Pre-Conference Training

Web App Hacking Basics
Advanced Web App Hacking with Metasploit
Introduction to Crypto for the Math-Phobic
OSINT for Pen Testers: Maximizing Your Efficiency
Intelligence and Special Operations Deception Detection for InfoSec Professionals
Effective YARA

Never Stop Learning

In addition to the lecture tracks, we have specialized and in-depth training courses available before the conference proper. Please review the possible courses listed below if you are interested in advanced training.

All training courses listed are available, however in order to ensure that it is worth our trainers’ time and effort, each course is pre-registration only until the attendance threshold indicated is met. Once the attendance threshold is met, pre-registrants will be contacted with full registration and tuition payment instructions.

Registration for training sessions happens right alongside your conference registration, though purchasing a pass and/or attending the conference is NOT required. However, you can sign up for additional classes after the fact by logging into your profile. Keep in mind training sessions are first come, first serve, so the sooner your register the better off you’ll be.

Web App Hacking Basics | Advanced Web App Hacking with Metasploit | Introduction to Crypto for the Math-Phobic| OSINT for Pen Testers: Maximizing Your Efficiency| Military Deception Detection for InfoSec Professionals

Web App Hacking Basics
Details:
Date: Wednesday, April 5th 2017, 9AM-4PM
Speaker: Brandon Perry
Cost: $750 per person
Location: Austin, Tx
Meals: Lunch provided
Requirements: Laptop, Burpsuite/ZAP, Firefox web browser, sqlmap
Prerequisites: How to use a web browser.
Register Now

Description:
This one day class focuses on teaching beginners how to find and exploit common web application vulnerabilities (XSS, SQLi, RCE), first by hand, and then with common tools. It is recommended students come with a laptop with a Kali virtual machine ready. Experience only with a web browser is needed.


Advanced Web App Hacking with Metasploit
Details:
Date: Thursday, April 6th 2017, 9AM-5PM
Speaker: Brandon Perry
Cost: $750 per person
Location: Austin, Tx
Meals: Lunch provided
Requirements: Laptop, Burpsuite/ZAP, Firefox web browser, sqlmap, Metasploit
Prerequisites: Understanding of web application vulnerabilities such as SQL injection or remote command execution.
Register Now

Description:
This one day class builds on the Web Application Hacking Basics class, taking exploitation to the next level by writing Metasploit modules to exploit RCE and SQL injection vulnerabilities. Students should have a familiarity with programming and basic exploitation experience.


Introduction to Crypto for the Math-Phobic
Details:
Date: Thursday, April 6th 2017, 9AM-5PM
Speaker: Daniel Crowley
Cost: $700 per person
Location: Austin, Tx
Meals: Lunch provided
Requirements: Laptop with*nix or macOS, FeatherDuster (free software)
Prerequisites: None
Register Now

Description:
While cryptography is one of the major pillars of modern computer security, many of those who make use of it don’t understand how it works. Even worse, many people who do vulnerability assessment and penetration testing work have limited or no understanding of cryptography. This can lead to serious, exploitable flaws going undiscovered for long periods of time, even in security-reviewed software.

A large contributing factor to this lack of understanding is the perception that cryptography is impossible to learn without a strong background in mathematics. While it is often the case that breaking algorithms requires intense math knowledge, the algorithm itself is rarely the weak point in any cryptosystem and some of the most common practical crypto weaknesses can be understood without heavy duty math.

This class aims to teach the basics of exploiting cryptographic flaws through demonstration, theory, and hands-on exercises. Students should gain an understanding of how encryption algorithms are built, how they’re used and misused, and why your crypto can still be hopelessly and easily broken even if you’re using AES-256.


OSINT For Pen Testers: Maximizing Your Efficiency
Details:
Date: Friday, April 7th 2017, 9AM-5PM
Speaker: Joe Gray
Cost: $500 per person
Location: Austin, Tx
Meals: Lunch provided
Requirements: Laptop with Linux (preferably Kali), Datasploit, recon-ng, BeEF, and Social Engineer toolkit.
Prerequisites: Basic Linux Knowledge and limited Python Scripting skills.
Register Now

Description:
Have you ever spent too much time in the reconnaissance phase of a pen test because you needed better intelligence? Do you make the most efficient use of OSINT?
This course aims to help you find more efficient ways to collect the information about your targets so that you can get to the fun stuff: exploitation and maximum pwnage. Here, you’ll see the correlation between OSINT and Social engineering and how to better apply it to your engagements. You’ll see techniques for phishing, vishing, pretexting, impersonation, and more. Tool demonstrations will include how to make the best use of OSINT Websites and standalone tools such as Datasploit, recon-ng, Social Engineer Toolkit (SET), and Browser Exploitation Framework (BeEF).


Intelligence and Special Operations Deception Detection for InfoSec Professionals
Details:
Date: Friday, April 7th 2017, 9AM-5PM
Speaker: The Culper Group
Cost: $500 per person
Location: Austin, Tx
Meals: Lunch provided
Requirements:
Prerequisites:
Register Now

Description:
INFOSEC and Cyber Security professionals are increasingly tasked with managing threats that aren’t technological in nature. Server side threats are less effective and more difficult to perpetrate today, so hostile actors increasingly rely on manipulation to accomplish their goals. In fact social engineering has been the primary mechanism behind an increasing number of significant breaches, including Edward Snowden’s debilitating defeat of NSA security. Traditionally, IT professionals have been technology-facing experts in the tools of their trade, devoting scant attention to the humans behind the systems. As more and more INFOSEC responsibilities become investigatory and human-facing, navigating the Human Terrain becomes ever more important.
Deception Detection: The human threats to information systems are overwhelmingly rooted in deception. The Culper Group can train attendees to improve their competencies in deception identification and analysis. Using a proprietary model that eliminates mythology and combines practical experience with scientific findings, attendees will leave this course with concrete set of tools allowing them to identify markers of deception in both verbal and written communications.


Effective YARA
Details:
Date: Friday, April 7th 2017, 9AM-5PM
Speaker: Monty St John
Cost: $695 per person
Location: Austin, Tx
Meals: Lunch provided
Requirements: Laptop, Remnux VM and lab files (information sheet will be provided)
Prerequisites: Beginner | Use of a hex editor, basic logic skills, introductory programming skill useful but not necessary, reversing or digital forensics skills useful but not necessary
Register Now

Description:
Yet Another Regex Analyzer or YARA is a simple and highly effective way to identify, classify, and categorize files. While most often employed in the context of malicious files, YARA is not limited in that regard and can be directed at any type​ of file. This ability makes it a valuable sleuthing tool in your arsenal identify, understand and ultimately prevent unwanted influences.

● Identify, classify, categorize and analyze and then leverage file­derived intelligence to detect and respond to threats
● Piece together adversary campaigns and threat activities
● Transform unknown/unwanted files into a well of usable intelligence
● Enrich existing intelligence to analyze, understand and profile adversaries and their tactics, techniques, tools, and procedures

Course includes several take away items:
* Handouts (~12) covering file structures and strategies to detect them
* Course labs and the topics covered provide the basis for creating a robust file-detection lab or triage harness
* Quality assurance and construction (python) scripts to rapidly create, test, and pull metrics from YARA rules and their performance

Register Now for Pre-Conference Training