DNS is a core protocol for everything we do on the Internet and we can use that to our advantage to protect our home & business networks. By sending malicious or ad-laden domains to a blackhole we are able to protect entire networks in a way no single endpoint software can. Want to protect your desktops, laptops, tablets, phones, and even smart devices on your network? Even better, do it with an inexpensive Raspberry Pi?
Most IT and Infosec professionals agree that hands-on experience is the key to developing your talent, and advancing your career. Everyone needs a place to practice, because practice makes perfect, Right? But where do you start? That is what this training is all about! This goal of this training will be to teach students on how to build a virtual lab environment for studying various aspects of information technology that interest you.
Automated scanners won’t yield you bugs these days. They take tens of hours to get completed that too with a high false rate. You need a minimal smart scanner with easy installation, easy configuration, and relatively high accuracy while hunting for bugs. This talk is focused on creating such a browser extension to yield better results in less time. The browser extension requires less manual effort and produces more accurate results in just a few seconds.
This workshop is a crash course for anyone wanting to detonate malware and set up Cuckoo Sandbox. Students will receive hands-on experience in Cuckoo Sandbox’s malware analysis, reverse-engineering, and forensic capabilities. By providing step-by-step instructions during setup and first-time use, this workshop aims to remove the complexity and initial frustrations of setting up Cuckoo Sandbox alone. To help students gain familiarity with Cuckoo Sandbox’s rich feature set, the workshop is divided into two parts:
Cyber Security can mean a lot of different things to a lot of different people. In this class we take a holistic approach to understanding Cyber Security using Kali Linux and describe section by section what the tools are and what they do. During the class you will be given a chance to use your new found skills in our custom CTF training environment. SPEAKER Josh Turley SPEAKER Jayson Brown
While BLE CTF is in fact a cft, it was created as a series of learning exercises to teach the fundamentals of interacting with and hacking Bluetooth Low Energy. Each exercise, or flag, aims to iteratively teach a new concept to the user. For this workshop, we will step through a series of exercises to teach beginner students new concepts and allow more seasoned users to try new tools and techniques.
Scripting and automation are absolutely critical to many aspects of an attacker’s effectiveness, penetration tester or otherwise. Modern WAFs and “bot detections” often add a small layer of intelligence to their monitoring, attempting to determine whether or not an attack is being automated, and shut the bot/botnet down. This class will cover how common forms of WAF & bot detections work and how you can modify your scripting to fly under the radar.
In this workshop, we’ll write custom Python scripts to automate and augment penetration testing. Learn the basics of port scanning, crafting custom packets, and building your own exploits in Python. We will work through examples using a Jupyter Notebook, which you can make a copy of to play around with after the conference. (To get the most out of this class, you should already have some basic programming experience in Python or a similar programming language like Ruby.
This is an introductory course on using Windows Powershell 5.1 and Powershell 7 (Formerly Powershell Core) with a focus on skills that are useful for Defenders. Powershell is a highly effective tool that is available in a large amount of enterprises. Agenda: Introduction to Windows Powershell and Powershell Core -Setting up a Powershell test lab in Amazon Web Services -Nuances of Powershell Core , and Powershell 5.1/ Powershell Core backwards compatibility -Current limitations of Powershell Core -Useful things you can make/ do in Powershell -Common Defensive Security Use-Cases for Powershell -Powershell Tips and Tricks, to make your life easier
The goal of the training is to give a red teamer’s perspective to hackers and penetration testers who want to up their game of VAPT. We will start first with the fundamental concepts of red teaming and its process followed by differentiating how red-teaming is different than normal pentesting and the benefits of having a red-teaming approach towards application security testing. After this, the training will build upon from the ground up starting with the fundamental concepts of Information Gathering and Recon + various un-common tools and techniques to gather much more information about a target.