All Trainings

A-Z

  • A Pen Tester’s Guide to Linux

    Trainer:  Maresca Joey @l0stkn0wledge

    This course is designed to be an introduction to Linux with a bit of a bend from the penetration tester’s view. While experience with Linux may be useful, it is not required to have success in this course. The class will be an introduction to Linux and working with the command-line interface. We’ll look at the basics, some of the best tools not just for hacking but also supporting your operating system. Students are welcome to install their own OS in a VM before class or there will be a compatible virtual machine made available to use in VMWare or VirtualBox.

     

  • Beginning Android App Reverse Engineering

    TrainerSchwartzberg David @DSchwartzberg

    This hands-on training is focused on introducing Android APK reverse engineering to begin students with an interest in the subject. We will begin understanding the Android operating system, using the Android Debug Bridge (ADB), the Android Virtual Device (AVD), examining the inside of an APK, converting the byte code to human readable format, modifying the APK, and redeploying it. As part of the lab exercise, we will work on the Android app CircleCityCon CTF questions. Students will complete this training with experience using common tools, methodologies, and manual reversing steps to uncover Android app strengths and weaknesses.

     

  • Better Security Through DNS Logging Using Open Source Tools

    Trainer: Nitterauer Jim @jnitterauer

    Security is difficult, especially budget and time are limiting factors. We have learned from experience that DNS is the key to uncovering communication between both friend and foe. We can uncover a great deal when we peeking into the trends revealed by our DNS traffic. First, we must understand our normal traffic patterns so we can spot anomalies. We must also understand what types of exploits can be carried out via DNS and how to spot the patterns of those exploits. This training will provide you with insight into simple methods for logging DNS queries from a variety of platforms including Microsoft AD DNS servers & standard Linux servers. We will instruct you on the setup, installation and configuration of Graylog, Elasticsearch NXLog and Packetbeats in our test environment. Students should being a laptop with either VMware Workstation or VirtualBox installed and ready to roll. We will build out a test environment that you can use to capture DNS traffic that you will generate against the DNS servers you prepare. We will then take some time to instruct you on ways to view, filter and manage your data including stream tagging and alerting. Students should make it a point to attend these two talks in track two on Saturday: 3:00pm (1h) Detecting DNS Anomalies with Statistics Jamie Buening 6:00pm (1h) DNS Dark Matter Discovery – There’s Evil In Those Queries Jim Nitterauer

     

  • Better Security Through DNS Logging Using Open Source Tools

    Trainer Kooperman Lennart @_lennart

    Security is difficult, especially budget and time are limiting factors. We have learned from experience that DNS is the key to uncovering communication between both friend and foe. We can uncover a great deal when we peeking into the trends revealed by our DNS traffic. First, we must understand our normal traffic patterns so we can spot anomalies. We must also understand what types of exploits can be carried out via DNS and how to spot the patterns of those exploits. This training will provide you with insight into simple methods for logging DNS queries from a variety of platforms including Microsoft AD DNS servers & standard Linux servers. We will instruct you on the setup, installation and configuration of Graylog, Elasticsearch NXLog and Packetbeats in our test environment. Students should being a laptop with either VMware Workstation or VirtualBox installed and ready to roll. We will build out a test environment that you can use to capture DNS traffic that you will generate against the DNS servers you prepare. We will then take some time to instruct you on ways to view, filter and manage your data including stream tagging and alerting. Students should make it a point to attend these two talks in track two on Saturday: 3:00pm (1h) Detecting DNS Anomalies with Statistics Jamie Buening 6:00pm (1h) DNS Dark Matter Discovery – There’s Evil In Those Queries Jim Nitterauer

     

  • Building and Running Security Exercises

    TrainerGoerlich Wolfgang @jwgoerlich

    Everyone is talking about threat modeling. And a few are talking about security exercises. But when you get down to it, practically no one does either. The reasons are simple: modeling can be complicated, there is conflicting information, and it is not clear what to do with the finished model. This session presents a pragmatic threat modeling exercise that can be accomplished in an afternoon. We will review how to find sources for threat models, communicating the findings, auditing and assessing the available controls, and driving change within the organization. In sum, this training presents a practical approach to rapidly getting the most from threat modeling and running security exercises.


     

  • Car Hacking Hands-On 🗓

    Trainer Leale Robert

    Learn how to connect to vehicle systems, send and receive messages, control and audit vehicle functions using vehicle communication protocols such as UDS, GMLAN, and Keyword 2000.

     

  • DNS Blackholing with Pi-Hole (aka How To Block Unwanted Ads & Malware on your network for cheap)

    TrainerMeyer Arden @that_guy_ego

    This training will cover the basics of DNS and how it can be manipulated for either exfiltration or protection and used in forensics or as a basic IOC. Focus will be placed on the idea behind a DNS blackhole for blocking access to unwanted sites (be it for advertisements, malware, or stopping the children from going to adult sites). Students will be shown how to install and configure a Pi-Hole then deploy it to protect their own network (home or small-business). To gain the most from this class students should bring a Raspberry Pi (Pi-3 preferred) with power and a 16GB microSD card, plus a laptop and a network cable. No previous experience is necessary, however familiarity with linux will help. If you are new to the Raspberry Pi, it is strongly suggested you attend the class “The Basics Power of Pi” also being offered at Circle City Con.

     

  • Intro to Ham Radio

    Trainer Herman Justin @JDogHerman

    Interested in getting your FCC license but don’t know where to start? This class will cover everything you will need to know to be able to pass the technician class license and get on the air. Students are encouraged to bring an open mind. No previous experience necessary. No complected math will be required to pass. If students have access to a handheld transceiver please bring them to the class as we will be using them in demos.

     

  • Intro to Windows Forensics Using Free Tools

    Trainer:
    Thompson Marcus @imarcusthompson

    This course introduces participants to the fundamentals of digital forensics for Windows-based systems. You will learn how to preserve, acquire, examine, and analyze digital evidence for an investigation. Topics include disk basics, disk imaging, NTFS, Windows Registry, live memory acquisition, file carving, artifact correlation, and timelining. Several hands-on exercises are included. Requisite knowledge includes computer architecture, data representation (hex to decimal conversions), basic SQL, and basimmand line.

     

  • Level Up Your Leadership

    Trainer:
    Goerlich Wolfgang @jwgoerlich

    Trainer: Shafer-Pond Stefanie @techneviah

    Leading IT security or CyberSecurity? It’s hard, right? We ask them to go left, and they go right. We need them to apply a patch, code a change, or configure a secure setting. And they don’t, or won’t, or worse yet say it’s done when it’s not. People are hard. Level Up Your Leadership is a 4-hour training designed to make it easier. The session will equip you with the tools and hacks needed to become more effective at getting people to get things done. We discuss coaching essentials, giving and receiving feedback, emotional intelligence, empathy in the workplace, and professional presence. Once the hacks and tools are covered, we’ll have opportunities to practice these skills with peers. Hands on, while hands off. If nothing else, come for the anecdotes and war stories, humor and learning. It’ll be a good time. This training is appropriate for individuals currently in leadership roles as well as those who aspire to move into leadership in the future.

     

  • OSINT For Pen Testers: Maximizing Your Efficiency

    Trainer Gray Joe @C_3PJoe

    Have you ever spent too much time in the reconnaissance phase of a pen test because you needed better intelligence? Do you make the most efficient use of OSINT? This course aims to help you find more efficient ways to collect the information about your targets so that you can get to the fun stuff: exploitation and maximum pwnage. Here, you’ll see the correlation between OSINT and Social engineering and how to better apply it to your engagements. You’ll see techniques for phishing, vishing, pretexting, impersonation, and more. Tool demonstrations will include how to make the best use of OSINT Websites and standalone tools such as Datasploit, recon-ng, Social Engineer Toolkit (SET), and Browser Exploitation Framework (BeEF).

     

  • Password Cracking Like a Pro

    TrainerGosney Jeremi @jmgosney

    Learn how to crack passwords like the professionals with a full day of instruction and exercises with Jeremi M. Gosney (aka epixoip) of Hashcat and Sagitta HPC! A wide variety of algorithms and attack scenarios will be covered, benefiting penetration testers, blue teamers, and forensics investigators alike. Be sure to bring a VM-ready laptop, the faster the better. No prior experience necessary, but familiarity with the Linux command line is required, and prior Hashcat experience is a plus.

     

  • The 31337 Power of Pi

    Trainer Weaver Jeff

    Trainer Peddakotla Sunil

    The course will provide hands on labs for
    putting together attack kits Using the Raspberry Pi, configuration and tweaks, wireless penetration testing, common attack tools, and other wicked hacks. We will cover hunting of IoT devices, Bluetooth interrogation, and other hacking goodness as time permits.

     

  • The Art of the Jedi Mind Trick: Learning Effective Communication Skills

     


    TrainerMan Jeff @MrJeffMan

    The hacker/security community continues to struggle with how to get our message across to others. We know what’s wrong, what’s insecure, and what needs to be done to fix the problems. BUT…we seem to hear more stories about failure rather than success stories. Maybe WE are part of the problem. It’s easy to give a talk at a conference where you’re “preaching to the choir” and everyone speaks your language, but how do you fare when you are trying to give the message to your boss, or your bosses’ boss, or C-Level management?

     

  • The Basics Power of Pi

    Trainer Weaver Jeff

    Trainer Peddakotla Sunil

    Want to learn about a low cost low energy consumption platform for pen testing, recon, and threat analytics? The Raspberry Pi is a compact mini ARM processing environment which

    supports a number of Linux distributions; allows connectivity to numerous peripheral devices; and is small enough that it can be
    placed anywhere. This workshop will tell you more about the Raspberry Pi, how to use it, and why it can be so attractive to keen
    security minds. Additionally the talk will also focus on troubleshooting common issues that arise during the operating system install, hardware device connectivity, and general use.

     

  • Understanding the Computer Fraud and Abuse Act – a Legal Primer for Hackers

    TrainerJennings Fred @Esquiring

    The Computer Fraud and Abuse Act, or CFAA, is the primary legal tool used to prosecute hackers in the United States. However, even basic knowledge about the CFAA is absent from most information security discussions. Even a minor CFAA violation can mean a felony prosecution or costly civil lawsuit, even from routine or technically benign activity. This training will give the practitioner an understanding of the basics around this vague and murky law, and general information on how security professionals can stay on the right side of the CFAA.