Corelan is back at Hack In Paris for the 6th time, offering the 'Advanced Win32 Exploitation' course again.
The Corelan® “ADVANCED” exploit development class is a fast-paced, mind-bending, hands-on course where you will learn advanced exploit development techniques from an experienced exploit developer.
This is most certainly not an entry level course. In fact, this is a one of the finest and most advanced courses you will find on Win32 exploit development. This is a truly unique opportunity to learn advanced exploitation skills from “corelanc0d3r”, the founder of Corelan Team, author of mona.py, and author of numerous tutorials on Exploit Development for the Win32 platform.
You will leave this class with an arsenal of tools, techniques and insights that will allow you to find bugs more easily, understand and manipulate the Windows heap, diagnose and understand heap corruptions and write complex exploits.
Students are expected to understand the basics of memory management on Windows (stack, heap, process virtual memory layout), master stack based buffer overflows (saved return pointer overwrites, SEH overwrites), and have practical experience with ASLR & DEP bypass (i.e. you must be able to write ROP chains yourself).
Peter Van Eeckhoutte is the founder of Corelan Team and the author of the well-known tutorials on Win32 Exploit Development Training . The team gathers a group of IT Security enthusiasts and researchers from around the world, who all share common interests: doing research, gather & share knowledge, and perform responsible/coordination disclosure. Above all, the team is well known for their ethics and their approach to helping other people in the field.
With his team, he has developed and published numerous tools that will assist pentesters and exploit developers, and published whitepapers/video’s on a wide range of IT Security related topics (pentesting tools, (malware) reverse engineering, etc). The team also moderates a forum that provides a platform for people who want to talk about exploit development, and operates an IRC channel (freenode, channel #corelan).
Peter has been an active member of the IT Security community for close to 15 years and has been working on exploit development for 10 years. He presented at security conferences (Athcon, Hack In Paris, DerbyCon) and delivered the Corelan Live Win32 Exploit Development Bootcamp at various places around the globe. He trained security enthusiasts & professionals from private companies, government agencies and military. You can read more about their experiences on his website.
Tired of watching hardware products getting hacked every day without having your part of fun ? Don't worry it will not be the case anymore! This training teaches you hardware hacking in its most pragmatic aspects by using both theory and practice (hands-on). It follows a simple (but efficient) training methodology based on a "Discover / Analyze / Attack & Protect" guideline that can be applied to any kind of hardware product (Internet of Insecure Things included). Each student will receive a Hardsploit hardware hacking tool, with a value of 250 euros.
This course smartly mix methods and tools in order to give you all the necessary knowledge to be able to perform hardware security audits by yourself. The last part but not least our "Capture The Drone" hands-on to complete the training by practicing what you have learned in an attack/defense scenario featuring our favourite small flying things.
Julien MOINARD, is an electronic engineer with a solid background in this field (over 8 years) & Security consultant, associated with many personal and professional experiments in the field of micro controllers. Furthermore, he contributes to the Hardsploit project as a project leader. He is also a senior hardware pentester at SERMA SAFETY AND SECURITY. Julien attended as a trainer at Hack In Paris & BlackHat and as a speaker to numerous conferences,Hack In The Box, NullCon,CanSecWest, Chaos Computer Club, BlackHat.
Making & Breaking Machine Learning Systems is a fast paced training session on machine learning from the infosec professional’s point of view. In this training, students will not only get hands-on experience with developing intelligent, learning security applications, but also learn the techniques for training, tuning, and evaluating such systems. The course is positioned for security professionals who are interested in machine learning, but may not have any practical experience with it. Machine learning is becoming increasingly ubiquitous in a variety of fields, and security professionals educated in this subject matter are better positioned to assess the (often lacking) security postures of machine learning algorithms and systems. This class does not promise that students immediately become machine learning experts, but does ensure that all applications and techniques learnt can be directly and immediately applicable to the work done by security engineers, penetration testers, application developers, and infosec enthusiasts alike.
Making & B reaking Machine Learning Systems is a fast paced session on machine learning from the Infosec professionals point of view. The class is designed with the goal of providing students with a hands-on introduction to machine learning concepts and systems, as well as making and breaking security applications powered by machine learning. The lab session is designed with security use-cases in mind, since using machine learning in security is very different from using it in other situations. Students will get first hand experience at cleaning data, implementing machine learning security programs, and performing penetration tests of these systems. Each attendee will be provided with a comprehensive virtual machine programming environment that is preconfigured for the tasks in the class, as well as any future machine learning experimentation and development that they will do. This environment consist of all of the most essential machine learning libraries and programming environments friendly to even novices at machine learning. At the end of the class, students will be put through a CTF challenge that will test the machine learning development and exploitation skills that they have learned over the course in a realistic environment.
We will post a video soon.
To be a machine learning expert in just three days. This training will impart you all the necessary skills to start building security software using machine learning and teach the lesser known ways of exploiting such systems. Students need to put in further work and use the skills learnt in the class to continue their explorations in machine learning and keep up with the latest developments in this fast evolving field.
Clarence graduated with a B.S. and M.S. in Computer Science from Stanford University, specializing in data mining and artificial intelligence. He currently works as a Research Data Engineer at Shape Security, a startup in Silicon Valley building a product that protects from malicious bots and automated attacks on Global 2000 customers. At Shape, he works on the big data analysis systems that are used to tackle this problem. Clarence spoke on Machine Learning and Security at PHDays 2015 in Moscow, BSides Las Vegas 2015, Code Blue Tokyo 2015, SecTor Toronto 2015, and BSides NYC 2016. He had been a community speaker with Intel, and is also the founder and organizer of the "Data Mining for Cyber Security" meetup group, the largest gathering of security data analysis professionals in the San Francisco Bay Area.
Even wondered how different attacking a Mobile application would be, from a traditional web application? Gone are the days when knowledge of just SQL Injection or XSS could help you land a lucrative high-paying infoSec job. After the introduction of iOS 10 and Android 7 Nougat, We are bringing an updated version of the course with the latest tools & techniques. This will be an introductory course on exploiting iOS and Android applications, suited well for both beginners as well as advanced security enthusiasts. The training will be based on exploiting Damn Vulnerable iOS app, Android-InsecureBankv2 and other real-world application vulnerabilities in order to give an in-depth knowledge about the different kinds of vulnerabilities in Mobile applications. This course will also discuss how an attacker can secure their application using secure coding & obfuscation techniques. After the workshop, the students will be able to successfully pentest and secure applications running on the various operating systems. The training will also include a CTF challenge in the end where the attendees will use their skills learnt in the training to solve the CTF challenges. The students will be provided with Slides, tools and VMs used during the course.
This course is for penetration testers, mobile developers or anyone keen to learn mobile application security
Module 1 : Getting Started with iOS Pentesting
Module 2 : Static and Dynamic Analysis of iOS Apps
Module 3 : Exploiting iOS Applications
Module 4 : Reversing iOS Apps
Module 5 : Securing iOS Apps
OWASP member and contributor has been working in the infosec industry for about 5 years. He is currently working as an Information security engineer for an airlines company. During his five years, he has performed a number of penetration tests on mobile and web applications and even developed a lot of applications for the App Store. His core focus area is iOS application pentesting and exploitation. He is also the author of the open source vulnerable application named Damn Vulnerable iOS app and also runs a popular blog series on iOS application security at http://highaltitudehacks.com/security.
Penetration Tests and Red Team operations for secured environments need altered approaches. You cannot afford to touch disk, throw executables and use memory corruption exploits without the risk of being ineffective as a simulated adversary. To enhance offensive tactics and methodologies, PowerShell is the tool of choice.
This training is aimed towards attacking Windows network using PowerShell and is based on real world pen tests and Red Team engagements for highly secured environments. The course runs as a penetration test of a secure environment with detailed discussion and use of custom PowerShell scripts in each phase. Attendees will get free one month access to a complete Active Directory environment after the training. This training aims to change how you test a Windows based environment.
Nikhil Mittal is a hacker, infosec researcher, speaker and enthusiast. His area of interest includes penetration testing, attack research, defence strategies and post exploitation research. He has 6+ years of experience in Penetration Testing for his clients which include many global corporate giants. He is also a member of Red teams of selected clients. He specializes in assessing security risks at secure environments which require novel attack vectors and "out of the box" approach. He has worked extensively on using Human Interface Device in Penetration Tests and PowerShell for post exploitation. He is creator of Kautilya, a toolkit which makes it easy to use HIDs in penetration tests and Nishang, a post exploitation framework in PowerShell. In his spare time, Nikhil researches on new attack methodologies and updates his tools and frameworks. Nikhil has held trainings and boot camps for various corporate clients (in US, Europe and SE Asia), and at the world’s top information security conferences. He has spoken at conferences like Defcon, BlackHat USA, BlackHat Europe, RSA China, Troopers, DeepSec, PHDays, BlackHat Abu Dhabi, Hackfest, ClubHack, EuSecWest
"The great power of Internet Of Things comes with the great responsibility of security". Being the hottest technology, the developments and innovations are happening at a stellar speed, but the security of IoT is yet to catch up. Since the safety and security repercussions are serious and at times life threatening, there is no way you can afford to neglect the security of IoT products.
The course focuses on the attack surface on current and evolving IoT technologies in various domains such as home, enterprise Automation. It covers grounds-up on various IoT protocols including internals, specific attack scenarios for individual protocols and open source software/hardware tools one needs to have in their IoT penetration testing arsenal. We also discuss in detail how to attack the underlying hardware of the sensors using various practical techniques. In addition to the protocols and hardware we will extensively focus on reverse engineering mobile apps and native ARM/MIPS code to find weaknesses.
Throughout the course, We will use DRONA, a VM created by us specifically for IoT penetration testing. DRONA is the result of our R&D and has most of the required tools for IoT security analysis. We will also distribute DIVA – IoT, a vulnerable IoT sensor made in-house for hands-on exercises.
The “Practical Internet of Things (IoT) Hacking” course is aimed at security professionals who want to enhance their skills and move to/specialise in IoT security. The course is structured for beginner to intermediate level attendees who do not have any experience in IoT, reversing or hardware.
Aseem Jakhar is the Director, research at Payatu Technologies Pvt Ltd payatu.com a boutique security testing company. He is well known in the hacking and security community as the founder of null -The open security community, registered not-for profit organization http://null.co.in and also the founder of nullcon security conference nullcon.net and hardwear.io security conference http://hardwear.io He has extensive experience in system programming, security research, consulting and managing security software development projects. He has worked on various security software including UTM appliances, messaging/security appliances, anti-spam engine, antivirus software, multicast packet reflector, Transparent HTTPS proxy with captive portal, Bayesian spam filter to name a few. He currently spends his time researching on IoT security. He is an active speaker and trainer at security and open source conferences; some of the conferences he has spoken at include AusCERT, Defcon, Hack.lu, Black Hat, PHDays, Xcon, Cyber security summit - Bangalore, Cocon, OSI Days - Bangalore, Clubhack, Gnunify. His research includes Linux remote thread injection, automated web application detection and dynamic web filter. He is the author of open source Linux thread injection kit -Jugaad and Indroid which demonstrate a stealthy in-memory malware infection technique.
This is a brand new and unique web security course that takes the learner to the next level of web security. A perfect blend of latest and lesser known web attacks that are explained with ultimate details, accompanied by demos and “how tos” that you can apply in real world red-team pentesting. The course curriculum is designed to include web attacks and techniques that are not much documented in books, trainings, courses and elsewhere along with the well known OWASP Top 10 web vulnerabilities. To make the course more effective and practical, a live CTF will be organized for the attendees to apply what they have just learned. This course is made in such a way to accommodate latest attacks as and when they are discovered or published on various conferences like BlackHat, DEFCON, OWASP AppSec etc.
Ajin Abraham is a Security Engineer for IMMUNIO with 7+ years of experience in Application Security including 4 years of Security Research. He is passionate on developing new and unique security tools. Some of his contributions to Hacker's arsenal include OWASP Xenotix XSS Exploit Framework, Mobile Security Framework (MobSF), Xenotix xBOT, NodeJsScan etc to name a few. He has been invited to speak at multiple security conferences including ClubHack, NULLCON, OWASP AppSec Eu & AsiaPac, BlackHat Europe, Hackmiami, Confidence, BlackHat US, BlackHat Asia, ToorCon, Ground Zero Summit, Hack In the Box and c0c0n.
This full-fledged hands-on workshop will get the attendees familiar with the various Android as well as iOS application analysis techniques and bypassing the existing security models in both the platforms.
The main objective of this workshop is to provide a proper guide on how the mobile applications can be attacked and provide an overview of how some of the most important security checks for the applications are applied and get an in-depth understanding of these security checks.
The workshop will also include a CTF challenge designed by the trainer in the end where the attendees will use their skills learnt during the workshop to solve this challenge.
This workshop will mainly focus on the following :
The tools and techniques used in the workshop are all open source and no special proprietary tools need to be purchased by the attendees for analysis post the training. Some of the tools taught in the training will be helpful in analysis and automating test cases for security testing of the mobile apps:
The participants are expected to have a basic knowledge of Mobile Operating Systems. Knowledge of programming languages (Java and C, and Python for scripting) will be an added advantage to grasp things quickly
This workshop is for penetration testers, mobile developers or anyone keen to learn mobile application security
Sneha works as a Sr.Security Consultant with Payatu software labs LLP and holds C.E.H and E.C.S.A certifications. Her area of interest lies in Web application and mobile application security and fuzzing. She has discovered various serious application flaws within open source applications such as PDFLite.Jobberbase, Lucidchart and many opensource wordpress plugins and many more. She is also an active member of Null – The open security community in India, and a contributor to regular meetups at the Pune chapter. She has spoken and provided training at GNUnify, FUDCon, Defcamp#6, Nullcon, BSidesLV and DefCon 24.
Burp Suite is a powerful integrated platform for web application security. In this hands-on class, attendees will learn how to design and develop Burp Suite extensions for a variety of tasks. In just few hours, we will work on plugins to improve manual security testing efforts as well as to create fully-automated security tools. This workshop is based on real-life use cases where the extension capabilities of the tool can be unleashed to improve efficiency and effectiveness of security auditing. As an attendee, you will bring home a full bag of tricks that will take your web security skills to the next level.
Attendees are expected to have rudimental understanding of Burp Suite as well as basic object-oriented programming experience (Burp Extensions will be developed in Java). While Burp extensions are developed live in Java, attendees can work on Python or Ruby since all exercises are also provided in those languages.
Suitable for both web application security specialists and developers.
Attendees should bring their own laptop with the latest Java as well as their favourite IDE installed.
With over 14 years of experience in the application security field, Luca Carettoni is a respected web security expert. Throughout his career, he worked on security problems across multiple industries and companies of different size. He is the co-founder of Doyensec, an application security consultancy working at the intersection of offensive engineering and software development. At LinkedIn, he led a team responsible for identifying new security vulnerabilities in applications, infrastructure and open source components. Prior to that, Luca worked as the Director of Information Security at Addepar, a startup that is reinventing global wealth management. Proud to be a Matasano Security alumni, he helped bootstrapping the Silicon Valley office by delivering high-quality security assessments to software vendors and startups. As a security researcher, he discovered numerous vulnerabilities in software products of multiple vendors including 3com, Apple, Barracuda, Cisco, Citrix, HP, IBM, Oracle, Sun, Siemens, VMware, Zend and many others. Since the beginning of his career, he has been an active participant in the security community and a member of the Open Web Application Security Project (OWASP). Luca holds a Master’s Degree in Computer Engineering from the Politecnico di Milano University.
Continuous Build & Deployment tools, Message brokers, Configuration Management systems, Resource Management systems and Distributed file systems are some of the most common systems deployed in modern cloud infrastructures thanks to the increase in the distributed nature of software. Modern day pentesting is no more limited to remote command execution from an exposed web application. In present day scenario, all these applications open up multiple doors into a company’s infrastructure. One must be able to effectively find and compromise these systems for a better foothold on the infrastructure which is evident through the recent attacks on the application stack through platforms like Shodan paving way for a full compromise on corporate infrastructures.
In this 2 day course we start by looking at the application stack consisting of Databases,CI tools, Distributed Configuration & Resource management tools, Containers, Big Data Environments, Search technologies and Message Brokers.
Along with the training knowledge, the course also aims to impart the technical know-how methodology of testing these systems. This course is meant for anyone who would like to know, attack or secure the modern day stack. The students are bound to have some real fun and entirely new experience through this unique course, as we go through multiple challenging scenarios one might not have come across.
During the entire duration of the course, the students are expected to learn the following:
Students are encouraged to follow the technical training with hands-on approach to the facilitated labs for every module to gain deeper and practical understanding of the topic.
Knowledge of basic pentesting, web application working and linux command line basics,the ability to use a web proxy like Burp Suite, ZAP, and the ability to write basic scripts in any interpreted language is an added advantage.
The requirement for the course is a laptop with administrative and USB access and minimum configuration of 8GB RAM and 100GB hard-disk space.Full virtualisation support, Virtual Box and Docker should be installed. Unix box is preferred.
Pentesting some of the widely used systems in the modern stack :-
Module 0: Modern Application Stack
Module 1: Pentesting Databases:
Module 2: Public Cloud Environments
Module 3: CI Tools
Module 4: Software Collaboration Tools
Module 5: Message Brokers
Module 6: Containers
Module 7: Distributed Configuration Management Systems (DCMS)
Module 8: Distributed File System
Module 9: Kubernetes,Mesos and Marathon (Distributed Deployment & Resource Management)
Module 10: Search Technologies
10+ containerized labs to emulate sophisticated production stack along with applications.
Bharadwaj Machiraju is project leader for OWASP OWTF. He is mostly found either building a web appsec tool or hunting bugs for fame (hackerone.com/tunnelshade). All tools are available at github.com/tunnelshade and all ramblings at blog.tunnelshade.in . Spoke at few conferences notably Nullcon, Troopers, Brucon, Pycon India etc.. Apart from information security, he is interested in sleeping, mnemonic techniques & machine learning.
Francis Alexander , Security Engineer for Envestnet|Yodlee has over 3+ Years of Experience in the Application Security industry, the author of NoSQL Exploitation framework and NoSQL Honeypot. His areas of interest include NoSQL Databases, Machine Learning and Cloud Security. He has been invited to speak & train at variety of conferences such as Troopers, Insomn'hack, Hack in the Box, Hack in Paris, 44Con, Nullcon, C0c0n.
SAP is no longer an unknown black box for security community and SAP product appears more and more often in audit requests. This training is focused on SAP Netweaver ABAP. Because we can't cover all SAP software in two days, we decided to work on the most frequent vulnerabilities we faced during our pentests. We'll provide different SAP Systems with different configuration issues in 'realist' environment with a SAP security specialist who receives official acknowledgements from SAP for vulnerabilities reported. Few slides, lots of practical, this is the leitmotiv of this workshop. SAP knowledge is not required.
Yvan as near than 15 years old experiences in SAP. Begin as SAP basis administrator for various highest French companies. He focuses himself to SAP Security, where he's self-taught, since 5 years. He's now the SAP assessment and pentester leader at Devoteam security team. Discreet person, however, he receives official acknowledgements from SAP AG for vulnerabilities reported. He is in Grehack conference organization committee since years, and has been invited to talk in Clusir association.
Learn how to assess and secure IoT devices by having fun with hacking a dozen of devices among most profitable to attack - smart locks. The agenda will include: wireless sniffing, spoofing, cloning, replay, DoS, authentication and command-injection attacks, analyzing proprietary network protocols, breaking “Latest PKI technology”, abusing excessive services... The software-focused activities will be mixed with short entertaining tricks like opening lock by a strong magnet, counterfeiting fingerprints in biometric sensor or opening voice-controlled lock by hacking nearby speaking toys. Technologies covered will include: Bluetooth Smart, Linux embedded, KNX, NFC, WiFi, P2P, GSM, Wiegand, and others. Each student will receive a 100 EUR value hardware, consisting of Bluetooth hardware sniffer, Raspberry Pi configured with tools and Hackmelock for further practice at home.
What will be provided:
Here's a dedicated website on this topic: https://www.smartlockpicking.com
Contemporary laptop with virtualization software able to run Kali Linux (at least 4GB of RAM, 40GB space), Android > 4.3 smartphone
Moreover, everyone will also be able try oneself to:
Several exercises will be connected with electronic lock guarding a special box of goods from Poland. Whenever a participant will succeed in hacking the lock, the box opens automatically, and one can have a delicious cookie or a shot of a Polish vodka :)
This is the first time Social Engineering Engagement Framework (SEEF) author offers an in-person public workshop. Normally the workshops and briefings are closed-group private enterprise or Government only workshops. Profit from first-hand knowledge and experience of a social engineering and information security professional with 20 years of experience. What you will learn: Tools and techniques to plan, execute and manage social engineering engagements. What can and will be used against you, your employees and your organization. This training will provide the skills to detect, defend and assess social engineering attacks and the associates risk with it. You will learn the motivations and methods used by social engineers enabling you to better protect yourself and your organization.
None specific. Willing to learn and apply new things. A technical background is not necessary. Decision-maker, penetration tester, or hacking enthusiast, this training will be an excellent addition to your professional curriculum.
Professionals, Organisations and Governments. Individuals who have a professional interest in social engineering. Functions or roles requiring social engineering knowledge either for active use or for building protection against social engineering attacks. CISO's, Managers, Consultants, Developers, Hackers, Intelligence Org., Red Teams, Pentesters, Psychologists, Defence, Strategists, Tacticians, CxO's etc.
Laptop and note paper.
You can have the best technical security controls in the world, from the most expensive firewall to the most sophisticated biometric access control, but they will not protect you from social engineering attacks. This 2-day course will provide you with the skills to detect, defend and assess social engineering attacks. You will learn the motivations and methods used by social engineers enabling you to better protect yourself and your organization.
This is not a technical course no technical prerequisites are required. Some tools might be used in the course for achieving a purpose but there will no programming skills necessary. You will learn how some of the most elegant social engineering attacks take place. Learn to perform these scenarios and what is done during each step of the attack. Social Engineering is an area filled with ethical challenges, risks and legal landmines and I will do my best to share my experiences in this course. So participants can reap the benefits of my experiences without falling in to the pitfalls I have over the years.
Dominique C. Brack is a recognized expert in information security, including identity theft, social media exposure, data breach, cyber security, human manipulation and online reputation management. He is a highly qualified, top-performing professional with outstanding experience and achievements within key IT security, risk and project management roles confirming expertise in delivering innovative, customer-responsive projects and services in highly sensitive environments on an international scale. Mr. Brack is accessible, real, professional, and provides topical, timely and cutting edge information. Dominique’s direct and to-the-point tone of voice can be counted on to capture attention, and – most importantly - inspire and empower action.
Last year's conference appearance's:
Critical and sensitive infrastructure is becoming a new way to make money for cybercriminals. Taking advantage of vulnerabilities in PLC web applications the attacker found a way to get persistence- and nice point entries to infect and take over the whole infrastructure.
In this course we will cover how an attacker with proper OSINT research and web application security knowledge can achieve persistence in browser in order to expand the attack to the whole facility /infrastructure. The course will be hands on all the time, providing the attendees real world examples and techniques in order to find critical devices in the internet, from a smart home control to the power grid control/monitoring and so on..
PLC's webservers and other services provides useful information in order to recognize them - even if MODBBUS protocol is not possible to be detected, there are also other protocols and ways to find PLCs connected to the internet, we will cover how to get the device fingerprint correctly from modbus and also how snmp and other protocols can help us to find them in the internet. Let's write quickly in python a very useful tool in order to extract MODBUS device information string, also how to extract the ssl metadata and other useful data for PLC recognition.
Every year a new device/technology for industrial monitoring purposes is being deployed to the internet without the proper security code testing, this leads to find easily well know security issues in web applications. Let's exploit some PLCs in real time and check the impact of what we found. We will dissect 2 PLC's web applications 0-days found recently from well know vendors in the industry.
At the end there'll be a little challenge spotting vulnerability in a real PLC.
Bertin Bervis is a security researcher from Costa Rica and he is interested in industrial security research , currently is working for a cyber security firm in Santiago de Chile called CyberTrust Spa as security consultant, Bertin has been speaker in several security conferences around the world like DEFCON , Blackhat And Ekoparty.