This talk describes our journey to make a traditional coverage-guided fuzzer (WinAFL) fuzz a complex network protocol – RDP. We will share our experience developing this ability and analyzing the results and the new bugs found.
What's under the hood of enterprise software? To figure out this question we have conducted a research of the products of one of the leading companies in its industry - Vmware. While researching various products, we discovered severe 0-day vulnerabilities, which were assigned 10 CVEs. We will share 5 stories about the most interesting and critical CVEs.
Learn about Steganography and malware and how it can impact the confidentiality, integrity and availability of data. During this session you will learn how payloads, files and text can be sent hidden in pictures and audio files. You will also get familiar with the most common types of malware attacks and general recommendations to protect against them.
Juan Araya is a certified pentester and cybersecurity specialist with 20 years of experience in IT. He has been leading cybersecurity teams and projects during the last 10 years. He is from Costa Rica and relocated to Spain 2 years ago. He holds multiple cybersecurity certifications and a master degree in cybersecurity. He actively participates as a speaker in multiple cybersecurity conferences around the world such as Bsides Panama 2019, GeekCamp Singapore 2020, OpenExpo Europe 2020 and Bsides Dublin 2021.
Misconfiguration vulnerabilities have experienced a 12,286% increase in the past year. Regardless of whether you are a cloud security enthusiast or a pentester, it is important that you are aware of the misconfiguration issues of the cloud platform.
Cyber-crime is booming as threat actors seek to exploit the increased online dependency and mass migration to remote working triggered by the global health pandemic. Malicious registrations, including malware and phishing, grew 569% from February to March 2020, while new samples of ransomware rose by 72% in the first half of 2020. In this current climate of spoofed domains and cleverly faked emails, demand for digital forensics skills has never been higher. Organizations are wising up to the fact that by discovering how an attacker gained entry to a system, similar attacks can be prevented.
During this session, Paula will show you how to think like a hacker so you can evaluate your infrastructure for exploitable vulnerabilities and how to recover the evidence attackers leave behind. Join us and become familiar with the most up-to-date Forensics Operations to become aware and well prepared to investigate hackers’ tracks!
Attackers are targeting IoT devices and compromising them for nefarious operations such as malware infections and building botnets. In this talk, we discuss the threat model of command-and-control (C&C) panels of IoT devices and show how these are compromised and used for different sets of attacks, such as targeted and broad-based infections. In addition, we will discuss in-depth the techniques and tactics opted by botnet operators to design IoT botnets. This talk is primarily structured to demonstrate attacks that are happening via IoT devices running in the wild. The demonstrations will highlight: detecting and compromising IoT C&C panels, and live attacks executing from the compromised IoT devices as launchpads. We will dissect a number of C&C panels related to different IoT botnets to dissect infections. The demonstration will help the audience to understand the IoT threats occurring in real time.
Aditya K Sood (Ph.D.) is a cyber security advisor, practitioner, and researcher. With the experience of more than 13 years, he provides strategic leadership in the field of information security covering products and infrastructure. Dr. Sood has authored several papers for various magazines and journals including IEEE, Elsevier, CrossTalk, ISACA, Virus Bulletin, and Usenix. His work has been featured in several media outlets. He has been an active speaker at industry conferences and presented at Blackhat, DEFCON, HackInTheBox, RSA, Virus Bulletin, OWASP, and many others. Dr. Sood obtained his Ph.D. from Michigan State University in Computer Sciences. Dr. Sood is also an author of the "Targeted Cyber Attacks" and "Empirical Cloud Security" books.
Mobile applications “level up” complexity of penetration testing and security analysis, thanks to a custom client in which it is possible to implement strong security features, like combinations of symmetric and asymmetric encryption and signatures on the top of the TLS channel, in order to further protect communications with the backend servers and to make very difficult to discover and exploit common application vulnerabilities. These situations require strong reversing and developing skills, in order to be able to understand these security protocols and to implement indispensable tools to accomplish the tasks, such as handling the encryption of our attack vectors.
Brida was born to lower skills and time required for these complex tasks, giving penetration testers a tool to handle all these situations with minimal reversing and developing effort, by taking advantage of the integration of the most used penetration testing tool (Burp Suite) with a great dynamic code instrumentation toolkit (Frida).
In this talk, we will show all the new features of the last versions of Brida, including a new engine that allows users to create, directly from Brida’s graphical interface, custom plugins that:
Federico Dotta is a Principal Security Analyst at HN Security, an Italian Security Advisory Company. He began his career as a penetration tester in 2009, focusing on Web and Mobile applications and on physical security. He developed many security tools, most of them publicly available on GitHub, with the purpose of helping the job of ethical hackers when handling complex situations. He presented the result of his researches in Italian and international conferences, like HackInBo in Bologna and Hack In The Box in Amsterdam.
Piergiovanni Cipolloni is an IT Security professional and researcher with over 15 years of experience in the IT security industry. Currently he is a Principal Security Analyst at HN Security, an Italian Security Advisory Company. Previously spoken at: HITB Amsterdam 2018 about advanced mobile penetration testing where alongside his co-worker Federico Dotta he presented Brida the tool they created in order to speed up the security review of a mobile application interactions with its back-end servers.
"In this talk, I will cover the more interesting bits of the research that I've carried out on Apache HTTP server's security. I will walk you through the entire review process, including fuzzing, static analysis, and variant analysis.
I will also show several vulnerabilities I discovered in Apache HTTP server and how they could be exploited"
In many red teaming engagements, the red team faces an important issue that can make their life difficult in terms of lateral movements or bypassing antiviruses since we’re not in 2010. most organizations install XDR by design into their employee’s computers as well as servers.
The modern red teaming techniques require more skills and effort to create shellcodes and access systems without being detected.
In this talk, evasion techniques will be presented that can be used by the red team to bypass modern end-point protection and signature-based detection.
As some end-point protections nowadays uses machine learning algorithms at the top of signature-based detection and memory analysis. This makes our life as red teamers even harder when injecting a process or making syscalls.
Jameel nabbo has been a cybersecurity researcher in offensive security for more than a decade, with a scientific research background. Jameel specialised in application security mainly in the programming languages design and implementation for doing static code analysis SAST on the source code.
We identified a key problem with the way industrial remote access solutions are harnessing OpenVPN—a problem that, in most cases, can lead to a 1-click RCE on the VPN client side, just by luring a victim to a malicious website.
Sharon Brizinov is the vulnerability research team lead at Claroty. He specializes in vulnerability research, malware analysis, network forensics, and ICS/SCADA security. In addition, Brizinov participated in well-known hacking competitions such as Pwn2Own, and he holds a DEFCON black-badge for winning the ICS CTF.
This hands-on talk will teach the concepts, tools, and the first techniques to analyze, investigate and hunt malwares. During this presentation I will introduce attendees to the basics of malware analysis. Attendees will learn to perform analysis static and dynamic with a focus in PDF structure, executing this in real samples. Demonstrate different kind of structures in the binaries as a PDF(header/ body/cross-reference table/trailer), explaining how each session works within a binary, what are the techniques used such as packers, obfuscation with JavaScript (PDF) and more, explaining too about some anti-disassembly techniques, demonstrating as a is the action of these malware’s and where it would be possible to “include” a malicious code.
I’ve been working Principal Security Engineer and Security Researcher at senhasegura…I’m Hacking is NOT a crime Advocate and RedTeam Village Contributor. I’m part of the Staff team of DEFCON Group São Paulo-Brazil, International Speakers in Security and New technologies events in many countries such as US, Canada, Germany, Poland and others, I’ve been served as University Professor in Graduation and MBA courses at brazilian colleges, in addition, I'm Creator and Instructor of the Course Malware Attack Types with Kill Chain Methodology (PentestMagazine) and Malware Analysis - Fundamentals (HackerSec).
Cannibal Hacking, from zero the hero to hammer smashed host [ Parental Advisory : Explicit hacking, crude webshells, horrific security flaws and Hardcore hacking in hostile environment ]
If you’re a bad guy (tm), you want to deliver your malwarez, your spam, your payloads without being worried. So, instead of hosting them in your systems, why not using webservers belonging to others? They pay the hosting, the bandwidth, they will be in trouble if something goes wrong, so it’s a platform of choice.
And guess what? If you mix
1) Admins(?) letting sit a poorly configured and forgotten system with a bad password for years
2) Hackers gonna hack
you got a lot of hacked servers and machines all over the world! And sometimes, all of those hacked machines are here for a long time.
Bad guy(c) are not defacing servers anymore (well, sometimes, its still true), they prefer to stay hidden under the radar. Who will suspect that the nice little blog talking about puppies and shiny diamond is the C&C server of a “yet another mirai” botnet, builds ransomware clients and spam the planet for the next magic pill?
In this talk, we will focus on the attacker point of view. We are the good guys, they are the bad guys (tm), and servers are innocent collateral victims. We’ll see how we can find the attacker, learn things, find new victims, look over the shoulders of the attacker, and continue to learn how they operate. In the end, we propose some ways to keep those attackers out of the servers, detect them, and eventually kick them out.
Security Expert at synacktiv Reverse, exploit and pwn. At night, like to follow botnets, reverse C&C command protocols, and hunting for bad guys (tm)
When developing software, sometimes emergencies happen. Sometimes a bad commit is introduced. Sometimes a database migration goes wrong. Sometimes a malicious actor does something nefarious.
As a software engineer, I have extensive experience in Incident Response, helping manage software emergencies.
Outside of my job in software engineering, I’ve worked as an Emergency Medical Technician for the past 7 years, responding to medical calls ranging from sprained ankles to cardiac emergencies.
The various tools and techniques used to manage and prepare for emergencies in the medical world have interesting applications in the software incident response world.
In this talk I will touch on the techniques used in both disciplines, and how my experience as an Emergency Medical Technician can be applied to help prepare for software incidents, and help foster a culture of building software safely.
This class teaches the audience a wealth of hacking techniques to compromise modern-day web applications, APIs and associated end-points. This class focuses on specific areas of appsec and on advanced vulnerability identification and exploitation techniques. The class allows attendees to learn and practice some neat, new and ridiculous hacks which affected real-life products and have found a mention in real bug-bounty programs. The vulnerabilities selected for the class either typically go undetected by modern scanners or the exploitation techniques are not so well known.
Attendees will also benefit from a state-of-art Hacklab and we will be providing FREE 30 days lab access after the class to allow attendees more practice time. Some of the highlights of the class include:
Modern JWT, SAML, OAuth bugs
Core business logic issues
Practical cryptographic flaws.
RCE via Serialization, Object, OGNL and template injection.
Exploitation over DNS channels
Advanced SSRF, HPP, XXE and SQLi topics.
Serverless exploits
Attack chaining and real life examples.
Overview
This class talks about a wealth of hacking techniques to compromise web applications, APIs, cloud components and other associated end-points. This class focuses on specific areas of appsec and on advanced vulnerability identification and exploitation techniques (especially server side flaws). The class allows attendees to practice some neat, new and ridiculous hacks which affected real life products and have found a mention in real bug-bounty programs. The vulnerabilities selected for the class either typically go undetected by modern scanners or the exploitation techniques are not so well known.
Note: This is a medium paced class and attendees are expected to have a basic understanding of common web vulnerabilities and attacks. Attendees will also benefit from a state-of-art Hacklab and we will be providing free 30 days lab access after the class to allow attendees more practice time.
The following is the course outline:
Day 1:
Authentication Attacks
Advanced XXE Attacks
Breaking Crypto
Complex Business Logic Flaws / Authorization flaws
Day 2 :
Server-Side Request Forgery (SSRF)
SQL Injection Masterclass
Remote Code Execution (RCE)
Day 3:
Attacking the Cloud
Tricky File Uploads
Attacking Hardened CMS
Miscellaneous Topics - A Collection of weird and wonderful XSS and CSRF attacks - Attack Chaining
B33r 101
KEY TAKEAWAYS
The latest hacks in the world of web hacking. The class content has been carefully handpicked to focus on some neat, new and ridiculous attacks.
We provide a custom kali image for this class. The custom kali image has been loaded with a number of plugins and tools (some public and some NotSoPublic) and these aid in quickly identifying and exploiting vulnerabilities discussed during the class.
The class is taught by a real pentester and the real-world stories shared during the class help attendees in putting things into perspective.
WHO SHOULD TAKE THIS COURSE
AUDIENCE SKILL LEVEL
Intermediate/Advanced
STUDENT REQUIREMENTS
Students must bring their own laptop and have admin/root access on it. The laptop must have a virtualization software (virtualbox / VMWare) pre installed. A customized version of Kali Linux (ova format) containing custom tools, scripts and VPN scripts for the class will be provided to the students. The laptop should have at least 4 GB RAM and 20 GB of free disk space dedicatedly for the VM.
Users are also encouraged to familiarize themselves with Burp Suite https://portswigger.net/burp/communitydownload to gain maximum out of the class.
WHAT STUDENTS SHOULD BRING
See student requirement
WHAT STUDENTS WILL BE PROVIDED WITH
Access to a hacking lab not just during the course but for 30 days after the class too. This gives them plenty of time to practice the concepts taught in the class. Numerous scripts and tools will also be provided during the training, along with student handouts.
Our courses also come with detailed answer sheets. That is a step by step walkthrough of how every exercise within the class needs to be solved. These answer sheets are also provided to students at the end of the class.
Dhruv Shah is an information security professional working as an Associate Director at NotSoSecure. He has over 11+ years of experience in application, mobile, and network security. He has co-authored the book 'Kali Linux Intrusion and Exploitation' and 'Hands-on Pentesting with BurpSuite' by Packtpub. He is also a trainer of NotSoSecure's much-acclaimed Advanced Web Hacking class and has been a trainer at several leading public conferences such as Black Hat Vegas, Chicago, Alexandria, Japan, Hack in Paris, Texas Cyber Summit, OWASP Appsec Israel, etc. He has provided security training to various clients in the UK, EU, and USA via corporate training. His online presence is with the handle @snypter.
Bluetooth Low Energy is one of the most exploding IoT technologies. BLE devices surround us more and more – not only as wearables, toothbrushes and sex toys, but also smart locks, medical devices and banking tokens. Alarming vulnerabilities of these devices have been exposed multiple times recently. And yet, the knowledge on how to comprehesively assess their security seems very uncommon. This is probably the most exhaustive and up to date training regarding BLE security – for both pentesters and developers. Based on hands-on exercises with real devices (including multiple smart locks), dedicated personal device flashed to a BLE devkit, and a deliberately vulnerable, training hackmelock.
RFID/NFC, on the other hand, has been around us for quite long. However, the vulnerabilities pointed out years ago, probably won’t be resolved in a near future. It is still surprisingly easy to clone most access control cards used today. Among other practical exercises performed on real installations, the attendees will reverse-engineer an example hotel access system, and as a result will be able to open all the doors in facility. A list of several hundred affected hotels included.
Each attendee will receive 200 EUR hardware pack including among others Proxmark and Raspberry Pi (detailed below). The hardware will allow for BLE attacks (sniffing, intercepting), cloning and cracking multiple kinds of proximity cards, analyse BLE or NFC mobile applications, and most importantly - practice majority of the training exercises later at home.
Who should attend
Key learning objectives
Prerequisite knowledge
Hardware/software requirements
Each student will receive
Take-away hardware pack for hands-on exercises consisting of:
Detailed agenda
Bluetooth Smart (Low Energy)
Theory introduction
BLE advertisements
BLE connections
Sniffing BLE connections using RF layer hardware
HCI dump - capturing own BLE traffic
Device spoofing, active MITM interception
Replay attacks
Relay attacks – abusing automatic proximity features (e.g. smart lock autounlock).
Various smart locks vulnerabilities case-studies
Advanced BLE MITM topics
Device DFU firmware update OTA services.
Bluetooth link-layer encrypted connections
Abusing BLE bonding trust relationships
Web Bluetooth – interfacing with nearby devices from javascript.
Bluetooth Mesh, Bluetooth 5.0 – what these technologies change and what not in terms of BLE security.
BLE Hackmelock – open-source software emulated device with multiple challenges to practice at home.
BLE best practices and security checklist – for security professionals, pentesters, vendors and developers.
NFC
Short introduction
UID-based access control – practical exercises on example reader + door lock
Wiegand – wired access control transmission standard
Mifare Ultralight
Mifare Classic & its weaknesses – practical exercises based on hotel door lock system, ski lift card, bus ticket
Reverse-engineering data stored on card - based on a real hotel system
Mifare DESFire – introduction, sample attack on misconfigured access control system
ISO15693/iCode SLIX
HID iClass
Hitag2 access control
Intercepting card data from distance – building antenna, possibilities and limits.
Speaker, trainer and IT security consultant with over 15 years of experience. Participated in countless assessments of systems’ and applications’ security for leading financial companies, public institutions and cutting edge tech startups. Currently leads research on various topics in Polish software security company SecuRing and provides trainings regarding security of contemporary locks and access control systems (www.smartlockpicking.com). Beside research and training, he focuses on consulting and designing of secure solutions for various software and hardware projects, during all phases - starting from a scratch. Previously gave talks, workshops or trainings at HackInParis, BlackHat USA, multiple Appsec EU, HackInTheBox Amsterdam, Deepsec, BruCON, Confidence, Devoxx and many other events.
This 3-day course cuts through the mystery of Cloud Services (including AWS, Azure, and G-Cloud) to uncover the vulnerabilities that lie beneath. We will cover a number of popular services and delve into both what makes them different, and what makes them the same, as compared to hacking and securing traditional network infrastructure. Whether you are an Architect, Developer, Pentester, Security or DevOps Engineer, or anyone with a need to understand and manage vulnerabilities in a Cloud environment, understanding relevant hacking techniques, and knowing how to protect yourself from them is critical. This course covers both the theory as well as a number of modern techniques that may be used to compromise various Cloud services and infrastructure. Prior pentest/security experience is not a strict requirement, however, some knowledge of Cloud Services and familiarity with common Unix command-line syntax will be beneficial.
Note: Students will have access to a state-of-the-art Hacklab with a wide variety of vulnerabilities to practice exploitation and will receive a FREE 1 month subscription after the class to allow more practice time along with the support portal to clear doubts.
Overview
Whether you are an Architect, Developer, Pentester, Security or DevOps Engineer, or anyone with a need to understand and manage vulnerabilities in a Cloud environment, understanding relevant hacking techniques, and knowing how to protect yourself from them is critical. This course covers both the theory a well as a number of modern techniques that may be used to compromise various Cloud services and infrastructure.
Prior pentest/security experience is not a strict requirement, however, some knowledge of Cloud Services and familiarity with common Unix command-line syntax will be beneficial.
Syllabus :
Introduction to Cloud Computing - Introduction to cloud and why cloud security matters - Comparison with conventional security models - Shared responsibility model - Legalities around Cloud Pentesting - Attacking Cloud Services
Enumeration of Cloud environments
Gaining Entry via exposed services
Attacking specific cloud services
Exploiting Kubernetes Clusters and container as a service
Post – Exploitation
Auditing and Benchmarking of Cloud
Defending the Cloud Environment
-- Principle of least privilege
-- Control Plane and Data Plane Protection
--Metadata API Protection
-- Setting up Monitoring and logging of the environment
-- Identifying attack patterns from logs*
-- Real time monitoring of logs*
-- Automated Defense techniques
-- Cloud Defense Utilities
-- Validation of Setup
*Demo will be shown by the instructor, Lab time will be provided if time permits. Extended Lab access will be available for 30 days after the class.
KEY TAKEAWAYS
Students will gain knowledge of attacking, exploiting and defending a variety of Cloud infrastructure. First, they will play the part of the hacker, compromising serverless apps,
cloud machines, storage and database services, dormant assets and resources.
Students will learn privilege escalation and pivoting techniques specific to cloud environments. This is followed by Infrastructure Defense, secure configuration, auditing, logging, benchmarks.
Students will learn preventive measures against cloud attacks, host-based defense and a number of cloud tools that can help in securing their services and resources. Apply the learning to:
The free 30 day lab access provides attendee surplus time to learn advanced topics in their own time and at their own pace.
WHO SHOULD TAKE THIS COURSE
Cloud Administrators, Developers, Solutions Architects, DevOps Engineers, SOC Analysts, Penetration Testers, Network Engineers, security enthusiasts and anyone who wants to take their skills to the next level.
Prior pentest experience is not a strict requirement, however, some knowledge of Cloud Services and familiarity with common command line syntax will be greatly beneficial.
AUDIENCE SKILL LEVEL
Intermediate
STUDENT REQUIREMENTS
Students must bring their own laptops and have admin/root access on it. The laptop must have a virtualization software (virtualbox / VMWare) pre-installed. A customized version of Kali Linux (ova format) containing custom tools and the scripts for the class will be provided to the students. The laptop should have at least 4 GB RAM and 20 GB of free disk space dedicatedly for the VM.
WHAT STUDENTS SHOULD BRING
See Student requirement
WHAT STUDENTS WILL BE PROVIDED WITH
Numerous scripts and tools (some public and some NotSoPublic) will also be provided during the training, along with the student handouts.
Our courses also come with detailed answer sheets. That is a step by step walkthrough of how every exercise within the class needs to be solved. These answer sheets are also provided to students at the end of the class.
TRAINERS
Martin joined the UK NotSoSecure team in 2021. He works with a wide range of NotSoSecure clients, delivering training on topics covering application and cloud security, DevSecOps and infrastructure. Martin also delivers training at large conferences, including Black Hat Europe and Las Vegas. Another part of his role revolves around penetration testing of web applications, infrastructure and networks. He is also involved in Red Team assessments appraising system and network vulnerabilities with little or no prior knowledge of them. Finally, he participates in research efforts concerning new application security threats with some of his research being published on the NotSoSecure blog.
Martin began working as a Software Developer in 2011, gaining a BSc (top of the class) in Computer Science in 2016. He then switched to cybersecurity, achieving an MSc in Computer Security in 2018. His work as a Security Consultant has led him to pass a number of professional certifications, including OSCP (Offensive Security Certified Professional), OSWE (Offensive Security Web Expert) and OSEP (Offensive Security Experienced Penetration Tester). He has also created course content on various topics, ranging from digital forensics to advanced application security focused on niche topics.
Martin joined the UK team of NotSoSecure in 2021, where he works with a wide range of clients. He delivers security services such as Penetration Testing (web application, infrastructure and networks) and Red Team assessments, appraising system and network vulnerabilities with little or no prior knowledge of the client environment. He also delivers training for clients on application and cloud security, DevSecOps and infrastructure, as well as at major conferences, including Black Hat Europe and Black Hat Las Vegas. Finally, within NotSoSecure, he participates in research on new application security threats, with some of his findings published on the company’s blog
This is an immersive hands-on course aimed at a technical audience. Over the 3 days we will fully compromise a simulated enterprise covering a multitude of TTP's. The training is based around modern operating systems, using modern techniques and emphasising the exploitation of configuration weaknesses rather than throwing traditional exploits. This means logical thinking and creativity will definitely be put to the test.
Students will access a cloud-based LAB configured with multiple networks, some easily accessible, others not so. Course material and exercise content has been designed to reflect real-world challenges and students will perform numerous hands-on exercises including executing exploitative phishing campaigns against our simulated users to gain access to new networks, in turn bringing new challenges including IPv6 exploitation, subverting AMSI and AWL, passphrase cracking, pivoting, lateral movement, OOB persistence mechanisms and much more!
We also like to do things with a difference. You'll be provided access to an in LAB Elastic instance, where logs from all targets get pushed and processed. This allows you, whether an attacker or defender, to understand the types of artefacts your attacks leave and how you might catch or be caught in the real word.
We realise that training courses are limited for time and therefore students are also provided with the following:
Agenda:
Day 1
- MITRE ATT&CK framework
- Overview on using the in-LAB ELK stack
- Offensive OSINT
- Enumerating and exploiting IPv6 targets
- Pivoting, routing, tunnelling and SOCKS proxies
- Application enumeration and exploitation via pivots
- Linux living off the land and post exploitation
- Kubernetes and container security
Day 2
- Exploitative phishing against our simulated enterprise users
- Living off the land tricks and techniques in Windows
- P@ssw0rd and p@ssphras3 cracking
- Windows exploitation and privilege escalation techniques
- Windows Defender/AMSI and UAC bypasses
- Situational awareness and domain reconnaissance
- RDP hijacking
Day 3
- Bypassing AWL (AppLocker, PowerShell CLM and Group Policy)
- Extracting LAPS secrets
- Lateral movement for domain trust exploitation
- WMI Event Subscriptions for persistence
- Out of Band (OOB) data exfiltration
- Domain Fronting and C2
Who Should Attend:
This training is suited to a variety of students, including:
- Penetration testers / Red Team operators
- SOC analysts
- Security professionals
- IT Support, administrative and network personnel
Prerequisite Knowledge:
- A firm familiarity of Windows and Linux command line syntax
- Understanding of networking concepts
- Previous pentesting and/or SOC experience is advantageous, but not required
Hardware / Software Requirements:
- Students will need to bring a laptop to which they have administrative/root access, running either Windows, Linux or Mac operating systems
- Students will need to have access to VNC, SSH and OpenVPN clients on their laptop (these can be installed at the start of the training)
Previous Training Locations: The 2019 and 2020 releases of this training have been given at the following conferences.
- Black Hat Asia (Virtual – September 2020)
- Wild West Hackin’ Fest (Virtual - September 2020)
- Black Hat USA (Virtual – August 2020)
- BruCon Spring Training (Virtual - June 2020)
- Wild West Hackin’ Fest (Virtual - March 2020)
- 44CON (UK - June 2019)
- Nolacon (USA - May 2019)
- Wild West Hackin’ Fest (USA - October 2019)
Will (@Stealthsploit) co-founded In.security in 2018. Will’s been in infosec for over a decade and has helped secure many organisations through technical security services and training. Will’s delivered hacking courses globally at several conferences including Black Hat and has spoken at various conferences and events. Will also assists the UK government in various technical, educational and advisory capacities. Before Will was a security consultant he was an experienced digital forensics consultant and trainer.
Owen (@rebootuser) is a co-founder of In.security, a specialist cyber security consultancy offering technical and training services based in the UK. He has a strong background in networking and IT infrastructure, with well over a decade of experience in technical security roles. Owen has provided technical training to a variety of audiences at bespoke events as well as Black Hat, Wild West Hackin’ Fest, NolaCon, 44CON and BruCON. He keeps projects at https://github.com/rebootuser.
The number of cyber attacks is undoubtedly on the rise, targeting government, military, public and private sectors. These cyber attacks focus on targeting individuals or organizations with an effort to extract valuable information, gaining money through a ransom or damaging their reputation. 43% of cyber attacks these organizations are facing are Advanced Malware, APT Attacks or zero-day attacks.
With adversaries getting sophisticated and carrying out advanced malware attacks, detecting and responding to such intrusions is critical for cyber security professionals. The knowledge, skills, and tools required to analyze malicious software are essential to detect, investigate and defend against such attacks.
This training takes you in a journey in the topic of malware analysis covering targeted attacks and ransomware attacks with their techniques, strategies and the best practices to respond to them. The training is full of hands-on labs on performing malware analysis, Rootkit analysis and full attack investigations with different real-world samples.
You will also receive a copy of Mastering Malware Analysis book to help you further enhance your skills in malware analysis and deal with advanced techniques, different platforms such as IoT/Linux, Android, Mac .. etc and different scripting and interpreted languages.
What previous attendants said about this training:
“I was always feeling that malware is something scary, something I can’t understand or control. Now I feel it’s not scary anymore. I can actually analyse it, understand it and control it.” by Fung Dao Ying, System Analyst in Bintulu Port Holding Berhad
LEARNING OBJECTIVES:
PROGRAM OUTLINE
DAY 1
APT Attacks & Malware Analysis:
Basic Static Analysis:
Behavioral Analysis & Sandboxing:
Code Analysis & Malware Functionalities:
DAY 2:
Intro To x86/x64 Assembly:
Static & Dynamic Code Analysis In-Depth:
Encryption, Packing & Obfuscation
DAY 3:
Spear-phishing Attacks with Malicious Documents:
Investigating User-Mode Rootkits & API Hooking:
Memory Forensics & Volatility Overview:
Investigation Process Memory Using Volatility:
Who Should Attend
This course is intended for Cyber Security investigators, Cyber Security Heads and Managers, Security Researchers, Information Technology Heads and Managers, Forensic Practitioners, Incident Responders Malware Analysts, System Administrators, Software Developers ,and security professionals who would like to expand their skills and Anyone interested in learning Malware Analysis and Memory Forensics.
Materials Provided:
Delegate Requirements:
Hardware/Software Requirements:
Note: VMware player or Virtual Box is not suitable for this training.
Take back home your own kit of lockpicking + bypass kit + RF/RFID Accessories at the end of the training + a book summarizing what you have learned!
From beginners to specialists, this training will make you a proficient physical pentester.
Practice oriented, during this course you will pick locks, bypass deadbolts and safety doors, mold keys, decode keys from a picture, do privilege escalation on simple and advanced masterkey systems, identify and duplicate RF and RFID credentials…
After only 3 days, you will be able to enter and assess a vast amount of infrastructures, including headquarters, hotels, power plants, offices… And through regular practice, you will be able to enter most buildings without breaking anything, allowing you to gain a physical access to your pentest target (server room, CEO laptop…) and, in addition to your computer-based skills, help your clients secure the full spectrum of IT flaws including the physical aspects.
Resources : 1 working place per attendee, comprising a training manual, lockpick tools, bypass tools, locks, molding material, bumpkeys, pick guns…
Day 1
## Module 1
Physical intrusion vectors
Discover physical security
Introduction to scenarios
## Module 2 Wafer locks and tubular locks opening
Wafer locks
Tubular locks
Day 2
## Module 3 Combination padlocks and key boxes
Keyed padlocks
Module 4 Pin tumbler locks lockpicking
Raking
Single Pin Picking
Lockpick guns
Day 3
Module 5 The Key vector
Key duplication
Bumpkeys
Keyed Alike locks * Finding the key of your target
Module 6 The Door vector
Non Destructive Opening of the door
Module 7 RF and RFID introduction
RF
RFID
Module 8
Flaws
· Flaws summaryTools and techniques summary
Possible protections
Homework
Legal stuff