Trainings

 

Click each block to scroll to more info

Cryptography & Blockchain Security

Learn how blockchains, cryptocurrency, coin offerings, and smart contracts work in a series of challenges.

Cloudy but Secure: Building a Secure VPC in AWS

This workshop will take you through building a VPC in AWS with a private and public subnet, EC2 instances running in each, with secure access through SSH.

Ethical Hacking & Digital Forensics: hands-on

Ethical Hacking and Digital Forensics Techniques in a virtual environment using open source ISOs and tools.

Full Stack Incident Response

Learn how blockchains, cryptocurrency, coin offerings, and smart contracts work in a series of challenges.

The Art of the Jedi Mind Trick

Students will be expected to evaluate each other on how well we are communicating or putting the techniques into practice, and will provide constructive feedback, share ideas, and collaboratively work together to make everyone a better communicator.

Log4j Vulnerability: Emulation and Detection

Log4j? Log4Shell? I feel like I’ve heard those terms before… Perhaps you were so bogged down with remediation and incident response that you didn’t get the necessary time to research and understand the full scope of what happened.

Intro to Exploit Development

Learn how to take control of Windows and Linux servers running vulnerable software, in a hands-on CTF-style workshop. to use these animations.

Wireshark Workshop

Attendees will learn the operational basics of packet analysis using Wireshark where we perform a live packet capture demo as part of the workshop,

Cryptography and Blockchain Security

Instructor: Sam Bowne
Length: 4 hours
Skill Level: Beginner

Learn how blockchains, cryptocurrency, coin offerings, and smart contracts work in a series of challenges. We will also cover the underlying cryptography: hashes, symmetric encryption, and asymmetric encryption. We will configure wallets, servers, and vulnerable smart contracts, and exploit them.

We will configure systems using Bitcoin, Ethereum, Hyperledger, Multichain, Stellar, and more. We will perform exploits including double-spend, reentrancy, integer underflow, and logic flaws. No previous experience with coding or blockchains is required.Detailed

The workshop is structured in a CTF format, so each participant can work at their own pace. The techniques will be demonstrated, with complete step-by-step instructions to lead beginners through the easy challenges. There are also harder challenges for more experienced participants. We will help participants as needed, to ensure that everyone learns new techniques. Participants need a credit card and a few dollars to rent Cloud servers, or a host machine that can run virtual machines. We will use Linux and Windows systems. All the tools we will use are freely available, and all the training materials will remain available to everyone after the workshop ends.

The challenges include:

  1. Basic blockchain concepts
     a. Simple conceptual blockchain on Github
     b. Hashes, collisions, and Pollard’s Rho method
2. Wallets
     a. MetaMask and Ethereum
     b. Prepraring an Android emulator
     c. MetaMask mobile wallet
  3. Smart Contracts
     a. Making a Solidity Contract
     b. Making a Coin with Solidity
     c. Exploiting a contract with a reentrancy attack
     d. Winning an auction by exploiting a logic flaw
     e. Hacking PoWHCoin with an underflow
     f. Performing a double-spend (51%) attack on Bitcoin
  4. Servers
     a. Preparing a Linux cloud machine
     b. Making a private Ethereum blockchain
     c. Making a Node on the Kovan Proof-of-Authority Testnet
     d. MetaMask with Local Testnet
     e. Hyperledger IROHA (from IBM)
     f. Using Multichain
  5. Essential Cryptography
     a. Symmetric encryption
          i. Substitution ciphers
          ii. One-time pad and Two-time pad
          iii. AES in ECB and CBC modes
          iv. AES-GCM with Libsodium
     b. Asymmetric encryption
           i. RSA
     c. Elliptic-curve cryptography with Libsodium
  6. Cryptographic attacks
     a. Padding oracle attack
     b. Existential forgery
     c. Finding large primes
     d. Factoring large numbers
     e. Baby-step, giant-step attack on the Discrete Logarithm Problem (DLP)
     f. Pollard-Rho attack on the DLP
  7. Madness
     a. Quantum computing
     b. Homomorphic encryption with Microsoft’s SEAL
     c. IBM’s homomorphic encryption

 

Full Stack Incident Response

Instructor: Sam Bowne
Length: 8 hours
Skill Level: Beginner to intermediate

Learn the entire process of attacks and defenses, from attacker tools, techniques and procedures from the MITRE ATT&CK knowledge base through networking monitoring, forensics, malware analysis, and Windows internals. We will cover these topics:

MITRE ATT&CK
We will begin with a high-level view of attacks: Groups, Tactics and Techniques in the ATT&CK matrix, and attribution. We will use Caldera or a similar product to simulate the stages of an attack and test defenses.

Network Security Monitoring
We will cover centralized security monitoring in detail, using Splunk and Suricata to find and analyze attacks. We will use a pre-installed Splunk server with archived attack data to find and analyze attacks including vulnerability scans, brute force attacks, ransomware, Web site defacement. Then we will analyze network traffic with Wireshark, Virus Total, and Packet Total to find suspicious traffic, reconstruct the attacker’s actions, and recover downloaded files.

We will generate attack traffic with Scapy and monitor traffic with simple Python scripts. We will practice using Zeek, the powerful network security monitor formerly called Bro. We’ll practice writing simple code to customize Zeek, using it to analyze captured traffic, and then install it on a cloud server and use it to detect live attacks.

Defending Windows
We will use many techniques to defend Windows systems, including detecting ransomware with Sysmon and Splunk, RAM analysis, detecting known malware with yara, and prefetch forensics. We will use Velociraptor extensively for threat hunting on Windows systems, finding malware and persistence mechanisms, scanning for indicators of compromise, and capturing traffic remotely.

Windows Internals and Malware Analysis
We’ll use many techniques to analyze the behavior of malware to find indicators of compromise and understand the harm it does. We’ll use simple static analysis with strings, PE file analysis tools, and packers. Then we’ll perform dynamic analysis with debuggers, disassembly with IDA Pro, and decompiling with Ghidra.

We will explore the structure of Windows executable files and the operating system itself, to better understand programs, services, malware, and defenses. We will explore the import table, perform DLL injection and DLL proxying, and examine Windows API calls in userland and the kernel in detail. Projects include: cheating at games, building malicious DLL libraries, stealing passwords from the API, building a keylogger, debugging a driver, and writing custom shellcode. Tools used include pestudio, API Monitor, Visual Studio, OllyDbg, IDA Pro, Ghidra, WinDbg, and the Keystone Engine. We will examine the MBR and a simple bootkit.

Prior Knowledge and Equipment Requirements
Previous experience with C and assembly language is helpful but not required. Participants will need a laptop with a Web browser and two monitors. We will provide cloud servers for participants who don’t want to run the machines locally.

Key Takeaways
Understanding of threat actors and the ATT&CK matrix
Experience with network monitoring tools and Splunk
Thorough understanding of Windows internals and malware analysis Who Should Take This Course:
Analysts and executives responsible for protecting enterprises who wish to understand threat groups, defenses in overview, and the granular details of Windows exploits and defenses.ernals and malware analysis

Introduction to Exploit Development

Instructor: Sam Bowne
Length: 4 hours
Skill Level: Intermediate

The Art of the Jedi Mind Trick

Instructor: Jeff Man
Length: 8 hours over 2 days
Skill Level: Intermediate

Students will have numerous opportunities to speak – both in small groups and also making a presentation to the entire class. We’ll discuss techniques and methods and then practice them, or we’ll attempt some form of communication and then critique how well we do.

Students will be expected to evaluate each other on how well we are communicating or putting the techniques into practice and will provide constructive feedback, share ideas, and collaboratively work together to make everyone a better communicator.   Topics will include:   – overcoming obstacles, roadblocks and challenges.

   – getting past bad attitudes and misunderstandings (yours and theirs)
   – practical methods for getting your point across
   – helping others to understand what you are saying
   – learning to speak their language (e.g. non-technical)
   – helping your audience draw the desired conclusion.

Day One: Workshop (Will cover all of the jedi mind trick materials including practice exercises):
      Introductions (Ice Breaker Exercise)
      The Science of Communication (why do we we speak?)
      • Informative
      • Persuasive
      • Special Occasions
      Group Exercise
      The Art of Communication (Persuasive Speech)
      Discussion
      Group Exercise
   Day Two: Practical Application (students will present a short talk to the class and class will critique):
      Student Presentations
      Speech
      Feedback/Discussion
      Repeat for each student

Cloudy but Secure: Building a Secure VPC in AWS

Instructor: Tina Shakour
Length: 2 Hours
Skill Level: Beginner to Intermediate

While this workshop will be in AWS, these concepts translate to other cloud providers and to networking in cloud spaces.
Agenda: Enable account (attendees will need a credit card to enable the free tier account; however, this lab does not incur charges).
Enable billing alerts (this step is SOP in case the account is used other work and study later)

Discussion: Regions and Availability Zones

Discussion: Virtual Private Clouds: What are they?

Building a VPC without a wizard: this details the specifics of what is created in a VPC and the control methods available to make private and public resources

Creating EC2 instances

Securing EC2 instances with network ACLs and Security Groups

Hello World! Verifying our security policies.

Notes:
Students need access to a terminal command line, a web browser, the internet, and the ability to use a credit card to create a free account.

Wireshark Workshop

Instructor: Matt Scheurer and Micah Brown
Length: 2 Hours
Skill Level: Beginner to Intermediate

I. Exercise 00
I – A. Navigating Wireshark
I – A – 1) Learn about the various components of the Wireshark interface
I – A – 2) Instructor’s live packet capture demo II. Exercise 01
II – A. TCP and UDP packets
II – A – 1) Understanding the differences between TCP and UDP packets III. Exercise 02
III – A. Packet flow basics
III – A – 1) Understanding how to navigate through a packet capture and follow streams IV. Exercise 03
IV – A. Analyzing packets
IV – A – 1) Working with display filters and searching through PCAPs V. Exercise 04
V – A. Suspicious TCP connections
V – A – 1) Identify malicious traffic samples in the PCAPs
V – A – 1 – a) SYN flood DDoS attack
V – A – 2 – a) Fragmented packet DDoS attack
V – A – 3 – a) Stealthy Port Scan VI. Exercise 05
VI – A. Plain text protocols and grabbing creds
VI – A – 1) Learn why plain text communication protocols are risky by stealing logon credentials VII. Exercise 06
VII – A. Extracting objects and data
VII – A – 1) Export image files from a PCAP
VII – A – 1) Extracting other data files from a PCAP VIII. Exercise 07
VIII – A. Log4j exploit attempts
VIII – A – 1) Identify and unpack a real-world vulnerability exploit
VIII – A – 2) Instructor’s live-demo of a Log4j exploit with remote shell IX. Exercise 08
IX – A. Decrypting encrypted packet data
IX – A – 1) Decrypt encrypted PCAP data X. Further learning
X – A. Free networking and packet capture resources shared

Log4j Vulnerability: Emulation and Detection

Instructor: Brandon Devault
Length: 4 Hours
Skill Level: Beginner to Intermediate

In this hands-on talk, we’ll walk through how the vulnerability is exploited and what part it plays in the attack chain. You’ll have an opportunity to emulate the attack or follow along as I demonstrate the attack and various open-source detection methods. This talk takes a purple team approach by discussing the defender’s and attacker’s infrastructure, attack execution, and how to analyze the traffic for identification and detection. We’ll finish up by discussing the aftermath of attacks seen in the wild, current APT approaches to this vulnerability, and address any security concerns that remain.Detailed Outline:


Overview:
What is Log4j?
How the Log4j vulnerability is used in the attack chain
Quick CVE overview (currently 7 related to Log4j)


Demo:
Setting up the defensive infrastructure (vuln app, suricata, packet capture)
Setting up the attacker’s infrastructure (Malicious LDAP server)
Executing the payloads (POC and reverse shell)
Detection and Identification (network detection and log analysis)


Aftermath:
Current attacks seen in the “wild” and APT tactics
Hardening infrastructure and prevention of similar vulnerabilities
Security concerns that remainree networking and packet capture resources shared

Ethical Hacking & Digital Forensics: Hands-on

Instructor: Darryl Togashi and Adrian Henry
Length: 16 Hours over 2 days
Skill Level: Beginner to Intermediate

Summary:
Ethical Hacking and Digital Forensics Techniques in a virtual environment using open source ISOs and tools. Upon completion will have working virtual labs with an environment to run several of the lab examples shown in class. Also have a basic understanding on Digital Forensics and Ethical Hacking techniques.

Understanding how to build a virtual lab, download and install virtual images, and perform several Digital Forensics techniques and the use of digital forensics tools in CSI Linux and Kali (Forensics Mode). On the second day they will be able to run a vulnerability scan, assess their attack surface, and run some exploitations that they have learned in class. Also and more important they understand when and where they can ETHICALLY run some of these tasks.

Day 1:
Digital Forensics Techniques and Tools using CSI Linux. Learning from building your own virtual lab from open source images and VirtualBox.
Virtual Labs
Forensics Case Management
OSINT
Computer Forensics
Steganography
Network Forensics

Day 2:
Ethical Hacking using Kali. Learn to be able to recognize vulnerabilities and be able to exploit those vulnerabilities.
Virtual Labs
Ethical Hacking – Ethics
Threat Tactics and Vulnerabilities
OSINT Active and Passive
nmap including scripts
Vulnerability Assessment
Run several exploitation attacks in virtual lab
Malware Exploitation
Mitigation Techniques
and more
Detailed Outline:

Day 1
1) Introductions
2) Virtual Lab Setups
– Downloading ISO images and installers
– CSI Linux
– Kali Live (Forensic Mode)
– Metasploitable2
– Windows
– Build your own VirtualBox test environment
– Scanning and documenting the Virtual lab
3) Forensic Case Management
– Building a Forensic Case using Autopsy
4) OSINT
– Using WebMap for an nmap dashboard
5) Computer Forensics
– Forensic Copy of Windows Registry (20)
– Analyzing Windows Registry for Evidence (21)
6) Steganography
– Using EXIF Tool for read and write EXIF tags
7) Network Forensics
– Wireshark Capture Options
– Capturing Traffic
– Capturing a 3-way TCP Handshake Using Wireshark
8) Questions and Answers Session

Day 2
1) Introductions
2) Virtual Lab Setups
– Downloading ISO images and installers
– Kali
– Metasploitable2
3) Verify your own VirtualBox test environment
4) Ethical Hacking – Ethics
5) Threat Tactics and Vulnerabilities (MITRE ATT&CK and Common Vulnerabilities and Exposures (CVE))
6) OSINT Active and Passive
7) Scanning and documenting the Virtual lab
8) nmap including scripts
9) Vulnerability Assessment
10) Backdoor exploitation
11) Credential Grabbing
12) Cross Site Scripting
13) Malware exploitation
14) And More
15) Understand different techniques in mitigating vulnerabilities found
16) Finalizing labs
17) Questions and Answers Session