This year, your 2-day pass for Hack In Paris includes access to talks, workshops and wargame.
This class teaches the audience a wealth of hacking techniques to compromise modern-day web applications, APIs and associated end-points. This class focuses on specific areas of appsec and on advanced vulnerability identification and exploitation techniques. The class allows attendees to learn and practice some neat, new and ridiculous hacks which affected real-life products and have found a mention in real bug-bounty programs. The vulnerabilities selected for the class either typically go undetected by modern scanners or the exploitation techniques are not so well known.
Attendees will also benefit from a state-of-art Hacklab and we will be providing FREE 30 days lab access after the class to allow attendees more practice time. Some of the highlights of the class include:
Modern JWT, SAML, OAuth bugs
Core business logic issues
Practical cryptographic flaws.
RCE via Serialization, Object, OGNL and template injection.
Exploitation over DNS channels
Advanced SSRF, HPP, XXE and SQLi topics.
Attack chaining and real life examples.
This class talks about a wealth of hacking techniques to compromise web applications, APIs, cloud components and other associated end-points. This class focuses on specific areas of appsec and on advanced vulnerability identification and exploitation techniques (especially server side flaws). The class allows attendees to practice some neat, new and ridiculous hacks which affected real life products and have found a mention in real bug-bounty programs. The vulnerabilities selected for the class either typically go undetected by modern scanners or the exploitation techniques are not so well known.
Note: This is a medium paced class and attendees are expected to have a basic understanding of common web vulnerabilities and attacks. Attendees will also benefit from a state-of-art Hacklab and we will be providing free 30 days lab access after the class to allow attendees more practice time.
The following is the course outline:
Advanced XXE Attacks
Complex Business Logic Flaws / Authorization flaws
Day 2 :
Server-Side Request Forgery (SSRF)
SQL Injection Masterclass
Remote Code Execution (RCE)
Attacking the Cloud
Tricky File Uploads
Attacking Hardened CMS
Miscellaneous Topics - A Collection of weird and wonderful XSS and CSRF attacks - Attack Chaining
The latest hacks in the world of web hacking. The class content has been carefully handpicked to focus on some neat, new and ridiculous attacks.
We provide a custom kali image for this class. The custom kali image has been loaded with a number of plugins and tools (some public and some NotSoPublic) and these aid in quickly identifying and exploiting vulnerabilities discussed during the class.
The class is taught by a real pentester and the real-world stories shared during the class help attendees in putting things into perspective.
WHO SHOULD TAKE THIS COURSE
AUDIENCE SKILL LEVEL
Students must bring their own laptop and have admin/root access on it. The laptop must have a virtualization software (virtualbox / VMWare) pre installed. A customized version of Kali Linux (ova format) containing custom tools, scripts and VPN scripts for the class will be provided to the students. The laptop should have at least 4 GB RAM and 20 GB of free disk space dedicatedly for the VM.
Users are also encouraged to familiarize themselves with Burp Suite https://portswigger.net/burp/communitydownload to gain maximum out of the class.
WHAT STUDENTS SHOULD BRING
See student requirement
WHAT STUDENTS WILL BE PROVIDED WITH
Access to a hacking lab not just during the course but for 30 days after the class too. This gives them plenty of time to practice the concepts taught in the class. Numerous scripts and tools will also be provided during the training, along with student handouts.
Our courses also come with detailed answer sheets. That is a step by step walkthrough of how every exercise within the class needs to be solved. These answer sheets are also provided to students at the end of the class.
Dhruv Shah is an information security professional working as an Associate Director at NotSoSecure. He has over 11+ years of experience in application, mobile, and network security. He has co-authored the book 'Kali Linux Intrusion and Exploitation' and 'Hands-on Pentesting with BurpSuite' by Packtpub. He is also a trainer of NotSoSecure's much-acclaimed Advanced Web Hacking class and has been a trainer at several leading public conferences such as Black Hat Vegas, Chicago, Alexandria, Japan, Hack in Paris, Texas Cyber Summit, OWASP Appsec Israel, etc. He has provided security training to various clients in the UK, EU, and USA via corporate training. His online presence is with the handle @snypter.
Bluetooth Low Energy is one of the most exploding IoT technologies. BLE devices surround us more and more – not only as wearables, toothbrushes and sex toys, but also smart locks, medical devices and banking tokens. Alarming vulnerabilities of these devices have been exposed multiple times recently. And yet, the knowledge on how to comprehesively assess their security seems very uncommon. This is probably the most exhaustive and up to date training regarding BLE security – for both pentesters and developers. Based on hands-on exercises with real devices (including multiple smart locks), dedicated personal device flashed to a BLE devkit, and a deliberately vulnerable, training hackmelock.
RFID/NFC, on the other hand, has been around us for quite long. However, the vulnerabilities pointed out years ago, probably won’t be resolved in a near future. It is still surprisingly easy to clone most access control cards used today. Among other practical exercises performed on real installations, the attendees will reverse-engineer an example hotel access system, and as a result will be able to open all the doors in facility. A list of several hundred affected hotels included.
Each attendee will receive 200 EUR hardware pack including among others Proxmark and Raspberry Pi (detailed below). The hardware will allow for BLE attacks (sniffing, intercepting), cloning and cracking multiple kinds of proximity cards, analyse BLE or NFC mobile applications, and most importantly - practice majority of the training exercises later at home.
Who should attend
Key learning objectives
Each student will receive
Take-away hardware pack for hands-on exercises consisting of:
Bluetooth Smart (Low Energy)
Sniffing BLE connections using RF layer hardware
HCI dump - capturing own BLE traffic
Device spoofing, active MITM interception
Relay attacks – abusing automatic proximity features (e.g. smart lock autounlock).
Various smart locks vulnerabilities case-studies
Advanced BLE MITM topics
Device DFU firmware update OTA services.
Bluetooth link-layer encrypted connections
Abusing BLE bonding trust relationships
Bluetooth Mesh, Bluetooth 5.0 – what these technologies change and what not in terms of BLE security.
BLE Hackmelock – open-source software emulated device with multiple challenges to practice at home.
BLE best practices and security checklist – for security professionals, pentesters, vendors and developers.
UID-based access control – practical exercises on example reader + door lock
Wiegand – wired access control transmission standard
Mifare Classic & its weaknesses – practical exercises based on hotel door lock system, ski lift card, bus ticket
Reverse-engineering data stored on card - based on a real hotel system
Mifare DESFire – introduction, sample attack on misconfigured access control system
Hitag2 access control
Intercepting card data from distance – building antenna, possibilities and limits.
Speaker, trainer and IT security consultant with over 15 years of experience. Participated in countless assessments of systems’ and applications’ security for leading financial companies, public institutions and cutting edge tech startups. Currently leads research on various topics in Polish software security company SecuRing and provides trainings regarding security of contemporary locks and access control systems (www.smartlockpicking.com). Beside research and training, he focuses on consulting and designing of secure solutions for various software and hardware projects, during all phases - starting from a scratch. Previously gave talks, workshops or trainings at HackInParis, BlackHat USA, multiple Appsec EU, HackInTheBox Amsterdam, Deepsec, BruCON, Confidence, Devoxx and many other events.
This is an immersive hands-on course aimed at a technical audience. Over the 3 days we will fully compromise a simulated enterprise covering a multitude of TTP's. The training is based around modern operating systems, using modern techniques and emphasising the exploitation of configuration weaknesses rather than throwing traditional exploits. This means logical thinking and creativity will definitely be put to the test.
Students will access a cloud-based LAB configured with multiple networks, some easily accessible, others not so. Course material and exercise content has been designed to reflect real-world challenges and students will perform numerous hands-on exercises including executing exploitative phishing campaigns against our simulated users to gain access to new networks, in turn bringing new challenges including IPv6 exploitation, subverting AMSI and AWL, passphrase cracking, pivoting, lateral movement, OOB persistence mechanisms and much more!
We also like to do things with a difference. You'll be provided access to an in LAB Elastic instance, where logs from all targets get pushed and processed. This allows you, whether an attacker or defender, to understand the types of artefacts your attacks leave and how you might catch or be caught in the real word.
We realise that training courses are limited for time and therefore students are also provided with the following:
MITRE ATT&CK framework Overview on using the in-LAB ELK stack Offensive OSINT Enumerating and exploiting IPv6 targets Pivoting, routing, tunnelling and SOCKS proxies Application enumeration and exploitation via pivots Linux living off the land and post exploitation Kubernetes and container security
Exploitative phishing against our simulated enterprise users Living off the land tricks and techniques in Windows [email protected] and [email protected] cracking Windows exploitation and privilege escalation techniques Windows Defender/AMSI and UAC bypasses Situational awareness and domain reconnaissance RDP hijacking
Bypassing AWL (AppLocker, PowerShell CLM and Group Policy) Extracting LAPS secrets Lateral movement for domain trust exploitation WMI Event Subscriptions for persistence Out of Band (OOB) data exfiltration Domain Fronting and C2
Who Should Attend:
This training is suited to a variety of students, including:
Penetration testers / Red Team operators SOC analysts Security professionals IT Support, administrative and network personnel
A firm familiarity of Windows and Linux command line syntax Understanding of networking concepts Previous pentesting and/or SOC experience is advantageous, but not required
Hardware / Software Requirements:
Students will need to bring a laptop to which they have administrative/root access, running either Windows, Linux or Mac operating systems Students will need to have access to VNC, SSH and OpenVPN clients on their laptop (these can be installed at the start of the training)
Previous Training Locations: The 2019 and 2020 releases of this training have been given at the following conferences.
Black Hat Asia (Virtual – September 2020) Wild West Hackin’ Fest (Virtual - September 2020) Black Hat USA (Virtual – August 2020) BruCon Spring Training (Virtual - June 2020) Wild West Hackin’ Fest (Virtual - March 2020) 44CON (UK - June 2019) Nolacon (USA - May 2019) Wild West Hackin’ Fest (USA - October 2019)
Will (@Stealthsploit) co-founded In.security in 2018. Will’s been in infosec for over a decade and has helped secure many organisations through technical security services and training. Will’s delivered hacking courses globally at several conferences including Black Hat and has spoken at various conferences and events. Will also assists the UK government in various technical, educational and advisory capacities. Before Will was a security consultant he was an experienced digital forensics consultant and trainer.
Owen (@rebootuser) is a co-founder of In.security, a specialist cyber security consultancy offering technical and training services based in the UK. He has a strong background in networking and IT infrastructure, with well over a decade of experience in technical security roles. Owen has provided technical training to a variety of audiences at bespoke events as well as Black Hat, Wild West Hackin’ Fest, NolaCon, 44CON and BruCON. He keeps projects at https://github.com/rebootuser.
The number of cyber attacks is undoubtedly on the rise, targeting government, military, public and private sectors. These cyber attacks focus on targeting individuals or organizations with an effort to extract valuable information, gaining money through a ransom or damaging their reputation. 43% of cyber attacks these organizations are facing are Advanced Malware, APT Attacks or zero-day attacks.
With adversaries getting sophisticated and carrying out advanced malware attacks, detecting and responding to such intrusions is critical for cyber security professionals. The knowledge, skills, and tools required to analyze malicious software are essential to detect, investigate and defend against such attacks.
This training takes you in a journey in the topic of malware analysis covering targeted attacks and ransomware attacks with their techniques, strategies and the best practices to respond to them. The training is full of hands-on labs on performing malware analysis, Rootkit analysis and full attack investigations with different real-world samples.
You will also receive a copy of Mastering Malware Analysis book to help you further enhance your skills in malware analysis and deal with advanced techniques, different platforms such as IoT/Linux, Android, Mac .. etc and different scripting and interpreted languages.
What previous attendants said about this training:
“I was always feeling that malware is something scary, something I can’t understand or control. Now I feel it’s not scary anymore. I can actually analyse it, understand it and control it.” by Fung Dao Ying, System Analyst in Bintulu Port Holding Berhad
APT Attacks & Malware Analysis:
Basic Static Analysis:
Behavioral Analysis & Sandboxing:
Code Analysis & Malware Functionalities:
Intro To x86/x64 Assembly:
Static & Dynamic Code Analysis In-Depth:
Encryption, Packing & Obfuscation
Spear-phishing Attacks with Malicious Documents:
Investigating User-Mode Rootkits & API Hooking:
Memory Forensics & Volatility Overview:
Investigation Process Memory Using Volatility:
Who Should Attend
This course is intended for Cyber Security investigators, Cyber Security Heads and Managers, Security Researchers, Information Technology Heads and Managers, Forensic Practitioners, Incident Responders Malware Analysts, System Administrators, Software Developers ,and security professionals who would like to expand their skills and Anyone interested in learning Malware Analysis and Memory Forensics.
Note: VMware player or Virtual Box is not suitable for this training.
Amr Thabet is a former malware researcher at Symantec and currently a vulnerability researcher at Tenable. He is the author of "Mastering Malware Analysis" published by Packt Publishing. He had worked on the analysis of multiple nation-state sponsored attacks including the NSA malware families (Stuxnet & Regin), North Korea (Contopee) and many other highly advanced attacks.
Amr has spoken at top security conferences all around the world, including DEFCON and VB Conference. He was also featured in Christian Science Monitor for his work on Stuxnet.
His mission is to help students all around the world to build their expertise in malware analysis and most importantly, protect their infrastructure from targeted attacks, ransomware attacks and other threats that could target their organization
Take back home your own kit of lockpicking + bypass kit + RF/RFID Accessories at the end of the training + a book summarizing what you have learned!
From beginners to specialists, this training will make you a proficient physical pentester.
Practice oriented, during this course you will pick locks, bypass deadbolts and safety doors, mold keys, decode keys from a picture, do privilege escalation on simple and advanced masterkey systems, identify and duplicate RF and RFID credentials…
After only 3 days, you will be able to enter and assess a vast amount of infrastructures, including headquarters, hotels, power plants, offices… And through regular practice, you will be able to enter most buildings without breaking anything, allowing you to gain a physical access to your pentest target (server room, CEO laptop…) and, in addition to your computer-based skills, help your clients secure the full spectrum of IT flaws including the physical aspects.
Resources : 1 working place per attendee, comprising a training manual, lockpick tools, bypass tools, locks, molding material, bumpkeys, pick guns…
## Module 1
Physical intrusion vectors
Discover physical security
Introduction to scenarios
## Module 2 Wafer locks and tubular locks opening
## Module 3 Combination padlocks and key boxes
Module 4 Pin tumbler locks lockpicking
Single Pin Picking
Module 5 The Key vector
Keyed Alike locks * Finding the key of your target
Module 6 The Door vector
Non Destructive Opening of the door
Module 7 RF and RFID introduction
Tools and techniques summary
Security trainer for pentesters, computer scientists and the military for 10 years, Alexandre Triffault ( @Frenchkey_FR ) is developing tools and techniques to circumvent physical security devices. Specialized in 3D printing Keys and Tools, his work consists in finding and exploiting the flaws in access control systems, electronic or mechanical.
Preferred targets are Locks, Padlocks, Doors, RF, RFID, and Alarms Systems. His research concentrates on Physical Security; including lockpicking, forensic locksmithing, bypass of electronic locks, bypass of alarm systems, 3D modeling & printing of complex keys and more generally surreptitious techniques for opening locks.
He is World Champion in impressioning technique (LockCon 2016). He has lectured his research over the years at various international conferences and workshops, such as Nuit du Hack (FR), Defcon Lockpick Village (US), Hackito Ergo Sum (FR), LockCon (NL), SigSegV1 (FR), IT Defense (DE), GS Days (FR)… He is also a Research Associate at the Virology and Cryptology Lab at ESIEA and gives physical security classes in several IT Schools. Last but not least, he delivers training and consulting to multiple governmental and private organizations in Europe.
If we cancel a training after your order, you will be refunded the full price of the training
If you have any question or request, you can contact us at: +33 1 78 76 58 16