Time

Workshop

Time

Workshop

FRI 11/18
9AM-1PM

Pwning Web Apps – Phillip Wylie

In this intro to web application penetration testing workshop, participants will learn the basics of web application penetration testing including; methodology, tools, techniques, and resources. The skills taught in this workshop are valuable to aspiring bug hunters for use in bug bounties.

FRI 11/18
1PM-4PM

Intro to Pickpocket Sleight of Hand – James Harrison

James Harrison is a pick pocket magician out of Canada who recently spoke at the DEF CON Rogue Village discussing how pickpocketing works, how to perform certain techniques for approved red team exercises or for entertainment, and how to protect yourself from malicious pickpockets.

During the workshop:
Hands on how-to for the sleight of hand for pickpocketing
How pickpocketing works
Specific techniques
Why specific techniques work
Practice pickpocketing in a safe environment with a professional
Practices to defend yourself and your items from pickpocketing
You can check out a video of James on The Modern Rogue here – https://www.youtube.com/watch?v=ejHX2VBykbA

FRI 11/18
9AM-1PM

Tracing Transactions: Threat Hunting for Financially Motivated APTs – Brandon DeVault

You’ve got a secure environment and alerting in-place, yet the adversaries are still able to bypass your defenses. How do you find and stop the adversary before they are able to compromise your environment? 

In this workshop we’ll explore through a real-world attack chain from FIN7 and showcase strategies on how to hunt for specific techniques. This workshop focuses on network analysis and covers the following topics:
– SMTP Email Header Analysis
– Bidirectional C2 using legitimate cloud services
– Lateral Movement with RDP and SSH
– Exfiltration using cloud storage

We’ll be using open-source tools like Zeek and Elasticsearch so we can really focus on the methodology and hunting for the behaviors. And hopefully, you’ll leave this workshop with some new skills for network threat hunting. I’ll also be releasing some threat hunting focused dashboards you can use in your own environment.

FRI 11/18
1PM-4PM

Incident Response Tabletop – Evan Wagner

The training will begin with a short real world tabletop scenario exercise to set the scene for performing an IR escalation. After that there are 13 other modules to explore which have associated VMs to perform the steps.
These include: – Using MISP to explore and gather threat intelligence
– Using Iris for Case Management
– Performing manual triage operations on a machine mentioned in the tabletop exercise which have active C2 infection
– Building an automated enterprise telemetry triage collection package using KAPE and Velociraptor to
execute remotely against multiple machines mentioned in the tabletop exercise
– Analyzing the triage collection data to determine the actions which led to the infection
– Identifying the persistence mechanism used
– Identifying lateral movement using Graylog and Sysmon logs
– Detecting DNS Exfiltration using PCAPs, Zeeklogs and Rita
– Basic of Volatility memory analysis
– Producing a timeline of events from physical memory to trace actions to left of boom
– Using PCAPs, Zeeklogs and Rita to detect HTTP C2 Beacon
– Developing high fidelity YARA rules to help faster detect  the behavioral characteristics observed in the precious exercises
– Exploiting Log4J exercise to get experience with popping a remote shell.

Students can do the exercises in order or select the ones they are most interested in. In addition since there is active C2 on the lab network we can also demonstrate how to use Bishop Fox Sliver for control over the victim machines and some of its functionality if anyone in the class is interested.

FRI 11/18
9AM-1PM

FRI 11/18 1PM-4PM

Tracing Transactions: Threat Hunting for Financially Motivated APTs

There is a serious lack of understanding on how to secure API calls. As a result, many companies are suffering from API security incidents. The purpose of this 4-hour workshop is to provide students with the knowledge and techniques required to penetration test APIs as well as provide recommendations to developers for better API Security. Students are required to have a level of understanding of Web Apps and APIs. Together, we will learn to hack to uncover the more common API vulnerabilities found in penetration testing and bug bounties.

API Hacking Workshop – Sunny Wear

There is a serious lack of understanding on how to secure API calls. As a result, many companies are suffering from API security incidents. The purpose of this 4-hour workshop is to provide students with the knowledge and techniques required to penetration test APIs as well as provide recommendations to developers for better API Security. Students are required to have a level of understanding of Web Apps and APIs. Together, we will learn to hack to uncover the more common API vulnerabilities found in penetration testing and bug bounties.

FRI 11/18
1PM-4PM

Software Reversing Made Easy Using Ghidra – Hahna Kane

This course introduces students to software reverse engineering using Ghidra. Students will walk away from this class knowing how to methodically
reverse x86 and x64 Linux binaries. It’s best to learn by doing so the concepts covered in this class will be taught primarily through hands-on
exercises. We kick the training off by getting everyone up to speed on x64 assembly so that you can immediately start analyzing any x64 or x86
binary without the need for source code. Using key features of Ghidra, we’ll reverse engineer binaries to identify data types and operators. We’ll recognize control flow patterns and understand arithmetic sequences. We’ll dissect function calls, calling conventions, and program structures. Using the disassembler, we’ll cover memory layout and addressing, including registers, the stack, heap, and memory segments. Each step of the way, students will solve binary puzzles that are reflective of real-world applications to learn the concept at hand. By the end of this class, students will have the necessary skills to reverse engineer binaries for offensive and defensive applications as well as for fun in CTF competitions.
WHO SHOULD TAKE THIS COURSE
Whether you’re a security professional, security enthusiast, or hobbyist, this course is for anyone who wants to figure out how to analyze, understand, and modify software without source code.
STUDENT REQUIREMENTS
Some knowledge of x86 assembly is required. Students should be comfortable with the basics of the C programming language. Familiarity with C++ or Python is a plus. If none of the above apply, then enough patience to go through the pre-class tutorials.
PRE-CLASS TUTORIALS
x86 Refresher: http://www.cs.virginia.edu/~evans/cs216/guides/x86.html
C Programming: https://www.learn-c.org
WHAT STUDENTS SHOULD BRING
Students should bring a laptop with at least 20 GB of free disk space. The following software needs to be installed on each student laptop prior to the workshop:
– Ghidra. It is free to download here: https://ghidra-sre.org/
– We will be working in a Linux 64-bit environment. If the student’s laptop does not use a Linux 64-bit operating system,
the following software is also recommended for installation prior to the workshop:
VMware Workstation or Fusion. The free 30-day trial is sufficient and can be
downloaded here: https://www.vmware.com/try-vmware.html
Linux 64-bit virtual machine, specifically Ubuntu 20.04+ LTS. This can be downloaded here: https://ubuntu.com/download/desktop