Trainings/Trainers

Registration for these trainings is available at https://registration.circlecitycon.com

Abraham Aranguren

After 13 years in itsec and 20 in IT Abraham is now the CEO of 7ASecurity (7asecurity.com), a company specializing in penetration testing of web/mobile apps, infrastructure, code reviews and training. Security Trainer at Blackhat USA, HITB, OWASP Global AppSec and many other events. Former senior penetration tester / team lead at Cure53 (cure53.de) and Version 1 (www.version1.com). Creator of “Practical Web Defense” – a hands-on eLearnSecurity attack / defense course (www.elearnsecurity.com/PWD), OWASP OWTF project leader, an OWASP flagship project (owtf.org), Major degree and Diploma in Computer Science, some certs: CISSP, OSCP, GWEB, OSWP, CPTS, CEH, MCSE:Security, MCSA:Security, Security+. As a shell scripting fan trained by unix dinosaurs, Abraham wears a proud manly beard. He writes on Twitter as @7asecurity @7a_ @owtfp or https://7asecurity.com/blog. Multiple presentations, pentest reports and recordings can be found at https://7asecurity.com/publications

Practical Mobile App Attacks By Example

If you are the kind of person who enjoys workshops with practical information that you can immediately apply when you go back to work, this workshop is for you, all action, no fluff 🙂

Attendants will be provided with training portal access to practice some attack vectors, including multiple mobile app attack surface attacks, deeplinks and mobile app data exfiltration with XSS. This includes: Lifetime access to a training VM, vulnerable apps to practice, guided exercise PDFs and video recording explaining how to solve the exercises.

This workshop is a comprehensive review of interesting security flaws that we have discovered over the years in many Android and iOS mobile apps: An entirely practical walkthrough that covers anonymized juicy findings from reports that we could not make public, interesting vulnerabilities in open source apps with strong security requirements such as password vaults and privacy browsers, security issues in government-mandated apps with considerable media coverage such as Smart Sheriff, apps that report human right abuse where a security flaw could get somebody killed in the real world, and more.

The workshop offers a thorough review of interesting security anti-patterns and how they could be abused, this is very valuable information for those intending to defend or find vulnerabilities in mobile apps.

This workshop is for those who are intending to broaden their knowledge of mobile security with actionable information derived from real-world penetration testing of mobile apps.

Please come caffeinated, the audience will be challenged to spot vulnerabilities at any moment 🙂


Octavio Paguaga

Senior Security Consultant at Trustwave Government Solutions

Octavio is a Senior Security Consultant for Trustwave Government Solutions, that one upon a time slept and spent plenty of time on mountains and beaches. I am now a father of two and cherish a full night’s uninterrupted sleep.

SSH Tunneling – Bypassing That Pesky Firewall

SSH tunneling is an extremely useful skill. It will help you get around firewalls, route traffic through a jump box, or access a web service provider from a foreign a IP address and you don’t know how to use Tor. In this training we will go over forward, reverse and socks tunnels. Not only will the class cover single hop scenarios, but we will chain through multiple hops. This training is hands-on, so please bring a computer.


Will Tarkinton

Director TI/IR at Zenefits

Will is an industry veteran of over 30 years. He has had just about every role one can have in the information security industry. From CSO to individual contributor, to paid consultant. In his most recent works he has focused on small companies and defining their security strategies and capabilities. This has forced Will to innovate on his approach to management but also educate business leaders on the cyber risks and how to interpret them.

Talking to Executives and Getting Budget Approved

This talk is geared to people who are new to management or have aspirations to go into management.
The topics covered will be:
Risk: Cyber risk is just another aspect of business risk
KPI’s: Measuring and defining success specifically for Cyber Domain
Budgets: Basic overview of how they work and answers you need to have ready

Attendees will learn, a crash course, in cyber management 101. They will be able to articulate what constitutes a budget, how to align to corporate budget practices. How to tell stories through problem, solution, measurement, and success/failure. Finally how to best position themselves to management or upper management.


Jeevan Singh

Jeevan Singh is a Security Engineering Manager for Segment, where he is embedding security into all aspects of the software development process. Jeevan enjoys building security culture within organizations and educating staff on security best practices. Jeevan is responsible for a wide variety of tasks including: architecting security solutions, working with development teams to resolve security vulnerabilities and building out security features. Before life in the security space, Jeevan had a wide variety of development and leadership roles over the past 15 years.

Threat Modeling 101 – Where Vulnerabilities Should be Killed

Threat Modeling is a great way to discover and remediate threats in your system before they are even created. It is commonly performed by security professionals, but threat modeling can be done by anyone. This hands-on workshop will cover the threat modeling workflow, common classes of vulnerabilities and hands on examples that will have you discover threats in different system.


Patryk Czeczko

Technical Director – Purple Team at a global financial institution

Technical director in the Purple Team in a global bank, managing cooperation between offensive and defensive teams, modelling and conducting TTP-based adversary simulations.
Former lead of the Red Team in a Big4 company, managed and conducted tens of red team/purple team engagements for clients (mainly PL).
Speaker at x33fcon, What The Hack and The Hack Summit.
Areas of expertise and interest: adversary emulation, malware development, Windows/AD internals.
Personal blog: https://0xpat.github.io

Pawel Kordos

Pentester/Red Teamer at KMD

On a daily basis, a [email protected] who enjoys solving security issues. Former Senior [email protected] Company. Experienced Cyber Security Trainer. Involved in offensive testing (Red Teaming) for multiple industries. His interests concern all aspects of computer security, with particular emphasis on Web security, malware creation and AD Exploitation. Previously delivered presentations on x33fcon, What The Hack and The Hack Summit.

Workshop/Training: Applied Purple Teaming

During the training we will apply the purple teaming approach to conduct an intelligence-based adversary simulation, focusing on technical aspects of it – from an intel report and malware analysis, through developing and conducting TTP-based emulation to remediating gaps by hardening configuration and fine-tuning monitoring alerts.


Sam Bowne

Sam Bowne has been teaching computer networking and security classes at CCSF since 2000. He has given talks and hands-on trainings at DEF CON, DEF CON China, HOPE, BSidesSF, BSidesLV, RSA, and many conferences and colleges.

Wireshark CTF

Analyze packet captures to identify protocols, recover passwords and files, identify malicious traffic, and more. No previous experience with Wireshark is required.


Patryk Czeczko

Technical Director – Purple Team at a global financial institution

Technical director in the Purple Team in a global bank, managing cooperation between offensive and defensive teams, modelling and conducting TTP-based adversary simulations.
Former lead of the Red Team in a Big4 company, managed and conducted tens of red team/purple team engagements for clients (mainly PL).
Speaker at x33fcon, What The Hack and The Hack Summit.
Areas of expertise and interest: adversary emulation, malware development, Windows/AD internals.
Personal blog: https://0xpat.github.io

Pawel Kordos

Pentester/Red Teamer at KMD

On a daily basis, a [email protected] who enjoys solving security issues. Former Senior [email protected] Company. Experienced Cyber Security Trainer. Involved in offensive testing (Red Teaming) for multiple industries. His interests concern all aspects of computer security, with particular emphasis on Web security, malware creation and AD Exploitation. Previously delivered presentations on x33fcon, What The Hack and The Hack Summit.

Malware Development for Advanced Adversary Simulation

Malicious tooling development is a problem which every serious red/purple team eventually encounters. To simulate real threats you need to bo beyond available open-source tools. To properly challenge the defenders you need to develop malware implants that won’t be easily detected by antivirus scan or analysed and understood by a glance at the source code or disassembly. During the workshop we will review both automated and manual defensive capabilities against malicious software. Then we will develop a malicious C2 implant / loader in C++ for Windows while combating the defences. After implementing each offensive technique we will take a look at the resulting binary from the defender’s/analyst’s perspective.


Chad Calease

Cyber Resilience Lead at Ntiva, Inc.

Chad’s a Cyber Resilience Lead for Ntiva, Inc. in McLean, VA. His Twitter bio sums him up well:
he|him|hey you, parent, partner, ludic, neurodivergent, grateful for many gifts. Mom said, “There’s always one weirdo on every bus.” But I can never find them.

Use DMARC to Raise the Cost for Phishers!

Phishing is a persistent nuisance at best and potentially catastrophic at worst. While technology isn’t able to prevent all of it 100% of the time, DMARC is an important layer of defense that helps to dramatically minimize the amount of phishing emails that get to inboxes. DMARC is also good for keeping domains off of email blacklists, which is added value for protecting brands and reputations. DMARC is complex, though, and has a lot of parts. So join us! We’ll help you understand DMARC, its independent components, and friendly, step-by-step instructions for how you can bring this technology to more people who need it in a consistent and predictable way.


Sam Bowne

Sam Bowne has been teaching computer networking and security classes at CCSF since 2000. He has given talks and hands-on trainings at DEF CON, DEF CON China, HOPE, BSidesSF, BSidesLV, RSA, and many conferences and colleges.

Violent Python 3

Even if you have never programmed before, you can quickly and easily learn how to make custom hacking tools in Python. We build tools that perform port scanning, brute-force attacks, crack password hashes, and XOR encryption. Python is among the top three programming languages in the world, for good reason: it’s the easiest language to use for general purposes. This workshop is structured as a CTF, so each participant can proceed at their own pace. The techniques will be briefly demonstrated, and we will provide tips and help as needed to make sure everyone is able to solve at least some of the challenges. Participants need only a computer and a Web browser.


Randy Pargman

VP of Threat Hunting & Counterintelligence at Binary Defense

After spending 15 years in the FBI fighting cyber crime as a software developer and Computer Scientist in Field Operations, Randy is now VP of Threat Hunting and Counterintelligence at Binary Defense. As part of leading the Threat Hunting team, Randy loves to research new attack and defense techniques, share tips with the community, and introduce newcomers to the fun and thrill of finding sneaky attackers by discovering the weak signals buried in the noise of everyday events from endpoints and network traffic.

Less 💸, More 🧫🔬: Build a shared security lab with your friends

Have you ever seen security researchers share amazing details about threat actor TTPs and infrastructure, and wondered how they got that information? Have you ever tried to build a home lab, but found you were priced out of buying enough computers or hosting enough virtual machines to make much of a realistic environment? Have you wished that you could share the cost of a really cool lab with others and inspire each other to try new and cool research projects?

This training will not only show you how to build a distributed lab that you can share with your friends, but we’ll actually set one up together that can live on after the class is done, as long as people want to keep supporting it. On this lab, red teamers can test their exploitation skills in a real AD, blue teamers can develop new detections and test out threat hunting hypotheses, and both teams can learn from each other as they improve attacks and defenses.

Important prerequisite: to participate in this class, you must have at least one computer, physical or virtual, with a valid Windows 10 Pro (or Windows 7 Pro) license that you can join to a domain and dedicate to a lab environment where active attacks take place. You may also have a Linux machine or VM with Metasploit free installed if you want to do the attacking (optional). You must also create a free account with Microsoft that you can use to log into portal.azure.com. There are no costs to go through the training, but if you want to continue using the lab long-term, you’ll be asked to contribute to a common pool of funds to pay for the costs to operate the servers and infrastructure (should be about $5-$10 a month per person).


Sam Bowne

Sam Bowne has been teaching computer networking and security classes at CCSF since 2000. He has given talks and hands-on trainings at DEF CON, DEF CON China, HOPE, BSidesSF, BSidesLV, RSA, and many conferences and colleges.

Windows Internals

Explore the structure of Windows executable files and the operating system itself, to better understand programs, services, malware, and defenses. Projects include: cheating at games, building malicious DLL libraries, stealing passwords from the API, building a keylogger, and debugging a driver. Tools used include FLARE-VM, pestudio, API Monitor, Visual Studio, OllyDbg, IDA Pro, Ghidra, and WinDbg.

No previous experience with programming is required.


Joe Schottman

Senior Cyber Engineer

Joe Schottman is a security professional with 20 years of IT experience ranging from web application development to DevOps to offensive and defensive security. The combination of those skills has resulted in this training session. He’s interested in answering not just the how but why and making the world a little safer.

Web Shells – What Are They And How To Hunt Them

Web Shells have prominently featured in many of the major breaches in recent history. They serve as critical tools for the post-exploitation phases of many attacks, from pivoting and persistence to C&C and exfiltration. This training starts with the basics of web threat hunting, teaches what Web Shells are, and then provides hands-on instruction on some techniques to detect them. This is primarily aimed at defensive staff, though offensive security practitioners will learn what to try to evade.

The course is modular by hour, so attend as much or as little as you need based on your existing knowledge. The content is also included in written form in the lab VM (and/or YouTube), so feel free to download it and work through it after the conference.