enumeration, exfiltration, and C2 traffic looks on the wire, and how TCP fields can help us to filter for it fast. This will be an action-packed, hands-on course for Wireshark beginners as well as seasoned pros who want to pick up some new tricks. There is something for all experience levels in this course, although it will be targeted to the early-intermediate cybersecurity professional.

Trainer(s) bio :

Chris Greer is a Packet Head. He is a Packet Analyst and Trainer for Packet Pioneer, a Wireshark University partner, and has a passion for digging into the packet-weeds and finding answers to network and cybersecurity problems. Chris has a YouTube channel where he focuses on videos showing how to use Wireshark to examine TCP connections, options, and unusual behaviors, as well as spotting scans, analyzing malware, and other IOC’s in the traffic. His approach to training is that if you aren’t having fun doing something, you won’t retain what you are learning, so he strives to bring as much hands-on and humor to the classroom as possible. Chris remembers what it was like to look at Wireshark for the first time, and knows how complicated packet analysis can be. With that in mind, he has designed an easy-to-follow course that will appeal both to the beginner and more advanced Packet Person.

Past content:

TCP Fundamentals (from Sharkfest – Approx 120 attendees): https://youtu.be/xdQ9sgpkrX8
TCP Congestion Control Explained- Advanced TCP Concepts: https://youtu.be/LNeZZZ_oslI
Analyzing NMAP with Wireshark: https://youtu.be/RxoQTV74s1c


Trainer(s) social media links :

https://twitter.com/packetpioneer
https://www.youtube.com/c/ChrisGreer
https://www.linkedin.com/in/cgreer/

Outline :

Day 1 : (Each topic has a hands-on lab)

Core Wireshark Concepts

The OSI Model and Protocol Headers
Capture Methods in a switched environment –Configuring a ring buffers with dumpcap

Configuring a Hacking Profile in Wireshark
Creating Custom Columns and Display filters

Core Protocols
ARP / IP / ICMP / DHCP / DNS Overview

TCP Analysis

Day 2 :


TCP Analysis (continued)

The Handshake and Options
Sequence and Acknowledgement
SACK and Dup Acks

Resets and Fins – how connections are torn down

What Firewalls and IDS look for – War Stories

Analyzing Attack Traffic – Threat Hunting

Packets and the MITRE ATT&CK framework

Configuring GeoIP

Catching an NMAP scan – Stealth, Null, Xmas, and Connect

How OS Enumeration works and how to catch it

Analyzing Malware Behavior on the Wire – Trickbot, Emotet and more

Technical difficulty :

This is an intermediate course that will not leave the beginner behind. The labs are also designed so more experienced users will not get bored. There will be CTF-style questions to keep them busy.

Suggested Prerequisites :

[]

What students should bring :

Laptop with a recent copy of Wireshark from wireshark.org.

DATE : August 14th-15th 2023
TIME : 8am to 5pm PDT
VENUE : Caesars Forum, Las Vegas, NV
TRAINER : Chris Greer
– 16 hours of training with a certificate of completion for some classes

– 2 coffee breaks are provided per day

– Note: Food is not included

Registration terms and conditions :

Trainings are refundable before July 1st, the processing fee is $250.

Trainings are non-refundable after July 10th, 2023.

Training tickets may be transferred. Please email us for specifics.

Failure to attend the Training without prior written notification, will be considered a No-Show. No refund will be given.

By purchasing this ticket you agree to abide by the DCT Code of Conduct and the registration terms and conditions listed above.
​


Hackable.sol: Smart Contract Hacking in Solidity $1,500 – Davide Cioccia

Paid Training DC Forum Page

URL= https://training.defcon.org/products…ng-in-solidity

Originally posted by URL Name of Training :
Hackable.sol: Smart Contract Hacking in Solidity

Description :
Identify vulnerabilities in Smart Contracts written in Solidity

Training description :
A 2-day full hands-on training where you will learn how to identify vulnerabilities in Smart Contracts written in Solidity. During the course, we will go over 12 labs inspired by the major hacks that saw companies lose millions of dollars, implement Smart Contracts, but also perform security reviews and detect security flaws using manual analysis and automated tools.

Some of the scenarios we will go through:

The list below contains some of the vulnerabilities that we will identify and fix in the labs:
  • Any user can cash out the money from the smart contract
  • Users can buy the subscription also with any wei amount
  • Any user can check the amount of money stored in the contract address
  • Reentrancy vulnerability
  • Block Timestamp Manipulation Vulnerability
  • Tx.origin: Authorization bypass
  • Integer Overflow and Underflow
  • BatchTransfer Overflow (CVE-2018–10299)
  • Unprotected SELFDESTRUCT
  • DelegateCall vulnerabilities
  • ….more
Trainer(s) bio :
Davide Cioccia is the founder of dcodx, a cybersecurity firm focusing on bridging the gap between development and security, working together with development teams to create and promote the DevSecOps security culture.

He is one of the first contributors to the OWASP Mobile Security Testing Guide and member of the SANS advisory board and Chapter Lead of DevSecCon Netherlands. He is also a speaker at international security conferences like BlackHat, OWASP AppSec, DevSecCon, Hacktivity and regional OWASP security events, where he presented different approaches and tools to automate mobile security testing in CI/CD, detect and prevent phishing attacks and automate infrastructure security in the release cycles.

On the personal side he loves to play racket sports, from tennis to padel, from ping pong to beach tennis. So hit him up for a match if you are in the Netherlands.
https://www.devseccon.com/chapters/dsc-netherlands/
https://appsecus2018.sched.com/event…-cicd-pipeline
https://www.blackhat.com/eu-18/arsen…-cioccia-36753

Trainer(s) social media links :
https://www.linkedin.com/in/davidecioccia/
https://twitter.com/davide107

Outline :
Intro to Ethereum and smart contracts
Course introduction
Bitcoin vs Ethereum
ETH history: The Four stages of development
POW vs POS
Sharding and Beacon Chain
Docking
Smart Contracts part 1
Smart Contracts basics
Ethereum Smart Contracts and Solidity
EVM

Accounts, Transactions and Gas
Storage, Memory and Stack
VSCode and Remix IDE
LAB: Functions visibility in Solidity
LAB: Our first smart contract
Smart Contracts part 2
Types, Enum and Events
Mappings
Inheritance
Modifiers
SCW registry: the Smart Contracts CWE
Reentrancy vulnerability: the DAO hack
LAB: Steal all my money (Reentrancy attack)
The Open Zeppelin ReentrancyGuard Smart Contract
Interfaces
LAB: Block Timestamp Manipulation Vulnerability
Authorization
Authorization in Smart Contracts
The Open Zeppelin Authorization Contracts
LAB: Authorization done properly
LAB: Tx.origin: Authorization bypass
DoS
SELFDESTRUCT
DoS With Block Gas Limit
DoS with Failed Call
More vulnerabilities
Integer Overflow and Underflow
LAB: Integer Overflow exploitation to drain smart contracts
LAB: BatchTransfer Overflow (CVE-2018–10299)
Libraries
Introduction to embedded and linked libraries
LAB: Delegatecall vs Call
LAB: Exploiting Proxy contracts and Delegate calls
Security auditing
Manual vs automated audit.
Introduction to Smart Contract reverse engineering
LAB: Tools: mythril
LAB: Tools: slither

How to build a comprehensive security auditing report
Hack them all
Final Smart Contract Hacking Challenge

Technical difficulty :
The course is for beginners/intermediate that have some knowledge about smart contracts
Knowledge of the topics below is only recommended but not mandatory for this course.
Blockchain
Smart contracts and Remix IDE
Basic understanding of decentralized applications and their applicability
Suggested Prerequisites :
The course starts from the basics of the blockchain and smart contracts.
Useful resources:

https://docs.soliditylang.org/en/v0.8.13/
https://ethereum.org/

What students should bring :
– Laptop with at least:
8 GB RAM
– Chrome Browser
DATE : August 14th-15th 2023
TIME : 8am to 5pm PDT
VENUE : Caesars Forum, Las Vegas, NV
TRAINER :Davide Cioccia
– 16 hours of training with a certificate of completion.
– 2 coffee breaks are provided per day
– Note: Food is not included

Registration terms and conditions :

Trainings are refundable before July 1st, the processing fee is $250.

Trainings are non-refundable after July 10th, 2023.

Training tickets may be transferred. Please email us for specifics.

Failure to attend the Training without prior written notification, will be considered a No-Show. No refund will be given.

By purchasing this ticket you agree to abide by the DCT Code of Conduct and the registration terms and conditions listed above.


Simulated Adversary – Jayson E. Street

Paid Training DC Forum Page

URL= https://training.defcon.org/products…training-2-400

Originally posted by URL Name of Training :
Simulated Adversary – Tactics & Tools Training

Description :
Attendees will learn how adversaries can attack in non-traditional ways.

Training description :
This class covers all aspects of an engagement, starting with online
research in a quick and efficient manner. Attendees will learn how
adversaries can attack in non-traditional ways. Jayson’s style focuses on
education over compromise by helping show how to move past finding
vulnerabilities into educating and improving the security of the target. The
emphasis for this class will be hands-on, real-world examples and
demonstrations that help companies understand the human side of social
engineering attacks.
Traditional pentest focuses on exposing vulnerabilities and showing how they
can be exploited. A Red Team engagement does a more in-depth simulation of
an advanced targeted attack with once again focusing on not just discovering
potential weaknesses in the target’s defenses but giving proof of concepts
showing they can be exploited. Jayson has created the Security Awareness
Engagement methodology for a way to show real world threats without actually
compromising or exploiting discovered vulnerabilities in a way that might
negatively impact the company. Instead simulations use non-intrusive
demonstrations that work in tandem with direct and immediate education of
Through the use of hands-on, real-world examples and demonstrations. This
class will go beyond Metasploit, popping shells and zero day exploits,
focusing on the most considerable threat a company faces, the human factor.
This class is not just for pentesters but also for security teams who want
to educate their employees. Class activities will introduce students to real
world simulations of how Social Engineering and Physical Compromise attacks
occur. Students will also participate in simulations where they use the
results from their labs to execute the attack, an attack with Jayson playing
the roles of the target to compromise.

Trainer(s) bio :
Jayson E. Street referred to in the past as:
A "notorious hacker" by FOX25 Boston, "World Class Hacker" by National
Geographic Breakthrough Series and described as a "paunchy hacker" by
Rolling Stone Magazine. He however prefers if people refer to him simply as
a Hacker, Helper & Human.

The Chief Chaos Officer of Truesec a global cybersecurity solutions
provider. The author of the "Dissecting the hack: Series" (which is
currently required reading at 5 colleges in 3 countries that he knows of).
Also the DEF CON Groups Global Ambassador. He’s spoken at DEF CON, DEF CON
China, GRRCon, SAINTCON & at several other CONs & colleges on a variety of
Information Security subjects. He was also a guest lecturer for the Beijing
Institute of Technology for 10 years.

He loves to explore the world & networks as much as he can. He has
successfully robbed banks, hotels, government facilities, Biochemical
companies, etc.. on five continents (Only successfully robbing the wrong
bank in Lebanon once all others he was supposed to)!

*He is a highly carbonated speaker who has partaken of Pizza from Bulgaria
to Brazil & China to The Canary Islands. He does not expect anybody to still
be reading this far but if they are please note he was proud to be chosen as
one of Time’s persons of the year for 2006.

Trainer(s) social media links :
https://twitter.com/ jaysonstreet : @ jaysonstreet
https://defcon.social/@ jayson : @ defcon.social/@jayson
https://infosec.exchange/@ jaysonestreet : @ infosec.exchange/@jaysonestreet
https://linkedin.com/in/jstreet/
JaysonEStreet.com & HackerAdventures.World

Outline :
Day 1 :
Introduction
Agenda
Differences
Who am I
Who are we
Current State of security awareness

Module 1
What is Social Engineering
Red Teaming or Physical Pentest
The human factor


Module 2 Recon
Recon online
Recon in real life
Presenting findings
Case study

Lab: Conducting your own recon

Module 3 Phishing
Phishing for results
Finding target
Impersonation
Finding emotional trigger
Case study

Lab: Constructing a phish using results from Module

Module 4: Importance of preparedness
Preparing for onsite engagement
Clarifying scope of work
Managing client expectations
Defining success
Get out of jail free card
Case Study

Lab: ‘Creating’ a "Get out of jail free" card

Module 5 Weapons of Mass Education & Learning to code in Ducky script
An overview of the tools such as Bash Bunny, Pineapple, OMG cables & rubber
ducky, Flipper Zero & other useful devices.
Purpose of these tools
Each student will be given a book on programming in Ducky script.
We will go over several chapters that I will teach from. This will give
students the understanding and ability to write their own beginner payloads
for the Rubber Ducky.
Case study

Day 2 :

Lab: Configuring the Rubber Ducky

Module 6 Infiltration of the Location
Persona creation
Passive infiltration
Assertive infiltration
Location infiltration
Commitment to your persona
Location
Time of attack
Population onsite

Lab: Creating your persona for your scenario

Module 7 Execution Phase
The attack
The approach
The target
Deployment
The escape
Case Study
Lab: Setting the stage and acting it out
Module 8 What’s next?
The aftermath
Dealing with compromised humans
Educating on the spot
Conveying the lessons to management
Covering the findings in a positive way
Case Study

Lab 7: Consoling and educating the compromised
Closing

Technical difficulty :
Beginners to start. Intermediate & advanced students to learn new techniques.

Suggested Prerequisites :
None

What students should bring :
A laptop and a desire to learn! A Hak5 Rubber Ducky will be provided for all
students.

DATE : August 14th-15th 2023
TIME : 8am to 5pm PDT
VENUE : Caesars Forum, Las Vegas, NV
TRAINER : Jayson E. Street
– 16 hours of training with a certificate of completion.
– Note: Classes that do not meet their minimum class size by July 15 will be canceled, please register early
– 2 coffee breaks are provided per day
– Note: Food is not included
Registration terms and conditions :

Trainings are refundable before July 1st, the processing fee is $250.

Trainings are non-refundable after July 10th, 2023.

Training tickets may be transferred. Please email us for specifics.

Failure to attend the Training without prior written notification, will be considered a No-Show. No refund will be given.

By purchasing this ticket you agree to abide by the DCT Code of Conduct and the registration terms and conditions listed above.


Cloud Forensics Workshop and CTF Challenge: Lab Rat Edition – Kerry Hazelton

Paid Training DC Forum Page

URL= https://training.defcon.org/products…ab-rat-edition

Originally posted by URL Name of Training :

Cloud Forensics Workshop and CTF Challenge: Lab Rat Edition

Description : (covers)

How the Cloud has evolved from large-scale virtual servers to smaller containers.

How small board computers or IoT devices can extend beyond the logical boundary of a Cloud.

How to mirror and capture valuable packet data within a virtual environment.

How to obtain and analyze a forensic image, memory capture, and metadata from a virtual instance.

How to obtain and analyze a forensic image from a container and from a small-board computer.

How to analyze logged API calls, storage access logs, metrics, traffic flows, and server logs look for evidence of suspicious activity.

Key similarities and differences between the three major Cloud Service Providers.

Recommended best practices for writing the after-action reports.

Finally, contest where students apply their knowledge.

Training description :

Now in its sixth iteration since its initial launch at BSides DC in October 2017, the Cloud Forensics Workshop and CTF Challenge have been a regular feature at multiple security conferences across the country where security professionals learn the core concepts of digital forensics and incident response in a Cloud computing environment. The newest version of this training session takes place over the course of two days, with Day Zero focusing on topics including how the Cloud has evolved from large-scale virtual servers to smaller, more scalable Docker or Kubernetes containers; how small board computers or IoT devices can extend beyond the logical boundary of a Cloud to gather and analyze critical data such as room temperature, humidity levels, or power levels from attached sensors before relaying the information back to the Cloud; how to mirror and capture valuable packet data within a virtual environment; how to obtain and analyze a forensic image, memory capture, and metadata from a virtual instance; how to obtain and analyze a forensic image from a container and from a small-board computer; how to analyze logged API calls, storage access logs, metrics, traffic flows, and server logs look for evidence of suspicious activity; recommended vendor and industry best practices for locking down a compromised Cloud environment; key similarities and differences between the three major Cloud Service Providers; and recommended best practices for writing the after-action reports. Day Zero will also feature plenty of hands-on lab exercises for students where they will gain practical experience on common open-source tools and techniques used in the field.


Day One will be the "capstone" where students will form teams and take on the CTF Challenge itself – an all-day competition where students can expect to be tested on not only what they learned from the day before, but combine it with their own experiences and knowledge as they tackle multiple puzzles of varying difficulty to earn points while competing for honors and prizes.

Past content:

Prior versions of this training have been taught at BSides DC (2017, 2019); BSides Charm (2018); BSides NoVA (2019, 2020); HOU.SEC.CON (2019); BSides KC (2019, 2022); BSides Idaho Falls (2019, 2021); BSides Tampa (2020); CyberjutsuCon (2022). The current version of this class ("Lab Rat Edition") is currently scheduled to be taught at BSides Tampa and HackMiamiCon.

BSidesDC 2017 – https://bsidesdc2017.busyconf.com/sc…41c9127a000268


BSidesDC 2019 – https://bsidesdc2019.busyconf.com/sc…54b6b4a30000ac


BSidesCharm 2018 – https://bsidescharm.org/archive/2018…forensics.html


BSidesNoVA 2019 – https://bsidesnova2019con.busyconf.c…8fd2450200005c


BSidesNoVA 2020 – https://bsidesnova2020.busyconf.com/…d21794d800001b


HOU.SEC.CON 2019 – https://web.archive.org/web/20190327171857/http://houstonseccon.org/training/


BSidesKC 2019 – https://bsideskc2019.busyconf.com/sc…ebbd459000010d


BSidesKC 2022 – https://bsideskc.org/activities/ (listed under "Trainings and Workshops")



BSides Idaho Falls 2021 – https://web.archive.org/web/20210923110258/https://www.bsidesidahofalls.org/cfw.html

Trainer(s) bio :

Kerry Hazelton has spent nearly twenty-five years of his career between Information Technology and Security, developing a deep knowledge of systems and network support, data center operations, Cloud computing, digital forensics, and incident response. As such, he considers himself a “cybersecurity enthusiast” due to his desire and motivation to read up on the latest trends within the industry, to learn about a new exploit or tool, or his willingness to teach and share with others his experiences over the years. He created the Cloud Forensics Workshop and CTF Challenge in 2017, which is a technical workshop that focuses on learning about the science of cloud forensics and its real-world applications, followed by a Capture-the-Flag competition to gauge his students’ comprehension and critical-thinking skills by solving multiple forensics puzzles in a race against each other within the allotted amount of time.

He can be found posting his random thoughts on gaming, hacking, or life in general via Twitter under the handle of @ ProfKilroy .

Trainer(s) social media links :

https://twitter.com/ProfKilroy
https://infosec.exchange/@professor_kilroy

Outline :

Day 1 : (Day 0)

Training Day (Day 0) – Labs and Group Discussion (each lab will run about 30 to 45 minutes, group discussions about 5 to 10 minutes)


**Group discussion: How the Cloud has Become a Lot Smaller (Bigger?)

**Lab One: Configuring Traffic Mirroring and using Wireshark to capture and analyze the data

**Lab Two: Analysis of Logs to Identify Potential Indicators of Compromise

**Lab Three: Cloud account isolation using Organizational Units and Service Control Policies

**Group discussion: Key similarities and differences between AWS, Azure, and GCP

**Group discussion: How to identify Indicators of Compromise, Vendor and Industry Best Practices to Locking Down an Environment

**Lab Four: Acquisition and analysis of forensic evidence from a compromised virtual server: forensic image, memory capture, metadata

**Lab Five: Acquisition and analysis of forensic evidence from containers and IoT/Edge Devices

**Group Discussion: Encryption vs encoding, Steganography (under which conditions will we see evidence of encryption, encoding, or data exfiltration using steganography)


**Lab Six: Analysis of Portable Executable files using CFF Explorer

**Lab Seven: How Cloud-native tools such as Athena, Detective, Security Hub, and their Azure/GCP counterparts can help identify potential issues in the Cloud

**Group Discussion: After-Action Reporting

**Recap/Q&A Session

Students will pre-register for the CTF Challenge after the end of the training session. I will be available to assist with registration issues.

Day 2 : (Day 1)

All-day CTF Challenge. Students will be given pre-configured forensic images, PCAPs, logs, and other files to dissect as they will need to extract artifacts I will designate as "flags" in order to earn points. The top three teams will earn prizes, and a special prize will be awarded to the person who turns in the highest individual score.


Technical difficulty :

Intermediate to Advanced.

Suggested Prerequisites :

It is recommended students have a good understanding of Cloud environments and/or digital forensics. It is also recommended that students have some prior experience with tools such as Wireshark, TSK/Autopsy, Volatility and/or YARA, and examining portable executables or malware (but not necessary).

White papers can include those readily available from AWS, Microsoft, and/or Google regarding Cloud environments. I also recommend researching white papers published by Cado Security (as a side note, it was one of their early white papers I came across which helped form the foundation of this class. I have a standing agreement with them to refer to their material and give them credit, but I cannot use their tools and attempt to pass them off as my own) and by Dr. Raymond Choo at UTSA. Of course, there’s always YouTube where students can take a crash course in learning about how to use tools such as TSK/Autopsy, Volatility, and YARA.

What students should bring :

Students will need to bring their laptops with them. Minimum specs should be at least an 8th or 9th generation Intel i5 processor (or AMD equivalent) and 16GB of RAM. A Windows environment is preferred, but attendees are welcome to use MacOS or their personal flavor of Linux.

DATE : August 14th-15th 2023
TIME : 8am to 5pm PDT
VENUE : Caesars Forum, Las Vegas, NV
TRAINER : Kerry Hazelton

– 16 hours of training with a certificate of completion.


– 2 coffee breaks are provided per day
– Note: Food is not included

Registration terms and conditions :

Trainings are refundable before July 1st, the processing fee is $250.

Trainings are non-refundable after July 10th, 2023.

Training tickets may be transferred. Please email us for specifics.

Failure to attend the Training without prior written notification, will be considered a No-Show. No refund will be given.

By purchasing this ticket you agree to abide by the DCT Code of Conduct and the registration terms and conditions listed above.
​


Hands-on incident response in the cloud — Microsoft edition $2,250 – Korstiaan Stam

Paid Training DC Forum Page

URL= https://training.defcon.org/products…rosoft-edition

Originally posted by URL Name of training:
Hands-on incident response in the cloud — Microsoft edition
Trainer information:
Korstiaan Stam is the Founder and CEO of Invictus Incident Response & SANS Trainer – FOR509: Cloud Forensics and Incident Response
Trainer bio:
Korstiaan is a passionate incident responder, preferably in the cloud. He developed and contributed to many open-source tools related to cloud incident response. Korstiaan has gained a lot of knowledge and skills over the years which he is keen to share.
Way before the cloud became a hot topic, Korstiaan was already researching it from a forensics perspective. “Because I took this approach I have an advantage, because I simple spent more time in the cloud than others. More so, because I have my own IR consultancy company, I spent a lot of time in the cloud investigating malicious behavior, so I don’t just know one cloud platform, but I have knowledge about all of them.” That equips him to help students with the challenge of every cloud working slightly or completely different. “If you understand the main concepts, you can then see that there’s also a similarity among all the clouds. That is why
I start with the big picture in my classes and then zoom in on the details. Korstiaan also uses real-life examples from his work to discuss challenges he’s faced with students to relate with their day-to-day work. “To me, teaching not only means sharing my knowledge on a topic, but also applying real-life implications of that knowledge. I always try to combine the theory with the everyday practice so students can see why it’s important to understand certain concepts and how the newly founded knowledge can be applied.”
Trainer social media links:
Twitter: https://twitter.com/InvictusIR & https://twitter.com/korstiaans
LinkedIn: https://linkedin.com/in/korstiaanstam
Blog: https://invictus-ir.medium.com/
Repository with tools & research: https://github.com/invictus-ir
Past content:
This is a new training so no information is available yet. I do however have several videos of myself speaking/discussing various topics, please find them below:
Release of new Microsoft IR tools livestream:
https://www.youtube.com/live/I7aIi6R3NMk?
Presentation at SANS DFIR Summit 2022:
https://youtu.be/HzuVhbpO_go
Presentation at SANS DFIR Summit 2021:
https://youtu.be/sV-BzlHSyes
Mnemonic security podcast
http://youtu.be/ZMQcTSOsZik.

Class outline

Overview – Day 1 Microsoft Azure
On day 1 an overview of services in the Azure cloud relevant to IR is provided. Followed by a deep dive into how Azure clouds are often configured in client environments. We will then look at all the different log sources available in Azure that can be used for IR and how we can export out these logs. You will learn how to find real life attacks in the various Microsoft Azure log sources.
Exercises
  • Exploring the training environment
  • Acquisition and analysis of Azure logs
  • KQL querying
  • Building your own Graph app for IR
  • Investigate a cloud compromise in Azure
  • Azure CTF
  • Acquisition & Exploration of the UAL
  • Investigating an espionage campaign in Microsoft 365
  • Automated analysis of a Microsoft 365 environment
  • Microsoft 365 CTF
Topics covered
Day 1- Morning session
  • Azure IR introduction
  • Azure terminology
  • Exercise: Exploring the training environment
  • Azure compute components for IR
  • Azure network components for IR
  • Azure storage components for IR
  • Azure security components for IR
  • Azure Active Directory
  • Azure Audit & Logging
  • Exercise: Acquisition and analysis of Azure logs
  • Setup in-cloud IR environment
  • KQL for Incident Response
  • Exercise: KQL querying
Day 1- Afternoon session
  • Graph API for Incident Response
  • Exercise: Building your own Graph app for IR
  • Azure Attack techniques
    • Overview of Azure Attacks
    • ATT&CK phases
    • Azure attack tools
  • Exercise: Investigate a cloud compromise in Azure
  • Azure IR tools and Techniques
  • Exercise: Azure CTF
Day 2 – Morning session
  • Microsoft 365 IR introduction
  • Unified Audit Log (UAL)
  • Overview of forensic artefacts
    • Forwarding Rules
    • Mailbox audit log
    • Message trace log
  • Exercise: Acquisition & Exploration of the UAL
  • Microsoft 365 Attack techniques
    • Initial access
    • Execution
    • Persistence
Day 2 – Afternoon session
  • Microsoft 365 Attack scenarios
  • Exercise: Investigating an espionage campaign in Microsoft 365
  • Microsoft 365 IR Tools and Techniques
  • Exercise: Automated analysis of a Microsoft 365 environment
  • Best practices for remediation and recovery in Microsoft 365
  • Exercise: Microsoft 365 CTF
  • Wrap-up & Price ceremony



Technical difficulty of the class:
Beginner/Intermediate.
Experience in the Microsoft cloud will prove very useful to be able to keep up. Experience with PowerShell and/or KQL is not required but will help you to gain even more from the training. You must also not be afraid of the command-line interface as this will be a handson training and not everything will be in the GUI.
Items students will need to provide:
A laptop running Windows, whether it’s native or in a virtual machine. Also, laptop must have a browser that can access the Microsoft Portals and the ability to run PowerShell tools. I suggest to not use corporate laptops for this training.
DATE : August 14th-15th 2023
TIME : 8am to 5pm PDT
VENUE : Caesars Forum, Las Vegas, NV
TRAINER : Korstiaan Stam
– 16 hours of training with a certificate of completion.
– 2 coffee breaks are provided per day
– Note: Food is not included
Registration terms and conditions :
Trainings are refundable before July 1st, the processing fee is $250.
Trainings are non-refundable after July 10th, 2023.
Training tickets may be transferred. Please email us for specifics.
Failure to attend the Training without prior written notification, will be considered a No-Show. No refund will be given.
By purchasing this ticket you agree to abide by the DCT Code of Conduct and the registration terms and conditions listed above.


A Practical Approach to Breaking & Pwning Kubernetes Clusters $2,800 – Madhu Akula

Paid Training DC Forum Page

URL= https://training.defcon.org/products…tes-clusters-2

Originally posted by URL Name of Training :
A Practical Approach to Breaking & Pwning Kubernetes Clusters

Description :
Tactics, Techniques, and Procedures (TTPs) to attack and assess Kubernetes clusters environments at different layers.

Training description :
The adoption of Kubernetes use in production has increased to 83% from a survey by CNCF. Still, most security teams struggle to understand these modern technologies.
In this real-world scenario-based training, each participant will be learning Tactics, Techniques, and Procedures (TTPs) to attack and assess Kubernetes clusters environments at different layers like Supply chain, Infrastructure, Runtime, and many others. Starting from simple recon to gaining access to microservices, sensitive data, escaping containers, escalating to clusters privileges, and even its underlying cloud environments.
By end of the training, participants will be able to apply their knowledge to perform architecture reviews, security assessments, red team exercises, and pen-testing engagements on Kubernetes Clusters and Containersed environments successfully. Also, the trainer will provide step by step guide (Digital Book) with resources and references to further your learning.

Trainer(s) bio :
Madhu Akula is a pragmatic security leader and creator of Kubernetes Goat, an intentionally vulnerable by design Kubernetes Cluster to learn and practice Kubernetes Security. Also published author and Cloud Native Security Architect with extensive experience. Also, he is an active member of the international security, DevOps, and Cloud Native communities (null, DevSecOps, AllDayDevOps, AWS, CNCF, USENIX, etc). He holds industry certifications like CKA (Certified Kubernetes Administrator), CKS (Certified Kubernetes Security Specialist), OSCP (Offensive Security Certified Professional), etc.

Madhu frequently speaks and runs training sessions at security events and conferences around the world including DEFCON 24, 26, 27, 28, 29 & 30, BlackHat 2018, 19, 21 & 22, USENIX LISA 2018, 19 & 21, SANS Cloud Security Summit 2021 & 2022, O’Reilly Velocity EU 2019, Github Satellite 2020, Appsec EU (2018, 19 & 22), All Day DevOps (2016, 17, 18, 19, 20 & 21), DevSecCon (London, Singapore, Boston), DevOpsDays India, c0c0n(2017, 18), Nullcon 2018, 19, 21 & 22, SACON, Serverless Summit, null and multiple others.

His research has identified vulnerabilities in over 200+ companies and organizations including; Google, Microsoft, LinkedIn, eBay, AT&T, WordPress, NTOP, Adobe, etc. and is credited with multiple CVE’s, Acknowledgements, and rewards. He is co-author of Security Automation with Ansible2 (ISBN-13: 978-1788394512), which is listed as a technical resource by Red Hat Ansible. He is the technical reviewer for Learn Kubernetes Security, Practical Ansible2 books by Packt Pub. Also won 1st prize for building an Infrastructure Security Monitoring solution at InMobi flagship hackathon among 100+ engineering teams.
Trainer(s) social media links :
https://twitter.com/madhuakula
https://www.linkedin.com/in/madhuakula/
https://github.com/madhuakula
Previous content:
Blackhat DEF CON TRAININGS LV 2022 Outline :
Section-1 :
* Kubernetes 101 – Fasttrack Edition
* Security Architecture review & Attack Trees using MITRE ATT&CK framework
* `kubectl` kung-fu to explore the cluster
* Attacking the supply chain by exploiting private registry
* Pwning the container images and gaining access to the cluster
* Exploiting security misconfigurations in the cluster
Section-2 :
* Escaping out of the container to the host system to gain more privileges
* Bypassing NSP and gaining unauthorized access to other microservices
* Lateral movement from container to node and then complete cluster access
* Escalating from ServiceAccount to more RBAC privileges (No least privileges)
* Helm with Tiller service = ClusterPwn (Complete cluster takeover)
* Gaining access to k8s volumes, logs of the services, and sensitive data
* From application vulnerability to cloud provider access (attack chain)
Section-3 :
* Hacker Container – The Swiss Army knife for hacking Kubernetes Clusters
* Exploiting Kubernetes Secrets and gaining access to third-party services
* DoS the services and cluster nodes by resources exemption
* Understanding Admission controller and possible attack surface around Webhooks
* Persisting in the clusters using Sidecar/Cronjob/DaemonSets
* Defense evasion techniques for Kubernetes Cluster environments
* Some useful hacks around `kubectl` (cheatsheet will be provided)
Section-4 :
* Tools, and techniques beyond manual exploitation and analysis
* KubeAudit, KubeSec, popeye, trivy, dockle, rakkess, linters, and many others…
* Performing Docker & K8S CIS benchmarks to find all the possible security risks
* Auditing the cluster security posture from Code to Production running cluster
* Real-World case studies of Kubernetes Hacking, Vulnerabilities, and Exploits
* Best practices, Recommendations based on the Security Maturity
* Resources & references to further your attacks, exploitation, more learning

Technical difficulty :
Intermediate
  • Able to use Linux CLI
  • Basic understanding of system administration
  • Experience with Docker and Containers ecosystem would be useful
  • Security Experience would be plus
Suggested Prerequisites :
My DEFCON 26 workshop on Attacking & Auditing Docker Containers Using Open Source tools and its video available at https://www.youtube.com/watch?v=ru7GicI5iyI

What students should bring :
Students will need a laptop with Wi-Fi capability.
I will be providing students with
  • Custom built Kubernetes Cluster environment (everyone gets their own)
  • Step by Step Digital Guide book for the entire training
  • Kubectl cheatsheet, Checklist of tools, and other resources
DATE : August 14th-15th 2023
TIME : 8am to 5pm PDT
VENUE : Caesars Forum, Las Vegas, NV
TRAINER : Madhu Akula
– 16 hours of training with a certificate of completion.
– 2 coffee breaks are provided per day
– Note: Food is not included.

Registration terms and conditions :

Trainings are refundable before July 1st, the processing fee is $250.

Trainings are non-refundable after July 10th, 2023.

Training tickets may be transferred. Please email us for specifics.

Failure to attend the Training without prior written notification, will be considered a No-Show. No refund will be given.

By purchasing this ticket you agree to abide by the DCT Code of Conduct and the registration terms and conditions listed above.
​


– Offensive IoT Exploitation $2,000

Paid Training DC Forum Page

URL= https://training.defcon.org/products…t-exploitation

Originally posted by URL Name of Training :
Offensive IoT Exploitation

Description :
This course teaches security professionals and hackers how to identify and exploit security vulnerabilities in IoT devices.

Training description :
As IoT becomes more integrated and integral into personal and work lives, there is a growing need to understand the inner workings of IoT devices and ensure these devices are secure. This course teaches security professionals and hackers how to identify and exploit security vulnerabilities in IoT devices. Participants will learn to interact with hardware debug capabilities, communicate with memory devices, and virtualize and analyze firmware. The course also covers various hardware attacks including glitching and side channel attacks, as well as diving into communications protocols, including Bluetooth, Zigbee, Thread and Matter. Participants will gain hands-on experience with industry tools and techniques. This course is suitable for security professionals, penetration testers, and hackers with basic programming and computer system knowledge, and equips them with skills to discover new vulnerabilities in IoT devices.
This was the largest class at the inaugural DEF CON trainings. We expect this course to sell out so book your seat today!
We believe firmly that you learn best from doing, which is why our course is jampacked with approximately 10 hands-on exercises throughout the 2 days of the course.
Many courses either scratch the surface of IoT or go very deep into specific topics. Our course strikes a balance between breadth and depth , giving the student a solid foundation from which to start researching IoT Security
We know our stuff – after winning the DEF CON black badge at DEF CON 26, we have been an integral part of the IoT Village both at DEF CON and other conferences throughout the world. Our team developed the IoT 101 Labs that had lineups out the door of IoT Village at DEF CON 27. We have contributed to the IoT CTF since DEF CON 27, but starting this year our team is bring the new Embedded Systems Village to DEF CON.
Trainer(s) bio :
Trevor Stevado
Trevor Stevado is a renowned security consultant and the founder of Loudmouth Security. With over 15 years of experience in the industry, Trevor has developed a deep understanding of cyber security and is recognized as an expert in his field. In 2018, Trevor won a Black Badge in the IoT CTF at DEF CON 26, and since then, he has been a regular contributor to IoT Village. In fact, he’s now one of the founders of the new Embedded Systems Village, where he continues to push the boundaries of security research.
In addition to his technical expertise, Trevor is an exceptional teacher with a proven track record of success. He’s adept at explaining complicated technical findings to executive management teams, and he’s spent years mentoring younger hackers coming into the field. Trevor’s ability to teach stems from his passion for the subject matter and his dedication to continuous learning. He’s always seeking out new information and insights, which he incorporates into his courses to provide the most up-to-date and relevant training possible.
Trevor Hough
Trevor Hough is a partner and passionate security researcher at Loudmouth Security. With extensive experience participating in large-scale cyber training operations involving embedded systems, Trevor has become a recognized expert in his field. He has an insatiable curiosity and has performed research on some of the weirdest and coolest embedded systems around, discovering and disclosing bugs in the process.
Trevor has a deep technical knowledge and passion for security that’s evident in his work. He won a Black Badge in the IoT CTF at DEF CON 26 and has been a regular contributor to DEF CON ever since. Trevor is part of the team that’s bringing the new Embedded Systems Village to DEF CON 31, where he’s excited to push the envelope of bigger, cooler, and more exotic systems that attendees can interact with. He is a highly skilled trainer who’s always eager to share his knowledge and experience with others.
Nicholas Coad
Nicholas is a consultant at Loudmouth Security and an accomplished PCB designer with extensive knowledge of hardware. He brings his expertise to our training team, where he’s an invaluable asset. Nicholas is also a regular contributor to IoT Village and part of the team behind the new Embedded Systems Village.
Prior to joining Loudmouth Security, Nicholas worked as an IT administrator for industrial and manufacturing companies, where he gained invaluable experience about the practical applications of embedded systems. This hands-on experience gives him a unique perspective that he brings to this training.
Nicholas is an exceptional trainer with a passion for sharing his knowledge and experience with others. He’s a key member of our team, and his expertise in PCB design and embedded systems makes him an invaluable resource to our students.
Patrick Ross
Patrick is a seasoned security expert with a wealth of experience in the field. As a member of the team that won the Black Badge at DEF CON 26 in the IoT CTF, Patrick is recognized as one of the top experts in his field. He’s also a DEF CON goon and an integral part of the team behind the new Embedded Systems Village.
Patrick’s expertise lies in the virtualization of embedded devices, and he’s one of the key researchers behind the MIPS-X project. His deep technical knowledge and experience make him a valuable asset to Loudmouth Security’s training team.
In addition to his technical skills, Patrick is an exceptional teacher with superb teaching skills. He’s passionate about sharing his knowledge and experience with others, and he’s committed to helping organizations stay ahead of the latest cyber threats.
Trainer(s) social media links :
https://twitter.com/_t1v0_ : @ _t1v0_
https://twitter.com/2fluffyhuffy : @ 2fluffyhuffy
Outline :
The course is broken down into the following sections:
  1. Introduction to IoT and Embedded Device Hacking
    • Overview of devices & device architectures
    • What is firmware?
    • Introduction to digital signals analysis
    • Linux command line refresher
  2. Interacting with Hardware Debugging Interfaces
    • Overview of hardware debugging interfaces
      1. UART
      2. JTAG
    • Using UART and JTAG to debug or extract firmware from devices
  3. Communicating with Memory Devices
    • Overview of memory devices commonly used in IoT systems, such as flash memory, EEPROM, and SD cards
    • Communicating with common memory devices
      1. SPI Flash
      2. eMMC
      3. Parallel Flash via I2C
    • Challenges encountered when communicating with memory devices
  4. Analyzing Firmware for Security Vulnerabilities
    • Extracting firmware from binary files
    • Tools for analyzing firmware, including disassemblers and debuggers
    • Overview of common vulnerabilities found in IoT
    • Where to look for vulnerabilities
    • Reverse engineering firmware
    • Identifying security vulnerabilities using code analysis and fuzzing
  5. Virtualizing Firmware
    • Overview of firmware virtualization
    • Reasons for virtualizing firmware
    • Techniques for virtualizing firmware, such as emulators and hypervisors
    • Advantages and disadvantages of firmware virtualization
  6. Glitching and Side Channel Attacks
    • Overview of glitching and side channel attacks
    • Identifying vulnerabilities through glitching and side channel attacks
    • Tools for performing glitching and side channel attacks
  7. Communications Protocols in Embedded Systems
    • Overview of communications protocols commonly used in IoT systems, such as Bluetooth, and Zigbee, Thread and Matter
    • Overview of application protocols such as MQTT and UPnP
    • Analyzing and reverse engineering communications protocols
    • Tools and techniques for sniffing and spoofing communications protocols
Technical difficulty :
Beginner to Intermediate. This is a compressed course and will move quickly.
Suggested Prerequisites :

What students should bring :
  • A willingness and desire to learn
  • Understanding of common networking protocols
  • Basic familiarity of virtualization technologies
  • Basic familiarity of Windows and Linux
  • Basic understanding of penetration testing
  • Laptop with 16GB RAM and at least 40GB free disk space
  • External ethernet adapter
  • VMware Player/Workstation/Fusion or VirtualBox installed
  • Administrator/Root access to their host Operating
DATE : August 14th-15th 2023
TIME : 8am to 5pm PDT
VENUE : Caesars Forum, Las Vegas, NV
TRAINER : Trevor Stevado, Trevor Hough, Nicholas Coad, Patrick Ross
– 16 hours of training with a certificate of completion
– 2 coffee breaks are provided per day
– Note: Food is not included
Registration terms and conditions :

Trainings are refundable before July 1st, the processing fee is $250.

Trainings are non-refundable after July 10th, 2023.

Training tickets may be transferred. Please email us for specifics.

Failure to attend the Training without prior written notification, will be considered a No-Show. No refund will be given.

By purchasing this ticket you agree to abide by the DCT Code of Conduct and the registration terms and conditions listed above.


SOC 101 – Rod Soto

Paid Training DC Forum Page

URL= https://training.defcon.org/products…alyst-bootcamp

Originally posted by URL Name of Training :
SOC 101 – SOC 1 Analyst Bootcamp

Description :
This course will provide students with extensive hands-on exercises and labs that emulate real-life security operation center tasks and related technologies.

Training description :
During this comprehensive course, tools and methodologies that are used in Security Operation Centers will be introduced and detailed. This course will provide students with extensive hands-on exercises and labs that emulate real-life security operation center tasks and related technologies.

From text handling, packet dissection, and analysis, to adversarial simulation and detection engineering, this course will provide students with a solid base of skills and a comprehensive understanding of a Security Operations Center (SOC) Analyst job.

The focus will be geared toward basic, hands-on skills that allow students to perform and excel at baseline SOC tasks.

Hardware & Minimum Course Requirements:
A laptop with 16GB of RAM and the ability to run Virtual Machines. Understanding of basic networking concepts and basic Linux comprehension.

Target Audience:
This training is geared towards Information Technology, Computer System, or Computer Network Professionals seeking to enter the Information Security Industry while enriching those who seek to develop the skills and knowledge necessary to work at a Security Operations Center.

Skills that will be learned:
This course will provide students with the necessary skills and knowledge to work in a Security Analyst 1 job and understand the dynamics of a Security Operations Center
Past content:

Rod Soto Udacity Instructor https://www.udacity.com/course/secur…odegree–nd698
Rod Soto RSA Conference 2021
https://www.rsaconference.com/Librar…0Hacking%20101
Rod Soto – Red Team Village – Adversarial Simulation Workshop 2 hours. https://www.youtube.com/watch?v=YEnL8QfFlJI
Rod Soto – Linux Threat Detection using Attack Range – Texas CyberSummit 2022 https://www.youtube.com/watch?v=YEnL8QfFlJI
For new Trainers, so the Review Board is able to get a sense of your presentation style, do you have a video sample of any previous conference presentations or training? (Optional)
Rod Soto – Red Team Village – Adversarial Simulation Workshop 2 hours. https://www.youtube.com/watch?v=YEnL8QfFlJI

Trainer(s) bio :
Rod Soto has over 15 years of experience in information technology and security. Has worked in Security Operations Centers as a support engineer, soc engineer, security emergency response, and incident response. Currently working as a detection engineer and researcher at Splunk Threat Research Team. Previously worked at Prolexic/AKAMAI, Splunk UBA, JASK (SOC Automation).
Rod Soto was the winner of the 2012 BlackHat Las Vegas CTF competition and Red Alert ICS CTF at DEFCON 2022 contest. He has spoken at ISSA, ISC2, OWASP, DEFCON, RSA Conference,Hackmiami, DerbyCon, Splunk .CONF, Black Hat,BSides, Underground Economy and also been featured in Rolling Stone Magazine, Pentest Magazine, Univision, BBC, Forbes, VICE, Fox News and CNN.

Trainer(s) social media links :
https://twitter.com/rodsoto : @ rodsoto

Outline :
Day 1 :
Introduction to SOC & SOC-related technologies (2 hours)
Whoami
What is a SOC
Types of SOC
What is expected of a SOC Analyst (SOC 101)
Security Principles
Access Controls
SOC Security Technologies
Principles of Defense in Depth
Defense in Depth technologies
SOC main focus – Endpoints (Linux – Windows)
Linux Access Controls (DAC, MAC), Access Log locations
Exercise 1. Linux Access Controls, Linux Access Logs (grep, awk, and cli tools)
Exercise 2. Windows Access Controls – NTFS & Active Directory
(SysIinternals AccessEnum, Powershell & Windows CLi commands)
User Groups, Permissions, NTFS folder and file permissions.
Security Events & Data Manipulation (2 hours)
What is a security event?
Security Event Types
Triage of Security Events/Incidents
Logs & Text manipulation
– Logs, metadata, management, ETL, storage
– Linux, PowerShell, Batch – GREP, AWK, SED, REGEX
– Log and Metadata Standards – CIM, WWW, JSON, XML, SYSMON, SYSLOG, CSV
– Linux Logs → locations and structure
– Windows Logs → locations and structure
Exercise –
Use Regex against CSV, WWW, RAW logs to find security events relevant metadata
Use PowerShell to view, parse and find data in files
Use cat, grep, sed, and awk to manipulate, find data and understand the structure of log files (syslog, sysmon, json, xml)
Identify attack vector in logs
Networking – Threat Detection & Analysis (2 hours)
Network Basics
Basic TCP/IP – OSI Layers, distribution by protocol RFCs
Netflow
Packet Capture
Wireshark, TCPDump
PCAP readers – Chaos Reader, Foremost, Network Miner, Arkime
Network Analysis and threat detection
Arkime
Suricata
Exercise –
Use TCPdump & Wireshark to find attack signatures in attack pcaps
Use NetworkMiner to mine and identify information
Use Arkime to capture and obtain pcaps
Replay pcap and visualize detection in Suricata
Vulnerabilities & Attacks (2 hours)
Vulnerabilities & Attacks SOCs are exposed
Endpoints
Servers
Applications
Cloud
Industry Nomenclature
Mitre CVEs, Mitre ATT&CK, OWASP TOP 10
TLP Protocol
CVSS
Industry Compliance Frameworks
Risk & Threat Modeling
Exercise –
Identify vulnerability, score RISK, and calculate CVSS
Identify APT 28 TTPs
Perform RDP attack against a windows host and find related policies and security logs
Identify OWASP Top 10 attack in a campaign (sqli / nginx logs)

Day 2 :

Management of logs (3 hours)
How to send logs to a centralized location
→ syslog, rsyslog, netcat
– Windows Event Subscription
– malware related logs
Malware-centric logs → registry, evtx/xml, json, www
Management of centralized logs
SIEM
SPLUNK
Elastic
Introduction to EDR
Wazuh
OpenEdr
Exercise
Use docker to create a Splunk Instance and upload data, find a threat in the uploaded data
Use docker to create Elastic instance upload data and find threat
Operate a Wazuh Instance to load data and discover and analyze threats
Install OpenEdr and detonate threats to verify detection
Use EICAR file to visualize windows defender and logs at endpoint and SIEM
Use Elastic EDR to find threats
Adversarial Simulation & Detection Engineering (3 hours)
Infrastructure as Code
Adversarial Simulation Frameworks
Atomic Red Team
Operator
Splunk Attack Range
Manual exploitation
Detection engineering Windows (Sysmon)
Detection Engineering Linux (Syslog)
Exercise
Execute Atomic Red Team atomics against a target
Device a detection from collected logs
Execute an attack on Linux host, detect an attack from collected logs
SOC challenges and interactions (1 hour)
Cryptography and the SOC
Incident Response
SOC Periphery teams
CTF (1 hour)

Technical difficulty :
Beginner.
Suggested Prerequisites :
Basic understanding of Windows and Linux Command Line, as well as basic networking skills (TCP/IP)

What students should bring :
A laptop with 16GB of RAM and the ability to run Virtual Machines. Understanding of basic networking concepts and basic Linux comprehension.
*Due to virtualization issues with M2 Apple Chip based laptops, these types of laptops are NOT supported for this training. Please bring Intel-based laptops that support x86 virtualization.

DATE : August 14th-15th 2023
TIME : 8am to 5pm PDT
VENUE : Caesars Forum, Las Vegas, NV
TRAINER : Rod Soto
– 16 hours of training with a certificate of completion
– 2 coffee breaks are provided per day.
– Note: Food is not included.
Registration terms and conditions :

Trainings are refundable before July 1st, the processing fee is $250.

Trainings are non-refundable after July 10th, 2023.

Training tickets may be transferred. Please email us for specifics.

Failure to attend the Training without prior written notification, will be considered a No-Show. No refund will be given.

By purchasing this ticket you agree to abide by the DCT Code of Conduct and the registration terms and conditions listed above.


Hacking Cryptography $2,000 – Ruben Gonzalez

Paid Training DC Forum Page

URL= https://training.defcon.org/products…g-cryptography

Originally posted by URL Name of Training :

Hacking Cryptography

Description :

We’ll deep-dive into modern cryptography. We’ll learn how it works, how it is often times misused and how that leads to exploitable bugs.
Moreover, participants will learn how common cryptography screwups can be exploited.

Training description :

Cryptography is everywhere, whether you like it or not. Our laptops, phones, printers, cars, bank cards and washing machines use cryptography to authenticate, keep things confidential and make sure messages aren’t tampered with. However, very often developers, pentesters, system designers and code auditors are confronted with cryptography without having the gear to properly assess security of a specific use case.

During this training we’ll deep-dive into modern cryptography. We’ll learn how it works, how it is often times misused and how that leads to exploitable bugs.
Moreover, participants will learn how common cryptography screwups can be exploited. To foster skills, participants will write their own exploits and use them on real world systems provided by us.

The first day will prepare you for (ab)using cryptography in products and services by going over the basic terminology, explaining modern primitives and showing common misuses of those primitives. You’ll learn about tools and techniques to abuse such misuses along the way. On day two, we’ll move on to more advanced primitives used in asymmetric cryptography and see how everything we have learned is employed in protocols and standards (such as TLS, JWT and FIDO).

Certificate: At the end of the course participants can take a test to certify their knowledge.


Previous Training: This training was previously held at private corporations.

Trainer(s) bio :

Ruben Gonzalez (Lead Trainer, He/Him):

* 10 years in offensive security research
* Bug hunter for cryptography code
* Lead trainer at Neodyme.io
* Auditor of crypto code for multiple large industry projects
* Part-time PhD candidate for cryptographic implementations at the Max Planck Institute
* Multi-time DEFCON CTF finalist (team Sauercloud)
* Twitter: redrocket_ctf

Tim Schmidt (Support Trainer, He/Him):

* 5 years in vulnerability research
* Tinkerer and Hardware Hacker
* Profound interest in real-world attacks on cryptography
* Multi-time DEFCON CTF finalist (team Sauercloud)
* Trainer at Neodyme.io

Trainer(s) social media links :

Outline :

Day 1 :


* Introduction to Cryptography
* Basic Terminology
* Security Guarantees
* Composition of Primitives
* Attack Categorization

* Working with Crypto Tools
* Manipulating Raw Bits and Bytes in the Terminal
* Using OpenSSL on the command line
* Introduction to Cyber Chef
* **Challenge Lab: OpenSSL and Cyber Chef**

* Symmetric Crypto
* Stream Ciphers
* Introduction to Stream Ciphers
* The One Time Pad and XOR Ciphers
* Leveraging Partially Known Plaintext
* Modern Stream Ciphers: Salsa20/Chacha, RC4
* Nonce Reuse Attacks
* **Challenge Lab: (Ab)using Stream Ciphers**
* Block Ciphers
* Introduction to Block Ciphers (AES, 3DES)
* Modes of Operation (ECB, CBC, CTR, XTS)
* Bit Flipping & Nonce Reuse Attacks
* Padding Oracle Attacks
* **Challenge Lab: (Ab)using Block Ciphers**
* Encrypting Data at Rest
* (Compression) Side Channel Attacks

* Hash Functions and Message Authentication Codes
* Introduction to Hash Functions
* Collision Attacks (SHA1/MD5)
* Length Extension Attacks
* Password Recovery with Rainbow Table Attacks
* SHA3, SHAKE and Sponge Constructions
* **Challenge Lab: (Ab)using Hash Functions and PW Cracking**

* Introduction to Message Authentication Codes
* Introduction to Message Authentication Codes
* Pitfalls on trivial constructions
* Authenticated Encryption Modes
* **Challenge Lab: (Ab)using MACs and AuthEnc**

* Entropy and Randomness
* Generating Secure Keys
* Introduction to the Linux Entropy Pool
* Misuse of Pseudo Random Number Generators
* Linear Congruential Generators
* Mersenne Twister
* Linear Feedback Shift Registers
* The Dual EC DRBG Backdoor
* **Challenge Lab: Keys and Randomness**

Day 2 :

* Asymmetric Crypto / RSA
* Introduction to RSA
* Key Formats
* Basic Attacks on (Textbook) RSA
* Key Sizes and Brute Force
* RSA PKCS1.5 Signatures
* Padding/Bleichenbacher Attacks on RSA
* **Challenge Lab: RSA**

* Asymmetric Crypto / ECC
* Introduction to Elliptic Curve Cryptography
* The Java ECC Screwup
* Exploiting ecDSA Nonce Reuse
* Invalid Point Attacks
* **Challenge Lab: ECC**

* Public Key Infrastructure and Certificates
* Introduction to Certificates
* x509 Certificate Structure and Features
* Common Certificate Pitfall Examples
* Chain of Trust and PKI services
* TOFU Principle and Man-In-The-Middle Threats
* **Challenge Lab: Certificates and PubKeys**

* Crypto Applications / Protocols
* High-level view on TLS
* High-level view on VPNs: IKE and Wireguard
* Choosing Security Parameters for Protocols

* Crypto Applications / JWT
* Introduction to JWT
* Common JWT Implementation Bugs
* **Challenge Lab: Exploiting JWT**

* Crypto Applications / WebAuthn, FIDO and TOTPs
* Introduction to Password-Less Authentication
* TOTP Algorithms and Seeds
* Understanding and Deploying FIDO2 and WebAuthn
* Footguns Regarding Password-Less
* **Challenge Lab: (Ab)using FIDO**

* Outlook
* Sneak Peak at Post Quantum Crypto
* Upcoming Protocols and Primitives

* Farewell
* **Presentation of Take Home Challenges**
* Recap – Cryptography

Technical difficulty :

Beginner to intermediate

Suggested Prerequisites :

The contents are compressed, but no prior knowledge of cryptography is needed. Every subject is introduced before attacks are presented.
Students should be familiar with at least one scripting language (e.g. Bash or Python) and have a basic understanding of computer networks.

What students should bring :

Participants should bring a laptop with administrator/root access to install software.

DATE : August 14th-15th 2023
TIME : 8am to 5pm PDT
VENUE : Caesars Forum, Las Vegas, NV
TRAINER : Ruben Gonzalez


– 16 hours of training with a certificate of completion.

– 2 coffee breaks are provided per day
– Note: Food is not included



Registration terms and conditions :

Trainings are refundable before July 1st, the processing fee is $250.

Trainings are non-refundable after July 10th, 2023.

Training tickets may be transferred. Please email us for specifics.

Failure to attend the Training without prior written notification, will be considered a No-Show. No refund will be given.

By purchasing this ticket you agree to abide by the DCT Code of Conduct and the registration terms and conditions listed above.
​


Practical Code Review $2,000 – Seth Law & Ken Johnson

Paid Training DC Forum Page

URL= https://training.defcon.org/products…al-code-review

Originally posted by URL Name of Training :
Practical Code Review

Description :
This course introduces a proven methodology and framework for performing a secure code review, as well as addressing common challenges in modern secure code review.

Training description :
Learn a proven methodology for discovering vulnerabilities in code through secure code reviews against any language or framework, no matter the amount of code. Whether analyzing code as a consultant, internal resource, or bug bounty researcher, enhance your bug-hunting techniques and code review skills using a strategy surpassing security review checks covered by language-specific guidance and automated tools plagued by false positives. During the training, you will learn and practice a methodology developed by Seth and Ken (co-hosts of the Absolute AppSec podcast) to find bugs in hundreds of code bases, including web3, mobile, and web applications. Students gain the confidence to take on code-review projects, knowing how to organize their limited time, avoiding unnecessary time sinks and focusing on an application’s security-relevant files and functions.


Trainer(s) bio :
Ken Johnson:
Ken Johnson has been hacking web applications professionally for 14 years and given security training for 11 of those years. Ken is both a breaker and builder and is the CTO & Co-Founder of DryRun Security. Previously, Ken was a Director with GitHub’s Product Security Engineering team and has held both technical and leadership roles both within the consulting world as well as a corporate defender. Previously, Ken has spoken at RSA, You Sh0t the Sheriff, Insomnihack, CERN, DerbyCon, AppSec USA, AppSec DC, AppSec California, DevOpsDays DC, LASCON, RubyNation, and numerous Ruby, OWASP, and AWS events about appsec, devops security, and AWS security. Ken’s current passion project is the Absolute AppSec podcast with Seth Law.


Seth Law:
Seth Law is an experienced Application Security Professional with over 15 years of experience in the computer security industry. During this time, Seth has worked within multiple disciplines in the security field, from software development to network protection, both as a manager and individual contributor. Seth has honed his application security skills using offensive and defensive techniques, including tool development. Seth is the founder and principal of Redpoint Security, hosts the Absolute AppSec podcast with Ken Johnson, and is a regular speaker at developer meetups and security events, including Blackhat, Defcon, CactusCon, and other regional conferences.
Past training:
• OWASP AppSec USA 2018
• Global AppSec Amsterdam
• AppSec California 2019
• OWASP Virtual AppSec Days 2020
• AppSec Day
• Blackhat USA (2020/2021)
• KernelCon 2022
• LocoMocoSec 2022
• DEF CON 2022 LV
Absolute AppSec Channel is a good place to get an idea of how we present. https://www.youtube.com/c/AbsoluteAppSec

A good primer on some of the content is Ken doing a walkthrough of the framework taught in the following video attached to our podcast channel:
https://www.youtube.com/watch?v=f6UOBCJ9pjw
Trainer(s) social media links :
https://twitter.com/sethlaw (Seth)
https://twitter.com/cktricky (Ken)
https://twitter.com/absoluteappsec (Absolute AppSec Podcast)

Outline :
Day 1:
– Overview (1 hour)
– Introductions, Philosophy, Expectations, Setup
– Code Review Methodology
– Overview (30 minutes)
– Introduction, General Principles, Risk Assessment, Notes, Exercise
– Information Gathering (1.5 hours)
– Activities, Application Mapping, Mapping Exercise, Authorization Functions, Authorization
Functions Exercise
– Authorization (1.5 hours)
– Authorization Review Activities, Vulnerabilities, Checklists, Exercise
– Authentication (1.5 hours)
– Authentication Review Activities, Vulnerabilities, Checklists, Exercise
– Auditing (30 minutes)
– Auditing Review Activities, Vulnerabilities, Checklists, Exercise
– Injection (1 hours)
– Injection Review Activities, Vulnerabilities, Checklists, Exercise
Day 2:
– Methodology Continued
– Cryptography (30 minutes)
– Cryptographic Review Activities, Vulnerabilities, Checklists, Exercise
– Configuration (30 minutes)
– Configuration Review Activities, Vulnerabilities, Checklists
– Technical Hands-On Review (3 hours)
– Vulnerable Task Manager Class Review
– Group Projects – Review of Open Source Applications (3 hours)
– Presentation of Group Projects (1 hour)

Technical difficulty :
Intermediate.

Suggested Prerequisites :
Attendees must have knowledge of the OWASP Top 10, SANS CWE Top 25, and other common vulnerabilities.
Attendees should be familiar with the development process (SDLC) and where security code reviews fit into the process. Attendees must have experience using an IDE, running command-line tools, and be able to read application source code.

What students should bring :
Laptop capable of running an IDE.
DATE : August 14th-15th 2023
TIME : 8am to 5pm PDT
VENUE : Caesars Forum, Las Vegas, NV
TRAINER : Seth Law & Ken Johnson
– 16 hours of training with a certificate of completion.
– Note: Classes that do not meet their minimum class size by July 15 will be canceled, please register early
– 2 coffee breaks are provided per day
– Note: Food is not included

Registration terms and conditions :

Trainings are refundable before July 1st, the processing fee is $250.

Trainings are non-refundable after July 10th, 2023.

Training tickets may be transferred. Please email us for specifics.

Failure to attend the Training without prior written notification, will be considered a No-Show. No refund will be given.

By purchasing this ticket you agree to abide by the DCT Code of Conduct and the registration terms and conditions listed above.


– Software Defined Radios 101 $2,500

Paid Training DC Forum Page

URL= https://training.defcon.org/products…ned-radios-101

Originally posted by URL Name of Training :
Software Defined Radios 101
Description :
This class is a beginner’s introduction to practical Software Defined Radio (SDR) applications and development with an emphasis on hands-on learning. If you have ever been curious about the invisible world of radio waves and signals all around you, but didn’t know where to begin, then this course is for you. Students can expect to learn about basic RF theory and SDR architecture before moving on to hands-on development with real radios. Over the two-day course, the instructor will guide students through progressively more complicated RF concepts and waveforms, culminating in a small capstone CTF exercise. Students will be provided with a HackRF SDR for the duration of the class but will need to bring their own laptop to interface with the radio. VMs will be made available to students to download before class, along with an OS setup guide for those that prefer a bare-metal install. The VM/OS will have all the required drivers and frameworks to interface with the radio hardware, allowing us to jump right into hands-on exercises. My intent for this course is to lower the barrier of entry associated with RF hacking and give beginning students a practical understanding of RF and DSP applications with SDRs.
Training description :
This class is a beginner’s introduction to practical Software Defined Radio (SDR) applications and development with an emphasis on hands-on learning. I am a firm believer that hands-on learning is the best type, so I have this course structured around multiple labs/exercises based on real world signals. I picked the HackRF SDR as the course radio because it is probably the best hobbyist radio for the price point, and is fairly easy to work with. I plan on front-loading the first block with any RF theory/lecture and quickly move onto basic signal analysis with a few open-source tools. We will then dive into GNUradio, first just using pre-made blocks, but eventually writing our own. The course will end with a capstone CTF that can double as a test for issuing a certificate.
Trainer(s) bio :
Richard currently works as a research scientist focusing on radio communications and digital signals processing applications. Before making the jump to research, he was a RF engineer and embedded software developer working on prototype radio systems and DSP frameworks. He is passionate about radios and wireless technology and will happily talk for hours on the subject if given the chance.
Trainer(s) social media links :
[]

Outline :
DAY 1 :
Hours 1-2:
– Introduction to RF theory, waveforms, and basic modulation schemes (AM, FM, FSK, PSK, OOK)
– Nyquist sampling and aliasing
– A brief overview of Euler and complex numbers
– IQ sampling theory
– Overview of common Software Defined Radio architectures (what a LO is, overview of ADCs, how samples work, ect)

Hours 3-4:
– Introduction to GQRX and interfacing with the SDR
– Exercise/lab 1: All Along the Watchtower
– Basic demodulation in GQRX
– Exercise/lab 2: Imperial March
– Introduction to spectrum scanning

Hours 5-6
– Intro to capturing raw signals with your SDR
– Intro to inspecting raw signals
– Exercise/lab 3: Car Key Fobs
– Advanced signals inspection using Python and Inspectrum
– Exercise/lab 4: Burst IoT modem

Hours 7-8
– Introduction to GNUradio
– Key GNUradio flow graph components:
– Sources/sinks
– Filters
– Exercise/lab 5: Remove the Noise
– Demodulators
– Exercise/lab 6: FM Demod to a File
– Exercise/lab 7: AM Demod to a File

DAY 2 :
Hours 1-2
– continue GNUradio flow graph components
– review filters, demodulation, sources/sinks
– Resamplers and resampling theory
– Long Exercise/lab 8: Putting it all together: FM radio in GNUradio

Hours 3-4:
– Introduction to out-of-tree modules
– Extending GNUradio through scripting and custom blocks
– Exercise/lab 9: Custom Python Blocks 1: Custom Demodulator
– Exercise/lab 10: Custom Python Blocks 2: Burst Extractor
– Advanced topics in RF: Control flow and RF mixing

Hours 5-6
– Extending GNUradio with OOT modules from the open-source community
– Exercise/lab 11: ADSB interception using an OOT block
– Advanced topics in RF: Correlation and Convolution
– Exercise/lab 11: Matched Filter Correlation
– Next steps: introduction to clock synchronization and data recovery

Hours 7-8
– Capstone exercise: RF Capture-the-Flag (CTF)

Technical difficulty :
Beginner. No specific skill or experience needed. We will do some Python programming, but nothing beyond some basic programs.

Suggested Prerequisites :
Before the class I will be sending out a VM/OS setup guide along with a short RF intro, just so everyone starts off at the same place.

What students should bring :
Students will need to bring a laptop capable of running a VMware or VirtualBox VM (VMs will be sent out before the class). You may also follow the instructor-provided installation guide for a bare-metal OS if you prefer. Recommended specifications for the laptop are:
– 4 core processor
– 8 GB of RAM
– at least 30 GB of free HDD/SSD space
– one free USB port for the SDR

Students should also bring a pair of headphones for listening to their SDR during the course; this is necessary in a classroom setting to keep the volume at a reasonable level.

DATE : August 14th-15th 2023
TIME : 8am to 5pm PDT
VENUE : Caesars Forum, Las Vegas, NV
TRAINER : Richard
– 16 hours of training with a certificate of completion.
– 2 coffee breaks are provided per day
– Note: Food is not included

Registration terms and conditions :

Trainings are refundable before July 1st, the processing fee is $250.

Trainings are non-refundable after July 10th, 2023.

Training tickets may be transferred. Please email us for specifics.

Failure to attend the Training without prior written notification, will be considered a No-Show. No refund will be given.

By purchasing this ticket you agree to abide by the DCT Code of Conduct and the registration terms and conditions listed above.


Orange Cyberdefense $2,600 – Web Hacking Bootcamp

Paid Training DC Forum Page

URL= https://training.defcon.org/products…e-cyberdefense

Originally posted by URL Name of Training :
Web Hacking Bootcamp
Description :
Greater understanding of the risks associated with web applications, understanding of the tools and techniques for examining web applications, practical skills to exploit a wide variety of web application vulnerabilities.
Training description :
Most organizations utilize web applications. Due to the exposed nature of web applications and complex business logic they contain, they are a valuable target for attackers. Throughout this course focus will be placed on the various vulnerabilities that could affect web applications.
This course will teach you how to analyze web applications for vulnerabilities and teach you how to exploit them in order improve your understanding of the inner workings and the associated risks.
Practical exposure to hacking web application will provide developers a deeper understanding of the potential threats and issues that could find its way into the development lifecycle and furthermore ensure that penetration testers are well versed with the discovery and exploitation of web related issues.
Key Points:
* Greater understanding of the risks associated with web applications
* A good understanding of the tools and techniques for examining web applications
* Practical skills to exploit a wide variety of web application vulnerabilities
We have been conducting penetration tests against web applications for nearly two decades have pulled out the most relevant and fun hacks we could find into this course.
Whether you’re a developer looking to better understand how to defend your applications or a penetration tester looking to enhance your web application bug hunting, this course is for you.
This course is highly practical, with a cornucopia different practical exercises. You’ll learn how to hand exploit numerous common web vulnerabilities and understand the theory behind them. You will be better able to help developers prevent these classes of attacks in their applications. We aim to teach you the trade not just the tricks, and while tools are covered and help, you will be taught how to exploit many of these vulnerabilities by hand.
Details:
* 2-day course
* 60% practical and 40% theoretical
* Immersive practicals with a wide spread of coverage
* Delivered by active penetration testers
Topics covered:
* Web technology fundamentals
* Cookies and sessions abuse
* Web vulnerabilities and exploitation
* Enumeration
* File upload manipulations
* Injection based attacks
Our training facility is delivered via SensePost, the specialist pentesting arm of Orange Cyberdefense.
SensePost have trained thousands of students on the art of network and application exploitation for the past two decade. It’s safe to say we enjoy teaching others how to own networks and applications. Our courses are developed from the work we perform for clients, so that you get a better understanding of how to exploit real-world scenarios.
Come join us and hack hard!
Trainer(s) bio :
SensePost, an elite ethical hacking team of Orange Cyberdefense have been training internationally since 2002. We pride ourselves on ensuring our content, our training environment and trainers are all epic in every way possible. The trainers you will meet are working penetration testers, responsible for numerous tools, talks and 0day releases. This provides you with real experiences from the field along with actual practitioners who will be able to support you in a wide range of real-world security discussions. We have years of experience building environments and labs tailored for learning, after all education is at the core of SensePost and Orange Cyberdefense.
Past content:
A version of this course has been presented at BlackHat in 2022.
This course has been adjusted in 2023 to focus its delivery to be jam packed and a bit of a bootcamp course. Going from zero to hero in two-days.
Here is the 2022 web course details: https://www.blackhat.com/us-22/train…–2-days-25715
Trainer(s) social media links :
https://twitter.com/ sensepost_train : @ sensepost_train
https://twitter.com/sensepost : @ sensepost
https://twitter.com/orangecyberdef : @ orangecyberdef

Outline :
The full course outline is for use by the Def Con Training review team and preferably not published on the website.

The content of the course has 16 main modules and multiple sub modules as follows:
Introduction to web technologies
* HTTP basics
* GET and POST requests
* Parameters
* Web servers and web applications
* URL, Base64 and HTML encoding
* Intercepting proxies
* Practical outcome: Understand how GET and POST requests work, and how they can be intercepted
Cookies and Session Management
* How cookies work
* How sessions work
* How to manipulate cookies with Firefox’s Development Console
* Practical outcome: Understand how cookies work, and how they can be modified
Introduction to Web Vulnerabilities
* What is a vulnerability?
* Common web vulnerabilities and OWASP Top 10
Client and Server Side Attacks
* Server side controls
* Client side controls
* Bypassing server and client controls with Burp and Firefox’s Development Console
* Practical outcome: Understand how to bypass client and server side controls
Broken authentication and authorization
* Identifying broken authorization and authentication controls.
* Exploiting client side redirection
* Practical outcome: Understand how to identify and bypass broken authentication and authentication controls.
Enumeration
* How to find useful information
* Directory listing and brute forcing URLs
* User enumeration and other error conditions
Session identifier disclosure
* The impact of session identifiers
* Practical outcome: Understand how find and exploit disclosed session identifiers.
Insecure Direct Object References (IDOR)
* Accessing other users objects via IDOR vulnerabilities
* How to automate IDOR and other brute-force attacks
* Practical outcome: Understand how to enumerate users, brute force accounts and exploit IDOR vulnerabilities.
Local File Inclusion (LFI) vulnerabilities
* How to find local file inclusion vulnerabilities.
* How to exploit local file inclusion vulnerabilities with uploaded files
* How to exploit local file inclusion vulnerabilities when files cannot be uploaded
* Practical outcome: Understand how local file inclusion vulnerabilities can be exploited with and without file upload functionality.
Insecure file upload vulnerabilities
* How web applications use extensions and why they matter
* Web shells and code execution
* Bypassing extension whitelists and blacklists
* Bypassing additional controls such as .htaccess files
* Practical outcome: Understand the basics of file upload exploitation, and how to bypass upload restrictions.
Injection
* The concept of injection
* Different types of injection
* Demonstrating injection
* How to find injection vulnerabilities by fuzzing
Cross-Site Scripting (XSS)
* Introduction to HTML injection and XSS
* Stored, Reflective and DOM XSS
* XSS attack payloads
* SOP and Cookie stealers
* Bypassing XSS restrictions
* Practical Outcome: Understand how reflective cross site scripting vulnerabilities can be identified and exploited, and how to bypass reflective cross site scripting vulnerability filters.
Cross Site Request Forgery (CSRF)
* Introduction to CSRF vulnerabilities
* Using XSS to exploit CSRF
* Practical outcome: Understand how to exploit stored cross site scripting and cross site request forgery vulnerabilities, and how they can be used together.
Command Injection
* Chaining commands for stacked command execution
* Testing and exploiting command injection
* Finding and exploiting blind injection
* How reverse shells work
* Practical Outcome: Understand how to find and exploit both blind and non-blind command injection vulnerabilities.
SQL Injection
* SQL at a glance
* SQL injection introduction
* How to find SQL injection
* How to exploit different SQLi over different databases (Postgres and MSSQL)
* How to use SQL injection to execute operating system commands
* Practical outcome: Learn basic SQL, how SQL injection vulnerabilities can be identified, used to extract information, and execute operating system commands.
Java Deserialization
* How Java serialization and deserialization work
* How to identify and exploit Java Deserialization vulnerabilities with ysoserial
* Practical outcome: Learn how Java Deserialisation vulnerabilities can be identified and used to execute code.
Technical difficulty :
Intermediate
Suggested Prerequisites :
Requires students to have a solid working understanding of web technologies.
Hacking experience isn’t a requirement for this course. However, a technical understanding of how web applications work is required. Development experience isn’t a requirement but can help.
While not a strict requirement, students will benefit from having an understanding of the following topics before attending the course:
* Fundamentals of programming
* Programming in the following languages:
** HTML
** JavaScript
** SQL
** NoSQL
A familiarity of these topics can be obtained from the following links or other resources:
* https://www.tutorialspoint.com/compu…ming_functions
* https://www.w3schools.com/html/html_intro.asp
* https://www.w3schools.com/js/js_intro.asp
* https://www.w3schools.com/sql/default.asp
* https://www.guru99.com/mongodb-query…sing-find.html

What students should bring :
As the bare minimum, you will need to bring along a laptop that is able to run the latest version of Firefox.
DATE : August 14th-15th 2023
TIME : 8am to 5pm PDT
VENUE : Caesars Forum, Las Vegas, NV
TRAINER : TBA
– 16 hours of training with a certificate of completion.
– Note: Classes that do not meet their minimum class size by July 15 will be canceled, please register early
– 2 coffee breaks are provided per day
– Note: Food is not included
Registration terms and conditions :

Trainings are refundable before July 1st, the processing fee is $250.

Trainings are non-refundable after July 10th, 2023.

Training tickets may be transferred. Please email us for specifics.

Failure to attend the Training without prior written notification, will be considered a No-Show. No refund will be given.

By purchasing this ticket you agree to abide by the DCT Code of Conduct and the registration terms and conditions listed above.