DEF CON Paid Training

2 day training sessions on the Mon and Tue after DEF CON. There will be an additional cost for these.

DEF CON All Paid Training Forum page




Defender's Guide to Securing Public Cloud Infrastructures - Abhinav Singh

Paid Training DC Forum Page


Abhinav Singh - Defender's Guide to Securing Public Cloud Infrastructures
Latest details, requirements, description, cost: https://defcontrainings.myshopify.co...nfrastructures

Training description:

This training focuses on elevating your threat detection, investigations, and response knowledge into the cloud. This hands-on training simulates real-life attack scenarios on cloud infrastructure & applications. It then teaches you to build your own defensive tools against such attacks by using cloud native services on AWS. This makes it an ideal class for red & blue teams.



Course overview:

*IAM*
- Introduction to IAM attack surface.
- Enumerating IAM Permissions for privilege escalations.
- Advance privilege escalation using policy chaining and evading scanning tools.
- Post Infection attack TTPs.


*Security Analytics & Automation at cloud scale*
- Using cloudtrail logs for investigation and Athena for querying.
- Automating athena queries for continuous assessment.
- Building highly scalable, multi-account logging and monitoring infrastructure in AWS.
- Establishing an alerting pipeline.


*Malware detection and investigation on/for cloud infrastructure*
- Quick Introduction to cloud infrastructure security.
- Building clamAV based static scanner for S3 buckets using AWS lambda.
- Integrating serverless scanning of S3 buckets with yara engine.
- Building signature update pipelines using static storage buckets to detect recent threats.
- Malware alert notification through SNS and slack channel.
- Adding advanced context to slack notification for quick remediation.
- Exercise on simulating a malware infection in AWS and building an automated detection & alerting system.

*Forensic Automation for Cloud infrastructure*
- Building an IR 'flight simulator' in the cloud.
- Creating a step function rulebook for instance isolation and volume snapshots.
- lambda functions to perform instance isolation and status alerts.
- Building forensic analysis playbook to extract key artifacts, run volatility and build case tracking.
- Automated timeline generation and memory dump.
- Storing the artifacts to S3 bucket.


Takeaways for the students after completing the class:

* Use cloud technologies to detect & build automated response against IAM attacks.
* Understand and mitigate cloud native pivoting and privilege escalation and defense techniques.
* Use serverless functions to perform on-demand threat scans.
* Deploy containers to deploy threat detection services at scale.
* Build notification services to create detection alerts.
* Analyze malware-infected virtual machines to perform automated forensic investigations.
* Define step functions to implement automated forensic artifacts collection for cloud resources.
* Build cloud security response playbooks for defense evasion, persistence and lateral movements.

Student skill level:

Advanced.

- Basic understanding of AWS.
- System administration, linux cli, AWS cli.
- Able to write basic programs in python.
- Familiarity with SQL and KQL queries will be a plus.

What should students bring to the Training?:

- System with 4 GB RAM and ability to install OpenVPN client and RDP to Windows boxes.
- Privileges to disable/change any antivirus or firewall.

Bio:

Abhinav Singh is a cybersecurity researcher with close to a decade long experience working for global leaders in security technology, financial institutions and as an independent trainer/consultant. He is the author of Metasploit Penetration Testing Cookbook (first, second & third editions) and Instant Wireshark Starter, by Packt. He is an active contributor to the security community in the form of patents, open-source tools, paper publications, articles, and blogs. His work has been quoted in several security and privacy magazines, and digital portals. He is a frequent speaker at eminent international conferences like Black Hat, RSA & Defcon. His areas of expertise include malware research, reverse engineering, enterprise security, forensics, and cloud security.

Previous Trainings:

2022: Hack In Paris, Insomnihack, x33fcon, Troopers.

https://hackinparis.com/trainings/#t...ructure-2-days
https://insomnihack.ch/workshops-2022/
https://www.x33fcon.com/#!t/aws.md

2021: Blackhat EU, Troopers, Hack In the Box.

https://www.blackhat.com/eu-21/train...tructure-24306

DATE:Aug 15th to 16th 2022

TIME:9am to 5pm PDT

VENUE:Caesars Forum Ballroom

TRAINER:Abhinav Singh

CERTIFICATE TEST AVAILABLE (after class) Please purchase Certificate test

- 16 hours of training with a certificate of completion for some classes
- COVID safety: Masks required for indoor training
- Note: Classes that do not meet their minimum class size by July 15 will be canceled, please register early
- Note: Food is NOT included


Pragmatic API Exploration - Aubrey Labuschagne (William) & Marianka Botes

Paid Training DC Forum Page


Aubrey Labuschagne (William) & Marianka Botes - Pragmatic API Exploration
Latest details, requirements, description, cost: https://defcontrainings.myshopify.co...pi-exploration


Training description:

The use of Application Programming Interfaces (APIs) have become ubiquitous as business expose and consume services.

Therefore, the threat landscape of organizations increases with the adoption of APIs. The content of the course creates awareness around the various attack vectors used targeting APIs and provides actionable mitigation strategies.

The aim of this course is to empower you to conduct a risk assessment of an API. This hands-on course covers API basics, setting up a test environment, API threat model, API protocols and architectures, typical vulnerabilities, enumerating an attack surface and best practices around security.

Moreover, it focuses on gaining practical experience of the OWASP Top 10 for APIs. In addition, you would be gaining practical experience on exploiting typical vulnerabilities on RESTful (REST) APIs and GraphQL. The course concludes with a capture the flag (CTF) to apply knowledge gained during the course.

Course overview:



This course consists of 6 High level Modules, +-26 Key concepts and +-30 Practicals.

Learning take-aways:
* Understanding the usage and business context around APIs
* Set up and create the adequate testing environment and configuration
* Assess and analyse real world API’s with industry leading methodologies

Below is the outline based on the 6 Modules and the 26 sub-modules as well as an indication where the practicals fit into the course flow.

Module 1: Introduction To API
* What is an API?
* The API ecosystem
* Threat model of an API
* Review of code representing an API endpoint

Practical 1 – What to do with APIs:
This practical engages candidates to look for open APIs and how they could use at least threee APIs withinin a ficticoinal scenario business / operational environment.

Module 2: Engaging with the Target API:
*Setup and configure Postman, cURL and Burp to connect to target API
*Demonstrate the various HTTP headers
*Interacting with Swagger
*Demonstrate the various HTTP methods
*Discuss the use of JWT for authetnication

Practical 2 – Abusing a JWT :
The practical would focus on creating a JWT to authenticate against an endpoint. In addition, the cracking of a JWT to target weak encryption protocols. Lastly how to resign the JWT and use with subsequent abuses.

Module 3: Enumerate API Attack Surface:
*Creating wordlists to enumerate endpoints
*Fuzzing endpoints to identify hidden endpoints
*Use of tools to create wordlists

Practical 3 – Using cewl and mentalist to create a wordlist:
The identification of endpoints are ciritical to enumerate the attack surface of APIs. This practical demonstrates the use of tools to create custom wordlists.

Module 4: Demystify the OWASP Top 10 for API:
Candidates would be exposed to the most common vulnerabilities targeting APIs. These vulnerabilities would be put into context through the use cases and allow candidates to perform the attack to get a better understanding. The focus would also be on identiifying mitigation strategies to address the risk.

*Unpack the OWASP Top 10 for APIs
*Analyze the vulnerability: Broken Object Level Authorization
*Analyze the vulnerability: Broken User Authentication
*Analyze the vulnerability: Broken Function Level Authorization
*Analyze the vulnerability: Excessive Data Exposure
*Analyze the vulnerability: Lack of Resources & Rate Limiting
*Analyze the vulnerability: Mass Assignment
*Analyze the vulnerability: Security Misconfiguration
*Analyze the vulnerability: Injection
*Analyze the vulnerability: Improper Assets Management
*Analyze the vulnerability: Insufficient Logging & Monitoring

Practical 4 – Getting to know the top vulnerabiliites for APIs :
The practicals are part of the module decribing each vulnerability. The use cases were developed to practically demonstrate each vulnerability and give the candidate opportunity to experience each vulnerability. This in turrn would create awareness on how to test for each of these vulnerabilites.
*Practical review of Use Case: Unauthorized Enumeration and Viewing
*Practical review of Use Case: Insecure JSON Web token (JWT) configuration
*Practical review of Use Case: Weak password complexity
*Practical review of Use Case: Authentication susceptible to brute force attack
*Practical review of Use Case: OTP Bypass
*Practical review of Use Case: Escalate Privileges to gain Administrative Access
*Practical review of Use Case: API Response contains Unfilter Data
*Practical review of Use Case: API Response contains Unnecessary Data
*Practical review of Use Case: Impact of Zipbombing
*Practical review of Use Case: Rate Limiting - Abuse Number of Calls to End Point
*Practical review of Use Case: Rate Limiting Enabled
*Practical review of Use Case: Privilege Escalation
*Practical review of Use Case: HTTP OPTIONS Method Enabled
*Practical review of Use Case: Verbose Error Messages
*Practical review of Use Case: Outdated Application Servers
*Practical review of Use Case: Overly permissive Cross-Origin resource sharing (CORS)
*Practical review of Use Case: SQL Injection
*Practical review of Use Case: XXE Injection
*Practical review of Use Case: Command Injection
*Practical review of Use Case: Ennumerate API to identify deprecated endpoints
*Practical review of Use Case: No authentication required to acces endpoint
*Practical review of Use Case: Logging of data
*Practical review of Use Case: Logs containing sensitive data
*Practical review of Use Case: Logs does not have sufficient data

Module 5: Exploring GraphQL from a security perspective:
*Introduction to GraphQL
*Describing the various vulnerabilities associated with GraphQL
*Discuss various techniques to secure GraphQL

Practical 5 – Introspection for the Win

Candidates would be provided with an endpoint to explore the various vulnerabilities. This includes:
• Abuse the default configuration for GraphQL could expose the supported schema and queries.
• Explore the impact of IDORs to gain access to information within the context of GraphQL.

Module 6: Capture the Flag:
The course concludes with candidates participating in a capture the flag where secret documents of a target company needs to be found. The candidates would use knowledge acquired during the course to apply this and exploit vulnerabilities within the exposed API.



Takeaways for the students after completing the class:

* Understanding the usage and business context around APIs
* Set up and create the adequate testing environment and configuration
* Assess and analyze real world API’s with industry leading methodologies

More Details:
* 2-day course
* 60% practical and 40% theoretical
* Real-world attacks and methodologies
* CTF at the end of the course
* Delivered by active penetration testers and red team members




Student skill level:

Beginner Level
This is a beginner course in penetration testing of APIs. No security related experience is required but a technical understanding of computers, networks, Linux and Windows are a must.

Please ensure you are comfortable with the Linux command line before enrolling for this course. The students will be executing some commands from the command line when executing cURL to interact with the APIs.



What should students bring to the Training?:

You should bring a laptop with a working modern browser like Firefox or Chrome to access the APIs.
Ensure cURL ( https://curl.se/ ), Postman ( https://www.postman.com/ ) and Burp ( https://portswigger.net/burp ) are installed as these tools would be used to interact with the APIs.


Bios:

Aubrey is a security analyst at SensePost. Over the years he has had many roles which included project management, product management, development, training and being a security analyst. Interest for security grew from emergence into information warfare. His hobbies include the development of sensor centric platforms. He has a big passion for training and has completed his masters on how to improve the effectiveness of security awareness programs. He currently holds several certifications which include OSCP, ECSA and ISO 27032 certifications.

Marianka is a security analyst for the SensePost team at Orange Cyberdefense. She studied Information Technology at the North-West University (Pukke) in South Africa and has a big passion for hacking. In her off time she will study up some Dad jokes or find the best places to order chicken wings.

Trainer(s) social media links:
@sensepost_train
@cyber_protect
@mariankabotes

DATE:Aug 15th to 16th 2022
TIME:9am to 5pm PDT
VENUE:Caesars Forum Ballroom
TRAINERS:Aubrey Labuschagne (William) & Marianka Botes

CERTIFICATE TEST AVAILABLE (after class) Please purchase Certificate test

- 16 hours of training with a certificate of completion for some classes
- COVID safety: Masks required for indoor training
- Note: Classes that do not meet their minimum class size by July 15 will be canceled, please register early
- Note: Food is NOT included




TCP/IP Deep Dive for Ethical Hackers – Featuring Wireshark - Chris Greer

Paid Training DC Forum Page


Chris Greer - TCP/IP Deep Dive for Ethical Hackers – Featuring Wireshark
Latest details, requirements, description, cost: https://defcontrainings.myshopify.co...ring-wireshark


Training description:

Almost every attack, intrusion, scan, and exfiltration involves the TCP protocol at some point. Whether we are hacking a system and need to better understand how networks/systems are enumerated and IDS’s do their thing, or we are defending our domain from a botnet attack, a deep understanding of the TCP protocol will help us do our jobs better and faster. In this course, get ready to go deep into TCP. We’re going to rip open pcaps with Wireshark and learn how this protocol really works. Don’t worry, there is FAR more to learn past the three-way handshake! We will learn how the MSS works, receive windows, selective acknowledgements, retransmissions, and much, much more! We will examine how TCP scan, OS enumeration, exfiltration, and C2 traffic looks on the wire, and how TCP fields can help us to filter for it fast. This will be an action-packed, hands-on course for Wireshark beginners as well as seasoned pros who want to pick up some new tricks. There is something for all experience levels in this course, although it will be targeted to the early-intermediate cybersecurity professional.

Course overview:

Day 1 – Each topic has a hands-on lab

Core Wireshark Concepts
The OSI Model and Protocol Headers
Capture Methods in a switched environment –Configuring a ring buffers with dumpcap
Configuring a Hacking Profile in Wireshark
Creating Custom Columns and Display filters
Core Protocols
ARP / IP / ICMP / DHCP / DNS Overview
TCP Analysis – This will spill to Day 2
The Handshake and Options
Sequence and Acknowledgement
SACK and Dup Acks
Resets and Fins – how connections are torn down
What Firewalls and IDS look for – War Stories
Analyzing Attack Traffic – Threat Hunting
Packets and the MITRE ATT&CK framework
Configuring GeoIP
Catching an NMAP scan – Stealth, Null, Xmas, and Connect
How OS Enumeration works and how to catch it
Analyzing Malware Behavior on the Wire – Trickbot, Emotet and more

Student skill level:

This is an intermediate course that will not leave the beginner behind. The labs are also designed so more experienced users will not get bored. There will be CTF-style questions to keep them busy.



What should students bring to the Training?:

a laptop with a recent copy of Wireshark from wireshark.org.


Bio:

Chris Greer is a Packet Head. He is a Packet Analyst and Trainer for Packet Pioneer, a Wireshark University partner, and has a passion for digging into the packet-weeds and finding answers to network and cybersecurity problems. Chris has a YouTube channel where he focuses on videos showing how to use Wireshark to examine TCP connections, options, and unusual behaviors, as well as spotting scans, analyzing malware, and other IOC’s in the traffic. His approach to training is that if you aren’t having fun doing something, you won’t retain what you are learning, so he strives to bring as much hands-on and humor to the classroom as possible. Chris remembers what it was like to look at Wireshark for the first time, and knows how complicated packet analysis can be. With that in mind, he has designed an easy-to-follow course that will appeal both to the beginner and more advanced Packet Person.

Trainer(s) social media links:

https://twitter.com/packetpioneer
https://www.youtube.com/c/ChrisGreer
https://www.linkedin.com/in/cgreer/


Previous Trainings:

TCP Fundamentals (from Sharkfest – Approx 120 attendees) - https://youtu.be/xdQ9sgpkrX8
TCP Congestion Control Explained- Advanced TCP Concepts - https://youtu.be/LNeZZZ_oslI
Analyzing NMAP with Wireshark - https://youtu.be/RxoQTV74s1c


DATE:Aug 15th to 16th 2022
TIME:9am to 5pm PDT
VENUE:Caesars Forum Ballroom
TRAINER:Chris Greer

- 16 hours of training with a certificate of completion for some classes
- COVID safety: Masks required for indoor training
- Note: Classes that do not meet their minimum class size by July 15 will be canceled, please register early
- Note: Food is NOT included



Zero 2 Emulated Criminal: Intro to Windows Malware Dev - Dahvid Schloss

Paid Training DC Forum Page


Dahvid Schloss - Zero 2 Emulated Criminal: Intro to Windows Malware Dev
Latest details, requirements, description, cost: https://defcontrainings.myshopify.co...-malware-dev-1


Training description:
Step up your emulated criminal game with a practical, hands-on introduction to malware development. Join a prior US Special Operations Cyber Operator to learn the building blocks and techniques used in real-world malware variants.
You don’t need fancy, expensive tools to get a C2 implant executed while evading antivirus. You need basic knowledge, ingenuity, and elbow grease.
In this course, we don’t cut corners. You will learn by doing, not by copying and pasting with modules and labs that will give you the ability to deviate and improvise on your very first malware variants in C++, even if you have no prior C++ experience.
Where this course differs from others is its reduced need for prior knowledge, and enhanced emphasis on hands-on learning.
By the end of the course, you will understand and be able to implement:
- Techniques to use the native Win32 API for adversarial tactics, enhancing stealth and offensive efficiency
- Maintaining data/shellcode integrity while using multiple ciphers for obfuscation and encryption
- Modular antivirus evasion techniques that will remain useful through your pen testing career

Student skill level:
Beginner.
Will be programming in C++ and Python but will not need to have knowledge in either, just an understanding of how programming languages work (e.g., if, then, else, loops, etc.).

What should students bring to the Training?:
A laptop that can run two virtual machines concurrently
Machine 1: Windows 10 machine w/ Visual Studio 19
Machine 2: Linux machine (Kali preferred) with Metasploit and Mythic
Downloads can be available from a shared folder
Bio:
Dahvid is the Offensive Security Lead at Echelon Risk + Cyber. As an experienced professional with over 12 years of cyber-attack and defense experience, Dahvid has previously worked as a Red Team Operator with a Big 4 consulting firm leading and conducting Adversarial Emulation exercises. He also served in the military, leading, conducting, and advising on special operations offensive cyber operations. He has a wide background in cyber security including logical, social, and physical exploitation as well as leading malware development enabling c2 execution while evading endpoint detection solutions.
DATE:Aug 15th to 16th 2022
TIME:9am to 5pm PDT
VENUE:Caesars Forum Ballroom
TRAINER:Dahvid Schloss

CERTIFICATE TEST AVAILABLE (45 minutes after class) Please purchase Certificate test
- 16 hours of training with a certificate of completion for some classes
- COVID safety: Masks required for indoor training
- Note: Classes that do not meet their minimum class size by July 15 will be canceled, please register early
- Note: Food is NOT included



Customizable Binary Analysis: Using angr to its full potential - Fish Wang & Audrey Dutcher

Paid Training DC Forum Page


Fish Wang & Audrey Dutcher - Customizable Binary Analysis: Using angr to its full potential
Latest details, requirements, description, cost: https://defcontrainings.myshopify.co...full-potential


Training description:

One of the most badass skills a hacker can possess is the ability to find and pwn vulnerabilities in binary software. This is enabled by a long history of complex tools: OllyDBG, SoftICE, IDA Pro, Binary Ninja, and now: angr. Built using cutting-edge techniques straight out of research labs around the world, angr enables analysts to swiftly carry out advanced reasoning over software to understand complex code and find the juicy hidden vulnerabilities within. While angr is arguably one of the most user-friendly binary analysis frameworks available on the market, it is never an easy task to use it to its full potential, especially when facing less common architectures (such as PowerPC), niche operating environments (bare-metal binaries or embedded architectures), or unique tasks (e.g., binary code optimization, exploit generation, efficient vulnerability discovery, etc.). To assist users, especially medium-level and professional reverse engineers to effectively and efficiently use angr in their daily work, we designed this two-day course focusing on the use of non-trivial capabilities that angr offers, as well as customizing angr’s advanced analyses for users’ needs. This course is extremely practical and hands-on: Besides a five-hour lecture, core angr developers will guide students to solve over ten specially crafted problems with angr. This course will focus on Linux userspace binaries (x86-64 and ARM), Windows userspace binaries (x86-64), and firmware images (ARM). After completing this course, students will master practical angr skills that will help them reverse engineer userspace binary programs and assess them for defects and vulnerabilities.



Student skill level:

Advanced.

- Have knowledge on reverse engineering embedded systems/software.
- Know and understand common types of software defects, including memory corruption,
command injection, etc. and vulnerabilities caused by these types of defects.
- Be able to use Linux and command line tools on Linux.
- Be able to read x86-64 assembly. Optionally, be able to read ARM assembly.
- Achieve proficiency in Python 3.


We would recommend a knowledge of x86 assembly and basic reverse engineering skills (think,
100-point binary reversing in CTF). We would also recommend students to familiarize themselves with Python 3 programming. Finally, we would recommend students to obtain some basic understanding of angr from reading online materials or working on angr-CTF on GitHub. Note that this is not an entry-level binary reverse engineering course. We do not recommend this course to students who have never attempted binary reverse engineering in the past.



What should students bring to the Training?:

- laptop with a web browser. We will provide the rest.
For students who prefer a native install of all tools, we would recommend students to use
Ubuntu >= 18.04 either natively or in a VM. Optionally, students may work on Windows or
MacOS, but most of our challenge binaries will be for Linux only.



Bios:

Fish Wang is an Assistant Professor at Arizona State University. He is extremely interested
in demystifying all sorts of binary code, and his main research interests are software vulnerability discovery, automated exploit generation, and binary decompilation. Fish is a co-founder and a core maintainer of angr.


Yan: Yan Shoshitaishvili is an Assistant Professor at Arizona State University, where he pursues parallel passions of cybersecurity research, real-world impact, and education. His research focuses on automated program analysis and vulnerability detection techniques. Aside from publishing dozens of research papers in top academic venues, Yan led Shellphish’s participation
in the DARPA Cyber Grand Challenge, achieving the creation of a fully autonomous hacking system that won third place in the competition.
Underpinning much of his research is angr, the open-source program analysis framework created by Yan and his collaborators. This framework has powered hundreds of research papers, helped find thousands of security bugs, and continues to be used in research labs and companies around the world. When he is not doing research, Yan participates in the enthusiast and educational cybersecurity communities. He is a Captain Emeritus of Shellphish, one of the oldest ethical hacking groups in the world, and a founder of the Order of the Overflow, with whom he ran DEF CON CTF, the
“world championship” of cybersecurity competitions, from 2018 through 2021. Now, he helps demystify the hacking scene as a co-host of the CTF RadiOOO podcast and forge connections between the government and the hacking community through his participation on CISA’s Technical Advisory Council. In order to inspire students to pursue cybersecurity (and, ultimately,
compete at DEF CON!), Yan created pwn.college, an open practice-makes-perfect learning platform that is revolutionizing cybersecurity education for aspiring hackers around the world.


Matt: Matt is passionate about building intuitive systems to solve real problems. He is an
Arizona State University alum, with a history in low-level system software/firmware development, program analysis, full-system emulation, graphics, audio, networking, and beyond. Matt contributes both professionally and as a personal interest to multiple open source projects,
and is driven to delivering solutions to advance the state of the art in program analysis.


Audrey: Audrey is a PhD student at Arizona State university. She loves reverse engineering, fruit, Celeste (2018), Python, Rust, and symbolic execution.


Trainer(s) social media links:
Fish: @ltfish_
Yan: @zardus
Matt: @MattBorgerson
Audrey: @rhelmot

DATE:Aug 15th to 16th 2022
TIME:9am to 5pm PDT
VENUE:Caesars Forum Ballroom
TRAINERS:Fish Wang & Audrey Dutcher

CERTIFICATE TEST AVAILABLE (after class) Please purchase Certificate test

- 16 hours of training with a certificate of completion for some classes
- COVID safety: Masks required for indoor training
- Note: Classes that do not meet their minimum class size by July 15 will be canceled, please register early
- Note: Food is NOT included




A Practical Approach to Breaking & Pwning Kubernetes Clusters - Madhu Akula

Paid Training DC Forum Page


Madhu Akula - A Practical Approach to Breaking & Pwning Kubernetes Clusters
Latest details, requirements, description, cost: https://defcontrainings.myshopify.co...netes-clusters


Training description:

The adoption of Kubernetes use in production has increased to 83% from a survey by CNCF. Still, most security teams struggle to understand these modern technologies.

In this real-world scenario-based training, each participant will be learning Tactics, Techniques, and Procedures (TTPs) to attack and assess Kubernetes clusters environments at different layers like Supply chain, Infrastructure, Runtime, and many others. Starting from simple recon to gaining access to microservices, sensitive data, escaping containers, escalating to clusters privileges, and even its underlying cloud environments.

By end of the training, participants will be able to apply their knowledge to perform architecture reviews, security assessments, red team exercises, and pen-testing engagements on Kubernetes Clusters and Containerized environments successfully. Also, the trainer will provide step by step guide (Digital Book) with resources and references to further your learning.


Student skill level:

Intermediate

* Able to use Linux CLI
* Basic understanding of system administration
* Experience with Docker and Containers ecosystem would be useful
* Security Experience would be plus



What should students bring to the Training?:

- laptop computer and Web access.

Bio:

Madhu Akula is a pragmatic security leader and creator of Kubernetes Goat, an intentionally vulnerable by design Kubernetes Cluster to learn and practice Kubernetes Security. Also published author and cloud native security architect with extensive experience. Also, he is an active member of the international security, DevOps, and cloud native communities (null, DevSecOps, AllDayDevOps, AWS, CNCF, USENIX, OWASP, etc). Holds industry certifications like OSCP (Offensive Security Certified Professional), CKA (Certified Kubernetes Administrator), etc.

Madhu frequently speaks and runs training sessions at security events and conferences around the world including DEFCON (24, 26, 27 & 29), BlackHat (2018, 19, 21 & 22), USENIX LISA (2018, 19 & 21), SANS Cloud Security Summit 2021 & 2022, O’Reilly Velocity EU 2019, GitHub Satellite 2020, Appsec EU (2018, 19 & 22), All Day DevOps (2016, 17, 18, 19, 20 & 21), DevSecCon (London, Singapore, Boston), DevOpsDays India, c0c0n(2017, 18 & 20), Nullcon (2018, 19, 21, 22), SACON 2019, Serverless Summit, null and multiple others.

His research has identified vulnerabilities in over 200+ companies and organizations including; Google, Microsoft, LinkedIn, eBay, AT&T, WordPress, NTOP, Adobe, etc, and is credited with multiple CVEs, Acknowledgements, and rewards. He is co-author of Security Automation with Ansible2 (ISBN-13: 978-1788394512), which is listed as a technical resource by Red Hat Ansible. He is the technical reviewer for Learn Kubernetes Security, Practical Ansible2 books by Packt Pub. Also won 1st prize for building Infrastructure Security Monitoring solution at InMobi flagship hackathon among 100+ engineering teams.

Trainer(s) social media links:

https://linkedin.com/in/madhuakula
https://twitter.com/madhuakula
https://github.com/madhuakula


Previous Trainings:

Blackhat
https://www.blackhat.com/us-21/train...clusters-22130
https://www.blackhat.com/eu-21/train...clusters-24396
https://www.blackhat.com/asia-22/tra...clusters-25190

Nullcon
https://nullcon.net/goa-march-2021-v...etes-clusters/

DATE:Aug 15th to 16th 2022
TIME:9am to 5pm PDT
VENUE:Caesars Forum Ballroom
TRAINER:Madhu Akula

CERTIFICATE TEST AVAILABLE (after class) Please purchase Certificate test

- 16 hours of training with a certificate of completion for some classes
- COVID safety: Masks required for indoor training
- Note: Classes that do not meet their minimum class size by July 15 will be canceled, please register early
- Note: Food is NOT included



- Offensive IoT Exploitation

Paid Training DC Forum Page


Offensive IoT Exploitation
Latest details, requirements, description, cost: https://defcontrainings.myshopify.co...t-exploitation


Training description:

As IoT becomes more integrated and integral into personal and work lives, there is a growing need to understand the inner workings of IoT devices. The base skills required are the same as many other security disciplines, whether the task is to perform defensive-based penetration testing or gain covert access for evidence or intelligence collection. Testing IoT devices for security bridges several skill sets from application security, operating systems penetration testing, wireless signals analysis, and embedded hardware security. Unfortunately, many courses in this industry deal with each topic individually, either taking a deep dive into hardware hacking, teaching advanced web application security, or teaching exploit development of different microarchitectures. This training is curated to take a step back and look at the bigger picture of IoT security testing, teaching the basics of each skill set to bridge the gaps and enable students to apply modern penetration testing techniques to IoT devices.



Course Outline: The course is broken down into the following sections:

Introduction to IoT
Trends in IoT and IoT Security
Penetration testing Methodology Overview for IoT
o How it differs from other methodologies
Linux Command Refresher (Command line fu)
Hardware Recon and Analysis
o Physical Embedded Hardware Inspection
▪ Includes Analyzing and Identifying Chips, Ports and Circuits Connections
o Hardware analysis
▪ JTAG
▪ UART
▪ SPI
▪ eMMC
o Hardware attacks
▪ Glitching (Boot Loader Attacks)
▪ Side Channel Attacks

Software Recon and Analysis
o Firmware Analysis
▪ Introduction to Binwalk
▪ Introduction to Manual Firmware Analysis
o Emulating firmware
▪ Introduction to QEMU
o IoT Software Protocols
▪ Configuration & Discovery Protocols (UPnP)
▪ API’s (REST, SOAP, MQTT)

Communication Protocols in IoT
o Wireless Communications Protocols and how to attack them
▪ BLE
▪ WIFI
▪ ZigBee
▪ Thread
▪ LoRa

Student skill level:

Beginner to Intermediate. This is a compressed course and will move quickly. Students should have:
- Understanding of common networking protocols
- Basic familiarity of virtualization technologies
- Basic familiarity of Windows and Linux
- Basic understanding of penetration testing



What should students bring to the Training?:

Laptop with 16GB RAM and at least 40GB free disk space
- External ethernet adapter
- VMware Player/Workstation/Fusion or VirtualBox installed
- Administrator/Root access to their host Operating System


Bios:


Trevor Stevado
• 12+ years in offensive application and network security
• Led and contributed to over 100 security assessments (Red Team, VA, Pen Test)
• DEF CON 26 Black Badge holder (part of 3-person team)
• Leads Pros versus Joes (PvJ) Red Cell
• Founding Partner & Hacker @ Loudmouth Security

Trevor Hough
• 10+ years in offensive application and network security
• Led and contributed to dozens of security assessments (Red Team, VA, Pen Test)
• DEF CON 26 Black Badge holder (part of 3-person team)
• Member of Pros versus Joes (PvJ) Red Cell
• Managing Partner & Hacker @ Loudmouth Security

Nicholas Coad
• 5+ years in offensive application and network security
• 10+ years in network administration and security operations
• Contributed to dozens of security assessments (Red Team, VA, Pen Test)
• Managed security operations for Fortune 500 company
• Winner of the IoT CTF, DEF CON 27
• Member of Pros versus Joes (PvJ) Red Cell
• Hacker @ Loudmouth Security

Patrick Ross
• 7+ years in offensive security roles
• 10+ years in security architecture
• DEF CON 26 Black Badge holder (part of 3-person team)
• Member of Pros versus Joes (PvJ) Red Cell
• Hacker @ Village Idiot Labs


Trainer(s) social media links:

https://twitter.com/_t1v0_

https://twitter.com/2fluffyhuffy


Previous Trainings:

Private corporate trainings only.

DATE:Aug 15th to 16th 2022
TIME:9am to 5pm PDT
VENUE:Caesars Forum Ballroom
TRAINERS:Trevor Stevado, Trevor Hough, Nicholas Coad & Patrick Ross

CERTIFICATE TEST AVAILABLE (45 minutes after class) Please purchase Certificate test

- 16 hours of training with a certificate of completion for some classes
- COVID safety: Masks required for indoor training
- Note: Classes that do not meet their minimum class size by July 15 will be canceled, please register early
- Note: Food is NOT included



Practical Secure Code Review - Seth Law & Ken Johnson

Paid Training DC Forum Page


Seth Law & Ken Johnson - Practical Secure Code Review
Latest details, requirements, description, cost: https://defcontrainings.myshopify.co...re-code-review


Training description:

Ready to take your bug hunting to a deeper level? Ever been tasked with reviewing source code for SQL Injection, XSS, Access Control and other security flaws? Does the idea of reviewing code leave you with heartburn? This course introduces a proven methodology and framework for performing a secure code review, as well as addressing common challenges in modern secure code review. Short circuit your development of a custom secure code review process by gleaning from Seth & Ken's past adventures in performing hundreds of code reviews and the lessons we’ve learned along the way. We will share a proven methodology to perform security analysis of any source code repository and suss out security flaws, no matter the size of the code base, or the framework, or the language.

Course overview:

Day 1:
• Overview (1 hour)
• Introductions
• Philosophy
• What to Expect
• The Circle-K Framework
• Approach
• Tools/Lab Setup
• OWASP Top 10
• Code Review Methodology
• Overview (30 mins)
• Introduction to Methodology
• General Code Review Principles
• Application Overview & Risk Assessment
• Behavior Profile
• Technology Stack
• Application Archeology
• Note Taking
• Application Overview & Risk Assessment Exercise
• Information Gathering (1.5 hour)
• Info Gathering Activities
• Mapping
• Generic Web App Mapping
• Application Flow
• Rails
• Node.js
• Django
• .Net
• Java
• Mapping Exercise
• Authorization Functions
• How are users identified?
• Identify its purpose
• What could go wrong?
• Authorization Functions Exercise
• Authorization (1.5 hour)
• Authorization Review
• Authorization Review Vulnerabilities
• Broken Access Control
• Sensitive Data Exposure
• Mass Assignment
• Business Logic Flaws
• Authorization Review Checklist
• Authorization Exercise
• Authentication (1.5 hour)
• Authentication Review
• Authentication Review Vulnerabilities
• Broken Authentication
• User Enumeration
• Session Management
• Authentication Bypass
• Brute-Force Attacks
• Authentication Review Checklist
• Authentication Exercise
• Auditing (30 mins)
• Auditing Review
• Auditing Review Vulnerabilities
• Sensitive Data Exposure
• Logging Vulnerabilities
• Auditing Review Checklist
• Auditing Review Exercise
• Injection (1 hour)
• Injection Review
• Injection Review Vulnerabilities
• SQL Injection
• Cross-Site Scripting (XSS)
• XML External Entities (XXE)
• Server-Side Request Forgery (SSRF)
• Injection Review Checklist
• Injection Review Exercise
• Cryptographic Analysis (30 mins)
• Cryptographic Analysis Review
• Cryptographic Analysis Vulnerabilities
• Encoding vs. Encryption
• Hashing
• Stored Secrets
• Cryptographic Analysis Checklist
• Cryptographic Analysis Exercise
• Configuration Review (30 mins)
• Configuration Review
• Configuration Review Vulnerabilities
• Framework gotchas
• Configuration files
• Dependency Analysis
• Configuration Review Checklist
• Reporting and Retesting (30 mins)
Day 2:
• Technical Hands-On Review (2-3 hours)
• Django Vulnerable Task Manager
• Lab Review of Open Source Applications (3-4 hours)
• Students divide in groups
• Review an OSS application
• Presentation of OSS Results (1 hour)

Student skill level:

Intermediate. Attendees must have knowledge of the OWASP Top 10, SANS CWE Top 25, and other common vulnerabilities.



What should students bring to the Training?:

Laptop capable of running an IDE.


Bios:

Seth Law
Seth Law is an experienced Application Security Professional with over 15 years of experience in the computer security industry. During this time, Seth has worked within multiple disciplines in the security field, from software development to network protection, both as a manager and individual contributor. Seth has honed his application security skills using offensive and defensive techniques, including tool development. Seth is employed as a security consultant, hosts the Absolute AppSec podcast with Ken Johnson, and is a regular speaker at developer meetups and security events, including Blackhat, Defcon, CactusCon, and other regional conferences.



Ken Johnson

Ken Johnson, has been hacking web applications professionally for 12 years and given security training for 9 of those years. Ken is both a breaker and builder and currently works on the GitHub application security team. Previously, Ken has spoken at RSA, You Sh0t the Sheriff, Insomnihack, CERN, DerbyCon, AppSec USA, AppSec DC, AppSec California, DevOpsDays DC, LASCON, RubyNation, and numerous Ruby, OWASP, and AWS events about appsec, devops security, and AWS security. Ken’s current projects are WeirdAAL, OWASP Railsgoat, and the Absolute AppSec podcast with Seth Law.


Trainer(s) social media links:
https://twitter.com/sethlaw
(Seth)
https://twitter.com/cktricky
(Ken)
https://twitter.com/absoluteappsec
(Absolute AppSec Podcast)

Previous Trainings:

• OWASP AppSec USA 2018
• Global AppSec Amsterdam
• AppSec California 2019
• OWASP Virtual AppSec Days 2020
• AppSec Day

DATE:Aug 15th to 16th 2022
TIME:9am to 5pm PDT
VENUE:Caesars Forum Ballroom
TRAINER:Seth Law & Ken Johnson

CERTIFICATE TEST AVAILABLE (after class) Please purchase Certificate test

- 16 hours of training with a certificate of completion for some classes
- COVID safety: Masks required for indoor training
- Note: Classes that do not meet their minimum class size by July 15 will be canceled, please register early
- Note: Food is NOT included