This year we'll have trainings Onsite and Online, before and after the Conference!
Please note that trainings are a separate event from the main conference, rooms will be at ISCTE-IUL, and run from the 13th to 15th or 18th to 20th November
Online trainings will have a 25% discount on the announced price when registering!
Available Trainings
Training | Early Bird Price (before 6 Oct) | Regular Price |
---|---|---|
BASIC Infrastructure Hacking - 3 day (Onsite) with Warren Atkinson (13-15 Nov) | Not Available | Not Available |
ADVANCED Infrastructure Hacking – 3 day (Onsite) with Tiago Carvalho (13-15 Nov) | Not Available | Not Available |
Hacking Android, iOS and IoT apps by Example - 3 day (Onsite) with Abraham Aranguren (13-15 Nov) | Not Available | Not Available |
Malware Analysis and Memory Forensics - (Online) by Monnappa (18-20 Nov) | Not Available | Not Available |
ADVANCED Malware Unpacking - 3 day (Online) with Kyriakos Economou (13-15 Nov) | Not Available | Not Available |
ADVANCED Web Hacking - 3 day (Online) with Tom Large (13-15 Nov) | Not Available | Not Available |
- All registrations and payments will be handled by the training companies themselves;
- Lunch is included all days for onsite training;
- Trainees will also receive a ticket to access the conference.
- If the training does not reach the minimum number of participants, the training will be canceled and the registered participants will be refunded.
BASIC Infrastructure Hacking - 3 day (Onsite) with Warren Atkinson (13-15 Nov)
Overview
IT infrastructure is more complex and dynamic than it’s ever been, demanding comprehensive, modern, and well-rehearsed security skills to match. Join this hands-on, 3-day course to develop a strong baseline in infrastructure hacking and widen your career prospects. Get your hands dirty with our popular virtual labs and learn from experienced, practicing penetration testers with a legacy of training at Black Hat.This course uses a Defense by Offense methodology based on real world offensive research (not theory). That means everything we teach has been tried and tested on live environments and in our labs and can be applied once the course is over. By the end, you’ll know:
- Everything you need to about the risks associated with various infrastructure-based vulnerabilities
- How to think and behave like a real threat actor
- How to exploit vulnerabilities seen recently in the wild, as well as older but still prevalent vulnerabilities
- The fundamental principles of infrastructure hacking
- How to identify a list of IPs in your network all the way up to getting system level access on the domain controller.
Course Outline
- THE ART OF PORT SCANNING
- Methodology: basic concepts of hacking
- Enumeration techniques and port scanning
- THE ART OF ONLINE PASSWORD ATTACKS
- Configure online password attack
- Exploiting network service misconfiguration
- THE ART OF HACKING DATABASES
- MySQL and PostgreSQL
- Attack chaining techniques
- METASPLOIT BASICS
- Exploitation concepts: manual exploitation methodology
- Metasploit framework
- PASSWORD CRACKING
- Basic cryptography concepts
- Design an offline brute force attack
- HACKING UNIX
- Linux vulnerabilities and misconfigurations
- Privilege escalation techniques
- HACKING APPLICATION SERVERS ON UNIX
- Web server misconfiguration
- Multiple exploitation techniques
- HACKING THIRD PARTY CONTENT MANAGEMENT SYSTEM (CMS) SOFTWARE
- CMS software overview
- Vulnerability scanning and exploitation
- WINDOWS ENUMERATION
- Windows enumeration techniques and configuration issues
- Attack chaining
- CLIENT-SIDE ATTACKS
- Various Windows client-side attack techniques
- PRIVILEGE ESCALATION ON WINDOWS
- Post-exploitation techniques
- Windows privilege escalation techniques
- HACKING APPLICATION SERVERS ON WINDOWS
- Web server misconfiguration
- Exploiting application servers
- POST EXPLOITATION
- Metasploit post-exploitation techniques
- Window 10 security features and bypass techniques
- HACKING WINDOWS DOMAINS
- Understanding Windows authentication
- Gaining access to a domain controlle
Who should take this course
Students and graduates: improve your employability and enhance your CV
Infrastructure penetration testers (1-2 years’ experience): build up your ability with the guidance of experienced pentesters and researchers
Penetration testers in other fields (e.g., web, mobile): develop your infrastructure hacking skills and knowledge
Network admins: understand how your environment could be attacked
SOC analysts and engineers: develop your awareness of potential indicators of compromise (IoCs) and more complex malicious behaviors
Security/IT managers and team leads: update your knowledge of the threat landscape
This course is designed to help individuals bring their proficiency in infrastructure hacking and defense up to the industry baseline. It’s a foundation course that can lead on to our Advanced courses after a year or more spent using your new skills out in the wild.
Student requirements
The only requirement for this course is that you must bring your own laptop and have admin/root access on it. During the course, we will give you VPN access to our state-of-art Hacklab which is hosted in our data-center in the UK. Once you are connected to the lab, you will find all the relevant tools/VMs there. We also provide a dedicated Kali VM to each attendee on the hacklab, accessed using SSH. So, you don’t need to bring any VMs with you. All you need is admin access to install the VPN client and once connected, you are good to go! Attendees may optionally come prepared with an OpenVPN client (e.g. OpenVPN Client for Windows, we suggest Tunnelblick for Mac, the OpenVPN client is often included natively for Linux but may need installing/updating) and an SSH client (e.g. PuTTY for Windows, generally included natively for Linux/Mac) installed.
Trainings provides
If you are looking to develop your hacking skills further, either for working as a pen tester, or you need to understand how hackers work so that you are better able to defend against it, then this course is for you. In addition to increasing your knowledge and confidence, it provides excellent preparation for the advanced hacking examinations. By utilising the Hack-Lab following the Advanced Infrastructure Hacking course you are provided with time to test and hone your skills and your understanding of the tools and applications used throughout the course. You can take these away for working with on a day to day basis. There are guides, walkthroughs and examples for you to use as follow-up so that you can translate these modules into practical values within your business. Access to our Hack-Lab is not just for your work during the course, you will have access for 30 days after the course too. This gives you plenty of time to practice the concepts taught during the course. The Hack-Lab contains a wide variety of challenges from local privilege escalation to VLAN hopping etc. Numerous scripts and tools will also be provided during the course, along with Delegate handouts.
About the Trainer |
---|
Warren joined NotSoSecure in Febuary 2023, armed with a unique perspective from his Mechanical Engineering background and a hobbyist passion for cybersecurity. His primary focus lies in devising innovative methods for bypassing endpoint protection and antivirus systems on Windows platforms, using his Python expertise to create proof-of-concepts and automate complex security tasks.Warren passionately believes in the open-source ethos, actively contributing to the cybersecurity community and not just being a consumer. His projects on GitHub, such as Schrodingers_Snake, Pasteee, and Blanket, stand testament to this commitment. As a trainer, he shares his insights at esteemed conferences like Black Hat and contributes his research findings and tools to various open-source platforms. Warren's dedication to innovation and continuous learning is shaping his professional journey and reinforcing the principle of community-based growth in the broader cybersecurity domain |
Advanced Infrastructure Hacking – 3 day (Onsite) with Tiago Carvalho
Overview
This course uses a Defence by Offence methodology based on real world engagements and offensive research (not theory). That means everything we teach has been tried and tested on live environments and in our labs, so you can put it into practice as soon as the training is over. By the end of the course, you’ll know:
- How to think and behave like an advanced, real world threat actor
- How to identify commonly used vulnerabilities known to have recently caused damage and disruption
- How to deploy the latest and most common network infrastructure and cloud hacks, (including many novel techniques that can’t be detected by scanners)
- How to analyse vulnerabilities within your own organisation and customise your hacking techniques in response
- A huge menu of hacks for Windows, Linux, Microsoft Azure, AWS, Google Cloud Platform (GCP), software development systems, and more...
Course Outline
- IIPV4/IPV6 BASICS
- IPv6 service discovery and enumeration
- Exploiting systems/services over IPv6
- Host discovery and enumeration
- Advanced OSINT and asset discovery
- Exploiting DVCS and CI-CD server
- HACKING DATABASES
- PostgreSQL / MySQL
- Oracle
- NoSQL
- WINDOWS EXPLOITATION
- Windows Enumeration and Configuration Issues
- Windows Desktop ‘Breakout’ and AppLocker Bypass Techniques (Win 10)
- Local Privilege Escalation
- Offensive PowerShell /Offsec Development
- AMSI bypass Techniques
- AV Evasion Techniques
- Post-exploitation Tips, Tools, and Methodology
- ACTIVE DIRECTORY (AD) ATTACKS
- Active Directory Delegation Reviews and Pwnage (Win 2016 server)
- Pass the Hash/Ticket
- Cross Domain and Forest attacks
- Pivoting, Port Forwarding and Lateral Movement Techniques
- Persistence and backdooring techniques (Golden and Diamond Ticket)
- Command and Control (C2) Frameworks
- LINUX EXPLOITATION
- Linux Vulnerabilities and Configuration Issues
- Treasure hunting via enumeration
- CONTAINER BREAKOUT
- Kerberos authentication
- Restricted shells breakouts
- Breaking hardened web servers
- Local privilege escalation
- MongoDB exploitation
- TTY “Teletype” hacks and pivoting
- Kernel exploitation
- Post exploitation
- Persistence techniques (Linux capabilities)
- Breaking and abusing Docker
- Exploiting Kubernetes vulnerabilities
- Breaking out of Kubernetes containers
- CLOUD HACKING
- AWS, MS Azure, and GCP specific attacks
- Storage misconfigurations
- Credentials, API’s and token Abuse
- Infrastructure as a Service (IaaS), Platform as a Service (PaaS), Software as a Service (SaaS), Container as a Service (CaaS), and serverless exploitation
- Azure AD attacks
- Exploiting insecure VPN configuration
- B33r 101
Who should take this course
System Administrators, SOC Analysts, Penetration Testers, Network Engineers, security enthusiasts and if you want to take your skills to next level.
Student requirements
Students must bring their own laptop and have admin/root access on it. The laptop must have a virtualization software (virtualbox / VMWare) pre installed. A customized version of Kali Linux (ova format) containing custom tools, scripts and VPN scripts for the class will be provided to the students. The laptop should have at least 4 GB RAM and 20 GB of free disk space dedicated for the VM.
Trainings provides
If you are looking to develop your hacking skills further, either for working as a pen tester, or you need to understand how hackers work so that you are better able to defend against it, then this course is for you. In addition to increasing your knowledge and confidence, it provides excellent preparation for the advanced hacking examinations. By utilizing the Hack-Lab following the Advanced Infrastructure Hacking course you are provided with time to test and hone your skills and your understanding of the tools and applications used throughout the course. You can take these away for working with on a day to day basis. There are guides, walkthroughs and examples for you to use as follow-up so that you can translate these modules into practical values within your business. Access to our Hack-Lab is not just for your work during the course, you will have access for 30 days after the course too. This gives you plenty of time to practice the concepts taught during the course. The Hack-Lab contains a wide variety of challenges from local privilege escalation to VLAN hopping etc. Numerous scripts and tools will also be provided during the course, along with Delegate handouts.
About the Trainer |
---|
Tiago discovered computer programming at a very young age with ZX Spectrum in Basic programming, with his curiosity driving him to learn more about computers and how they work. He holds two professional degrees in Electronics level III from the Portuguese Navy (as a civilian) where he also undertook an internship and a qualification in Computer Networks Level IV from ATEC. He began his career in 2006 as a network administrator, however his passion for coding and cybersecurity led him to switch to programming in 2009 and various roles, including: a developer in Java-based real time, integration and source code analysis applications for the telecommunications and banking sectors; a member of an application development management team; and a security advisor. His career in Information Security began in 2013 when he gained a number of cybersecurity certifications and work in Penetration Testing. |
Hacking Android, iOS and IoT apps by Example - 3 day (Onsite) with Abraham Aranguren
Overview
This course is a 100% hands-on deep dive into the OWASP Mobile Security Testing Guide (MSTG) and relevant items of the OWASP Mobile Application Security Verification Standard (MASVS), so this course covers and goes beyond the OWASP Mobile Top Ten. Learn about Android, iOS and IoT app security by improving your mobile security testing kung-fu. Ideal for Penetration Testers, Mobile Developers and everybody interested in mobile app security. All action, no fluff, improve your security analysis workflow and immediately apply these gained skills in your workplace, packed with exercises, extra mile challenges and CTF, self-paced and suitable for all skill levels, with continued education via unlimited email support, lifetime access, step-by-step video recordings and interesting apps to practice, including all future updates for free. Teaser Video: https://www.youtube.com/watch?v=Re5oqfVkgd4
Course Outline
Day 1: Hacking Android & IoT apps by Example
Part 0 - Android Security Crash Course- The state of Android Security
- Android security architecture and its components
- Android apps and the filesystem
- Android app signing, sandboxing and provisioning
- Recommended lab setup tips
- Static Analysis with Runtime Checks
- Tools and techniques to retrieve/decompile/reverse and review APKs
- Identification of the attack surface of Android apps and general information gathering
- Identification of common vulnerability patterns in Android apps
- Hardcoded secrets
- Logic bugs
- Access control flaws
- Intents
- Cool injection attacks and more
- The art of repackaging
- Tips to get around not having root
- Manipulating the Android Manifest
- Defeating SSL/TLS pinning
- Defeating root detection
- Dealing with apps in foreign languages and more
- Dynamic Analysis
- Monitoring data: LogCat, Insecure file storage, Android Keystore, etc.
- The art of MitM: Intercepting Network Communications
- The art of Instrumentation: Hooking with Xposed
- App behaviour monitoring at runtime
- Defeating Certificate Pinning and root detection at runtime
- Modifying app behaviour at runtime
- Test Your Skills
- CTF time, including finding IoT vulnerabilities through app analysis
Day 2: Hacking iOS & IoT apps by Example
Part 0- iOS Security Crash Course
- The state of iOS Security
- iOS security architecture and its components
- iOS app signing, sandboxing and provisioning
- iOS apps and the filesystem
- Recommended lab setup tips
- Static Analysis with runtime checks
- Tools and techniques to retrieve/decompile/reverse and review IPAs
- Identification of the attack surface of iOS apps and general information gathering
- Identification of common vulnerability patterns in iOS apps:
- Hardcoded secrets
- Logic bugs
- Access control flaws
- URL handlers
- Cool injection attacks, and more Patching and Resigning iOS binaries to alter app behaviour
- Tips to test without a jailbreak
- Dynamic Analysis
- Monitoring data: LogCat, Insecure file storage, Android Keystore, etc.
- The art of MitM: Intercepting Network Communications
- The art of Instrumentation: Hooking with Xposed
- App behaviour monitoring at runtime
- Defeating Certificate Pinning and root detection at runtime
- Modifying app behaviour at runtime
- Test Your Skills
- CTF time, including finding IoT vulnerabilities through app analysis
Day 3: Leveling up your Android Instrumentation Kung-fu
Part 1: Frida & Objection on Android- Focus on Dynamic Analysis
- Practical Frida scripts and labs
- Useful Objection labs and modules
- Introduction to radare2 & r2frida
- Multiple scenarios with radare2, r2frida and other tools to improve your instrumentation workflows
- Multiple case studies & exercises
- Automating instrumentation with RMS on Android
- MuDefeating certificate pinning with instrumentation
- MulRoot detection bypasses with instrumentation
- MulRoMultiple practical instrumentation exercises
- Test Your Skills
Who should take this course
Any mobile developer, penetration tester or person interested in mobile security will benefit from attending this training regardless of the initial skill level: the course is for beginners, intermediate and advanced level students. While beginners are introduced to the nuances of mobile app security from scratch, intermediate and advanced level learners get to perfect both their knowledge and skills on the subject. Extra mile challenges are available in every module to help more advanced students polish their skills. The course is crafted in a way that regardless of your skill level you will significantly improve your mobile security skills. If you are new and cannot complete the labs during the class, that is OK, as you keep training portal access, you will learn a lot in the class but can continue from home with the training portal. If you are more advanced in mobile security you can try to complete the labs in full and then take the CTF challenges we have for each day, you will likely also attempt to complete some exercises from home later.
Student requirements
The requirements for attending this course are:
- Linux command line basics
- Android basics
- iOS basics
Trainings provides
Attendees will be provided with:
- Lifetime access to training portal, with all course materials
- Unlimited access to future updates and step-by-step video recordings
- Unlimited email support, if you need help while you practice at home later - Government-mandated and police apps in various countries
- Many other excitingly vulnerable real-world apps
- IoT apps controlling Toys, Drones, etc.
- Digital copies of all training material
- Custom Build Lab VMs
- Purpose Build Vulnerable Test apps
- Source code for test apps
Completing this training ensures attendees will be competent and able to:
- Intercept mobile app network communications
- Bypass certificate and public key pinning protections
- Bypass jailbreak/root detection
- Reverse engineer and analyze mobile apps from a blackbox perspective - Review mobile app source code to identify security flaws
- Perform a mobile app security review
About the Trainer |
---|
After 15 years in itsec and 22 in IT Abraham Aranguren is now the CEO of 7ASecurity (7asecurity.com), a company specializing in penetration testing of web/mobile apps, infrastructure, code reviews and training. Co-Author of the Mobile, Web and Desktop (Electron) app 7ASecurity courses. Security Trainer at Blackhat USA, HITB, OWASP Global AppSec and many other events. Former senior penetration tester / team lead at Cure53 and Version 1. Creator of “Practical Web Defense”, a hands-on eLearnSecurity attack / defense course, OWASP OWTF project leader, an OWASP flagship project (owtf.org), Major degree and Diploma in Computer Science, some certs: CISSP, OSCP, GWEB, OSWP, CPTS, CEH, MCSE:Security, MCSA:Security, Security+. As a shell scripting fan trained by unix dinosaurs, Abraham wears a proud manly beard. He writes on Twitter as @7asecurity @7a_ @owtfp or https://7asecurity.com/blog. Multiple presentations, pentest reports and recordings can be found at https://7asecurity.com/publications |
Malware Analysis and Memory Forensics - (Online) by Monnappa (18-20 Nov)
This hands-on training teaches the concepts, tools, and techniques to analyse, investigate and hunt malware by combining two powerful techniques malware analysis and memory forensics.This course will introduce attendees to basics of malware analysis, reverse engineering, Windows internals and memory forensics, it then gradually progresses deep into more advanced concepts of malware analysis & memory forensics. Attendees will learn to perform static, dynamic, code and memory analysis. This course consists of scenario-based hands-on labs after each module which involves analysing real-world malware samples and infected memory images (crimeware, APT malware, fileless malware, Rootkits etc). This hands-on training is designed to help attendees gain a better understanding of the subject in short span. Throughout the course, the attendees will learn the latest techniques used by the adversaries to compromise and persist on the system. The training also demonstrates how to integrate the malware analysis and forensics techniques into a custom sandbox to automate the analysis of malicious code. After taking this course attendees will be better equipped with skills to analyse, investigate and respond to malware-related incidents.
The training provides practical guidance and attendees should walk away with the following skills:
- How malware and Windows internals work
- How to create a safe and isolated lab environment for malware analysis
- What are the techniques and tools to perform malware analysis
- How to perform static analysis to determine the metadata associated with malware
- How to perform dynamic analysis of the malware to determine its interaction with process, file system, registry and network
- How to perform code analysis to determine the malware functionality
- How to debug a malware using tools like IDA Pro, Ollydbg/Immunity debugger/x64dbg
- How to analyze downloaders, droppers, keyloggers, fileless malware, HTTP backdoors, etc.
- What is Memory Forensics and its use in malware and digital investigation
- Ability to acquire a memory image from suspect/infected systems
- How to use open source advanced memory forensics framework (Volatility)
- Understanding of the techniques used by the malwares to hide from Live forensic tools
- Understanding of the techniques used by Rootkits(code injection, hooking, etc.)
- Investigative steps for detecting stealth and advanced malware
- How memory forensics helps in malware analysis and reverse engineering
- How to incorporate malware analysis and memory forensics in sandbox
- How to determine the network and host-based indicators (IOC)
- Techniques to hunt malwares
COURSE OUTLINE
INTRODUCTION TO MALWARE ANALYSIS:
- What is Malware
- What they do
- Why malware analysis
- Types of malware analysis
- Setting up an isolated lab environment
STATIC ANALYSIS:
- Fingerprinting the malware
- Extracting strings
- Determining File obfuscation
- Pattern matching using YARA
- Fuzzing hashing & comparison
- Understanding PE File characteristics
- Disassembly
- Hands-on lab exercise involves analyzing real malware sample
DYNAMIC ANALYSIS/BEHAVIOURAL ANALYSIS:
- Dynamic Analysis Steps
- Understanding Dynamic Analysis tools
- Simulating services
- Performing Dynamic Analysis
- Monitoring process, filesystem, registry and network activity
- Determining the Indicators of compromise (host and network indicators)
- Demo – Showing the static & dynamic analysis of real malware sample
- Hands-on lab exercise involves analyzing real malware sample
AUTOMATING MALWARE ANALYSIS(SANDBOX):
- Custom Sandbox Overview
- Working of Sandbox
- Sandbox Features
- Demo – Analyzing malware in the custom sandbox
CODE ANALYSIS:
- Code Analysis Overview
- Disassembler & Debuggers
- Code Analysis Tools
- Basics of IDA Pro
- Basics of Ollydbg/x64dbg
- Understanding the API calls
- Reversing Malware functionalities(Downloader, dropper, keylogger, code injection, HTTP backdoor)
- Hands-on lab exercise involves analyzing real malware sample
INTRODUCTION TO MEMORY FORENSICS:
- What is Memory Forensics
- Why Memory Forensics
- Steps in Memory Forensics
- Memory acquisition and tools
- Acquiring memory From physical machine
- Acquiring memory from the virtual machine
- Hands-on exercise involves acquiring the memory
VOLATILITY OVERVIEW:
- Introduction to Volatility Advanced Memory Forensics Framework
- Volatility Installation
- Volatility basic commands
- Determining the profile
- Volatility help options
- Running the plugin
INVESTIGATING PROCESS:
- Understanding Process Internals
- Process(EPROCESS) Structure
- Process organization
- Process Enumeration by walking the double linked list
- process relationship (parent-child relationship)
- Understanding DKOM attacks
- Process Enumeration using pool tag scanning
- Volatility plugins to enumerate processes
- Identifying malware process
- Hands-on lab exercise(scenario based) involves investigating malware infected memory
INVESTIGATING PROCESS HANDLES & REGISTRY:
- Objects and handles overview
- Enumerating process handles using Volatility
- Understanding Mutex
- Detecting malware presence using mutex
- Understanding the Registry
- Investigating common registry keys using Volatility
- Detecting malware persistence
- Hands-on lab exercise(scenario based) involves investigating malware infected memory
INVESTIGATING NETWORK ACTIVITIES:
- Understanding malware network activities
- Volatility Network Plugins
- Investigating Network connections
- Investigating Sockets
- Hands-on lab exercise(scenario based) involves investigating malware infected memory
INVESTIGATION PROCESS MEMORY:
- Process memory Internals
- Listing DLLs using Volatility
- Identifying hidden DLLs
- Dumping malicious executable from memory
- Dumping Dll’s from memory
- Scanning the memory for patterns(yarascan)
- Hands-on lab exercise(scenario based) involves investigating malware infected memory
INVESTIGATING USER-MODE ROOTKITS & FILELESS MALWARES:
- Code Injection
- Types of Code injection
- Remote DLL injection
- Remote Code injection
- Reflective DLL injection
- Hollow process injection
- Demo – Case Study
- Hands-on lab exercise(scenario based) involves investigating malware infected memory
MEMORY FORENSICS IN SANDBOX TECHNOLOGY:
- Sandbox Overview
- Integrating Memory Forensics into a sandbox
- Demo – showing the use of memory forensics in a custom sandbox
INVESTIGATING KERNEL-MODE ROOTKITS:
- Understanding Rootkits
- Understanding Functional call traversal in Windows
- Level of Hooking/Modification on Windows
- Kernel Volatility plugins
- Hands-on lab exercise(scenario based) involves investigating malware infected memory
- Demo – Rootkit Investigation
MEMORY FORENSIC CASE STUDIES:
- Demo – Hunting an APT malware from Memory
Who should take this course
Forensic practitioners, incident responders, cyber-security investigators, security researchers, malware analysts, system administrators, software developers, students and curious security professionals who would like to expand their skills.
Anyone interested in learning malware analysis and memory forensics.
REQUIREMENTS
Students should:
- Be familiar with using Windows/Linux
- Have an understanding of basic programming concepts, while programming experience is not mandatory.
System Requirements
- Laptop with minimum 6GB RAM and 40GB free hard disk space
- The lab samples and custom Linux VM will be provided by the Trainer
- VMware Workstation or VMware Fusion (even trial versions can be used).
- Windows Operating system (preferably Windows 7 64-bit, even Windows 8 and above versions are fine) installed inside the VMware Workstation/Fusion. You must have full administrator access for the Windows operating system installed inside the VMware Workstation/Fusion.
Note: VMware player or VirtualBox is not suitable for this training. The lab setup guide will be sent you after registration.
About the Trainer |
---|
Monnappa K A works for Cisco Systems as an information security investigator
focusing on threat intelligence, investigation, and research of cyber
espionage and advanced cyber attacks. He is the author of the best selling
book “Learning Malware Analysis” and member of Black Hat review
board. He is the creator of Limon Linux sandbox and winner of Volatility
plugin contest 2016. He is the co-founder of the cybersecurity research
community “Cysinfo” (https://www.cysinfo.com).
His fields of interest include malware analysis, reverse engineering, memory
forensics, and threat intelligence.
He has presented at various security conferences including Black Hat, FIRST, SEC-T, 4SICS-SCADA/ICS summit, DSCI, National Cyber Defence Summit and Cysinfo meetings on various topics which include memory forensics, malware analysis, reverse engineering, and rootkit analysis. He has conducted training sessions at Black Hat, BruCON, OPCDE, FIRST (Forum of Incident Response and Security teams), SEC-T and 4SICS-SCADA/ICS cyber security summit. He has also authored various articles in eForensics and Hakin9 magazines. You can find some of his contributions to the community in his YouTube channel (http://www.youtube.com/c/MonnappaKA) and you can read his blog posts at https://cysinfo.com Twitter: @monnappa22 |
Advanced Malware Unpacking - 3 day (Online) with Kyriakos Economou
Overview
What started as a hobby with reverse engineering software protection, later became a large part of our professional careers in deciphering and debugging heavily obfuscated malware.
Zeroperil has combined the most interesting aspects from reverse engineering software protection and malware into this fast paced and intense course.
The course aims to teach students how to deal with a large variety of executable packers, crypters and modern malware loaders.
Attendees will learn advanced tactics, techniques and procedures in order to be able to retrieve the original malware samples from within multiple layers of obfuscation. As a result, static analysis will be easier and indicators of compromise can be extracted. Unpacked malware binaries will be fully working, allowing for dynamic analysis.
Students will gain the confidence to approach unknown executable packers and crypters by learning and applying principles that we will be teaching throughout the course.
Techniques for automated sample unpacking by taking advantage of the x86dbg/x64dbg scripting engine will be covered. By the end of the course students will be able to write their own powerful debugger automation scripts.
Delivery
The training course is fully remote and sessions will be conducted over Microsoft Teams. Each student will be presented with a copy of the training materials.
Prerequisites
Although this course does go through the necessary introductory and background theory of several technical aspects, the following set of skills is desirable prior attending:
- Basic usage of user-mode debuggers (Olly, x64/x32Dbg)
- Basic understanding of x86/x64 assembly language
- Basic knowledge of programming concepts such as pointers, loops, functions etc…
- Experience with handling malware safely (i.e. Virtual Machines and network segregation)
Technical requirements
Although this course does go through the necessary introductory and background theory of several technical aspects, the following set of skills is desirable prior attending:
- Computer/laptop able to handle a VM with a minimum of 4 dedicated CPU cores, and 4 GB of RAM
- Good internet connectivity
- A virtualisation software that is able to take runtime snapshots of the guest OS
- A virtualisation software that is able to run modern Windows OS (10, 8.1, 7)
Target audience
With the increasing number of attacks involving malware of all kinds for example remote access trojans, ransomware and information stealers to name but a few; malware analysis skills have become a necessity for security operators. Having the ability and knowledge to deal with malware that use advanced techniques to hinder the analysis, is essential for the reverse engineer. Many malware analysts rely on third-party tools to automate their work, which instead should be part of their skillset simply because tools can and do fail.
If you always wanted to learn how to reverse engineer and unpack well-known executable packers such as UPX, ASPack, PECompact, WinUpack, ASProtect, and learn to deal with modern malware loaders, this is definitely the training course for you.
This training course is open to all information security professionals and reverse engineering enthusiasts who are interested in elevating their Windows malware analysis skills to ninja level. The course will provide advanced technical skills that will give an analyst the ability to unpack common executable packers and malware loaders by hand.
The following roles in information security will mostly benefit from this course:
- MALWARE ANALYSTS
- INCIDENT RESPONDERS
Content Outline
Day 1
- x86/x64 architecture refresher
- Microsoft Windows ABI
- PE file format refresher
- Debugging & Anti-Debugging
- x32/x64Dbg Tour
- Introduction to executable packers
Day 2
- Manual unpacking a variety of executable packers
- Unpacking automation with x32/x64Dbg scripting engine
Day 3
- Reverse engineering and unpacking of malware loaders of real malware samples.
- Unpacking automation with x32/x64Dbg scripting engine
Take aways
Hand-outs will be given in PDF format covering the unpacking process of the malware samples. You will also get a copy of our unpacking scripts that we will be showcasing during the course, as well as all source code that may be used during demos.
DISCLAIMER
During this course we will be dealing with real malware samples.
Some basic instructions will be given during the course on the safe handling of live malware samples; however, it is the attendee’s responsibility to ensure that correct procedures are carried out.
ZEROPERIL LTD ASSUMES NO RESPONSIBILITY FOR ANY DAMAGES CAUSED DUE TO INCORRECT HANDLING OF MALWARE SAMPLES.
About the Trainer |
---|
Kyriakos Economou (@kyREcon) has extensive experience in malware analysis and reverse engineering of executable packers and malware loaders. He started his journey in infosec by breaking software protections for fun. During his career he has been involved with malware analysis, R&D of offensive software, vulnerability research and exploit development of Windows software and kernel drivers. |
ADVANCED Web Hacking - 3 day (Online) with Tom Large
Overview
This class teaches audience a wealth of hacking techniques to compromise modern day web applications, APIs and associated end-points. This class focus on specific areas of appsec and on advanced vulnerability identification and exploitation techniques. The class allows attendees to learn and practice some neat, new and ridiculous hacks which affected real life products and have found a mention in real bug-bounty programs. The vulnerabilities selected for the class either typically go undetected by modern scanners or the exploitation techniques are not so well known. Attendees can also benefit from a state-of-art Hacklab and we can provide 30 days lab access after the class to allow attendees more practice time. By the end of the course, you’ll know:
- How to think and behave like an advanced, real world threat actor
- How to identify commonly used vulnerabilities known to have recently caused damage and disruption
- How to deploy the latest and most common network infrastructure and cloud hacks, (including many novel techniques that can’t be detected by scanners)
- How to analyse vulnerabilities within your own organisation and customise your hacking techniques in response
- A huge menu of hacks for Windows, Linux, Microsoft Azure, AWS, Google Cloud Platform (GCP), software development systems, and more.
Course Outline
- Lab Setup and architecture overview
- Burp Basics and Advanced Features
- Attacking Authentication and SSO
- Token Hijacking attacks
- Logical Bypass / Boundary Conditions
- Authentication Bypass using Subdomain Takeover
- JWT Token Brute-Force attacks
- SAML Authorization Bypass
- OAuth Issues
- Password Reset Attacks
- Cookie Swap
- Host Header Validation Bypass
- Case study of popular password reset fails.
- Business Logic Flaws / Authorization flaws
- Mass Assignment
- Invite/Promo Code Bypass
- Replay Attack
- API Authorisation Bypass
- HTTP Parameter Pollution (HPP)
- XML External Entity (XXE) Attack
- XXE Basics
- Advanced XXE Exploitation over OOB channels
- XXE through SAML
- XXE in File Parsing
- Breaking Crypto
- Known Plaintext Attack (Faulty Password Reset)
- Padding Oracle Attack
- Hash length extension attacks
- Auth bypass using .NET Machine Key
- Code Execution (RCE)
- Java Serialisation Attack
- .Net Serialisation Attack
- Node.js Serialization Attack
- PHP Serialization Attack
- JSON Serialization Attack
- Server Side Template Injection
- SQL Injection Masterclass
- 2nd order injection
- Out-of-Band exploitation
- SQLi through crypto
- OS code exec via powershell.
- Advanced topics in SQli
- Advanced SQLMap Usage
- Exploiting code injection over OOB channel
- Tricky File Upload
- Malicious File Extensions
- Circumventing File validation checks
- Exploiting hardened web servers.
- Server Side Request Forgery (SSRF)
- SSRF to query internal network
- SSRF to call internal files
- Various Case studies
- Attacking the Cloud
- SSRF Exploitation
- Serverless exploitation
- Google Dorking in the Cloud Era
- Various Case Studies
- Attacking Hardened CMS
- Identifying and attacking various CMS
- Web Caching Attacks.
- Attack Chaining N tier vulnerability Chaining leading to RCE.
- Various Case Studies
Who should take this course
Developers, SOC analysts, entry level/intermediate level penetration testers, network engineers, security architects, security enthusiasts and anyone who wants to take their skills to next level.
Student requirements
Students must bring their own laptop and have admin/root access on it. The laptop should have at least 4 GB RAM and 20 GB of free disk space and a working copy of the latest Kali Operating System. Kali OS should be run inside a Virtual machine (e.g. VMware Workstation/Fusion/Player or Virtual Box).
Trainings provides
Access to a hacking lab not just during the course but for 15 days after the class too. This gives them plenty of time to practice the concepts taught in the class. Numerous scripts and tools will also be provided during the training, along with student handouts. Check out the Advanced Web Hacking website at https://www.notsosecure.com/hacking-training/advanced-web-hacking/#overview
About the Trainer |
---|
Tom is a cybersecurity professional with a strong passion for his field. He joined the NotSoSecure team in 2021 and has since become an integral part of their operations. Tom specializes in delivering a range of security services, including penetration testing for web applications, infrastructure, and networks. He excels at assessing system and network vulnerabilities, often with limited prior knowledge of their inner workings.In addition to his role as a consultant, Tom is a dedicated trainer. He takes great pride in creating and delivering tailored courses for clients, sharing his extensive knowledge and expertise. Tom's training efforts extend beyond corporate settings, his engaging presentations and practical approach have earned him a reputation as an exceptional trainer.Tom has a keen interest in Docker, OSINT (Open Source Intelligence), and web application penetration testing. He believes in the power of continuous learning and stays up-to-date with the latest threats and vulnerabilities. Tom actively conducts research to stay at the forefront of the evolving cybersecurity landscape. |