MALWARE ARCHAEOLOGY:
Windows Incident Response and Logging by Michael Gough

REGISTER NOW ($1450)

COURSE DESCRIPTION:

Evaluating a Windows based system during an event or incident can be a challenge, many do not know where to begin. An introduction of the basic concepts of Incident Response, and for Windows based systems will be covered. This course will also focus on using LOG-MD, a Windows logging, malware discovery, and forensic tool used to investigate a suspect system. This course will walk through auditing a Windows system and evaluate the report of settings that will need to be configured from a log and audit perspective.

After logging and auditing are properly configured, we will look at what LOG-MD can discover and report from a Logging perspective. In addition, attendees will learn how to use LOG-MD to do full file system hashing and registry snapshots. A full review of the features of LOG-MD and how they can be used for Incident Response and why will be covered.

Once the features of LOG-MD are understood, we will walk through how to use and apply LOG-MD, baseline and whitelist known and trusted items to help reduce the noise to find the bad. A demonstration of a typical event using real malware will be shown and LOG-MD applied in a table top Incident Response exercise. All attendees will receive a copy of LOG-MD Professional as a part of the class and to use back at their jobs. 

Introduction to Incident Response

  • What logging can do for you – Real hacks caught in the act 
  • LOG-MD – Audit your system
  • The Windows Logging Cheat Sheet(s) – What to set
  • Auditing files, directories and registry keys – Why is this important to IR
  • Command Line Logging and Network connections – Real intelligence
  • Walk through of LOG-MD features
  • LOG-MD Logging report
  • Other tools used
  • LOG-MD Baseline the file system
  • LOG-MD Baseline the registry
  • Whitelisting known and good items
  • Investigating your system
  • Demo table top exercise using real malware

Seminar Requirements

  • Windows 7, 8 or 10 laptop running Windows Pro or above and/or a laptop running a Virtual Machine (VirtualBox, ESXi, VMWare, Parallels, etc.) with Guest VM Running Windows 7, 8 or 10 running Windows Pro or above
  • Microsoft Office as we use Excel
  • A list of tools will be provided a USB Card the day of the training 
  • Administrative access to change settings Note: Windows Ultimate or Enterprise versions have a feature for managing whitelisting applications (AppLocker) that other versions of Windows versions do not have. This will be discussed, but no labs since not everyone will have one of these Windows versions. This class will focus will be on Windows Professional

ENTERPRISE PENETRATION
TESTING METHODS BY ROD SOTO

REGISTER NOW ($1450)

COURSE DESCRIPTION:

During this comprehensive course, tools and methodologies that are used during penetration tests in enterprise network environments will be detailed. The course will utilize a lab environment for a hands-on instruction of manual penetration testing methods, in addition to, training for use of exploitation frameworks, such as Metasploit. Focus will be geared towards methodology, processes, vectors, tools, and techniques used for exploitation (Infrastructure, Network. Web, Mobile).

By the end of the course, the student will have an in-depth understanding of the underlying principals of network exploitation and will have gained experience in the successful execution of attacks.

Minimum Course Requirements: Bring a Laptop with: 4 GB of RAM at Minimum and Quad-Core Processor at Minimum Ability to Run Virtual Machines Understanding of Basic Networking Concepts Basic Linux Comprehension.

TARGET AUDIENCE:

This seminar is geared towards those seeking to enter the information security industry while also enriching those who seek to develop the skills and experience necessary to succeed as a penetration tester (for fun and for profit).

INSTRUCTOR BIO:

Rod Soto has over 15 years of experience in information technology and security.  He has spoken at ISSA, ISC2, OWASP, BlackHat, DEFCON, Hackmiami, Bsides and also been featured in Rolling Stone Magazine, Pentest Magazine, Univision and CNN. Rod Soto was the winner of the 2012 BlackHat Las vegas CTF competition and is the founder and lead developer of the Kommand && KonTroll competitive hacking Tournament series.

Seminar Requirements

  • Laptop With at Least 4GB of RAM and at Minimum a Quad-Core Processor
  • Ability to Run Virtual Machines
  • Understanding of Basic Networking Concepts
  • Basic Linux Comprehension

Course Description

During this comprehensive course, tools and methodologies that are used during penetration tests in enterprise network environments will be detailed. The course will utilize a lab environment for a hands-on instruction of manual penetration testing methods, in addition to, training for use of exploitation frameworks, such as Metasploit. Focus will be geared towards methodology, processes, vectors, tools, and techniques used for exploitation (Infrastructure, Network. Web, Mobile).

By the end of the course, the student will have an in-depth understanding of the underlying principals of network exploitation and will have gained experience in the successful execution of attacks.

Minimum Course Requirements: Bring a Laptop with: 4 GB of RAM at Minimum and Quad-Core Processor at Minimum Ability to Run Virtual Machines Understanding of Basic Networking Concepts Basic Linux Comprehension.

SECURITY ENGINEERING OF IOT
AND EMBEDDED SYSTEMS BY
MICHAEL SCHLOH VON BENNEWITZ

REGISTER NOW ($1450)

COURSE DESCRIPTION:

Examining IP (Ethernet), Serial (CAN, I2C, SPI, TIA/EIA), and RF (Bluetooth) communication, this full day workshop teaches invasive security from a developer perspective. We build and penetrate embedded systems, concluding with reverse engineering, penetration testing, or constructive discussion. Rather than treating legacy APTs with Metasploit or Nmap, we extend our reach to include microcontroller MCUs with no TCP/IP stack or user kernel:

Public Grid                    Controller Area Network (CAN)
Water Pumps                Consumer Vehicles (Automotive)
Street Lights                  Industrial Aerospace and Robotics
Healthcare                    Surveillance
Prosthetics                    Baby Phones (M2M Comm)
RF Exposed Data          Webcams (Mirai Botnet!)
Industrial Monitors         Building Automation (Locks)
Heartbeat Sensors         Smart Homes (Detection* and Relays)
Pacemaker Analysis       *Turn light emitters into detectors

BONUS:

Besides knowledge, you get to keep and take home hardware:

ARM Cortex (NXP) MCU
Atmel 328P based MCU
IoT Empire 802.3 Tap

INVENTORY:

We'll work with devices on loan for the workshop duration:

Tessel2                     Estimote beacon
RaspberryPi              CC2650 SensorTag
Beaglebone               Assorted shields
Minnowboard             Blesh beacon
nRF51-BTLE              Voltera One
FRDM-KL25Z             SmartScope
FRDM-K64F               Yubikey

INSTRUCTOR BIO:

Michael Schloh von Bennewitz is a computer scientist specializing in network engineering, embedded design, and mobile platform development. He speaks four languages fluently and presents at research events every year, and has presented for groups including Black Hat, CCC, Cable & Wireless, Mobile World Congress, Linux Foundation, Nokia, Ubuntu, Droidcon, and FOSDEM.

Michael's IoT knowledge profits from years of work at telecoms and relationships with industry leaders. He is a Intel innovator, Samsung partner, and Mozilla contributor with the mandate to promote IoT technology.

QUESTIONS?

Please direct questions about this workshop's unique build and destroy approach, communication technologies, or hardware availability to the instructor.

iotempire@encambio.com

Seminar Requirements

  • Please bring a computer (any OS) with two free USB ports.
  • Optionally bring a smartphone with a modern Bluetooth stack.
  • Topics and pace benefit experienced and novice hackers alike.

Course Description

Examining IP (Ethernet), Serial (CAN, I2C, SPI, TIA/EIA), and RF (Bluetooth) communication, this full day workshop teaches invasive security from a developer perspective. We build and penetrate embedded systems, concluding with reverse engineering, penetration testing, or constructive discussion. Rather than treating legacy APTs with Metasploit or Nmap, we extend our reach to include microcontroller MCUs with no TCP/IP stack or user kernel:

Public Grid                    Controller Area Network (CAN)
Water Pumps                Consumer Vehicles (Automotive)
Street Lights                  Industrial Aerospace and Robotics
Healthcare                    Surveillance
Prosthetics                    Baby Phones (M2M Comm)
RF Exposed Data          Webcams (Mirai Botnet!)
Industrial Monitors         Building Automation (Locks)
Heartbeat Sensors         Smart Homes (Detection* and Relays)
Pacemaker Analysis       *Turn light emitters into detectors




Advanced Red Team Operations
by steve borosh & Jeff Dimmock

REGISTER NOW ($1450)

COURSE DESCRIPTION:

This detail-oriented course takes you beyond the average penetration test and dives right into advanced red team tactics, theory, and beyond.
Instructors will walk the student through a “live” engagement against a simulated corporate environment where they’ll be taught cutting-edge
techniques to push defenders to their limits and maximize your time-on-target.

The course will focus on teaching students the latest Tactics, Techniques, and Procedures (TTP’s) operating with Cobalt Strike, Empire,
PowerSploit, and much more! By the end of the course, the student will have an in-depth understanding of advanced red team infrastructure,
IR evasion tactics, and how to operating in a well-defended corporate environment.

TARGET AUDIENCE:

This course is geared towards those with at least a working understanding in penetration testing or red teaming who want to enhance their skill-base with some of the latest red teaming TTP’s.

INSTRUCTOR BIO:

Steve Borosh (@424f424f) is a long-time security enthusiast, prior U.S. Army Infantry Combat Veteran, and private security contractor. Currently working on the Sony Red Team, Steve enjoys bug hunting, blogging, building useful security tools, and teaching. Steve has presented at
Hack Miami (x2), HackFest D.C., and BSidesLV. Steve has also taught the Adaptive Penetration Testing course with Veris Group at Black Hat USA (x2).

Jeff Dimmock (@bluscreenofjeff) is a pentester/red-teamer for Veris Group's Adaptive Threat Division. He has performed penetration tests and
red team engagements for a number of large organizations. Jeff has a passion for social engineering and offensive tradecraft development.

Seminar Requirements

Laptop With at Least 4GB of RAM and at Minimum a Quad-Core Processor
Ability to Run Virtual Machines
Understanding of Basic Penetration Testing/Red Teaming Concepts
Basic Linux Comprehension