Workshops List

DEF CON Workshops

Longer, more detailed, hands on, lasting half a day. These have limited seating. These will fill up VERY quickly! All of the workshops are SOLD OUT at this time.

DEF CON All Workshops Forum page

Assembly language has a reputation for being intimidating, but once you learn the basics–and know how to read the documentation for the rest–there’s nothing you can’t follow. There are many interesting fields of study in computer security that depend on the “”closer to the metal”” knowledge you’ll gain from learning to code in assembly: – Software reverse engineering – Vulnerability and exploit research – Malware/implant development – Digital forensics …among others. There is no substitute for the confidence that you gain from being able to research and understand computer systems at lower levels of abstraction. The purpose of this workshop is to introduce Intel x64 assembly language to the attendees. We will be using the Microsoft Macro Assembler, and we will be examining our code step-by-step in the x64dbg debugger. No prior programming experience is required–we will be working on things from first principles. There will be few slides. Concepts will be presented primarily within the x64dbg environment, with a focus on experimentation and using primary documentation. Attendees can follow along with their own laptops and programming environments. We will cover the following topics: – Assembling and linking code – The execution environment of x64 programs – Memory – Registers – A wide variety of instructions – Addressing modes – How to read instruction documentation in the Intel manuals – Moving data around – Stack operations – x64 ABI and calling conventions – Representing data – Integer math – Program flow: conditional execution, loops – Leveraging the Windows API – How to read MSDN articles on Windows API functions – Resources for reference and future learning

Links:
    Eventbrite Registration – 2024-07-07 12:00 US/Pacific – https://McGrew_DC32.eventbrite.com

People:
    SpeakerBio:  Wesley McGrew, Senior Cybersecurity Fellow at MartinFederal

Dr. Wesley McGrew directs research, development, and offensive cyber operations as Senior Cybersecurity Fellow for MartinFederal. He has presented on topics of penetration testing and malware analysis at DEF CON and Black Hat USA and taught a self-designed course on reverse engineering to students at Mississippi State University, using real-world, high-profile malware samples. Wesley has a Ph.D. in Computer Science from Mississippi State University for his research in vulnerability analysis of SCADA HMI systems.

Capture the Flag (CTF) is a competition where teams and individuals compete to solve security challenges. The one that collects most flags the fastest wins the competition (and typically, prizes). CTF-101 is an interactive workshop where we attendees learn about CTF competitions and common security vulnerabilities in a game-like environment. A couple of challenges are presented throughout the session and our hosts walk through how to solve them and provide support as attendees try to solve the challenges during the live hacking part of the workshop. Plus, there’s a leaderboard for attendees to track their progress.

Links:
    Eventbrite Registration – 2024-07-07 12:00 US/Pacific – https://Silverman_DC32.eventbrite.com

People:
    SpeakerBio:  Micah Silverman, Director of Security Relations at Snyk

Micah is Snyk’s Director of Security Relations. With 29 years of Java Experience (yup, that’s from the beginning) and 23 years as a security professional Micah’s authored numerous articles, co-authored a Java EE book, and spoken at many conferences. He’s a maker, who’s built full-size MAME arcade cabinets and repaired old electronic games (http://afitnerd.com/2011/10/16/weekend-project-fix-dark-tower/). He brings his love of all things security and Java to a conference near you!

This Physical Access Control Learning Lab will teach attendees about physical access control and the systems involved. Many of the subjects being taught will be related to their cybersecurity counterparts and lots of focus placed on the why of each concept, not only the fun parts.

Links:
    Eventbrite Registration – 2024-07-07 12:00 US/Pacific – https://Pedroncelli_DC32.eventbrite.com

People:
    SpeakerBio:  Lorenzo Pedroncelli, RSA

Lorenzo has been working with technology since childhood, directly out of high school he went to work for the National Laboratories. Lorenzo helped drive a new security initiative for High Performance Computing, eventually moving to another National Laboratory to do the same. After leaving government contracting Lorenzo joined RSA and started his first “official” job in cybersecurity as a consultant for NetWitness helping customers improve their knowledge and use of the SIEM. Most recently Lorenzo switched into supporting RSA’s internal security operations, leading the Converged Security team including the Incident Response, Data Security, Cloud Security, and Endpoint Security programs, among others.

SpeakerBio:  Randy Belbin, RSA

Randy began his Information Technology and cybersecurity career in the MSP space over a decade ago, before joining RSA as a Sales Engineer in 2016. In the years since, Randy has become an industry expert for Identity and Access Management. In 2022, Randy moved to RSA’s Security and Risk office to lead the identity program at the newly independent RSA. As part of the security team, Randy has been able to broaden his experience and currently assists with physical security, cloud security, and incident response, in addition to his role as the identity guy.

Gain a deeper understanding of how ransomware evades analysis and learn how to identify and counter these techniques. This workshop will explore common evasion methods, how they work, and how you can develop the skills to write code that re-enacts these methods. This workshop will begin by showing you how ransomware builders work. How do the builders generate reliable, viable ransomware code? You’ll learn! Once built, how do these malicious binaries implement analysis evasion techniques? Which techniques are used often? How do they function? We’ll dive into the most prevalent techniques to show you how they work and why. Finally, you will learn how to re-enact some of these techniques along with more advanced methods within your own code. Are you ready to take your reverse engineering and coding skills to the next levels? – Let’s do this! And remember: #RansomwareSucks!

Links:
    Eventbrite Registration – 2024-07-07 12:00 US/Pacific – https://Chapman_DC32.eventbrite.com

People:
    SpeakerBio:  Aaron Rosenmund, Senior Director of Content Strategy & Curriculum at Pluralsight

Aaron Rosenmund is the Senior Director of Content Strategy & Curriculum for Pluralsight, where he has also authored over 115 courses and technical labs across offensive and defensive security operations topics. Part time work includes service as an Cyber Warfare Operations office in the Delaware Air National guard, where he has also led a 100+ member red team for the largest cyber exercise in the Nation, Cybershield.

SpeakerBio:  Josh Stroschein, Reverse Engineer, FLARE team at Google

Josh is an experienced malware analyst and reverse engineer and has a passion for sharing his knowledge with others. He is a reverse engineer with the FLARE team at Google, where he focuses on tackling the latest threats. Josh is an accomplished trainer, providing training at places such as Ring Zero, BlackHat, Defcon, Toorcon, Hack-In-The-Box, Suricon, and other public and private venues. Josh is also an author on Pluralsight, where he publishes content around malware analysis, RE, and other security topics.

SpeakerBio:  Ryan Chapman

Ryan Chapman is the author of SANS’ “FOR528: Ransomware and Cyber Extortion” course, teaches SANS’ “FOR610: Reverse Engineering Malware” course, works as a threat hunter @ $dayJob, and is an author for Pluralsight. Ryan has a passion for life-long learning, loves to teach people about ransomware-related attacks, and enjoys pulling apart malware.

Threat actors skillfully deploy malware to evade detection, outmaneuvering traditional security tools. In this workshop, “Dissecting Malware for Defense – Crafting Custom Yara Rules”, you’ll harness the power of malware analysis and crowdsourced intelligence to build tailored Yara rules. These rules will supercharge your security systems, enabling you to detect emerging threats, enhance threat hunting, and accurately pinpoint malicious activity. This fast-paced course will guide you in mastering static and behavioral detections, empowering you to safeguard your organization. By the end, you’ll expertly translate malware analysis insights into high-quality Yara rules, bolstering your defensive arsenal.

Links:
    Eventbrite Registration – 2024-07-07 12:00 US/Pacific – https://Stroschein_DC32.eventbrite.com

People:
    SpeakerBio:  Francisco Perdomo, Security Engineer, VirusTotal Research Team at Google

Francisco is a skilled security professional with a strong background in detection engineering and a keen interest in reverse engineering. With extensive blue team experience, he currently works as a Security Engineer at Google’s VirusTotal Research team where he leverages his operational expertise to investigate malware trends and create insightful technical content. Francisco’s background includes roles as a SecOps Engineer and Professor of Computer Security.

SpeakerBio:  Josh Stroschein, Reverse Engineer, FLARE team at Google

Josh is an experienced malware analyst and reverse engineer and has a passion for sharing his knowledge with others. He is a reverse engineer with the FLARE team at Google, where he focuses on tackling the latest threats. Josh is an accomplished trainer, providing training at places such as Ring Zero, BlackHat, Defcon, Toorcon, Hack-In-The-Box, Suricon, and other public and private venues. Josh is also an author on Pluralsight, where he publishes content around malware analysis, RE, and other security topics.

The workshop will walk through a number of state of the art techniques used for detection and will show the process of thinking used to research and develop cutting-edge evasion techniques. We will dive deep into interesting aspects of Windows and AV internals with respect to malware development. The focus will be on the mindset used to defeat security products starting with the analysis of a variety of detection mechanisms and ending with the final development of countermeasures. Moreover, the training will contain a number of live demonstrations to practically show how to apply those concepts and how to integrate them, showing how to develop evasive implants and post-exploitation tools. By altering the fundamental rules of engagement, we can confound EDR systems and reshape their perception of the digital environment. The workshop will dig deep into the internals of certain aspects of AV/EDRs and the Windows operating system to identify the area to exploit to lower the detection rate, it will involve the usage of Visual Studio and debuggers.

Links:
    Eventbrite Registration – 2024-07-07 12:00 US/Pacific – https://Cristofaro_DC32.eventbrite.com

People:
    SpeakerBio:  Dimitri Di Cristofaro, Senior Security Consultant and Researcher at SECFORCE LTD

Dimitri “GlenX” Di Cristofaro is a senior security consultant and researcher at the London office of SECFORCE LTD where he performs Red Teams on a daily basis. The main focus of his research activities is about Red Teaming and in particular on identifying new ways of attacking operating systems and looking for cutting edge techniques to increase stealthiness in strictly monitored environments. He enjoys malware writing and offensive tools development as well as producing electronic music in his free time.

SpeakerBio:  Giorgio “gbyolo” Bernardinetti, Lead Researcher, System Securitiy Division at CNIT

Giorgio “gbyolo” Bernardinetti is lead researcher at the System Securitiy division of CNIT. His research activities are geared towards Red Teaming support activities, in particular design and development of advanced evasion techniques in strictly monitored environments, with emphasis on (but not limited to) the Windows OS, both in user-space and kernel-space. He is certified OSCP and OSCE, and enjoys playing electric guitar in his free time.

Email remains the #1 initial access vector for commodity malware and nation state actors. Historically, tackling email-based threats has been considered the purview of black-box vendor solutions, with defenders having limited scope (or tooling!) to swiftly and effectively respond to emerging attacker activity and novel offensive tradecraft. In this workshop, attendees will be given detailed insight into the latest techniques used to deliver prevalent malware strains, including Pikabot and DarkGate, and will hunt through email data to identify this malicious activity, developing rules to detect and block these attacks. Initially attendees will be introduced to the foundational technologies that enable threat hunting, detection engineering, and response in the email domain, before being given access to the email data of a fictitious company seeded with benign and real-world attack data. Throughout the day, participants will learn to hunt common phishing techniques including: – QR codes – Image-as-content – Drive-by delivery via links and HTML smuggling – Excel attachments with embedded links to SMB shares – ISO attachments – PDF attachments with embedded links to malware (PDF -> URL -> ZIP -> WSF) – VIP impersonations – BEC Attendees will be guided through the rule creation process, utilizing free and open detection engines including Sublime and Yara, and will be introduced to the signals and email attributes that can be used to craft high-fidelity rules, including targeted user groups, sentiment analysis, sender domain age, and attachment analysis. Having completed the workshop, attendees will have a strong understanding of the tools and techniques at their disposal to defend their organizations from all manor of email threats.

Links:
    Eventbrite Registration – 2024-07-07 12:00 US/Pacific – https://Kamdjou_DC32.eventbrite.com

People:
    SpeakerBio:  Alfie Champion, Co-founder at DelivrTo

Alfie specialises in the delivery of attack detection and adversary emulation services, actively contributing education content, tooling and blogs to further the industry. He has previously worked with organisations across multiple industry verticals to uplift and validate their detective capability through red or purple team engagements, and now leads the global adversary emulation function at a FTSE 250 company. He has previously spoken at BlackHat USA, RSA and Blue Team Con 2022, among others, and is the co-founder of DelivrTo.

SpeakerBio:  Josh Kamdjou, Founder and CEO at Sublime Security

Josh has been doing offensive security-related things for the past 12 years. He’s spent most of his professional career breaking into networks via spear-phishing and other methods, and building software for both the public (Department of Defense) and private sectors. Josh is the Founder and CEO of Sublime Security, and in his private life enjoys weight lifting, Martial Arts, soccer, and spending time with his niece and nephew.

As defenders, we are always outnumbered, but we are by no means outmaneuvered. Attackers may hide in the haystack of haystacks, but with scalable detection logic, efficient coding practices, a thorough investigation methodology, and a reasonable corpus of computing, we can still determine which haystack to look within, and subsequently find the needle.

This is often made possible by a detection pipeline. And knowing how detection pipelines work, and the role each component plays, can help us write more efficient, more accurate detections to make life hard for the attacker. By reducing the attacker’s window of opportunity, whilst making the subsequent investigation easier for the would-be analyst, we can maintain a strong defensive position, forcing the attacker to burn significantly more resources in an attempt to make progress.

This workshop will run attendees through implementing a simple detection pipeline in code, and some basic detection rules, to understand how to: – Ingest and normalize arbitrary log data, and make such data available for downstream detection rules; – Implement detection logic, to isolate potentially malicious behaviour; – Enrich log data with more context, aiding investigation; and – Draw relationships from individual log entries, to reduce investigative noise.

Attendees should be comfortable with either Python 3 or Golang, including core language syntax and the execution environment of their preferred language.

Links:
    Eventbrite Registration – 2024-07-07 12:00 US/Pacific – https://Defty_DC32.eventbrite.com

People:
    SpeakerBio:  Kathy Zhu, Security Engineering Tech Lead at Google

Having worked in the security industry for 8+ years, Kathy is currently a Security Engineering Tech Lead in the detection space at Google. Her interest and experience is in detection engineering and software development. Outside of work, she also enjoys running, the outdoors, and reading.

SpeakerBio:  Troy Defty, Security Engineering Manager

Following over a decade in the UK and Australian InfoSec industries, including an 8-and-a-half year stint in red teaming, Troy jumped the proverbial fence from red to blue, and is currently a Security Engineering Manager at a tech company. His interest and experience is in detection engineering, red teaming, threat modelling, hardware, and assessing ICS environments. Other interests include music, electronics, the outdoors, travel, rugby, CTF, and making piano-related noise.

Red and blue are two sides of the same coin. Offensive and defensive teams deliver the best results when working together; sharing knowledge, ideas, and understanding with each other. And a core part of this information exchange is understanding each respective perspective. This is the overarching theme of the workshop; attackers thinking like defenders, and defenders thinking like attackers.

This workshop is the second version of Flipping the Coin and features upgraded attack paths, and lab environments.

By the end of the workshop, attendees will:

1. Understand and perform common offensive attacks (supported by the Metasploit Framework) against Windows Domains, including:

   • Pass the Hash attacks;
   • gMSA Golden Attack;
   • ADCS abuse;
   • Common tunnelling techniques;
   • PrintSpoofer exploits;
   • LSASS exploitation (using Mimikatz);
   • AD enumeration (using BloodHound);
   • DACL abuse;
   • Kerberos golden tickets; and
   • DLL hijacking.

2. Understand the process of detecting attacks against Windows infrastructure, including how to design and implement their own detection rules based on attendees’ previous attacks, using:

   • Sigma/Yara rules.
   • Log ingestion/normalisation platforms, and query engines (e.g. ELK).

3. Understand and appreciate how the actions and processes of red and blue teams are interlinked, for the greater collective good.

Recommended (but not required) prior reading: – https://nooblinux.com/metasploit-tutorial/ – https://posts.specterops.io/introducing-bloodhound-enterprise-attack-path-management-for-everyone-39cfd8d6eb7c – https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/get-started/virtual-dc/active-directory-domain-services-overview – https://socprime.com/blog/sigma-rules-the-beginners-guide/ – https://github.com/socprime/SigmaUI – https://blog.netwrix.com/2021/11/30/how-to-detect-pass-the-hash-attacks/ – https://posts.specterops.io/certified-pre-owned-d95910965cd2 – https://www.elastic.co/guide/en/security/current/suspicious-print-spooler-point-and-print-dll.html

Much of the material and core concepts of the workshop remain the same from the DEF CON 31 workshop with some updated topics for DEF CON 32, including an updated environment, and gMSA attacks within the lab.

Links:
    Eventbrite Registration – 2024-07-07 12:00 US/Pacific – https://Strom_DC32.eventbrite.com

People:
    SpeakerBio:  Angus Strom, Senior Security Engineer

Angus (0x10f2c_) is currently a Senior Security Engineer working at a tech company. He obtained a love for all things computers by scavenging computer parts from local garbage pickups as a kid, and then trying to make them work together without blowing up. Angus eventually realised that a career could be made out of his skills hacking together poorly written LUA code in Garry’s mod, and finished a Bachelors in Network Security. In his professional career Angus has 5+ years working in Security Consulting, working across many industries and gaining many shells. More recently Angus has made the move to a security engineer focused role. When not hacking he loves to ski on the little snow that Australia has, and loves to paint small miniatures while listening to Drone Metal.

SpeakerBio:  Troy Defty, Security Engineering Manager

Following over a decade in the UK and Australian InfoSec industries, including an 8-and-a-half year stint in red teaming, Troy jumped the proverbial fence from red to blue, and is currently a Security Engineering Manager at a tech company. His interest and experience is in detection engineering, red teaming, threat modelling, hardware, and assessing ICS environments. Other interests include music, electronics, the outdoors, travel, rugby, CTF, and making piano-related noise.

Are you ready to dive deep into the world of malware analysis? Join me for an immersive workshop that will demystify the process of dissecting and analyzing malicious software. Throughout this hands-on session, participants will explore essential techniques and methodologies for uncovering the inner workings of malware and identifying potential threats. During the workshop we will analyze different kinds of malware, from malicious documents, .NET malware and more . Through practical demonstrations attendees will learn how to conduct static and dynamic analysis effectively, gaining valuable insights into malware behaviors and characteristics. Moreover, attendees will gain firsthand experience in executing and analyzing techniques used by attackers, deepening their understanding of how threat actors operate and how to detect and mitigate their malware effectively. By the end of the workshop, attendees will have developed practical skills and techniques for analyzing real-world malware samples, empowering them to defend against evolving cyberthreats effectively.

Links:
    Eventbrite Registration – 2024-07-07 12:00 US/Pacific – https://torre_DC32.eventbrite.com

People:
    SpeakerBio:  Sebastian Tapia De la torre, Offensive Security Architect

Sebastian’s journey into cybersecurity began with a childhood fascination for taking things apart and figuring out how they worked. As he grew older, this curiosity evolved into a passion for hacking and uncovering vulnerabilities in websites and applications, landing him a role in vulnerability management. Eventually, he pivoted into a Security Architect role, where he applied offensive thinking with defensive strategies to advance the security posture of the company he works for. Now an Offensive Security Architect, Sebastian specializes in designing and leading purple team exercises, leveraging real attacker TTPs to test and enhance their security posture effectively.

Reverse engineering is done for a variety of reasons, most commonly to analyze malware, when searching for (and when looking to understand) vulnerabilities, or simply because of one’s curiosity. The NSA understood this early on and developed a framework to aid them in their reversing endeavors, which they open-sourced in early 2019: Ghidra. Since then, Ghidra has been one of the industry standard tools to analyze files, mainly due to its active development, as well as due to its accessible and versatile nature.

This four-hour workshop primarily focuses on the analyst mindset and fundamental knowledge with regards to reverse engineering, including but not limited to understanding Ghidra’s core capabilities such as the disassembly and decompiler views, creating and retyping data structures, writing scripts to extend and automate tasks, and the creation and use of function recognition databases for FunctionID and BSim.

The concepts behind the capabilities of Ghidra are the focus of the theory and during the hands-on exercises, allowing one to transfer the gained knowledge to another tool if so desired. As such, this class is perfect for aspiring and beginning analysts, while also providing background information and additional techniques for intermediate analysts.

The workshop’s materials will partially consist of multiple malware samples, the precautions for which will be explained in-detail during the workshop, ensuring the safety and integrity of the systems of the attendees. A laptop with a preinstalled Intel based 64-bit Ubuntu 22.04 VM, along with Ghidra, Eclipse, and OpenJDK 21 is required.

Additionally, knowing how to read C/C++ is required when dealing with decompiled code. Being able to read and write Java is required for the automation scripting, even though Python 2 can be used as well. If you cannot write Java and would still like to participate, you are welcome, but do note that this will impede some parts of the workshop’s exercises.

Links:
    Eventbrite Registration – 2024-07-07 12:00 US/Pacific – https://Kersten_DC32.eventbrite.com

People:
    SpeakerBio:  Max “Libra” Kersten

Max Kersten is a malware analyst, blogger, and speaker who aims to make malware analysis more approachable for those who are starting. In 2019, Max graduated cum laude with a bachelor’s in IT & Cyber Security, during which Max also worked as an Android malware analyst. Currently, Max works as a malware analyst at Trellix, where he analyses APT malware and creates open-source tooling to aid such research. Over the past few years, Max spoke at international conferences, such as DEFCON, Black Hat (USA, EU, MEA, Asia), Botconf, Confidence-Conference, HackYeahPL, and HackFestCA. Additionally, he gave guest lectures and workshops for DEFCON, Botconf, several universities, and private entities.

Tired of legacy ICS systems? Attend this workshop to hack the next generation of Industrial Control Systems! No more Modbus, no more standard PLC, no more Purdue model! This workshop is designed to show what the future might look like for Industrial Control Systems, and how it will impact cybersecurity. We’ll bring a realistic ICS setup that features all the fancy current and future trends: SD-WAN and Zero Trust, OPC-UA, MQTT, Digital Twin, Edge devices and soft-PLCs to control a small-scale industrial process simulation. After a short introduction, we’ll get into hacking! We will walk you through a CTF-style exercise to go from 0 to full industrial process hacking! The CTF will be guided so that everyone learns something and gets a chance to get most flags!

Links:
    Eventbrite Registration – 2024-07-07 12:00 US/Pacific – https://SOULLIE_DC32.eventbrite.com

People:
    SpeakerBio:  Alexandrine Torrents, Cybersecurity Expert at Wavestone

Alexandrine Torrents is a cybersecurity expert at Wavestone. She started as a penetration tester, and performed several cybersecurity assessments on ICS. She worked on a few ICS models to demonstrate attacks on PLCs and developed a particular tool to request Siemens PLCs. Then, she started working at securing ICS, especially in the scope of the French military law, helping companies offering a vital service to the nation to comply with security rules. Now, Alexandrine works with different industrial CISOs on their cybersecurity projects: defining secure architectures, hardening systems, implementing detection mechanisms. She is also IEC 62443 certified and still performs assessments on multiple environments.

SpeakerBio:  Arnaud Soullié, Senior Manager at Wavestone

Arnaud Soullié (@arnaudsoullie) is a Senior Manager at Wavestone, a global consulting company. For 14 years, he has been performing security assessments and pentests on all types of targets. He started specializing in ICS cybersecurity 10 years ago. He spoke and taught workshops at numerous security conferences on ICS topics : BlackHat Europe, BruCon, CS3STHLM, BSides Las Vegas, DEFCON… He is also the creator of the DYODE project, an open­source data diode aimed at ICS. He has been teaching ICS cybersecurity training since 2015

This training will cover how to discover vulnerabilities in custom Salesforce applications hosted on the Salesforce PaaS platform. This is not hacking Salesforce itself, but instead custom applications deployed by customers of Salesforce. You should already know OWASP Top 10 fundamentals such as how XSS or injection attacks work. You will learn how to find vulnerabilities specific to Salesforce apps such as SOQL injection, SOSL, cross-site scripting filter bypasses, and bypassing access controls of hidden functions to exfiltrate data. A new open-source tool “PaaS Cloud Goat” will be used to provide a simulated vulnerable Salesforce application for testing. Students will be expected to use a MitM proxy tool (Burp Suite) to craft malicious attacks to exploit the application. This training will provide a lab manual and live walk-through of the attack process and methods. We will also cover source code review and practice how to find vulnerabilities in code and translate them to working exploits of the simulator app.

Takeaways: 1. Hands-on learning opportunity of pen testing custom Salesforce applications 2. Detailed training documentation material about the underlying flaws 3. Consolidated list of common Salesforce application vulnerabilities

Links:
    Eventbrite Registration – 2024-07-07 12:00 US/Pacific – https://Beede_DC32.eventbrite.com

People:
    SpeakerBio:  Rodney David Beede, Principal Consultant

Rodney is a principal consultant and has specialized in web and cloud security for over 10 years. He has spoken at multiple conferences on topics from cloud security engineering to IoT device hacking. He has multiple CVEs for discovered web application security vulnerabilities. He started his career in enterprise web application software development but shifted to the security industry with his master’s thesis research project “A Framework for Benevolent Computer Worms” 2012.

We live in a time of unexpected transformation. Machines can hold conversations, compose prose and poetry, and generate very convincing deepfakes. The field of AI where this all happens – deep learning – has a long history, starting with one simple building block: the neural network. In this workshop, we will tour through the evolution of neural networks and discover that much of their evolution occurred in the world of low-level programming. Using C, C++ and a bit of assembly language, we will learn the fundamentals behind neural networks in their various forms, and build a foundation of knowledge that will allow us to understand how we arrived at large language models, the current state of the art. Most importantly, we will discover how far we can stretch everyday hardware to run deep learning models that solve interesting problems.

Links:
    Eventbrite Registration – 2024-07-07 12:00 US/Pacific – https://eigentourist_DC32.eventbrite.com

People:
    SpeakerBio:  eigentourist

Eigentourist is a programmer who learned the craft in the early 1980s. He began formal education in computer science when the height of software engineering discipline meant avoiding the use of GOTO statements. Over the course of his career, he has created code of beautiful simplicity and elegance, and of horrific complexity and unpredictability. Sometimes, it’s hard to tell which was which. Today, he works on systems integration and engineering in the healthcare industry.

In the 201 version of Hide your kids, turn off your Wi-Fi, they Rogue APing up in here, we will launch the next level of attacks using Rogue APs and other wireless tools. We will look into different ways to attack wireless networks and leverage credentials harvested to gain a foothold, PITM, deliver payloads, and demonstrate impact to the client. During the workshop we will walk through different attacks against OPEN, WPA2, and 802.1X networks. During the CTF participants will have the chance to attack a simulated client network to leverage the attacks learned during the workshop. We will be using EAPHAMMER, BERATE_AP, WIFIPUMPKIN3, BETTERCAP, and RESPONDER. This workshop will be at the Intermediate level(all skill levels welcome), participants should have a solid knowledge of Linux, 802.11, networking, and using virtual machines. It is recommended that all students use the provided VM.

Links:
    Eventbrite Registration – 2024-07-07 12:00 US/Pacific – https://Hawk_DC32.eventbrite.com

People:
    SpeakerBio:  James Hawk, Senior Consultant, Proactive Services at Google Public Sector

James Hawk (He/Him) is a Senior Consultant with Google Public Sector, within Proactive Services. He is the wireless subject matter expert for his team. James has led and contributed to multiple assessments (Red Teams and Pen Tests). He has developed internal training and tool updates for 802.11 for his company and team. James is a 20-year veteran of the U.S. Army and has over 10 years of hands-on experience in wireless technologies. James is always researching/testing 802.11 attacks against his home lab. He is a fan of hockey, Letter Kenny, and almost anything Sci-Fi.

“Pentesting ICS is too easy and you are looking for a new challenge? Attend this workshop to discover and practice how to secure Industrial Control Systems! This workshop is designed to show some key cybersecurity measures to implement on Industrial Control Systems. We’ll bring a realistic but simple ICS setup and let you secure it step by step. After a short introduction, we’ll deep dive in several hands-on exercises: ICS inventory, backups, network security, system hardening and detection. “

Links:
    Eventbrite Registration – 2024-07-07 12:00 US/Pacific – https://Torrents_DC32.eventbrite.com

People:
    SpeakerBio:  Alexandrine Torrents, Cybersecurity Expert at Wavestone

Alexandrine Torrents is a cybersecurity expert at Wavestone. She started as a penetration tester, and performed several cybersecurity assessments on ICS. She worked on a few ICS models to demonstrate attacks on PLCs and developed a particular tool to request Siemens PLCs. Then, she started working at securing ICS, especially in the scope of the French military law, helping companies offering a vital service to the nation to comply with security rules. Now, Alexandrine works with different industrial CISOs on their cybersecurity projects: defining secure architectures, hardening systems, implementing detection mechanisms. She is also IEC 62443 certified and still performs assessments on multiple environments.

BLE CTF is a series of Bluetooth Low Energy challenges in a capture-the-flag format. It was created to teach the fundamentals of interacting with and hacking Bluetooth Low Energy services. Each exercise, or flag, aims to interactively introduce a new concept to the user. Over the past few years, BLE CTF has expanded to support multiple platforms and skill levels. Various books, workshops, training, and conferences have utilized it as an educational platform and CTF. As an open source, low-cost of entry, and expandable education solution, BLE CTF has helped progress Bluetooth security research. This workshop will teach the fundamentals of interacting with and hacking Bluetooth Low Energy services. Each exercise, or flag, aims to interactively introduce a new concept to the user. For this workshop, we will undergo a series of exercises to teach beginner students new concepts and allow more seasoned users to try new tools and techniques. After completing this workshop, you should have a good solid understanding of how to interact with and hack on BLE devices in the wild. If you have done BLE CTF in the past, this class is still valuable. For advanced users, we offer BLE CTF Infinity, a sequel to BLE CTF. The workshop will also showcase new hardware platforms and client tools for interacting with and completing the exercises. To prepare for the workshop, please follow the setup documentation located at https://github.com/hackgnar/ble_ctf/blob/master/docs/workshop_setup.md

Links:
    Eventbrite Registration – 2024-07-07 12:00 US/Pacific – https://Holeman_DC32.eventbrite.com

People:
    SpeakerBio:  Alek Amrani

Alek Amrani is bad at expense reports.

SpeakerBio:  Ryan Holeman, CISO at Stability AI

Ryan Holeman resides in Austin, Texas, where he works as the CISO for Stability AI. He is currently pursuing a Ph.D. in cyber defense from Dakota State University. He has spoken at respected venues such as Black Hat, DEF CON, Lockdown, BSides, Ruxcon, Notacon, and Shmoocon. You can keep up with his current activity, open source contributions, and general news on his blog. His spare time is mostly spent digging into various network protocols, random hacking, creating art, and shredding local skateparks.

Command and Control (C2) play a crucial role for Red Teams and Advanced Persistent Threats (APTs), establishing persistent access and control over targeted networks. This workshop offers an in-depth exploration of the C2 frameworks, with a specific focus on the open-source Empire framework. Participants will gain valuable insights into the deployment, features, and real-world application of C2 in offensive security. Attendees will learn how to leverage Empire to create, customize, and execute advanced attack scenarios, honing their skills as red team operators. Through practical exercises, attendees will learn to navigate the Empire framework, from basic setup to deploying sophisticated C2 infrastructures. The workshop covers key aspects such as listener configurations, agent management, and the utilization of Empire’s diverse modules for effective post-exploitation. A unique feature of this training is the inclusion of a mini Capture-The-Flag (CTF) challenge, offering participants a hands-on opportunity to apply their skills in a controlled, competitive environment. By the conclusion of this workshop, participants will be equipped with the knowledge and skills to leverage the Empire framework effectively in their red team operations, enhancing their capabilities in conducting advanced cyber attacks and navigating the complexities of modern cybersecurity landscapes. Key Workshop Highlights: Comprehensive Introduction to Empire: Gain a solid understanding of Empire’s capabilities, setup procedures, and its role in modern offensive operations. Hands-On Deployment and Configuration: Learn through doing, with exercises designed to build proficiency in configuring Empire, managing agents, and customizing listeners. Advanced Attack Scenarios: Delve into sophisticated techniques for post-exploitation, credential harvesting, and evasion, enhancing your arsenal as a red team operator. Real-World Application: Translate workshop learnings into actionable skills through a mini CTF challenge, simulating real-world offensive scenarios in a cloud-hosted environment.

Links:
    Eventbrite Registration – 2024-07-07 12:00 US/Pacific – https://Krasnov_DC32.eventbrite.com

People:
    SpeakerBio:  Jake “Hubble” Krasnov, Red Team Operations Lead and Chief Executive Officer at BC Security

Jake “Hubble” Krasnov is the Red Team Operations Lead and Chief Executive Officer of BC Security. He has spent the first half of his career as an Astronautical Engineer overseeing rocket modifications for the Air Force. He then moved into offensive security, running operational cyber testing for fighter aircraft and operating on a red team. Jake has presented at DEF CON, where he taught courses on offensive PowerShell and has been recognized by Microsoft for his discovery of a vulnerability in AMSI. Jake has authored numerous tools, including Invoke-PrintDemon and Invoke-ZeroLogon, and is the co-author of a cybersecurity blog at https://www.bc-security.org/blog/.

SpeakerBio:  Kevin “Kent” Clark, Security Consultant at TrustedSec

Kevin “Kent” Clark is a Security Consultant with TrustedSec and a Red Team Instructor with BC Security. His previous work includes Penetration Testing and Red Team Operator, focusing on initial access and active directory exploitation. Kevin contributes to open-source tools such as PowerShell Empire and publishes custom security toolkits such as Badrats and WindowsBinaryReplacements. Kevin authors a cybersecurity blog at https://henpeebin.com/kevin/blog.

SpeakerBio:  Rey “Privesc” Bango, Principal Cloud Advocate at Microsoft

Rey “Privesc” Bango is a Principal Cloud Advocate at Microsoft focused on empowering companies and information technologists to take full advantage of transformative technologies. He works to build patterns and practices that streamline the development of solutions that take advantage of Artificial Intelligence and Machine Learning while ensuring that trust and confidence are a top priority, whether through security or responsible use of technology. Since 1989, Rey has explored the world of information technology through the lens of software developer, open-source contributor, cybersecurity practitioner, and an advocate for the secure and responsible use of artificial intelligence for social good.

Every technical product is now incorporating machine learning at an explosive rate. But most people, even those with strong technical skills, don’t understand how it works, what its capabilities are, and what security risks come with it. In this workshop, we’ll make machine learning models using simple Python scripts, train them, and evaluate their worth. Projects include computer vision, breaking a CAPTCHA, deblurring images, regression, and classification tasks. We will perform poisoning and evasion attacks on machine learning systems, and implement deep neural rejection to block such attacks. No experience with programming or machine learning is required, and the only software required is a Web browser. We will use TensorFlow on free Google Colab cloud systems. All materials and challenges are freely available at samsclass.info, and will remain available after the workshop ends.

Links:
    Eventbrite Registration – 2024-07-07 12:00 US/Pacific – https://Bowne_DC32.eventbrite.com

People:
    SpeakerBio:  Elizabeth Biddlecome

Elizabeth Biddlecome is a consultant and instructor, delivering technical training and mentorship to students and professionals. She leverages her enthusiasm for architecture, security, and code to design and implement comprehensive information security solutions for business needs. Elizabeth enjoys wielding everything from soldering irons to scripting languages in cybersecurity competitions, hackathons, and CTFs.

SpeakerBio:  Irvin Lemus, Cyber Range Engineer at By Light IT Professional Services

Irvin Lemus, CISSP is a Cyber Range Engineer at By Light IT Professional Services, training military personnel through international cyber security exercises. Irvin has been in the field since 2006, involved with cybersecurity competitions since 2015 as a trainer, coach, and mentor. He also has taught IT and Cybersecurity courses at Coastline and Cabrillo Colleges. He is the BACCC Cyber Competitions Regional Coordinator, Board member at Pacific Hackers and is a speaker at DEFCON. He describes himself as, “A professional troublemaker who loves hacking all the things.”

SpeakerBio:  Kaitlyn Handelman, Offensive Security Engineer at Amazon

Kaitlyn Handelman is an offensive security engineer at Amazon. Her focus is cybersecurity in space. In addition to traditional penetration testing, Kaitlyn works on physical devices and RF signals. In her free time, she enjoys ham radio, astronomy, and her cat, Astrocat.

SpeakerBio:  Sam Bowne, Instructor at City College San Francisco

Sam Bowne has been teaching computer networking and security classes at City College San Francisco since 2000, and is the founder of Infosec Decoded, Inc. He has given talks and hands-on trainings at Black Hat USA, RSA, DEF CON, DEF CON China, HOPE, and many other conferences. Credentials: PhD, CISSP, DEF CON Black Badge Co-Winner

Malware continues to increase in prevalence and sophistication. VirusTotal reported a daily submission of 2M+ malware samples. Of those 2 million malware daily submissions, over 1 million were unique malware samples. Successfully exploiting networks and systems has become a highly profitable operation for malicious threat actors. Traditional detection mechanisms including antivirus software fail to adequately detect new and varied malware. Artificial Intelligence provides advanced capabilities that can enhance cybersecurity. The purpose of this workshop is to provide an immersive, hands on projects that teach security analysts how to train Machine Learning models to detect thousands and thousands of unique malware samples. This workshop delivers a new framework that uses Machine Learning models to analyze malware, produce uniform datasets for additional analysis, and classify malicious samples into malware families. Additionally, this research presents a new Ensemble Classification Facility we developed that leverages several Machine Learning models to enhance malware classification. To our knowledge, this is the first research that utilizes Machine Learning to provide enhanced classification of an entire 200+ gigabyte-malware family corpus consisting of 80K+ unique malware samples and 70+ unique malware families. New, labeled datasets are released to aid in future classification of malware. It is time we leverage the capabilities of Artificial Intelligence and Machine Learning to enhance detection and classification of malware. Topics taught through hands-on projects include Machine Learning, Natural Language Processing, and Deep Learning models. This workshop provides a pathway to incorporate Artificial Intelligence into the automated malware analysis domain.

Links:
    Eventbrite Registration – 2024-07-07 12:00 US/Pacific – https://Sonya_DC32.eventbrite.com

People:
    SpeakerBio:  Solomon Sonya, Computer Science Graduate Student at Purdue University

Solomon Sonya (@0xSolomonSonya) is a Computer Science Graduate Student at Purdue University. He earned his undergraduate degree in Computer Science and Master’s Degrees in Computer Science, Information Systems Engineering, and Operational Strategy. Solomon routinely develops new cybersecurity tools and presents research, leads workshops, and delivers keynote addresses at cyber security conferences around the world. Prior to attending Purdue, Solomon was the Director of Cyber Operations Training. Prior to that position, Solomon was a Distinguished Computer Science Instructor at the United States Air Force Academy, Research Scholar at the University of Southern California, Los Angeles, and an Adjunct Faculty Instructor with the Advanced Course in Engineering Cyberspace Security (ACE) at the Air Force Research Lab in Rome, NY.

Connected medical device and medical device security assessments utilize a varying and wide range of practices, from reverse engineering to hardware exploitation. If you have ever been curious about how to get started, this is the class for you. We will be covering how to get started in Adversarial Medical Device testing, tooling, tactics, exploits and certain bypasses to restrictions you may encounter during testing these devices. Use the tactics learned to exploit devices within the Device Lab!

Links:
    Eventbrite Registration – 2024-07-07 12:00 US/Pacific – https://Aguilar_DC32.eventbrite.com

People:
    SpeakerBio:  Alex Delifer

Alex is medical device testing sledgehammer. He is a DevSecOps guru for a large medical device company and cut his teeth building, maintaining and hacking medical devices.

SpeakerBio:  Michael Aguilar, Principle Consultant at Secureworks Adversary Group

Michael Aguilar (v3ga) is a Principle Consultant for Secureworks Adversary Group. He runs Adversary Simulation operations, Physical Security and Network/Web based assessments as well as Adversarial Medical Device Tests. When not doing computer things, he reads a lot and likes to run to de-stress. He is also an avid fan of playing guitar really fast and screaming at people.

Microsoft Configuration Manager, formerly SCCM (System Center Configuration Manager), is a powerful technology that has been used to deploy software to Windows systems in the majority of enterprise environments since it was released by Microsoft in 1994. Although SCCM has a high potential for abuse due to its privileged access to entire fleets of servers and workstations, it has not been heavily researched or leveraged by security professionals until recently, presumably due to the time-consuming installation process and learning curve. In this workshop, students will be provided access to a live environment that reflects an enterprise SCCM deployment, gain an understanding of how the different components of SCCM interact, and learn how to execute recently discovered attack primitives that can be used compromise SCCM clients, servers, and entire hierarchies. By completing both guided exercises and optional CTF challenges in this lab environment, students will learn how to demonstrate the impact of attack paths involving SCCM.

By the end of this workshop, participants will be able to: – understand the foundational concepts needed to attack and defend SCCM – understand SCCM defaults and configurations that can be abused – use SCCM to complete a realistic attack chain, including recon, privilege escalation, credential gathering, site takeover, and lateral movement – understand how to use offensive security tools to interact with SCCM, such as SCCMHunter, SharpSCCM, sccmwtf, PXEThief, and ntlmrelayx

To get the most out of this training, participants will benefit from reviewing the following resources, although they are not required: – Misconfiguration Manager (misconfigurationmanager.com) – System Center Configuration Manager Current Branch Unleashed, by Kerrie Meyler – Configuration Manager Terminology – Looking Inside Configuration Manager – Network Design – Client Management

This workshop is the second version of Flipping the Coin and features upgraded attack paths, and lab environments.

By the end of the workshop, attendees will:

1. Understand and perform common offensive attacks (supported by the Metasploit Framework) against Windows Domains, including:

   • Pass the Hash attacks;
   • gMSA Golden Attack;
   • ADCS abuse;
   • Common tunnelling techniques;
   • PrintSpoofer exploits;
   • LSASS exploitation (using Mimikatz);
   • AD enumeration (using BloodHound);
   • DACL abuse;
   • Kerberos golden tickets; and
   • DLL hijacking.

2. Understand the process of detecting attacks against Windows infrastructure, including how to design and implement their own detection rules based on attendees’ previous attacks, using:

   • Sigma/Yara rules.
   • Log ingestion/normalisation platforms, and query engines (e.g. ELK).

3. Understand and appreciate how the actions and processes of red and blue teams are interlinked, for the greater collective good.

Recommended (but not required) prior reading:

• https://nooblinux.com/metasploit-tutorial/
• https://posts.specterops.io/introducing-bloodhound-enterprise-attack-path-management-for-everyone-39cfd8d6eb7c
• https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/get-started/virtual-dc/active-directory-domain-services-overview
• https://socprime.com/blog/sigma-rules-the-beginners-guide/
• https://github.com/socprime/SigmaUI
• https://blog.netwrix.com/2021/11/30/how-to-detect-pass-the-hash-attacks/
• https://posts.specterops.io/certified-pre-owned-d95910965cd2
• https://www.elastic.co/guide/en/security/current/suspicious-print-spooler-point-and-print-dll.html

Much of the material and core concepts of the workshop remain the same from the DEF CON 31 workshop with some updated topics for DEF CON 32, including an updated environment, and gMSA attacks within the lab.

Since 2022, Chris, Duane, and Garrett have released a combined 8 blog posts and authored 3 tools (SharpSCCM, SCCMHunter, and Misconfiguration Manager) that demonstrate novel offensive techniques to abuse SCCM functionality.

Links:
    Eventbrite Registration – 2024-07-07 12:00 US/Pacific – https://Michael_DC32.eventbrite.com

People:
    SpeakerBio:  Chris Thompson, Principal Consultant at SpecterOps

Chris Thompson (@_Mayyhem) is a Principal Consultant at SpecterOps, where he conducts red team operations, research, tool development, and training. Chris has instructed at Black Hat USA/EU and spoken at Arsenal, DEF CON Demo Labs, SO-CON, and Troopers. He is the primary author of Maestro and SharpSCCM and co-author of Misconfiguration Manager, an open-source tool and knowledge base that can be used to help demonstrate, mitigate, and detect attacks that abuse Microsoft Configuration Manager (formerly SCCM).

SpeakerBio:  Duane Michael, Managing Consultant at SpecterOps

Duane Michael (@subat0mik) is a Managing Consultant at SpecterOps, where he conducts red team operations, penetration tests, research, course development, and training. Duane has instructed courses on red teaming and vulnerability research at BH USA/EU, NorthSec, and SO-CON. He has presented at Arsenal and DEF CON Demo Labs, contributes to various open source projects, and is a co-author of Misconfiguration Manager.

SpeakerBio:  Garrett Foster, Senior Consultant at SpecterOps

Garrett Foster (@garrfoster) is a Senior Consultant at SpecterOps, where he conducts red team operations, penetration testing, research, training, and course development. Garrett has presented at WWHF and BsidesPDX. Garrett is a the primary author of SCCMHunter and a co-author of Misconfiguration Manager.

Get ready for everything you always wanted to know about RFID, but were afraid to ask! The workshop will start with a basic introduction to Radio-frequency Identification (RFID) and build to a set of practical hands-on challenges. The workshop delves into the theory behind RFID, including different types and protocols (insecure vs. secure types), and how to perform an assessment. Several hands-on assignments will punctuate the theory portion, preparing participants for challenges (of increasing difficulty) on an RFID simulation device, all while participants obtain points for the CTF contest. The objective is to make this workshop fun and accessible to a wide audience. The RFID protocols discussed and in the challenges will be limited to HID and Mifare Classic Instructions and walkthroughs for three devices will be available in the workshop materials, including: * Proxmark3 * Flipper Zero * ACR122U ACR122U devices will be available from the instructor during the workshop.

Links:
    Eventbrite Registration – 2024-07-07 12:00 US/Pacific – https://kernelpaniek_DC32.eventbrite.com

People:
    SpeakerBio:  Vinnie “kernelpaniek” Vanhoecke, Senior Security Consultant at Bishop Fox

Vinnie Vanhoecke (OSCE, OSCP) is a Senior Security Consultant at Bishop Fox, where he focuses on web application assessments (static and dynamic), external and internal network penetration testing, and cloud security assessments. He also has extensive experience in red teaming and mobile application assessments for Android. As hobby he likes anything from space to nature, HAM radio, 3D printing and any other IT related topic. Vinnie holds a Bachelor of Computer Science with a Computer and Cybercrime Professional specialisation from Howest in Bruges, Belgium.

We’ve developed an interactive workshop for all those who want to learn secure coding practices and/or experience attacking with up-to-date technologies. We prefer simplicity: Attacks are performed with swagger and C# scripts, and exploit XSS, CSRF, SSRF, and SQLI. We’ll also steal secrets and cookies. Secure coding practices are summarized in an easy-to-remember acronym (PREVENT). Participants will transform RecipeRealm, a naive webapi+angular recipes repository, into a secure solution. Through the hands-on real-world coding exercises, we will cover dealing with a vulnerable third party, using the built-in defense mechanism of Angular, implementing antiCSRF mechanisms, coding a secure data layer, and how to protect a web API from being exploited to get information about our internal assets.

Links:
    Eventbrite Registration – 2024-07-07 12:00 US/Pacific – https://Sahar_DC32.eventbrite.com

People:
    SpeakerBio:  Or Sahar, Co-founder at Secure From Scratch

Or Sahar is a security researcher and the co-founder of Secure From Scratch. With two decades of experience in software development and security, she specializes in penetration testing, application security, and instructing on secure coding practices. Currently pursuing a second Master’s degree in computer science, Or Sahar holds a BSc in software engineering and is certified as an OSCE.

SpeakerBio:  Yariv Tal

Yariv Tal is a senior developer turned security researcher. He graduated Summa Cum Laude with a BSc in Software Engineering and is currently pursuing a Master’s degree in Computer Science. Yariv leverages his four decades of programming experience, university lecturing, and BootCamp mentoring to promote a “secure from scratch” coding philosophy.

In the unpredictable world of healthcare, the ability to respond effectively to emergencies and technology failures is paramount to ensuring patient safety and continuity of care. As hospitals and emergency rooms increasingly rely on technology to deliver critical services, it’s essential for all personnel to understand the complex interplay between technology, emergency response, and the potential cascading effects of failures. This immersive workshop is designed to equip participants with the knowledge and skills needed to navigate emergencies and technology failures in healthcare environments. Through a series of simulated scenarios encompassing various emergency situations and technology breakdowns, participants will explore the intricate challenges of maintaining operational resilience in the face of adversity. From power outages to cyberattacks, participants will learn how to identify, assess, and respond to emergencies with a focus on mitigating second and third-order consequences. Leveraging real-time data and insights from tools and techniques, participants will gain practical experience in detecting anomalies, coordinating response efforts, and minimizing disruption to patient care. Key Learning Objectives: Understand the complex interplay between technology, emergency response, and the potential cascading effects of failures in healthcare environments. Explore various emergency scenarios and technology failures, including power outages, cyberattacks, and system malfunctions. Gain practical experience in assessing the impact of emergencies and technology failures on patient care and operational continuity. Learn how to use the available tools for real-time monitoring, detection, and response to security incidents and technology failures. Discuss strategies for mitigating second and third-order consequences of emergencies and technology failures, including communication, collaboration, and contingency planning.

Links:
    Eventbrite Registration – 2024-07-07 12:00 US/Pacific – https://Case_DC32.eventbrite.com

People:
    SpeakerBio:  Isabel Straw, MD

UK Emergency Doctor, Artificial intelligence in Health PHD & Cybersecurity Researcher, Fulbright & Thouron Alum (Global Health Scholar)

SpeakerBio:  Jorge Acevedo Canabal, Adjunct Professor at University of Puerto RicoMD

Physician, Adjunct Professor at University of Puerto Rico with Research in Natural Disaster Recovery, Emerging Healthcare Crises, Cyber Resiliency, and Vulnerable Populations (rare genetic disease, extremes of human life-span)

SpeakerBio:  Nathan Case

CISO, CTO, Incident Responder, Tinkerer, and Dumpster fire guru

Before the Training: Attendees are expected to have a basic understanding of programming concepts and syntax in a programming language such as JavaScript, Python, Go, or C#/Java. While familiarity with common security vulnerabilities (e.g., OWASP Top 10) is beneficial, it is not a prerequisite.To ensure a smooth and productive experience, participants should come equipped with a laptop that has administrative access for software installation. A pre-training checklist, including software installation guides (Semgrep and a preferred text editor/IDE), will be provided to all registered attendees to prepare them for the workshop.
Participants will: – Gain an understanding of SAST and its importance in the AppSec ecosystem. – Learn to navigate Semgrep’s rule syntax and create custom rules tailored to their specific security needs. – Engage in hands-on exercises to apply Semgrep on real-world code snippets and projects, enhancing their learning through practical application. – Explore the Semgrep Playground for testing and refining rules in an interactive environment. – Delve into advanced Semgrep features and techniques for a comprehensive security strategy. – Understand how Semgrep findings can be leveraged for LLM-based code analysis, taking code security to the next level.
Supercharge SAST: Semgrep Strategies for Secure Software” is a meticulously designed workshop aimed at introducing participants to the world of Static Application Security Testing (SAST) through the lens of Semgrep, a cutting-edge tool that combines the simplicity of syntax with the power of complex analysis.
Technical Level and Tools Used: This workshop is tailored for beginner to intermediate skill levels, focusing on practical, actionable insights that participants can immediately apply to their projects. The primary tool used will be Semgrep, supplemented by the Semgrep Playground for online rule testing. Instructions for installing necessary software and accessing online resources will be provided ahead of the workshop.
What You Will Learn: This workshop is structured to guide attendees from the foundational concepts of SAST and application security to the practical application of Semgrep for identifying and mitigating security risks in codebases.
Links:
    Eventbrite Registration – 2024-07-07 12:00 US/Pacific – https://Gopalakrishna_DC32.eventbrite.com

People:
    SpeakerBio:  Arjun Gopalakrishna, Senior Software Security Engineering Manager, Azure Security at Microsoft

Arjun Gopalakrishna is a Senior Software Security Engineering Manager in Azure Security with more than a decade of experience at Microsoft. His work has been instrumental in fortifying Microsoft’s Azure platform against a myriad of cyberthreats. His expertise lies in developing and implementing robust security measures to protect cloud-based systems and data. Arjun has presented at DEFCON in 2021, in addition to numerous security talks internally at Microsoft. Arjun’s commitment to continuous learning and development, coupled with his passion for cybersecurity, continues to drive his contributions to the field.

SpeakerBio:  Gautam Peri, Senior Security Engineer, EPSF SERPENT Team at Microsoft

Gautam Peri is a Senior Security Engineer in EPSF SERPENT (Service Pentest) team at Microsoft. He has over 8 years of experience as a security professional in multiple organizations including Microsoft and Citibank N.A. He started his career as a software developer and became a security professional. Currently, Gautam focuses on securing in Azure Edge & Platform & Devices services at Microsoft. He is passionate about identifying vulnerabilities at scale. Gautam presented at multiple internal events and got accepted to OWASP BASC (Boston Application Security Conference) 2024. Gautam holds CISSP & GCPN certifications, he is committed to continuous learning and development and drives internal knowledge share events.

SpeakerBio:  Marcelo Ribeiro, Senior Offensive Security Engineer in Azure Security at Microsoft

Marcelo Ribeiro is a Senior Offensive Security Engineer in Azure Security with over 20 years of experience in various organizations, including Microsoft, IBM, and the Brazilian Navy. As a former Navy Officer, Marcelo was instrumental in establishing the Brazilian Navy’s Cyber Security capacity. He also played a pivotal role in building IBM’s DFIR (Digital Forensics and Incident Response) practice in Latin America. Currently, Marcelo focuses on enhancing the security of Microsoft’s Azure platform against the constantly evolving cyber threats landscape. Always seeking new challenges, Marcelo’s commitment to learning keeps his passion for cybersecurity alive. Marcelo holds several certifications, including CISSP, CISM, OSCP, CEH, GXPN, GPEN, GWAPT, GAWN, GPYC, GREM, GISP, GICSP, GRID, GNFA, GCIH, GCIA, GSEC, and MCSE, among others. In 2023, Marcelo was inducted into the EC-Council’s CEH Hall of Fame in recognition of his outstanding career achievements.

Code obfuscation is fast becoming a normal part of modern Windows malware. Pioneered by Emotet and popularized by the Conti ransomware leaks, we now see even simple credential stealers using commercial grade code virtualization! The solution… if you can’t reverse it, just run it! In this workshop we will cover different tracing techniques that can be used to bypass and extract information from protected code. The workshop is divided into modules covering tracing with x64dbg, dynamic binary instrumentation with PIN, and API tracing with DTrace. A challenge binary is provided with each module for students to practice and the final challenge is a real world malware sample that has been virtualized. This workshop is aimed at reverse engineers and malware analysts who have experience analyzing malware and are comfortable with debugging in userland. If you don’t have experience with malware but you do have a few hours behind the debugger you should have no problem completing the workshop. Students must bring a laptop/workstation capable of running a Windows Virtual Machine (VM) and a preinstalled Windows 10 (64bit) 20H1(or later) VM with at least 50G of free space. You will be provided with detailed tools installation and setup instructions prior to the workshop

Links:
    Eventbrite Registration – 2024-07-07 12:00 US/Pacific – https://Frankoff_DC32.eventbrite.com

People:
    SpeakerBio:  Sean , Co-founder at OpenAnalysis

Sean, a co-founder of OpenAnalysis Inc., splits his time between reverse engineering, tracking malware and building automated malware analysis systems. Sean brings over a decade of experience working in a number of incident response, malware analysis and reverse engineering roles.

SpeakerBio:  Serrgei Frankoff, Co-founder at OpenAnalysis

Sergei is a co-founder of OpenAnalysis Inc. When he is not reverse engineering malware Sergei is focused on building automation tools for malware analysis, and producing tutorials for the OALABS YouTube channel. With over a decade in the security industry Sergei has extensive experience working at the intersection of incident response and threat intelligence.

DLL Loading is one of the most important parts of the Windows system. When you install, run, use, or hack a system, you will always use DLL. This DLL mechanism has been exploited for several years for malware development through several techniques : DLL injection, DLL sideloading, Reflective DLL but do you really know how Windows is loading a DLL ? Do you know how it links all sections ? Which structures are used to store internally ? How does it resolve dependencies ? And are you able to design your own Perfect DLL Loader that fully integrate with the WIN32API? In this workshop, you will lose you sanity and dive into the Windows DLL mechanism. Armed with your decompiler and your brain, step by step, you will build your own (almost) Perfect DLL loader. You will try to load from the simple AMSI.DLL to the most complexe WINHTTP.DLL. At each step, you will dive deeper into the Windows DLL Loader and the Windows Internals. Malware developers, you will be able to use this code as a PE loader that never failed me for the last years and a DLL loader that does not raise the LoadImage kernel callback you can use on your own C2 beacon. WARNING: while this is a windows internal DISCOVERY discovery course, it is still a HIGHLY TECHNICAL workshop. You should have some entry-level knowledge on Windows systems, C programing and reverse engineering to fully enjoy the workshop. It is expected from the student to bring a laptop with either a Windows 10 or Windows 10 VM, a C compiler (Mingw or MSVC), a decompiler (IDA Free or Ghidra), the WinDBG debugger and the Sysinternals suite. I will personally use the following toolchain : WIN10, MSVC, IDA, WinDBG Preview.

Links:
    Eventbrite Registration – 2024-07-07 12:00 US/Pacific – https://Dequeker_DC32.eventbrite.com

People:
    SpeakerBio:  Yoann Dequeker, Red Team Operator at Wavestone

Yoann Dequeker (@OtterHacker) is a red team operator at Wavestone entitle with OSCP and CRTO certification. Aside from his RedTeam engagements and his contributions to public projects such as Impacket, he spends time working on Malware Development to ease beacon deployment and EDR bypass during engagements and is currently developing a fully custom C2. His research leads him to present his results on several conferences such as LeHack (Paris), Insomni’hack (Swiss) or even through a 4-hour malware workshop at Defcon31 (Las Vegas). All along the year, he publishes several white papers on the techniques he discovered or upgraded and the vulnerabilities he found on public products.

Gain experience popping root shells on real world web applications and taking your hacking skills to the next level. Students will learn accessible and powerful vulnerability discovery techniques to identify, exploit and chain vulnerabilities for root shells. Getting hands-on experience using free and widely available Linux utilities to debug and dynamically monitor applications, to more effectively discover and exploit vulnerabilities. Using a whitebox approach students will rapidly discover and exploit non-trivial bugs. A progressive hint system will be used during the labs to incrementally reveal step-by-step progressions of each exploit exercise in case students are stuck or fall behind. Course Objectives: –Students will gain hands-on experience analyzing and developing exploits for real world application vulnerabilities. –Students will learn how to discover vulnerabilities and subsequently weaponize them in an exploit chain to spawn remote shells on application servers. –Students will gain experience using open source linux tools like strace and tcpdump to analyze application behavior and isolate vulnerabilities. –Students will gain experience weaponizing web application vulnerabilities and writing exploits Upon Completion of this training, attendees will know: –How to identify situations where openbox application vulnerability assessments are appropriate and how to leverage this powerful context. –How to utilize openbox penetration testing methodologies to achieve more thorough and effective assessments. –How to leverage vulnerability chaining to assemble multiple medium criticality findings into a single remote root exploit.

Links:
    Eventbrite Registration – 2024-07-07 12:00 US/Pacific – https://Joshi_DC32.eventbrite.com

People:
    SpeakerBio:  Cale Smith, Amazon

Cale Smith is a nerd who loves both building but also breaking, so he can get better at building. He is passionate about understanding how anything and everything works, improving security along the way is just a bonus. Also, he is passionate about sharing his passion and created this course to pass along some of the more accessible techniques he has picked. His professional career originated exclusively as a builder, but has been focusing on the security and breaking side for the last 15 years. During that time he has dabbled in the web weenie life, cloud, binary, IoT and mobile most recently. Currently he manages a device oriented AppSec team at Amazon. While AFK he is probably riding a bike or climbing rocks.

SpeakerBio:  Priyanka Joshi, Security Engineer, Ring AppSec at Amazon

Priyanka Joshi started her career through the academic path of computer engineering followed by a masters degree in information security. Her learning journey truly began doing security engineering in the industry. She discovered her passion in the identity space during her first software security engineer job at an ancient mid sized company. There she focused on research, development, maintenance and security testing of OAuth2.0/OpenID implementations for over two years. In her current appsec engineer role at Amazon, she enjoys working on secure design assessments, bug bounty triage and fix validation, consults and security testing of web services. Outside of work, she enjoys hiking, sketching, music, watching anime and reading manga.