This year, your 2-day pass for Hack In Paris includes access to talks, workshops and wargame.
This class teaches the audience a wealth of hacking techniques to compromise modern-day web applications, APIs and associated end-points. This class focuses on specific areas of appsec and on advanced vulnerability identification and exploitation techniques. The class allows attendees to learn and practice some neat, new and ridiculous hacks which affected real-life products and have found a mention in real bug-bounty programs.
The vulnerabilities selected for the class either typically go undetected by modern scanners or the exploitation techniques are not so well known.
Attendees will also benefit from a state-of-art Hacklab and we will be providing FREE 30 days lab access after the class to allow attendees more practice time.
Attendees will also benefit from a state-of-art Hacklab and we will be providing FREE 30 days lab access after the class to allow attendees more practice time.
Some of the highlights of the class include:
This class talks about a wealth of hacking techniques to compromise web applications, APIs, cloud components and other associated end-points. This class focuses on specific areas of appsec and on advanced vulnerability identification and exploitation techniques (especially server-side flaws). The class allows attendees to practice some neat, new and ridiculous hacks which affected real-life products and have found a mention in real bug-bounty programs. The vulnerabilities selected for the class either typically go undetected by modern scanners or the exploitation techniques are not so well known.
Note: Attendees will also benefit from a state-of-art Hacklab and we will be providing free 30 days lab access after the class to allow attendees more practice time.
The following is the course outline:
Lab Setup and architecture overview Advanced Burp Features
Web Caching Attacks. Attack Chaining N tier vulnerability Chaining leading to RCE. Various Case Studies B33r-101
Web developers, SOC analysts, intermediate level penetration testers, DevOps engineers, network engineers, security architects, security enthusiasts and anyone who wants to take their skills to the next level.
Students must bring their own laptops and have admin/root access on it. The laptop must have a virtualization software (virtualbox / VMWare) pre-installed. A customized version of Kali Linux (ova format) containing custom tools, scripts and VPN scripts for the class will be provided to the students. The laptop should have at least 4 GB RAM and 20 GB of free disk space dedicatedly for the VM.
See student requirement
Access to a hacking lab not just during the course but for 30 days after the class too. This gives them plenty of time to practice the concepts taught in the class. Numerous scripts and tools will also be provided during the training, along with student handouts.
Dhruv Shah is an information security professional working as a Principal Security Consultant at NotSoSecure. He has over 9+ years of experience in application, mobile, and network security. He has co-authored the book 'Kali Linux Intrusion and Exploitation' and 'Hands-on Pentesting with Burpsuite' by Packtpub. He is also a trainer of NotSoSecure's much-acclaimed Advanced Web Hacking class and has been a trainer at several leading public conferences such as Black Hat Vegas, Chicago, Alexandria, Japan, UK, Hack in Paris, Texas Cyber Summit, OWASP Appsec Israel, Bsides Lisbon etc. He has provided security training to various clients in UK, EU, and the USA via corporate training. His online presence is with the handle @snypter.
HackerOne bug hunters have earned over $100 million in bug bounties so far. Some of HackerOne customers include the United States Department of Defense, General Motors, Uber, Twitter, and Yahoo. It clearly shows where the challenges and opportunities are for you in the upcoming years. What you need is a solid technical training by one of the Top 10 HackerOne bug hunters.
Modern web applications are complex and it’s all about full-stack nowadays. That’s why you need to dive into full-stack exploitation if you want to master web attacks and maximize your payouts. Say ‘No’ to classical web application hacking. Join this unique hands-on training and become a full‑stack exploitation master.
Watch 3 exclusive videos (~1 hour) and feel the taste of this live online training. Schedule a FREE Zoom meeting with the instructor (30 minutes) and learn more about this live online training.
Key Learning Objectives
After completing this training, you will have learned about:
Watch 3 exclusive videos (~1 hour) and feel the taste of this live online training.
Schedule a FREE Zoom meeting with the instructor (30 minutes) and learn more about this live online training.
What Students Will Receive
Students will be handed in a VMware image with a specially prepared testing environment to play with the bugs. What’s more, this environment is self-contained and when the training is over, students can take it home (after signing a non-disclosure agreement) to hack again at their own pace.
The ticket price includes FREE access to Dawid Czagan’s 6 online courses:
What Students Say About This Training
This training has been very well-received by students around the world. Here you can see testimonials.
What Students Should Know
To get the most of this training intermediate knowledge of web application security is needed. Students should be familiar with common web application vulnerabilities and have experience in using a proxy, such as Burp Suite Proxy, or similar, to analyze or modify the traffic.
What Students Should Bring
Students will need a laptop with 64-bit operating system, at least 4 GB RAM (8 GB preferred), 35 GB free hard drive space, USB port (2.0 or 3.0), wireless network adapter, administrative access, ability to turn off AV/firewall and VMware Player/Fusion installed (64-bit version). Prior to the training, make sure there are no problems with running 64-bit VMs (BIOS settings changes may be needed). Please also make sure that you have Internet Explorer 11 installed on your machine or bring an up-and-running VM with Internet Explorer 11 (you can get it here).
Dawid Czagan is an internationally recognized security researcher, trainer, and author of online security courses https://academy.silesiasecuritylab.com/. He is listed among Top 10 Hackers (HackerOne). Dawid Czagan has found security vulnerabilities in Google, Yahoo, Mozilla, Microsoft, Twitter and other companies. Due to the severity of many bugs, he received numerous awards for his findings. Dawid Czagan shares his security bug hunting experience in his hands-on trainings “Hacking Web Applications – Case Studies of Award-Winning Bugs in Google, Yahoo, Mozilla and More” and “Bug Hunting Millionaire: Mastering Web Attacks with Full-Stack Exploitation”. He delivered security training courses at key industry conferences such as Hack In The Box (Amsterdam), CanSecWest (Vancouver), 44CON (London), Hack In Paris (Paris), DeepSec (Vienna), HITB GSEC (Singapore), BruCON (Ghent) and for many corporate clients. His students include security specialists from Oracle, Adobe, ESET, ING, Red Hat, Trend Micro, Philips and government sector (recommendations: https://silesiasecuritylab.com/services/training/#opinions). Dawid Czagan is a founder and CEO at Silesia Security Lab – a company which delivers specialized security testing and training services. He is also an author of online security courses https://academy.silesiasecuritylab.com/ . To find out about the latest in Dawid Czagan’s work, you are invited to subscribe to his newsletter https://silesiasecuritylab.com/newsletter/ and follow him on Twitter.
Bluetooth Low Energy is one of the most exploding IoT technologies. BLE devices surround us more and more – not only as wearables, toothbrushes and sex toys, but also smart locks, medical devices and banking tokens. Alarming vulnerabilities of these devices have been exposed multiple times recently. And yet, the knowledge on how to comprehesively assess their security seems very uncommon. This is probably the most exhaustive and up to date training regarding BLE security – for both pentesters and developers. Based on hands-on exercises with real devices (including multiple smart locks), dedicated personal device flashed to a BLE devkit, and a deliberately vulnerable, training hackmelock.
RFID/NFC, on the other hand, has been around us for quite long. However, the vulnerabilities pointed out years ago, probably won’t be resolved in a near future. It is still surprisingly easy to clone most access control cards used today. Among other practical exercises performed on real installations, the attendees will reverse-engineer an example hotel access system, and as a result will be able to open all the doors in facility. A list of several hundred affected hotels included.
Each attendee will receive 200 EUR hardware pack including among others Proxmark and Raspberry Pi (detailed below). The hardware will allow for BLE attacks (sniffing, intercepting), cloning and cracking multiple kinds of proximity cards, analyse BLE or NFC mobile applications, and most importantly - practice majority of the training exercises later at home.
Who should attend
Key learning objectives
Each student will receive
Take-away hardware pack for hands-on exercises consisting of:
Bluetooth Smart (Low Energy)
Sniffing BLE connections using RF layer hardware
HCI dump - capturing own BLE traffic
Device spoofing, active MITM interception
Relay attacks – abusing automatic proximity features (e.g. smart lock autounlock).
Various smart locks vulnerabilities case-studies
Advanced BLE MITM topics
Device DFU firmware update OTA services.
Bluetooth link-layer encrypted connections
Abusing BLE bonding trust relationships
Bluetooth Mesh, Bluetooth 5.0 – what these technologies change and what not in terms of BLE security.
BLE Hackmelock – open-source software emulated device with multiple challenges to practice at home.
BLE best practices and security checklist – for security professionals, pentesters, vendors and developers.
UID-based access control – practical exercises on example reader + door lock
Wiegand – wired access control transmission standard
Mifare Classic & its weaknesses – practical exercises based on hotel door lock system, ski lift card, bus ticket
Reverse-engineering data stored on card - based on a real hotel system
Mifare DESFire – introduction, sample attack on misconfigured access control system
Hitag2 access control
Intercepting card data from distance – building antenna, possibilities and limits.
Speaker, trainer and IT security consultant with over 15 years of experience. Participated in countless assessments of systems’ and applications’ security for leading financial companies, public institutions and cutting edge tech startups. Currently leads research on various topics in Polish software security company SecuRing and provides trainings regarding security of contemporary locks and access control systems (www.smartlockpicking.com). Beside research and training, he focuses on consulting and designing of secure solutions for various software and hardware projects, during all phases - starting from a scratch. Previously gave talks, workshops or trainings at HackInParis, BlackHat USA, multiple Appsec EU, HackInTheBox Amsterdam, Deepsec, BruCON, Confidence, Devoxx and many other events.
This 3-day course cuts through the mystery of Cloud Services (including AWS, Azure, and G-Cloud) to uncover the vulnerabilities that lie beneath. We will cover a number of popular services and delve into both what makes them different, and what makes them the same, as compared to hacking and securing traditional network infrastructure.
Whether you are an Architect, Developer, Pentester, Security or DevOps Engineer, or anyone with a need to understand and manage vulnerabilities in a Cloud environment, understanding relevant hacking techniques, and how to protect yourself from them, is critical. This course covers both the theory a well as a number of modern techniques that may be used to compromise various Cloud services and infrastructure.
Prior pentest/security experience is not a strict requirement, however, some knowledge of Cloud Services and familiarity with common Unix command-line syntax will be beneficial. Highlights of our Training:
Whether you are an Architect, Developer, Pentester, Security or DevOps Engineer, or anyone with a need to understand and manage vulnerabilities in a Cloud environment, understanding relevant hacking techniques, and how to protect yourself from them, is critical. This course covers both the theory a well as a number of modern techniques that may be used to compromise various Cloud services and infrastructure. Prior pentest/security experience is not a strict requirement, however, some knowledge of Cloud Services and familiarity with common Unix command-line syntax will be beneficial.
Students will gain knowledge of attacking, exploiting and defending a variety of Cloud infrastructure. First, they will play the part of the hacker, compromising serverless apps, cloud machines, storage and database services, dormant assets and resources. Students will learn privilege escalation and pivoting techniques specific to cloud environments. This is followed by Infrastructure Defense, secure configuration, auditing, logging, benchmarks. Students will learn preventive measures against cloud attacks, host-based defense and a number of cloud tools that can help in securing their services and resources.
Cloud Administrators, Developers, Solutions Architects, DevOps Engineers, SOC Analysts, Penetration Testers, Network Engineers, security enthusiasts and anyone who wants to take their skills to the next level. Prior pentest experience is not a strict requirement, however, some knowledge of Cloud Services and familiarity with common command line syntax will be greatly beneficial.
See Student requirement
Access to a hacking lab not just during the course but for 30 days after the class too. This gives them plenty of time to practice the concepts taught in the class. Numerous scripts and tools will also be provided during the training, along with student handouts. Our own pre-bundled Docker Image containing all the tools needed to begin hacking/auditing/securing the Cloud.
Scott began his journey into cyber security in the defence sector focusing on radio operations. His knowledge of radio propagation, modulation schemes, encoding and encryption methods enabled him to intercept and derive meaningful intelligence from enemy communications. Scott was later head hunted to mentor intelligence analysts operating out of Joint Signals Service Unit who were building a new internet operations capability. During this time Scott worked closely with multinational intelligence agencies and was awarded a commendation by the commanding officer of JSSU. His first civilian role was to continue to deliver training in cyber security which he did for two years as the head of product delivery for QA Ltd - creating simulated training environments to facilitate malware analysis, infrastructure attack, SOC operations and wifi audit. He now develops and delivers training with NotSoSecure and has taught at BlackHat conferences.
This is an immersive hands-on course aimed at a technical audience. Over the 3 days we will fully compromise a simulated enterprise covering a multitude of TTP's. The training is based around modern operating systems, using modern techniques and emphasising the exploitation of configuration weaknesses rather than throwing traditional exploits. This means logical thinking and creativity will definitely be put to the test.
Students will access a cloud-based LAB configured with multiple networks, some easily accessible, others not so. Course material and exercise content has been designed to reflect real-world challenges and students will perform numerous hands-on exercises including executing exploitative phishing campaigns against our simulated users to gain access to new networks, in turn bringing new challenges including IPv6 exploitation, subverting AMSI and AWL, passphrase cracking, pivoting, lateral movement, OOB persistence mechanisms and much more!
We also like to do things with a difference. You'll be provided access to an in LAB Elastic instance, where logs from all targets get pushed and processed. This allows you, whether an attacker or defender, to understand the types of artefacts your attacks leave and how you might catch or be caught in the real word.
We realise that training courses are limited for time and therefore students are also provided with the following:
MITRE ATT&CK framework Overview on using the in-LAB ELK stack Offensive OSINT Enumerating and exploiting IPv6 targets Pivoting, routing, tunnelling and SOCKS proxies Application enumeration and exploitation via pivots Linux living off the land and post exploitation Kubernetes and container security
Exploitative phishing against our simulated enterprise users Living off the land tricks and techniques in Windows [email protected] and [email protected] cracking Windows exploitation and privilege escalation techniques Windows Defender/AMSI and UAC bypasses Situational awareness and domain reconnaissance RDP hijacking
Bypassing AWL (AppLocker, PowerShell CLM and Group Policy) Extracting LAPS secrets Lateral movement for domain trust exploitation WMI Event Subscriptions for persistence Out of Band (OOB) data exfiltration Domain Fronting and C2
Who Should Attend:
This training is suited to a variety of students, including:
Penetration testers / Red Team operators SOC analysts Security professionals IT Support, administrative and network personnel
A firm familiarity of Windows and Linux command line syntax Understanding of networking concepts Previous pentesting and/or SOC experience is advantageous, but not required
Hardware / Software Requirements:
Students will need to bring a laptop to which they have administrative/root access, running either Windows, Linux or Mac operating systems Students will need to have access to VNC, SSH and OpenVPN clients on their laptop (these can be installed at the start of the training)
Previous Training Locations: The 2019 and 2020 releases of this training have been given at the following conferences.
Black Hat Asia (Virtual – September 2020) Wild West Hackin’ Fest (Virtual - September 2020) Black Hat USA (Virtual – August 2020) BruCon Spring Training (Virtual - June 2020) Wild West Hackin’ Fest (Virtual - March 2020) 44CON (UK - June 2019) Nolacon (USA - May 2019) Wild West Hackin’ Fest (USA - October 2019)
Will (@Stealthsploit) co-founded In.security in 2018. Will’s been in infosec for over a decade and has helped secure many organisations through technical security services and training. Will’s delivered hacking courses globally at several conferences including Black Hat and has spoken at various conferences and events. Will also assists the UK government in various technical, educational and advisory capacities. Before Will was a security consultant he was an experienced digital forensics consultant and trainer.
Owen (@rebootuser) is a co-founder of In.security, a specialist cyber security consultancy offering technical and training services based in the UK. He has a strong background in networking and IT infrastructure, with well over a decade of experience in technical security roles. Owen has provided technical training to a variety of audiences at bespoke events as well as Black Hat, Wild West Hackin’ Fest, NolaCon, 44CON and BruCON. He keeps projects at https://github.com/rebootuser.
Every day more and more systems and networks become connected to the IPv6 Internet, not without a fair share of security implications. Learn from the very same folks that have broken and patched the IPv6 protocols how to pentest and defend your IPv6 systems and networks before the bad guys do!
The IPv6 protocol suite has been designed to accommodate the present and future growth of the Internet, by providing a much larger address space than that of its IPv4 counterpart, and is expected to be the successor of the original IPv4 protocol suite. The imminent exhaustion of the IPv4 address space has resulted in the deployment of IPv6 in many production environments, with many other organizations planning to deploy IPv6 in the short or near term.
There are a number of factors that make the IPv6 protocol suite interesting from a security standpoint. Firstly, being a new technology, technical personnel has much less confidence with the IPv6 protocols than with their IPv4 counterparts, and thus it is likely that the security implications of the protocols be overlooked when they are deployed on production networks. Secondly, IPv6 implementations are much less mature than their IPv4 counterparts, and thus it is very likely that a number of vulnerabilities will be discovered in them before their robustness matches that of the existing IPv4 implementations. Thirdly, security products such as firewalls and NIDS’s (Network Intrusion Detection Systems) usually have less support for the IPv6 protocols than for their IPv4 counterparts. Fourthly, the security implications of IPv6 transition/co-existence technologies on existing IPv4 networks are usually overlooked, potentially enabling attackers to leverage these technologies to circumvent IPv4 security controls in unexpected ways.
The imminent global deployment of IPv6 has created a global need for security professionals with expertise in the field of IPv6 security, such that the aforementioned security issues can be mitigated.
While there exist a number of training courses about IPv6 security, they either limit themselves to a high-level overview of IPv6 security, and/or fail to cover a number of key IPv6 technologies that are vital in all real IPv6 deployment scenarios. During the last few years, SI6 Networks has offered its flagship course “Hacking IPv6 Networks”, providing in-depth hands-on IPv6 security training to networking and security professionals around the world.
Hacking IPv6 Networks (version 6.0) is a renewed edition of SI6 Networks’ IPv6 security training course, with background and theoretical information reduced to a minimum, a tremendous increase in hands-on exercises, and newly incorporated materials based on recent developments in the area of IPv6 security. The training is carried out by Fernando Gont, a renowned IPv6 security researcher.
This course will provide the attendee with in-depth knowledge about IPv6 security, such that the attendee is able to evaluate and mitigate the security implications of IPv6 in production environments.
The attendee will learn – through hands-on exercises – how each IPv6 feature can be exploited for malicious purposes. Subsequently, the attendee will be presented with a number of alternatives to mitigate each of the identified vulnerabilities.
This course will employ a range of open source tools to evaluate the security of IPv6 networks, and to reproduce a number of IPv6-based attacks. During the course, the attendee will perform a large number of exercises in a network laboratory (with the assistance of the trainer), such that the concepts and techniques learned during this course are reinforced with hands-on exercises. The attendee will be required to perform a large number of IPv6 attacks, and to envision mitigation techniques for the corresponding vulnerabilities.
Who Should Attend
Network Engineers, Network Administrators, Security Administrators, Penetration Testers, and Security Professionals in general.
Participants Are Required To
Participants are required to have a good understanding of the IPv4 protocol suite (IPv4, ICMP, ARP, etc.) and of related components (routers, firewalls, etc.). Additionally, the attendee is expected to knowledge about basic IPv4 troubleshooting tools, such as: ping, traceroute, and network protocol analyzers (e.g., tcpdump). Basic knowledge of IPv6 is desirable, but not required.
What to bring
Attendees willing to perform the hands-on exercises are expected to bring a laptop with VirtualBox already installed. The minimum requirements for the laptop are: Intel i3 processor. 4GB of RAM. Ethernet and WI-FI network interface cards. At least one USB port.
Topics covered by this course
Introduction to IPv6
IPv6 Addressing Architecture
IPv6 Header Fields
IPv6 Extension Headers (EHs)
Internet Control Message Protocol version 6 (ICMPv6)
Neighbor Discovery for IPv6
Stateless Address Auto-configuration (SLAAC)
Dynamic Host Configuration Protocol version 6 (DHCPv6)
Multicast Listener Discovery (MLD)
DNS Support for IPv6
IPv6 Firewalls and Network Intrusion Detection Systems (NIDS)
Security Implications of IPv6 for IPv4-only Networks
Pentesting IPv6 Networks
Fernando Gont specializes in the field of communications protocols security, working for private and governmental organizations from around the world.
Gont has worked on a number of projects for the UK National Infrastructure Security Co-ordination Centre (NISCC) and the UK Centre for the Protection of National Infrastructure (CPNI) in the field of communications protocols security. As part of his work for these organizations, he has written a series of documents with recommendations for network engineers and implementers of the TCP/IP protocol suite, and has performed the first thorough security assessment of the IPv6 protocol suite.
Gont is currently working as a security consultant and researcher for SI6 Networks. As part of his work, he is active in several working groups of the Internet Engineering Task Force (IETF), and has published 30 IETF RFCs (Request For Comments) and more than a dozen IETF Internet-Drafts. Gont has also developed the SI6 Network’s IPv6 Toolkit – a portable and comprehensive security toolkit for the IPv6 protocol suite – and the SI6 Networks’ IoT Toolkit – a portable security toolkit for IoT evices.
Gont runs the IPv6 Hackers and the IoT Hackers mailing-lists, and has been a speaker at a number of conferences and technical meetings about information security, operating systems, and Internet engineering, including: CanSecWest 2005, Midnight Sun Vulnerability and Security Workshop/Retreat 2005, FIRST Technical Colloquium 2005, ekoparty 2007, Kernel Conference Australia 2009, DEEPSEC 2009, HACKLU 2011, DEEPSEC 2011, Hackito Ergo Sum 2012, H2HC 2017, H2HC 2019, Troopers 2019 and Hack In Paris 2018. Additionally, he is a regular attendee of the Internet Engineering Task Force (IETF) meetings.
The number of cyber attacks is undoubtedly on the rise, targeting government, military, public and private sectors. These cyber attacks focus on targeting individuals or organizations with an effort to extract valuable information, gaining money through a ransom or damaging their reputation. 43% of cyber attacks these organizations are facing are Advanced Malware, APT Attacks or zero-day attacks.
With adversaries getting sophisticated and carrying out advanced malware attacks, detecting and responding to such intrusions is critical for cyber security professionals. The knowledge, skills, and tools required to analyze malicious software are essential to detect, investigate and defend against such attacks.
This training takes you in a journey in the topic of malware analysis covering targeted attacks and ransomware attacks with their techniques, strategies and the best practices to respond to them. The training is full of hands-on labs on performing malware analysis, Rootkit analysis and full attack investigations with different real-world samples.
You will also receive a copy of Mastering Malware Analysis book to help you further enhance your skills in malware analysis and deal with advanced techniques, different platforms such as IoT/Linux, Android, Mac .. etc and different scripting and interpreted languages.
What previous attendants said about this training:
“I was always feeling that malware is something scary, something I can’t understand or control. Now I feel it’s not scary anymore. I can actually analyse it, understand it and control it.” by Fung Dao Ying, System Analyst in Bintulu Port Holding Berhad
APT Attacks & Malware Analysis:
Basic Static Analysis:
Behavioral Analysis & Sandboxing:
Code Analysis & Malware Functionalities:
Intro To x86/x64 Assembly:
Static & Dynamic Code Analysis In-Depth:
Encryption, Packing & Obfuscation
Spear-phishing Attacks with Malicious Documents:
Investigating User-Mode Rootkits & API Hooking:
Memory Forensics & Volatility Overview:
Investigation Process Memory Using Volatility:
This course is intended for Cyber Security investigators, Cyber Security Heads and Managers, Security Researchers, Information Technology Heads and Managers, Forensic Practitioners, Incident Responders Malware Analysts, System Administrators, Software Developers ,and security professionals who would like to expand their skills and Anyone interested in learning Malware Analysis and Memory Forensics.
Note: VMware player or Virtual Box is not suitable for this training.
Amr Thabet is a former malware researcher at Symantec and currently a vulnerability researcher at Tenable. He is the author of "Mastering Malware Analysis" published by Packt Publishing. He had worked on the analysis of multiple nation-state sponsored attacks including the NSA malware families (Stuxnet & Regin), North Korea (Contopee) and many other highly advanced attacks.
Amr has spoken at top security conferences all around the world, including DEFCON and VB Conference. He was also featured in Christian Science Monitor for his work on Stuxnet.
His mission is to help students all around the world to build their expertise in malware analysis and most importantly, protect their infrastructure from targeted attacks, ransomware attacks and other threats that could target their organization
These intensive 2-days course is designed to teach the right way to approach an incident in an enterprise scenario. Nowadays threats and attacks have become more and more complex than years ago, so every company needs to have a dedicated team (CERT/CSIRT) able to rapidly detect and respond these threats. Companies need to understand that hidden threats could already exist into their infrastructures or networks and they should not make the mistake of thinking that their security systems are perfect and inviolable. This course wants to teach the best methodologies and techniques to discover a compromise and, later, to provide the right skills to conduct a deep forensics investigation. We will start speaking about the six phases of an incident response (Preparation, Identification, Containment, Eradication, Recovery and Lesson Learned) and we will continue speaking about differences between Incident Response and Threat Hunting. Students will better understand and learn, with the hand-on labs, different kind of malware behaviors, including the latest techniques to perform evasion and persistence as well as discovering how a file-less malware works. People playing the "Blu Team game" should know that every and each attacker actions leaves a trace; for this reason during the course we will analyze the most famous TTPs (Tactics, Techniques, and Procedures) used by malicious actors and the corresponding artifact left on the system such as prefetch files, socket connections, shimcache, amcache, etc. Finally, students will learn how to write a report with all the information discovered during the digital forensics investigation. Common tools the students will practice with during the course include the entire sets of free software developed by Eric Zimmerman, RAM Capture, DumpIt, densityscout, sigcheck, volatility framework (version 2 and version 3), log2timeline, Yara, etc…
DAY 1: - Setting up laboratory scenario - Incident Response vs Threat Hunting - ATT&CK Framework, who are you? - Live Response and triage - Malware evasion techniques - Malware persistence techniques - WMIC & PowerShell forensics - Principles of Memory forensics - Investigating Lateral Movement - NTFS forensics
DAY 2: - Windows Forensics in-depth - Prefetch files analysis - Shimcache analysis - Amcache analysis - LNK analysis - Evt/Evtx analysis - Timeline analysis - Anti-forensics detection - Write custom YARA Rules - How to write a good report
Incident Response, Digital Forensics, Threat Intelligence, Windows Forensics, Memory Forensics
Basic forensics and windows knowledge
Material to bring by attendees
Laptop with a virtualization software installed (Virtual Box or VMWare), WiFi connection, 4+ GB of RAM, USB port (for pendrive), at least 40+ GB of free space on the hard disk
Alessandro Di Carlo is Chief Technology Officer at BIT4LAW Srl, an Italian company leader in digital forensics and incident response services. Alessandro is a well-known Digital Forensics and Incident Response expert with extensive experience in collaborating with Law Enforcement Agencies and Critical National Infrastructure players. He holds various security related certifications like GCFA (Giac Certified Forensic Analyst), GASF (Giac Advanced Smartphone Forensics), eCDFP (eLearnSecurity Certified Digital Forensics Professional) and others. He is 3x SANS Institute Lethal Forensicator. Alessandro is often invited to speak at national and international cybersecurity conferences like HackInBo, CDANS (Cyber Defence and Network Security), Droidcon, etc. Formerly Alessandro was head of Penetration Testing & Incident Response for an Italian multinational company.
Guillaume Lopes and Davy Douhine, senior pentesters, will share many techniques, tips and tricks to deliver to pentesters, bug bounty researchers, app makers or just curious a 100% hands-on 3 days mobile training. Goal is to introduce tools (Adb, Apktool, Jadx, Cycript, Frida, Hopper, Needle, etc.) and techniques to help you to work faster and in a more efficient way in the mobile (Android and iOS) ecosystem.
This is the exact training that you would have liked to have before wasting your precious time trying and failing while trying to assess the security of mobile applications. Main topics of the training are based on the fresh OWASP MSTG (Mobile Security Testing Guide):
Pentesters, bug bounty researchers, app makers or just curious
Guillaume Lopes is a pentester with 10 years of experience in different fields (Active Directory, Windows, Linux, Web applications, Wifi, Android). Currently working as a Senior Penetration Tester at RandoriSec and also member of the Checkmarx Application Security Research Team. He also likes to play CTF (Hackthebox, Insomni'hack, Nuit du Hack, BSides Lisbon, etc.) and gives a hand to the Tipi'hack team.
Founder of RandoriSec (https://randorisec.fr/) a security focused IT firm, Davy is working in the itsec field since almost fifteen years. He has mainly worked for financial, banks and defense key accounts doing pentests and trainings to help them to improve their security. He enjoys climbing rocks in Fontainebleau or in the Bourgogne vineyards and practice Brazilian jiu-jitsu.
Take back home your own kit of lockpicking + bypass kit + RF/RFID Accessories at the end of the training + a book summarizing what you have learned!
From beginners to specialists, this training will make you a proficient physical pentester.
Practice oriented, during this course you will pick locks, bypass deadbolts and safety doors, mold keys, decode keys from a picture, do privilege escalation on simple and advanced masterkey systems, identify and duplicate RF and RFID credentials…
After only 3 days, you will be able to enter and assess a vast amount of infrastructures, including headquarters, hotels, power plants, offices… And through regular practice, you will be able to enter most buildings without breaking anything, allowing you to gain a physical access to your pentest target (server room, CEO laptop…) and, in addition to your computer-based skills, help your clients secure the full spectrum of IT flaws including the physical aspects.
Resources : 1 working place per attendee, comprising a training manual, lockpick tools, bypass tools, locks, molding material, bumpkeys, pick guns…
## Module 1
Physical intrusion vectors
Discover physical security
Introduction to scenarios
## Module 2 Wafer locks and tubular locks opening
## Module 3 Combination padlocks and key boxes
Module 4 Pin tumbler locks lockpicking
Single Pin Picking
Module 5 The Key vector
Keyed Alike locks * Finding the key of your target
Module 6 The Door vector
Non Destructive Opening of the door
Module 7 RF and RFID introduction
Tools and techniques summary
Security trainer for pentesters, computer scientists and the military for 10 years, Alexandre Triffault ( @Frenchkey_FR ) is developing tools and techniques to circumvent physical security devices. Specialized in 3D printing Keys and Tools, his work consists in finding and exploiting the flaws in access control systems, electronic or mechanical.
Preferred targets are Locks, Padlocks, Doors, RF, RFID, and Alarms Systems. His research concentrates on Physical Security; including lockpicking, forensic locksmithing, bypass of electronic locks, bypass of alarm systems, 3D modeling & printing of complex keys and more generally surreptitious techniques for opening locks.
He is World Champion in impressioning technique (LockCon 2016). He has lectured his research over the years at various international conferences and workshops, such as Nuit du Hack (FR), Defcon Lockpick Village (US), Hackito Ergo Sum (FR), LockCon (NL), SigSegV1 (FR), IT Defense (DE), GS Days (FR)… He is also a Research Associate at the Virology and Cryptology Lab at ESIEA and gives physical security classes in several IT Schools. Last but not least, he delivers training and consulting to multiple governmental and private organizations in Europe.
With this class students will learn how to find interesting radio-communications and ways to attack targeted systems:
Day 1 is an introduction to radio that will help students to learn it's concepts and the techniques used today to receive and transmit signal, but also the constraints that we have to deal with in heterogeneous environments:
Introduction to radio
Software-Defined Radio devices
Faraday cages and how to design a very cheap one Use of attenuators and software gain parameters
Day 2 will put the student in the playground of Software-Defined Radio, where every idea can be written to be simulated and then concretized to realize receivers and transmitters depending on the chosen hardware limitations:
Introduction du GnuRadio Software-Defined Radio processing in the chain Practice with GnuRadio Companion
Investigation and handy tools
Day 3 resumes and applies previous chapters to study physical intrusion systems and brings useful tricks for Red Team tests as well as pentests:
Common sub-GHz Remotes
Devices using the mobile network (2G/3G/4G)
Attacking Custom devices
Some feedbacks on connected locks
The training will provide strong feedback and techniques when attacking radio devices in non-perfect environment and ways to succeed your pentests or red team tests. Student will also get hardware to play at home including a SDR to transmit and receive signal and RF transmitter that could be customized and continue to practice after the training.
Resources of the trainer
Sebastien Dudek is a security researcher and founder of the PentHertz lab that focuses on hardware, radio-communication, physical accesses and IoT devices. For over 8 years he has been particularly passionate about flaws in radio-communication systems. He has made several publications on mobile security (Baseband fuzzing, interception, mapping, etc.) and on data transmission systems with power lines (Power-Line Communication, HomePlug AV) and car and charging station hacking using V2G (Vehicle-to-Grid). He also focuses on practical attacks with various technologies such as Wi-Fi, RFID and other systems that he encountered during his Red Team and penetration tests.
This training will focus on all major aspects of the Windows post-exploitation process: breaking restricted environments, subverting operating system controls, privilege escalation (logic/configuration/permission/software bugs), bypassing User Account Control (UAC) and persistence. The training will be beneficial to attackers and defenders alike. Participants will gain an in-depth understanding of common pitfalls when configuring the Windows estate. They will see what tools the attacker has at his disposal, how to live-off-the-land and where to achieve long-term residence when access has been acquired. All sections of the training are accompanied by intense hands-on labs where students will put the theory into practice. The training will simulate real-world environments allowing attendees to later directly apply the content in the field! A detailed understanding of Windows is not required to attend the training, however a basic familiarity with the windows command line (cmd/PowerShell), the Sysinternals Suite and certain concepts such as schedule tasks, services and UAC will be greatly beneficial.
A detailed understanding of Windows is not required to attend the training, however a basic familiarity with the windows command line (cmd/PowerShell), the Sysinternals Suite and certain concepts such as schedule tasks, services and UAC will be greatly beneficial.
Members of the red & blue team, penetration testers, system administrators, SOC analysts and security enthusiasts.
Materials to bring by attendees
User Account Control
Ruben Boonen (@FuzzySec) is a member of of IBM’s X-Force Red Team, providing public & private sector clients assurance around the security posture of their products and infrastructure. Before joining IBM, Ruben worked in defense, on FireEye’s Technical Operations & Reverse Engineering (TORE) team, and offence as a senior security consultant. While Ruben has previously led a wide variety of engagements, along the way he developed a special interest for all things Windows. His current areas of research include Windows internals, privilege escalation, C#/PowerShell trade-craft and memory manipulation.
If we cancel a training after your order, you will be refunded the full price of the training
If you have any question or request, you can contact us at: +33 1 78 76 58 16
Talk Participate to the talks, workshops and wargame for €84.00