Free Training Workshops - 2023
Date: April 13 2023
On-Site (In Person)
2 Hour Workshops
Sign up for Free Workshops, Seating is limited
DISCLAIMER* Free training day admission ticket for April 12 does not include General Admission ticket for the Conference Day on April 13. Please purchase conference and paid pro training tickets separately.
​
Workshops are IN-PERSON only, only register if you can actually attend on April 13th.
Free Training Workshops
The free training courses will be included in the general admission conference tickets. The workshops are 2 hours each and will take place on April 13 from 8am - 5pm. The technical training topics will focus on cybersecurity, AI, cloud, offensive, defensive, incident response, insider threats, space and aero defense.
​
Free training updates will be released on social media leading up to the event.
​
Trainer Index
Beau Bullock Senior Security Analyst, Black Hills Security
Training Description:
Do you want to level up your cloud penetration testing skills? The attack surface of many organizations has changed to include third-party hosted services such as Amazon Web Services, Microsoft Azure, and Google Cloud Platform. In this free 2-hour workshop, hacking concepts are introduced for each of those services. Learn how to perform reconnaissance against cloud assets and identify common vulnerabilities that lead to compromise of an organization. Tools and techniques used on real-world penetration tests against cloud assets are shared including hands-on demonstrations.
You will leave this workshop with new skills for assessing cloud-based infrastructure!
​
Trainer Bio:
Beau Bullock is a Senior Security Analyst and Penetration Tester and has been with Black Hills Information Security (BHIS) since 2014. Beau has a multitude of security certifications and maintains his extensive skills by routinely taking training, learning as much as he can from his peers, and researching topics that he lacks knowledge in. His favorite part of being at BHIS is having the opportunity to learn more, and the other amazingly talented people who work around him. He is a constant contributor to the infosec community by authoring open-source tools, writing blogs, speaking at conferences and on webcasts, and teaching his online class, Breaching the Cloud. Outside of his time at BHIS, Beau enjoys staying fit, gaming with his kids, playing guitar, and releasing music under the name NOBANDWIDTH.
​
Certifications:
OSCP: Offensive Security Certified Professional
OSWP: Offensive Security Wireless Professional
GXPN: GIAC Exploit Researcher and Advanced Penetration Tester
GPEN: GIAC Penetration Tester
GCIH: GIAC Certified Incident Handler
GCFA: GIAC Certified Forensic Analyst
GSEC: GIAC Security Essentials
GCIA: GIAC Certified Intrusion Analyst
GWAPT: GIAC Web Application Penetration Tester​
Covert Entry Training (Covert Entry Tactics to Tactfully Enter Covertly by the Tactful WeHackPeople.com)
by Brent White and Tim Roberts
Tim Roberts
Covert Entry Specialist
Dark Wolf Solutions
Brent White
Covert Entry Specialist
Dark Wolf Solutions
Training Description:
Introductory methods to modern covert entry Tactics, Techniques and Procedures (TTPs) for penetration testers.
An introduction to common and uncommon covert entry techniques that are used during physical security assessments. Whether you are a penetration tester, security coordinator, or the decision maker, these techniques will provide an insight into how expensive electronic and physical access controls can sometimes be bypassed by something as simple as a can of air, a piece of plastic, or even a smile.
Tim Roberts and Brent White of WeHackPeople.com and Dark Wolf Solutions, LLC will be sharing their experiences with covert and overt security tests over the years and walking participants through some real-life application of the techniques utilized during these assessments.
​
Topics covered:
The foundations of preparing for your assessment before you even arrive onsite
The development of surveillance techniques such as important information to look for to create your plan of attack
Access Control and Lock Bypass techniques needed to gain access to the most common environments
Understand how social engineering can play a major role in covert physical security assessments and gain some tools to help better develop your improvisational skills!
Introduction to developing useful guises to aid in a successful engagement
Which certifications and training are offered? / How do I get a job doing this?
​
Tim Roberts
​
A Principal Security Consultant with over fifteen years of information security experience. Tim held management, IT, and physical security roles across multiple industries, including healthcare, finance, and government. His professional experiences include Internal/External Network, Wireless, Application, Physical Security - specializing in Covert Entry, Social Engineering, and OSINT penetration assessments and research. These experiences have led to successful Red Team assessments against commercial and government environments.
He is the founding member of the Lexington DEF CON group (DC859) and was part of the DEF CON Groups program. He has been interviewed on the subject of "White hat hacking" for Microsoft’s “Roadtrip Nation” television series, was featured on IDG Enterprise’s CSO Online publication by Ryan Francis on social engineering, was interviewed at Black Hat by HelpNetSecurity on security awareness and "Know Your Adversary" and regularly featured on ProfilingEvil on "Security Awareness" for WeHackPeople.com.
Tim had spoken and conducted training at several industry recognized security and hacker conferences, including ISC West, ISSA International, DEF CON, DerbyCon, various B-Sides, CircleCityCon, Techno Security Con, SaintCon, Appalachian Institute of Digital Evidence - Marshall University, GrrCon, NolaCon, Who's Your Hacker, Red Team Village, Gray Hat, keynote for the S&H Law - FBI/Hacker Panel, and more. He hosted the Bypass Village as part of WeHackPeople.com at HackRedCon.
​
Brent White
​
A Principal Security Consultant specializing in covert entry (stealth breaching), and network penetration. His skills include onsite and remote social engineering, network and application penetration, red teaming, and physical penetration testing, including bypassing popular security access controls, alarms, and people.
He also enjoy public speaking and training on a variety of topics from hacking, social engineering, physical security, red teaming, security awareness is also a passion.
Highlights:
-- Trusted Adviser - TN Dept of Safety & Homeland Security
-- Mid-TN Cyber Security Conference committee
-- Founding of the Nashville DEF CON group (DC615)
-- Former "Global Coordinator" for the DEF CON conference “Groups” program
-- Web/Project Manager and IT Security Director at the headquarters of a global franchise company
-- Web Manager and information security positions for multiple television personalities and television shows on The Travel Channel
-- Interviewed on the popular "Hak5" web series
-- Interviewed on BBC News
-- Featured on Microsoft’s “Roadtrip Nation” television series
​
The Pentester BluePrint: Starting a Career as an Ethical Hacker
Phillip Wylie is a Security Solutions Specialist for CYE
Training Description:
Jumpstarting your pentesting career with The Pentester Blueprint
Training Description:
Concept creator and co-author of “The Pentester BluePrint: Starting a Career as an Ethical Hacker,” Phillip Wylie, will help you create your personal blueprint to jumpstart your career as a pentester. In this workshop, concepts from the book will be discussed, as well as content from his conference presentation, “Pentesting experience, and how to get it.”
Topics covered:
-
The foundations of pentesting, including basic IT skills like operating systems, networking, and security systems
-
The development of hacking skills and a hacker mindset
-
Where to find educational options, including college and university classes, security training providers, volunteer work, and self-study
-
Which certifications and degrees are most useful for gaining employment as a pentester
-
How to get experience in the pentesting field, including labs, CTFs, and bug bounties (including updated content from the conference presentation, “Pentesting experience, and how to get it.”
-
How to do a skills assessment and gap analysis to build your education plan
-
Building a personal brand and content creation
​
Trainer Bio:
Phillip Wylie is a Security Solutions Specialist for CYE, with over 25 years of industry experience in IT and cybersecurity. He is also a former Dallas College Adjunct Instructor and the founder of both The Pwn School Project and DEFCON Group 940. Wylie has a diverse range of experience in multiple cybersecurity disciplines, including system administration, network security, application security, and pentesting. As a pentester with over 10 years of experience, he has conducted pentests of networks, Wi-Fi networks, and applications, as well as red team operations and social engineering.
Phillip's contributions to the cybersecurity industry extend beyond his work as a pentester. He is the concept creator and co-author of “The Pentester BluePrint: Starting a Career as an Ethical Hacker,” a highly regarded book that was inspired by a lecture he presented to his class at Dallas College and later became a conference talk. Phillip is the host of The Hacker Factory Podcast, where he interviews guests on how they got started in cybersecurity and their advice for aspiring cybersecurity professionals. Additionally, he is a frequent conference speaker, workshop instructor, and mentor.
Zero 2 Emulated Criminal: Intro to Windows Malware Dev
Dahvid Schloss & Ross Flynn
Training Description:
Step up your emulated criminal game with a practical, hands-on introduction to malware development. Join a prior US Special Operations Cyber Operator to learn the building blocks and techniques used in real-world malware variants.
You don’t need fancy, expensive tools to get a C2 implant executed while evading antivirus. You need basic knowledge, ingenuity, and elbow grease.
Join us as we bring the first two modules from our DEFCON 30 Training to kick-start your malware development journey.
What you will need:
Windows 10 VM (We need to be able to disable AV)
- Visual Studios Community 2022
- c++ package
- Visual Studios Code (optional)
- Python 3.10 (if installing visual studios code)
Kali Linux VM (or any Linux VM)
- Metasploit Framework
- Python 3.10 (if not installed on windows)
​
Trainer Bios:
Dahvid is the Managing Lead, Offensive Security at Echelon. As an experienced cybersecurity leader with over 12 years of cyber-attack and defense experience, Dahvid has previously worked as a Red Team Operator with a Big 4 consulting firm leading and conducting Adversarial Emulation (red team) exercises as well as served in the military, leading, conducting, and advising on special operations offensive cyber operations. He has a wide background in cybersecurity including logical, social, and physical exploitation as well as incident response and system/network device hardening. Dahvid is also a Malware Development Instructor, growing Adversarial Emulation knowledge to those looking to expand their skills in the highly specialized space.
Ross is a husband, musician, escape room expert, and hot sauce connoisseur who happens to love his job as a Cybersecurity consultant. Prior to his career in Infosec, Ross was a family preservation counselor in the social services field where he helped families involved in the Child Welfare system identify strengths, develop healthy boundaries, and ensure a safe environment for their children. After a major career switch, he started down the path of ethical hacking, risk management, and business continuity. On a normal day you might find Ross performing a penetration test, conducting an incident response tabletop exercise, writing disaster recovery plans, or performing NIST, PCI, or Maturity assessments.
Introduction to Reverse Engineering and Bug Hunting (Using Real CTF Problems)
Georgia Weidman
Training Description:
This course is for learners who want to participate in bug bounty programs and capture the flag competitions. Together we will tackle the topics of bug hunting and reverse engineering from the ground up, diving deep into the static and dynamic analysis of a vulnerable binary that was used in a previous Defcon CTF qualifier. You will become familiar with tools such as GNU Debugger, IDA Pro, and Pwntools. This course is suitable for students with little to no previous experience with assembly language, reverse engineering or exploitation. We will go from discovering what exactly the MOV instruction does in assembly to capturing the flag at the end of the problem. Participants are encouraged to work along in a hands-on fashion with the provided virtual machine. Exploits will be written in Python and exploit skeletons will be provided for those unfamiliar with the language.
​
Trainer Bio:
Georgia Weidman is a serial entrepreneur, penetration tester, security researcher, speaker, trainer, and author. Georgia is the author of Penetration Testing: A Hands-On Introduction to Hacking and a contributor to Tribe of Hackers series which collectively have launched the cybersecurity careers of thousands. Her work in the field of smartphone exploitation has been featured internationally in print and on television including ABC, BBC, Fox, NBC, and PBS. She has presented and trained around the world including venues such as Black Hat, DEF CON, NSA, Oxford, RSA, and West Point and has served as a subject matter expert with the CyberWatch Center's National Visiting Committee, the FTC’s Home Inspector IoT security challenge, and as a New America Cybersecurity Policy Fellow.
Georgia founded Bulb Security LLC, a security consulting firm specializing in security assessments, penetration testing, security training, and research and development in mobile and IoT security. She was awarded a DARPA Cyber Fast Track grant to continue this work culminating in the release of the open-source project the Smartphone Pentest Framework. She founded Shevirah Inc. to create products for assessing and managing the risk of mobile and the Internet of Things and evaluating the effectiveness of mobile security solutions. Shevirah is a graduate of the Mach37 cybersecurity accelerator, and, through Mach37, Georgia has served as an advisor, mentor, and occasionally investor in the next generation of cybersecurity startups.
She received the 2015 Women’s Society of CyberJutsu Pentest Ninja award, is an Adjunct Professor at the University of Maryland Global Campus, and she holds a MS in computer science; U.S. Patents #10,432,656 and #11,089,044 which are foundational to simulated phishing; as well as CISSP, Pentest+, and OSCP certifications.
Hardening the Frontier: An Intro to Continuous Security Testing at Scale
Octavia
Waseem Albaba
Training Description:
- Get a brief introduction to VSTs and understand why they are designed for security testing at scale, in production environments
- Create their own VST using Prelude Build, the open source IDE for security engineers
- Learn about probes and how to deploy them on endpoints in order to accept, execute, and respond with the results of a VST
- Use Prelude Detect to execute their first VST.
​
Trainer Bios:
From the team at Prelude Operator:
​
Octavia is a Principal Security Engineer at Prelude. Previously, they have worked in security roles at Ubisoft and as a volunteer with non-profits countering disinformation.
Waseem Albaba is an Adversarial Security Engineer working at Prelude Security.... He is constantly seeking to expand his professional expertise of Penetration Testing, Red-Teaming, and Purple-Teaming. Waseem is also a passionate cat lover, skateboarder, and global traveler. Through both individual projects, competitive CTF, and work at Prelude he strives to deliver constant value to the information security community. Along side that, he is determined to immerse himself in every part of cyberspace to improve himself while also supporting his close friends and coworkers along the way. Currently holds the Certifications: OSCP: Offensive Security Certified Professional, CBBH: Certified Bug Bounty Hunter, CompTIA: Security+ and blogs at https://gerbsec.com
Introduction to Privesc with PEASS-ng suite: Hidden tips & tricks!
Carlos Polop
Training Description:
"Introduction to Privesc with PEASS-ng suite: Hidden tips & tricks!" is a free training that provides a comprehensive introduction to privilege escalation (Privesc) in cybersecurity. The training will focus on the use of PEASS-ng (Privilege Escalation Awesome Scripts Suite - Next Generation), which is a collection of scripts and tools used to identify and exploit Privesc vulnerabilities. Participants will learn how to use the PEASS-ng suite to identify and exploit vulnerabilities in a Linux & Windows environments. The trainer will comment on the most common privilege escalation vectors, and also he will share hidden tips and tricks to make the most out of PEASS-ng and provide real-world examples of how these tools have been used in actual security assessments.
Overall, "Introduction to Privesc with PEASS-ng suite: Hidden tips & tricks!" is an ideal training for newly security professionals who are looking to improve their knowledge and skills in Privesc techniques and tools. Attendees will leave with a deep understanding of the tools and techniques used in Privesc, as well as practical tips and tricks for using PEASS-ng to automate and streamline the Privesc process. Basic knowledge on linux & windows command lines is required.
​
Trainer Bio:
Carlos has a degree in Telecommunications Engineering with a Master in Cybersecurity and is currently working as Team Leader of Web, Mobile & Cloud Penetration Testing at Halborn.
He also has several relevant certifications in the field of cybersecurity such as OSCP, OSWE, CRTP, eMAPT, eWPTXv2…
As CTF player, has won some international CTF competitions, he was captain of the Spanish national team in ECSC2021, and part of the winning European Team in the ICSC2022.
Since he started learning cybersecurity he has tried to share his knowledge with the infosec community by publishing open source tools such as https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite and writing free hacking books that anyone can consult at https://book.hacktricks.xyz/ and https://cloud.hacktricks.xyz/.
Story-Telling Workshop - How To Tell Stories that Get People’s Attention
Ed Skoudis
Training Description:
This session is designed to help cyber security professionals step up their story-telling game — to engage an audience when presenting publicly or even to small groups of people or individuals. You will be much more successful in your career if you can engage people in your work through effective story telling. Ed Skoudis has attended numerous story-telling classes over the past decade and he'd like to share some of the tips and tricks he's learned in this highly interactive, fun session. Using principles from various organizations dedicated to effective storytelling, including Stand & Deliver and The Moth, you will dissect one of your own stories from class and then spiff it up even more in this very practical workshop. Ed has provided this workshop several times for SANS instructors, and here are some of the comments those SANS instructors provided about the workshop:
"I could see noticeable improvements."
"I'd like to attend again."
"I am enthused on doing better."
"Taught me to better organize my stories."
"I Learned a lot."
*Seating is limited to the first 14 people who register for this unique session. You must arrive with a two-minute true story (ready for you to share verbally, but not in written form). Your two-minute story can be about something you’ve done in work or even from your personal life.
​
Trainer Bio:
Ed Skoudis has taught over 40,000 cyber security professionals globally in penetration testing and incident handling. Ed currently serves as the President of the SANS Institute Technology college, supporting over 1,600 students earning their Masters degrees, Bachelors degrees, and cyber security certificates. Additionally, Ed is consistently one of the first authorities brought in to provide post-attack analysis on major breaches. Ed is also the founder of the SANS Penetration Testing Curriculum, the CEO and founder of the Counter Hack consulting firm, and the leader of the team that builds SANS NetWars and the SANS Holiday Hack Challenge. Ed is a keynote speaker and is an Advisory Board member for RSA Conference. He is also on the board of directors for a local bank and a charity.
Wheeze the Juice
Jonathan Singer, Technical Account Manager, GuidePoint Security
Training Description:
Have you ever actually gone through the process of hacking a website? Join me on this wonderful ride of application security powered by the OWASP Juice Shop to demonstrate some of the top website vulnerabilities from the OWASP Top 10. In this training, we will review several different techniques used in web application testing, exploit vulnerabilities discovered manually and with tools, and finally take over the whole show just to see how it’s done. A laptop is not necessary as this exercise is meant to be interactive and entertaining. Be sure to bring your thinking cap and your best hacks.
​
Trainer Bio:
Jonathan Singer has almost two decades of experience as an information technology professional and cyber security expert. Recently, Jonathan led the Data Analytics Professional Services Practice for GuidePoint Security, delivering world class data management and SOC engineering services. He has since switched to the dark side and now assists Fortune 500 companies with the enterprise security challenges. Prior to joining GuidePoint, Jonathan worked at a Central Florida Internet Service Provider specializing in web application security, GRC, and system administration. Jonathan participates in many speaking engagements throughout the east coast, and currently holds a number of certifications, along with a Master’s degree of Cybersecurity from the University of South Florida. Today you can find Jonathan co-leading the Tampa OWASP chapter and enjoying life.
​
Certifications:
CEH
GCFE
GPEN
GCIA
GWAPT
Building a Malware Analysis Platform
Jared E. Stroud
Training Description:
Do you wish you could be analyzing some of the latest malware threats the big industry players are blogging about? Are you looking to improve your Reverse Engineering/DevOps/Software Engineering skills? This training will walk you through acquiring malware samples from various free providers and automating analysis for your very own research projects. This two hour training will walk through building a minimal malware pipeline, how to improve said pipeline and ways to build a variety of both soft and technical skills along the way.
​
Trainer Bio:
Jared Stroud (@DLL_Cool_J) is a Lead Security Engineer at The MITRE Corporation focusing on tackling DevOps problems related to Containers/Kubernetes. Additionally Jared serves as an Adjunct Lecturer at the Rochester Institute of Technology teaching courses related to Computing Security and Software Engineering. Jared has supported Adversary Emulation through ATT&CK Evaluations (FIN7/CARBANK), as well as Security Researcher roles focusing on malware analysis in private industry. Outside of work Jared runs Arch Cloud Labs (https://www.archcloudlabs.com), an independent security research blog containing numerous external projects focused on red teaming, malware analysis and DevOps practices.
Soft Skills & Spaceships - How your non-technical skills will take you to the moon
Heath Adams
Zach Hill
Training Description:
In this workshop Heath and Zach will dissect the non-technical skills and stand-out skills that employers are looking for in their talent.
​
We'll break down:
Soft Skills and Communications Skills
Resume Tips and Advice
Interview Tips and Advice
​
At the end we will take our audience through the journey of developing the stand-out/branding skills that will help them get noticed by the community and employers to take their career to the moon.
​
Trainer Bios:
​
Heath Adams (aka The Cyber Mentor) is the CEO and founder of TCM Security, a cybersecurity training and consulting firm.
Heath is a cybersecurity instructor and mentor. He has taught over 500,000 students across platforms such as YouTube, Twitch, and the TCM Security Academy. He is currently considered one of the best instructors in the cybersecurity and ethical hacking industry.
Heath is also a military veteran, having served in the US Army Reserves, and helped co-found VetSec, a 501c3 dedicated to military members in cybersecurity. When Heath is not at work, he enjoys spending time with his wife, Amber, and their five animal “children.” He is an avid runner, musician, trivia nerd, and sports fan.
​
Zach Hill's passion for technology and his desire to help others drive his mission to inspire and guide people interested in pursuing careers in information technology. As the creator of the YouTube channel, I.T. Career Questions, Hill provides guidance, support, and resources to help people overcome the challenges of entering the IT industry. He believes that with the right mindset and tools, anyone can achieve success in IT and make a positive impact on the world.
As the Chief Content Hacker(Marketing Director) at TCM Security, Hill continues to work towards his mission of welcoming people into the world of IT. He sees himself as a guide and mentor to those interested in pursuing careers in IT, providing them with the support and resources they need to achieve success.
Outside of work, Hill enjoys spending time with his family, including his wife, four children, and three cats. His commitment to helping others and his passion for technology continue to drive his mission, both in his personal and professional life.
Recon For Red Teamers And Bug Hunters
Jason Haddix
Training Description:
Recon for red teamers and bug hunters: Adversaries and bug bounty hunters share a common TTP, they do extensive recon on their targets. Join Jason in this 2hour workshop as he goes through common tools and techniques when targeting an organization. Jason will cover email acquisition, technology profiling, external attack surface (cloud, mobile, ++), historical data mining for endpoints, and more. Jason will walk through each tool in the toolchain, live, for the students while he reveals his own personal tips and tricks in each section. The workshop will be performed on LIVE targets, so fasten your seatbelts! This workshop is a must-see for anyone in the offensive security space.
​
Trainer Bios:
Jason Haddix is the CISO and “Hacker in Charge” at BuddoBot, a world-class adversary emulation consultancy. He’s had a distinguished 15-year career in cybersecurity previously serving as the CISO of Ubisoft, Head of Trust/Security/Operations at Bugcrowd, Director of Penetration Testing at HP, and Lead Penetration Tester at Redspin. He has also held positions doing mobile penetration testing, network/infrastructure security assessments, and static analysis. Jason is a hacker and bug hunter to the core, and he is ranked 51st all-time on Bugcrowd’s leaderboards. Currently, he specializes in recon and web application analysis. Jason has also authored many talks on offensive security methodology, including speaking at cons such as; DEFCON, Black Hat, OWASP, RSA, Nullcon, SANS, IANS, BruCon, Toorcon, and many more. Jason currently lives in Colorado with his wife and three children.
Efficient Offensive Cybersecurity Reporting
Nick Popovich, Hacker in Residence, PlexTrac
Training Description:
This workshop is designed to equip cybersecurity professionals with the knowledge and skills to maximize the effectiveness of their offensive security reporting. Participants will gain hands-on experience with simulated cyber ranges and live vulnerabilities, and receive detailed instructions on exploitation paths — allowing them to hone their skills in a safe and controlled environment.
The focus of the workshop will be to create a report on the results of participants' pentesting activity, leveraging the PlexTrac platform, and to provide practical guidance on effective report writing. Participants will learn how to efficiently collect and analyze data and how to write reports that are clear, concise, and actionable.
Through interactive exercises and real-world scenarios, participants will experience and practice effective collaboration. They will also gain a deeper understanding of the PlexTrac platform and how it can help organizations identify and address vulnerabilities.
By the end of the workshop, participants will have a solid foundation in offensive cybersecurity reporting, with the skills and knowledge to produce reports that are both efficient and effective. They will also be better equipped to collaborate with their peers and contribute to stronger, more resilient cybersecurity programs.
​
// Students should bring their own laptop and a VM (Kali or BlackArch or ParrotOS will have all the tools)
​
Trainer Bio:
Nick Popovich’s passion is learning and exploring technology ecosystems, and trying to find ways to utilize systems in unexpected ways. His career has focused on adversarial threat simulation, offensive and defensive security, and advanced technical security assessments. Nick’s mission is to help individuals and organizations involved with defensive security operations to have an opportunity to observe the mechanics and methods of the attackers they’re defending against, and to assist in realistically testing those defenses. He’s a lifelong learner and loves finding new ways to get under the hood of systems and networks. He is a father of three and a husband to one.
Scripting Your Way to a Customized OWASP Amass Experience: Unleashing its Full Potential
Jeff Foley
Training Description:
This course is for practitioners who would like to have accurate visibility and results when mapping an organization's external attack surface. We will use the open source tool, provided by the OWASP Amass Project, to better understand how to hunt down assets exposed on the Internet. Many professionals have leveraged the basic Amass features during their red team exercises and other information security efforts, but not extended the capabilities of the engine to implement new features and data sources. We will use hands-on exercises to have you become familiar with the Amass Engine, comfortable extending it, and aware of future directions for the project. Participants are encouraged to complete the exercises by writing the extensions in the Lua programming language. All the examples will be provided for those unfamiliar with the language
​
Trainer Bio:
Jeff Foley served the United States Air Force Research Laboratory from 2001 to 2017 as a contractor specializing in cyber warfare research and capabilities engineering. He concluded his government contracting at Northrop Grumman Corporation where he performed the roles of Subject Matter Expert for Offensive Cyber Warfare Research & Development and Director of Penetration Testing. In these roles, he also developed penetration testing training curriculum for Northrop Grumman Cyber Academy and taught trainers to utilize the material across the international organization. Jeff has taught and spoken at various academic institutions on the topics of offensive security and penetration testing during his time in this profession.
During the last six years, Jeff identified a lack of situational awareness in traditional information security programs and shifted his attention to this important function. He is now the Project Leader for Amass, an OWASP Foundation Flagship Project that performs in-depth attack surface mapping and asset discovery. Jeff has assisted various companies with attack surface management and has been invited to speak at conferences, such as DEF CON, on the topic. Currently, he is the Vice President of Attack Surface Protection at ZeroFox, the company that delivers proactive cybersecurity outside the traditional corporate perimeter. Previously, Jeff was the Global Head of Attack Surface Management at Citi, one of the largest global banks - an institution connecting millions of people across hundreds of countries and cities.
Practical Network Fundamentals
Robert "LTNBOB" Theisen
Overview:
In this hands-on workshop Robert "LTNBOB" Theisen leads absolute beginners through the fundamentals of computer networking. Participants will be engaging in trainer-lead discussion, building real networks and developing hands-on skills that are essential in IT & Cybersecurity. While it is possible to sit back and observe this workshop, you will be strongly encouraged to participate in the hands-on activities. There will be CTF inspired challenges to afford you the opportunity to challenge your understanding. If you are a seasoned professional you may also benefit from attending this workshop as it will serve as a refresher and you can help beginners that are in attendance.
Learning Objectives:
You can expect to learn the following:
-
How networks began and many of the reasons we use them today
-
How the Internet works
-
How to build a local area network
-
How to remotely control devices over a network (GUI & CLI)
-
Practical IP Addressing & Subnetting fundamentals
-
Testing connectivity between devices
-
How switches and routers work
-
Using ChatGPT to write useful scripts
-
Cisco IOS basics
-
The purpose of VLANs and how to set them up -
-
How to share & secure network resources
-
How NAT works and how to configure it
Equipment Recommendations:
You can enjoy this workshop without bringing a computer however, it will be best enjoyed if you bring a laptop with the following:
- At least 4 GB of RAM
- Running a Windows or Linux OS with admin rights (you have the rights to change an IP address and create files on the computer)
​
Trainer Bio:
I am fascinated by technology as a tool to empower humanity to do more good in the world than bad. My calling is to engage, enlighten and empower others to be all they can be. Learning is part of my daily regimen as I believe learning is the single most empowering thing one can do. Education is not just limited to organizations that grant degrees. We live in an era where we can start learning just about anything with one keyword search. High quality guidance from a teacher or mentor can accelerate the learning process.
I love learning but I love to empower others even more. I never take off my IT/infosec professional hat and never will so long as I am preparing others to succeed through mastering the various tactics, techniques procedures and tools we have at our disposal. None of my accomplishments would be possible without great mentors, friends, family, the Internet and God.
I'm always open to learning about new opportunities especially if the outcome leads to better lives for those that choose to use what I teach.
​
Accomplishments & Focus:
-
Revitalizing college IT programs
-
Developing IT & Cybersecurity curriculum for community colleges
-
Assisted Hack The Box in developing modules in the Penetration Tester path on Hack The Box Academy
-
Actively assisting thousands of learners with breaking into IT & Cybersecurity
-
Creating beginner friendly IT & Cybersecurity content for the ltnlabs YouTube channel
-
Partnering with learner focused institutions & communities to improve the quality of education