top of page

Training Workshops

Date: Sat, April 13, 2024
On-Site (In Person)
General Admission

Training Workshops 
 

These training courses will be included in the general admission conference tickets. The workshops will take place on April 13 from 8am - 6pm. The technical training topics will focus on cybersecurity, AI, cloud, offensive, defensive, incident response, insider threats, space and aero defense. 

 

Training updates will be released on social media leading up to the event. 

Trainer Index

Tom Porter & Colbert Zhu
Tim Fowler
Pauline Bourmeau
Ryan O’Donnell
Ronald Broberg & Dark Wolf Solutions
Steve ‘rvrsh3ll’ Borosh & Kaitlyn Wimberley

Phillip Wylie
Arun Nair, Aravind Prakash & Soumyadeep Basu
Patrick ‘InfosecPat
' Gorman
Ben ‘nahamsec’ Sadeghipour
Carlos Polop
Wade Wells
Jonathan Singer
Robert ‘LTNBob’ Theisen
Greg Hatcher
Josh Mason

Brent White & Tim Roberts

Tom Porter & Colbert Zhu

Attacking DevOps Pipelines

  • Twitter
  • LinkedIn

Tom Porter & Colbert Zhu 

Training Description:

DevOps is one of the most target-rich environments in modern enterprise networks. Large organizations rely on DevOps platforms to automate the build and deployment of infrastructure and software applications in a reliable manner. To effectively perform their tasks, DevOps tooling requires high-level permissions for managing credentials, creating infrastructure, configuring systems, building code, and deploying applications to production environments. This makes DevOps platforms a compelling target for an adversary.

 

This course teaches the modern adversary’s approach to attacking DevOps pipelines. It will cover field-tested TTPs such as discovering secrets in documentation & source code, leveraging CI/CD applications for remote code execution, and credential dumping methods for various DevOps platforms. In a security landscape that places heavy scrutiny on the endpoint, DevOps systems provide an opportunity to live off the land and escalate privileges while maintaining operational security.

 

This course will discuss OPSEC considerations for these attacks and expose students to the stealth-focused adversarial mindset. Course and lab content will cover DevOps pipelines from beginning to end.

 

Each student will receive access to a virtual lab environment that simulates an enterprise network that utilizes DevOps to maintain their applications and infrastructure. Students will perform reconnaissance, identify escalation vectors, and chain together a series of DevOps and CI/CD-based attacks to access business-critical systems and data. 

Trainer Bio:

Tom Porter started his professional career as a baseball player with the San Diego Padres organization. In 2010, he switched careers and began wrining netflow analystics foa DoD-based blue team, eventually pivoting to a role as an offensive security consultant for Accenture’s FusionX Red Team 

Colbert Zhu is an offensive security consultant with experience in penetration testing, purple teams, and objective-based adversary simulations. Colbert is also an avid Yankees fan and fond of making Excel spreadsheets for fantasy baseball. 

Tim Fowler

Bring Your Own Satellite (BYOS) - Building a Virtual Satellite Lab

  • Twitter
  • LinkedIn

Tim Fowler 

Training Description:

In this training class, attendees are introduced to the basics of satellite communication in a hands-on manner. Also, through the power of virtualization and open-source software, attendees will get a step-by-step guide to create their own personal satellite lab, while helping discover the fundamental principles of satellite communication, from orbital mechanics to data transmission protocols, as you design, simulate, and experiment with satellite systems in a risk-free, virtual environment.

 

Unveil the secrets of satellite technology, gain hands-on experience with real-world scenarios, and configuring and controlling your virtual satellite. This unique learning experience equips you with the knowledge and practical skills needed to explore the possibilities of satellite communication. Unlock the universe of opportunities that satellite communication offers, right from your own laptop. 

Trainer Bio:

Tim Fowler  is an Offensive Security Analyst with Black Hills Information Security and has over a decade of experience working in information security. He has worked for Fortune 100 financial institutions as well as a consultant, providing penetration testing and red team services. Tim is passionate about sharing his knowledge with others and has had the pleasure of speaking at multiple security conferences across the county. When not hacking away as a clients’ network or writing the subsequent report, researching cybersecurity in space, or developing functional CubeSats, Tim loves spending time with his wife and son and working in his workshop with his collection of hand tools and CNC machines.

Pauline Bourmeau

Do more with Deep Learning: introduction to Natural Language Processing for Threat Intelligence 

  • Twitter
  • LinkedIn

Pauline Bourmeau

Training Description:

Today, analysts and blue team operators are required to make sense of a huge amount of textual data. This training equips security professionals with the skills required to work with Large Language Models (LLMs), such as those based on the Transformer architecture. We cover state-of-the-art techniques that will be integral to various development projects, while also building an understanding of the principles underlying effective prompting techniques. Additionally, participants will become able to keep track of the latest LLM research developments without feeling overwhelmed in this field.

 

Covered topics:

Deep Learning basic concepts and historical development; practicalities of language models and Transformers; classification and generation tasks; transfer learning; fine-tuning for domain-specific tasks; interpretation and measurements; multi-modal systems. Complementary advice will be provided to build Natural Language Processing pipelines for quick prototyping and testing.

Program:

  • Introduction to Deep Learning as a field of research.

  • Practical applications of Language Models and Transformers.

  • Hands-on: - Build a classifier with a pre-trained model.

  • Fine-tune your model for a specific target domain.

  • Interpret the results using evaluation metrics.

Discussion:

The place and role of Natural Language Processing within multi-modal models, which combine various types of data inputs such as text, images, and sound. Apply Natural Language Processing to cybersecurity problems.

 

This training covers state-of-the-art techniques in Natural Language Processing, focusing on the rapidly evolving field of Deep Learning and Large Language Models, while providing the foundational knowledge needed to understand and work effectively with these tools.

 

Prerequisites:

familiarity with Python programming is expected.

Materials and Resources for the training:

  •  Comprehensive slides covering all theoretical aspects of the training:

Introduction to Deep Learning, NLP basics, applications in cybersecurity, field definitions, and domain-specific applications. Slides accessible for download or viewable online.

  • Interactive Jupyter notebooks containing code walkthroughs for the training.

Access: Hosted on a shared repository (e.g., GitHub) with links provided.

Notebooks will be runnable and editable.

  • Access to a Python Environment with pre-installed Deep Learning libraries (TensorFlow, PyTorch).

Platform: Google Colab or Kaggle kernels (subject to change due to the fast-paced nature of the platform market), with GPU support.

No installation required, accessible via a web browser.

 

The pace of the training will be adjusted depending on the participants' skill levels.

Finally, we closely follow and adapt to the latest findings in Natural Language Processing, referring to sources that include publications by research teams from organizations like Google, OpenAI, and Microsoft. We keep up with the rapid pace of advancements in Large Language Models, where significant new research is published nearly every week. 

Trainer Bio:

Pauline Bourmeau with a background in criminology and software engineering, Pauline harbors a strong passion for linguistics, for which she was trained at the University of Sorbonne. She leads Cubessa, where her work focuses on the intersection of AI, human cognition, and cybersecurity. With a unique perspective rooted in linguistics, she offers a fresh lens on building AI systems and their implications in the cybersecurity domain. Beyond her technical contributions, Pauline is an advocate for AI education. Her contributions to open-source initiatives reflect her genuine commitment. She has also had the opportunity to provide training sessions in hardware security. Beyond this, she is an active participant in the MISP community. She is the founder of the DEFCON group in Paris.

Ryan O’Donnell

Attacking MS-SQL 

  • Twitter
  • LinkedIn

Ryan O’Donnell 

Training Description:

Microsoft SQL (MS-SQL) servers can be integral to the business operations of an organization and often hold sensitive data. This makes them an attractive target for attackers. A recent incident highlighting the importance of MS-SQL security involved attackers hacking into poorly secured and Internet-exposed MS-SQL servers to deploy Trigona ransomware.

 

This workshop focuses on key techniques and methodologies for assessing MS-SQL server security.

Participants will gain practical knowledge in the following areas: Enumeration, Command Execution, Privilege Escalation, and Persistence.

 

The workshop will provide a comprehensive understanding of how these attacks are carried out in real-world scenarios, equipping attendees with the necessary skills to identify and mitigate security risks in their future testing.

Moreover, the workshop will include hands-on labs, allowing participants to apply the learned techniques in controlled environments.

 

This practical approach ensures that attendees can translate the knowledge gained into real-world application.

An essential part of the workshop will be the introduction and utilization of various open-source tools including: SQL Server Management Studio, PowerUpSQL, DAFT, mssqlclient, and SQLRecon.

Overall, this beginner-friendly workshop will be an immersive experience for those looking to deepen their expertise in attacking MS-SQL. 

Trainer Bio:

Ryan O'Donnell is a Red Team Operator with White Knight Labs. Over the last 10 years, Ryan has been performing Penetration Tests, Red Team assessments, and Incident Response investigations. Ryan has a Masters in Computer Forensics from George Mason University and the following Certifications: OSCP, OSEP, GREM, GCFE, GCIH, CRTO, and RTJO.

Hack Our Drone

  • LinkedIn
  • LinkedIn

Ronald Broberg & Dark Wolf Solutions

Training Description:

The Dark Wolf "Hack Our Drone" workshop provides participants the ability to learn hands-on cybersecurity testing techniques for evaluating Unmanned Autonomous Systems. The workshop includes a full Unmanned Autonomous System test target composed of a BeagleBone Blue Flight Vehicle (UAV), a Ground Control System (GCS), and a MAVLink over 802.11 WiFi Communications system.

 

The workshop includes both instructor assistance and detailed lab manuals to guide participants through a series of tasks to discover and exploit cybersecurity weaknesses in the UAS.

Tasks include firmware analysis, network service exploitation, password cracking, elevation of privilege, and UAV over-the-air hijacks. Participants are expected to bring a laptop with either Kali Linux installed or one that can boot a Kali Linux Live USB drive. 

Trainer Bio:

Cybersecurity engineer with 25+ years experience in Space, UAS, and Command and Control domains. Most recently with Dark Wolf Solutions and focused on the three domains of UAS: IoT, RF, and Mobile. 

Ronald Broberg & Dark Wolf Solutions
Steve ‘rvrsh3ll’ Borosh & Kaitlyn Wimberly

Offensive Operations Against Foreign Adversaries: “C2 Agent 7589292 authenticated from core17.kremlin.ru as Администратор.” 

  • Twitter
  • Twitter

Steve ‘rvrsh3ll’ Borosh & Kaitlyn Wimberley 

Training Description:

What if you were part of an unknown hacking group looking to access a Russian network for "reasons"? What high-value targets could you identify from an external, unauthenticated perspective? How would you gain an initial foothold on an operating system that uses a foreign language? Can you blend in while you evade their defenses and establish Command and Control? What valuable information would you find and exfiltrate while moving laterally? In the end, do you profit from your access or burn it all to the ground? Join us as we take you on a journey as a hacker with no restrictions. 

Trainers Bio:

 

Steve Borosh started hacking the planet with Black Hills Information Security in 2021 and has been instructing offensive courses since 2015. Steve has instructed at conferences such as BlackHat and Wild West Hackin' Fest, for Fortune 500 companies, and for federal law enforcement. He currently annoys system administrators as part of the ANTISOC team at BHIS and enjoys releasing shock-and-awe research blogs and open-source tools to drive change in the industry. 

Kaitlyn Wimberley is an offensive operator on the ANTISOC team at Black Hills Information Security where she pokes and prods customer environments relentlessly. Since 2021, she has been teaching and assisting with offensive and defensive material in webcasts, conference trainings, and master-level university courses. She loves diving into rabbit-holes for long-lost information and finding fun ways to do things _not_ "as-intended". She encourages students to push past contrived approaches to offensive security and demonstrate the real-world impact of what someone with "no scope" may achieve against their targets. 

Pwning Networks: An Introduction to Network Pentesting

  • Youtube
  • Twitter
  • LinkedIn

Phillip Wylie

Training Description:

Pentesting is a very popular and sought-after skill set for information security professionals. In this hands-on workshop, you will learn how to detect and exploit vulnerabilities using automated and manual techniques against Windows and Linux operating systems.

 

Tools covered are but not limited to: Network and web application vulnerability scanners Nmap port and service scanner Metasploit Framework exploitation tool Plus, many other tools in the Kali Linux pentesting distribution Laptop

 

Requirements: Laptop with Chrome browser 

Trainer Bio:

Phillip is the Director of Security with Alias Cybersecurity, has over 25 years of industry experience in IT and cybersecurity. He is also a former Dallas College Adjunct Instructor and the founder of both The Pwn School Project and DEFCON Group 940. Wylie has a diverse range of experience in multiple cybersecurity disciplines, including system administration, network security, application security, and pentesting. As a pentester with over 10 years of experience, he has conducted pentests of networks, Wi-Fi networks, and applications, as well as red team operations and social engineering. 

  

Phillip's contributions to the cybersecurity industry extend beyond his work as a pentester. He is the concept creator and co-author of “The Pentester BluePrint: Starting a Career as an Ethical Hacker,” a highly regarded book that was inspired by a lecture he presented to his class at Dallas College and later became a conference talk. Phillip is the host of The Hacker Factory Podcast, where he interviews guests on how they got started in cybersecurity and their advice for aspiring cybersecurity professionals. Additionally, he is a frequent conference speaker, workshop instructor, and mentor. 

Phillip Wylie

Red Team Infrastructure Automation

  • Twitter
  • Twitter
  • LinkedIn
  • Twitter
  • LinkedIn

Arun Nair, Aravind Prakash & Soumyadeep Basu

Training Description:

This workshop offers a fast-paced and engaging introduction to setting up Red Team Infrastructure, focusing on the practical use of Terraform and Ansible. The session begins with a brief overview of Red Team operations and the critical role of robust infrastructure. It then swiftly moves into the practical aspects, demonstrating the basics of Terraform for deploying cloud infrastructure and Ansible for efficient configuration management. The highlight is a demonstration on integrating these tools to automate key components of Red Team infrastructure, emphasizing their application in real-world scenarios.

This workshop is tailored for those eager to quickly grasp the essentials of Red Team infrastructure automation.

Topics Covered:

  • ⁠Overview of Red Team Operation

  • Importance of Infrastructure in Red Team Engagements

  • Writing your first terraform and Ansible Script

  • Red Team Infrastructure Components

  • Automating Setup of Red Team Infrastructure with Terraform and Ansible

  • Stealth/Opsec Techniques in Infrastructure Setup

  • Practical Lab: Setting up a simulated Red Team Operation using Terraform and Ansible

 

Trainer Bio:

Arun Nair is an experienced Red Teamer with specialized expertise in malware development and evasion. Holding certifications like OSCP, CRTP, CRTL, CodeMachine Malware Techniques, Malware on Steroids and Hacksys Windows Kernel Exploitation, he showcases a profound grasp of offensive security. His hands-on experience with top-tier organizations like Google and Mandiant enriches his understanding of real-world cyber tactics. He has volunteered as a trainer at Blackhat Europe MIPS Exploit Development, contributed at Defcon Adversary Village, and presented talks and workshops at RedTeamSummit, c0c0n, and regional Null Meetups.

Aravind is an experienced Red Teamer working in Resillion with a strong background in offensive security and a passion for malware development. With multiple certifications, including CRTP, CRTE, CRTO and CRTL. Having conducted numerous engagements, Aravind has gained valuable insights into the tactics used by real-world adversaries. Their expertise allows them to simulate attacks and identify system and network vulnerabilities.

Soumyadeep Basu is a security professional with expertise in threat detection. In his role as a deception engineer at Zscaler, he specialized in building deception and deploying decoys in cloud and on-prem environments. Having earned certifications such as OSEP, OSCP, AWS Security and AZ-500, Soumyadeep brings a wealth of expertise to the field of offensive security as well. Soumyadeep has a robust background in red teaming, gained through consulting experiences at renowned firms like Mandiant and Payatu. He has been invited as a speaker and trainer at international conferences like RingZer0, c0c0n etc. Soumyadeep is currently working as a Cloud Threat Detection Engineer at CRED, specializing in hunting and tracking cloud threat actors and solving cloud security at scale.

Arun Nair, Aravind Prakash & Soumyadeep Basu

Free Ways To Learn Cyber Security - Setting Up a Home Lab

  • Twitter
  • LinkedIn

Patrick ‘InfosecPat' Gorman

Training Description:

There are many free ways to learn, cyber security. Setting up your own free lab at home on your laptop or desktop computer is perhaps one of the best. 

Training Description:   
Do you want to level up your home lab hacking skills? In this 1.5 hour’s workshop, we will learn about hacking concepts and setting up a lab. Learn how to perform reconnaissance against windows assets and identify common vulnerabilities that lead to compromise of an organization. Tools and techniques used on real-world penetration tests against Windows Active Directory using Kali Linux including hands-on demonstrations. With this lab skis the limit. You can build this lab to whatever you would like. This is just step one. Let’s go and have fun!  

   

You will leave this workshop with the skills for setting up a hacking lab for FREE!  

  

Topics covered:   

  • Download VMware workstation and install.  

  • Download Kali Linux and install.  

  • Download windows server 2022 or 2019 and windows 10 evaluation and install.  

  • Download MS2 and install.  

  

  

Lab Requirements:  

Trainer Bio:

Patrick Gorman is a Cybersecurity professional, IT career coach, and a content creator on YouTube. My channel is InfoSec Pat. I started a company InfoSec Pat about 4 years ago to help others get in the world of IT and Security. My movement is about providing IT/Cyber training, coaching and providing services in the cybersecurity space. Pat has a multitude of security certifications and maintains his extensive skills by routinely taking training, learning as much as he can from the community, and researching topics that he lacks knowledge in. His favorite part of being at InfoSec Pat is having the opportunity to learn more, and help as many people as possible get into IT and cybersecurity. He is a constant contributor to the InfoSec community by writing blogs, speaking at conferences and on webcasts, and teaching his online class, how to Setup a Cybersecurity Lab. Outside of his time at InfoSec Pat, Gorman enjoys working out and staying active, playing hockey and traveling the world.

Visit my website at www.infosecpat.com

Patrick ‘InfosecPat Gorman

Offensive Recon: Mapping the External Perimeter

  • Twitter
  • LinkedIn

Ben ‘nahamsec’ Sadeghipour

Training Description:

In the rapidly evolving landscape of cybersecurity, the first step to secure or penetrate any network is reconnaissance. A poorly executed recon phase can leave you blindsided, either missing critical vulnerabilities or wasting time on irrelevant leads. This 120-minute workshop is designed to give you the tools and techniques you need for an effective reconnaissance strategy, using a real-world target for your learning. 

Trainer Bio:

Ben Sadeghipour, also known as NahamSec, is a hacker, content creator, trainer, public speaker, and conference organizer. He has extensive experience in ethical hacking and bug bounty hunting, having identified and exploited thousands of security vulnerabilities for companies such as Apple, Yahoo, Google, Airbnb, Snapchat, the US Department of Defense, and Yelp. Sadeghipour was formerly the head of Hacker Education at HackerOne. In addition to his professional pursuits, Sadeghipour also creates content on YouTube and Twitch to help others get into ethical hacking, bug bounty, web hacking and reconnaissance.

Ben ‘nahamsec’ Sadeghipour

Intro to AWS Hacking

  • Twitter
  • LinkedIn

Carlos Polop 

Training Description:

This course is tailored for those new to AWS hacking, as well as for individuals with a foundational understanding of AWS hacking concepts, seeking to further hone their skills and deepen their knowledge. We initiate with the essentials of AWS security, progressing to an in-depth exploration of core AWS services.

Not only will participants learn the operational side of these services, but they will also discover potential vulnerabilities that can be exploited for privilege escalation, persistence, and advanced post-exploitation activities, all of which will be illustrated through practical demos. Upon completion, attendees will have a robust grasp of the AWS security framework.

They will be able to identify some vulnerabilities and misconfigurations and possess the know-how to exploit them effectively and responsibly. 

Trainer Bio:

Carlos has a degree in Telecommunications Engineering with a Master in Cybersecurity and is currently working as Team Leader of Web, Mobile & Cloud Penetration Testing at Halborn.He also has several relevant certifications in the field of cybersecurity such as OSCP, OSWE, CRTP, eMAPT, eWPTXv2…

As CTF player, has won some international CTF competitions, he was captain of the Spanish national team in ECSC2021, and part of the winning European Team in the ICSC2022.

Since he started learning cybersecurity he has tried to share his knowledge with the infosec community by publishing open source tools such as https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite and writing free hacking books that anyone can consult at https://book.hacktricks.xyz/ and https://cloud.hacktricks.xyz/.

Carlos Polop

Cyber Threat Intelligence 101

  • Twitter
  • LinkedIn

Wade Wells

Training Description:

Cyber Threat Intelligence (CTI) is a crucial component in the fight against malicious cyber actors. This entry-level course is designed to provide an overview of CTI, its importance, and how it is used to detect, prevent, and support others against cyber threats. The course covers the basics of CTI, including how to create intelligence, augmenting other teams with intelligence, threat modeling, and the tools and techniques used to collect and analyze data. You will also learn about the intelligence cycle, which includes the steps involved in CTI collection, analysis, and dissemination.

The course provides a comprehensive overview of the CTI field and is perfect for anyone who wants to understand the importance of CTI and how it is used to protect organizations from cyber threats.

By the end of the course, you will have a strong foundation in CTI and be able to contribute to an organization's cyber security efforts. Takeaways

● Understanding what Intelligence is and isn’t.

● The different types of intelligence.

● Cognitive biases

● Threat modeling

● Creating priority intel requirements

● What the Intelligence life cycle is and how to use it.

● Cyber security frameworks

● How to create intelligence for free or low budget. 

Trainer Bio:

Wade Wells is Lead Detection Engineer for a fortune fifty company. He has worked eight years in security operations performing threat hunting, cyber threat intelligence, and detection engineering primarily in the financial sector He holds a master's degree in cybersecurity from Georgia Tech, is a board member of BSides San Diego and teaches a cyber threat intelligence course. Wade is a regular on the Black Hills infosec podcast “Talkin About the News”, he has given talks for BSides San Diego, GrimmCon, Wild West Hackin Fest and Defcon 858/619. In his spare time he mentors people trying to get into the infosec field, reads fantasy novels and watches movies with his family

Wade Wells
Jonathan Singer

Modern Web Appsec with OWASP crAPI

  • Twitter
  • LinkedIn

Jonathan Singer

Training Description:

Last year Jonathan led a free training on OWASP Juice Shop. This year he is back with a new OWASP platform called crAPI, or better known as "completely ridiculous API." In this workshop, you will learn about modern webapp security using APIs and introduction to the new OWASP Top 10 for API Security.

 

Be prepared to scream and shout, and let it all out, in this exciting update to website security for the next generation. 

Trainer Bio:

Jonathan Singer has almost two decades of experience as an information technology professional and cyber security expert. Recently, Jonathan led the Data Analytics Professional Services Practice for GuidePoint Security, delivering world class data management and SOC engineering services. He has since switched to the dark side and now assists Fortune 500 companies with the enterprise security challenges. Prior to joining GuidePoint, Jonathan worked at a Central Florida Internet Service Provider specializing in web application security, GRC, and system administration. Jonathan participates in many speaking engagements throughout the east coast, and currently holds a number of certifications, along with a Master’s degree of Cybersecurity from the University of South Florida. Today you can find Jonathan co-leading the Tampa OWASP chapter and enjoying life. 

  

Certifications: 

CEH 

GCFE 

GPEN 

GCIA 

GWAPT 

Practical Network Fundamentals

  • LinkedIn

Robert ‘LTNBob’ Theisen

Training Description:

In this hands-on workshop Robert "LTNBOB" Theisen leads absolute beginners through the fundamentals of computer networking. Participants will be engaging in trainer-led discussion, building real networks and developing hands-on skills that are essential in IT & Cybersecurity.  While it is possible to sit back and observe this workshop, you will be strongly encouraged to participate in the hands-on activities. There will be CTF inspired challenges to afford you the opportunity to challenge your understanding. If you are a seasoned professional, you may also benefit from attending this workshop as it will serve as a refresher and you can help beginners that are in attendance.

Learning Objectives: You can expect to learn the following: 

  • How networks began and many of the reasons we use them today

  • How the Internet works

  • How to build a local area network 

  • How to remotely control devices over a network (GUI & CLI)

  • Practical IP Addressing & Subnetting fundamentals

  • Testing connectivity between devices

  • How switches and routers work

  • Using ChatGPT to write useful scripts

  • Cisco IOS basics 

  • The purpose of VLANs and how to set them up -

  • How to share & secure network resources

  • How NAT works and how to configure it.

 

Equipment Recommendations: You can enjoy this workshop without bringing a computer however, it will be best enjoyed if you bring a laptop with the following: - At least 4 GB of RAM - Running a Windows or Linux OS with admin rights (you have the rights to change an IP address and create files on the computer) 

Trainer Bio:

Robert ‘LTNBob’ Theisen: I am fascinated by technology as a tool to empower humanity to do more good in the world than bad. My calling is to engage, enlighten and empower others to be all they can be. Learning is part of my daily regimen as I believe learning is the single most empowering thing one can do. Education is not just limited to organizations that grant degrees. We live in an era where we can start learning just about anything with one keyword search. High quality guidance from a teacher or mentor can accelerate the learning process. I love learning but I love to empower others even more. I never take off my IT/infosec professional hat and never will so long as I am preparing others to succeed through mastering the various tactics, techniques procedures and tools we have at our disposal. None of my accomplishments would be possible without great mentors, friends, family, the Internet and God. I'm always open to learning about new opportunities especially if the outcome leads to better lives for those that choose to use what I teach.

 

Accomplishments & Focus:

  • Revitalizing college IT programs

  • Developing IT & Cybersecurity curriculum for community colleges

  • Assisted Hack The Box in developing modules in the Penetration Tester path on Hack The Box Academy

  • Actively assisting thousands of learners with breaking into IT & Cybersecurity

  • Creating beginner friendly IT & Cybersecurity content for the ltnlabs YouTube channel

  • Partnering with learner focused institutions & communities to improve the quality of education 

Robert ‘LTNBob’ Theisen

ClickOnce Payloads for Initial Access

  • LinkedIn

Greg Hatcher

Training Description:

A ClickOnce application is not inherently related to malware. ClickOnce is a deployment technology developed by Microsoft that allows developers to create and distribute Windows applications easily. It simplifies the process of deploying and updating Windows applications by providing a secure and straightforward mechanism for installation and updates. 

However, as red teamers, we use legitimate technologies like ClickOnce for malicious purposes. For example, we might craft malicious ClickOnce applications to deliver malware to unsuspecting users or exploit vulnerabilities in ClickOnce deployments. In this workshop we'll walk through the methodology of using ClickOnce applications for initial access for red team engagements. We'll also be building a ClickOnce application from scratch. 

Trainer Bio:

Greg’s time in Army Special Forces and teaching at the NSA gives him a unique background for conducting full-scope offensive cyber operations. Greg has also led a traveling CISA red team that simulated attacks on America’s infrastructure. He has led over 100 penetration tests that include network, cloud, mobile, web app, API technologies – but his heart belongs to the cloud Windows malware development. He has authored and taught courses at DerbyCon, Wild West Hackin’ Fest, Calvin University, Antisyphon, and the HackDown Summit. 

Greg holds the following certifications: GIAC Certified Penetration Tester (GPEN),GIAC Exploit Researcher and Advanced Penetration Tester (GXPN), GIAC Web Application Penetration Tester (GWAPT), and Certified Red Team Professional (CRTP), and 10-ish more. Greg lives in rural Michigan with his family. He is a weightlifter with an ultra-running problem. 

Greg Hatcher

CISSP Crash Course: Mastering Tricky Concepts in Information Security

  • LinkedIn

Josh Mason

Training Description:

Join our intensive one-day CISSP Crash Course designed specifically for Information Security professionals seeking a focused review of the most challenging concepts within the CISSP exam.

This course aims to provide a deep dive into the intricacies of key domains, ensuring participants gain a solid understanding of complex topics.

 

From cryptography to access control and beyond, Josh will guide you through key concepts and real-world examples, equipping you with the knowledge and strategies needed to tackle the trickiest elements of the CISSP exam.

Accelerate your CISSP preparation and boost your confidence with this comprehensive crash course tailored for success. 

Trainer Bio:

Josh Mason, the Director of Cyber Training and vCISO at Arbitr, brings a unique blend of military expertise and extensive experience in building cyber programs and developing training. As a former combat pilot and cyber warfare officer in the United States Air Force, he shaped cybersecurity education and built training programs. He taught at renowned institutions like the US Air Force Special Operations School and the DoD Cyber Crime Center's Cyber Training Academy. At INE, he created the Penetration Testing Student program and the eLearnSecurity Junior Penetration Tester (eJPTv2) exam. 

Josh Mason

Social Engineering Improv Acting Techniques 
by the Improvisational WeHackPeople.com 

  • Instagram
  • Twitter
  • LinkedIn

Brent White & Tim Roberts

Training Description:

Social Engineering is a widely-covered topic. We'll focus on how it can be beneficial specifically during covert entry assessments for talking your way in/out of situations as well as to solicit information that you can apply throughout the assessment.

Level-up your face-to-face social engineering skills with industry professionals, Tim Roberts and Brent White! Unleash the power of human interaction in cybersecurity with an immersive workshop that merges improvisational acting principles with strategic social engineering, empowering participants to dynamically adapt and convincingly portray various personas.

 

From thinking on the fly, understanding basic improv fundamentals, to honing psychological manipulation techniques; participants gain hands-on experience in realistic simulations. Ethical considerations are emphasized, ensuring responsible use of these skills in penetration testing.

By the end of the workshop, participants emerge with heightened adaptability, creativity, and the ability to exploit human vulnerabilities effectively, contributing to a fortified cybersecurity defense. Tim Roberts and Brent White of WeHackPeople.com and Dark Wolf Solutions, LLC will be sharing their experiences with covert and overt security tests over the years and walking participants through some real-life application of the techniques utilized during these assessments.

Topics covered:

  • The foundations of preparing for your assessment before you even arrive onsite

    • The development of surveillance techniques such as important information to look for to create your plan of attack

  • Understanding how social engineering can play a major role in covert physical security assessments

  • Gain tools and techniques to help better develop your improvisational skills!

  • Introduction to developing useful guises to aid in a successful engagement

  • Which certifications and training are offered? / How do I get a job doing this?

 

Course Outline:

OSINT

The foundations of preparing for your assessment before you even arrive on site is extremely important. You need to know as much about your target before arriving. This allows you to prepare.

  • Basic OSINT techniques

    • List some good resources for them to reference later.

  • Important information to collect:

    • Company badges

  • What do they look like? Are they blank? Logo? Picture? Name?

  • What does the lanyard look like?

    • Access control systems used and camera placement

  • Google Street View ○ Possible points-of-entry using satellite or other OSINT-available imagery

    • Business hours, locations, culture

  • Company's website ○ What does the company do?

    • What vendors are used?

SURVEILLANCE

The development of onsite surveillance techniques is important in gaining information to create your plan of attack. It also helps to determine which guises you might employ. This allows you to get more information that wasn't otherwise available during the OSINT phase, or that might have changed since then.

  • Passive

    • Collecting actionable intel without interaction or being noticed such as discrete photography from a distance, wearing a disguise and being part of normal public traffic, etc.

  • Active

    • Getting close enough to be seen, possible interactions, asking questions, initial entry into open areas such as lobbies to get a lay of the land, etc.

  • Important information to collect:

    • How are they dressed?

    • What do the badges look like? Are they blank? Logo? Picture? Name?

    • What does the lanyard look like?

    • Are they acting like zombies or are they vigilant?

    • Access control systems that are in use? Security guard or receptionist's desk locations?

    • Popular ingress/egress points. Popular lunch spots. What times are busiest?

 

BYPASS TECHNIQUES

During assessments, you might have tools on you to perform certain bypasses. Having the right clothing, laptop bag, or other means to conceal these tools is very important and must go along with your guise. Although Access Control and Lock Bypass techniques are useful for gaining access to the most common environments we encounter, we will not be discussing them specifically during this training. There is a separate training for these as we do not have the time required. If interested in these methods, here is a list of common attacks that we utilize during initial entry and throughout the assessment. All of this information can also be found on our website at www.wehackpeople.com.

  • Lock Picking ○ Wafer Locks, Pin/Tumbler Locks, Tubular locks

  • Lock Bypass Attacks

    • Latch slipping, American Padlock bypass, Deadbolt Bypass, Adams Rite Bypass, Display case locks, Combination Lock Decoding, Pin Overlift Attacks, Hotel Room Security Latches and safes

  • Access Control Bypass

    • Request-For-Exit sensor, Badge Cloning, Magnetic Lock

 

DISGUISES, GUISES

Introduction to developing useful guises to aid in a successful engagement.

 

In order to develop a successful guise, you must first understand the target and its environment. Key points to remember:

  • Know the target - The more you know about the target, the more you'll know how to blend in. This is why OSINT and surveillance is so important.

  • Don't stand out - your guise needs to be as typical to the environment as possible

  • Be believable - Fit in enough that no one needs to ask questions. Your behavior and appearance should allow them to fill in all of the blanks on their own.

  • Be as forgettable as possible - If you're believable and don't stand out in any way, you will hide in plain sight and no one will remember you. This is the point! There are a few narratives that seem to work consistently across the board, regardless of the client.

 

These narratives touch on common events and issues that employees face on a regular enough basis that it doesn't create colorful dialogue that one would care to remember later.

 

Here are some common guises to try:

  • Auditor - This role works well for corporations. It is helpful to have a solid understanding of the role you are playing so that you can "talk shop" if needed.

  • IT - This role works because the common end-user trusts HelpDesk, Networking, Security, etc. Research the target to use the specific department verbiage.

  • Interview - This role can come in handy when a target has a high turnover rate. Look for job postings and names.

  • Maintenance - This role can allow you to free reign into a building. Looking the part is very important; a ladder, toolbelt, and hardhat, etc.

 

Now, let's learn some tools to help better develop your improvisational skills!

  • Tim is also an entertainer and does a lot of improv with patrons and the same skills you would use in that can be applied to social-engineering.

  • Dynamic Thinking is key to this attack vector.

    • This is not a skill you just pick up and go.

    • This skill takes hard work, repetition, and practice.

    • This is what we're going to practice.

 

Improv Skillset

What do you say when a security officer asks you what you’re doing after they’ve caught you trying to pick a lock to a control office? How do you lay down some verbal judo without having to turn in your real Letter of Authorization?

In improv, it is important to make an active choice after you have absorbed as much information as you can within a short period. Thinking on the fly and seizing opportunities is the take-away.

 

Improv Challenge Rules

  • You are a penetration tester, with the goal of going "From parking lot to pwnage", meaning that you are starting with no access with the goal of having the "keys to the kingdom".

  • Everyone will grab a "Profile" folder. You will have a limited amount of time to review this information before you begin your exercise with us, in front of the group. ○ Absorb info - Apply it quickly - Don't blow your cover!

  • With each level, your pretend target stays the same, but the challenges become more difficult.

  • Work your way through each level without getting stumped. If you do get stumped, that's great! It's a chance to learn a new approach and try again!

  • You may attempt badge cloning as an access control bypass. BUT, it must be realistic. If you get caught, it's an automatic "game over".

Level 1 - Tailgating

  • Establish a Rapport

    • Tester has to establish a rapport with employees in an attempt to successfully tailgate into the building.

Level 2 - Elevator or Cafeteria

  • Badge-Restricted Elevator

    • Tester has tailgated employees into the badge-restricted elevator. Without credentials, you are now stuck in the elevator…if only you had a working badge or could convince the person on the elevator that you work for the same company.

    • The goal of this exercise is to make small talk to successfully tailgate onto the 2nd floor.

–OR–

  • Cafeteria

    • Tester vs Employees, whereas the attacker will attempt to surreptitiously obtain the badge of the target while in the cafeteria.

    • Have a badge cloner prop in hand while Tim and Brent pretend to be employees. Testers will have multiple opportunities to clone the badge needed to enter Level 3 via the restricted elevator.

    • A successful badge clone means you now have access to utilize the elevator to move to the 2nd floor.

    • The goal of this exercise is to demonstrate ways to covertly clone a badge, while making small-talk and gathering information via active reconnaissance.

Level 3 - Executive Suite Receptionist

  • Now that you have gained access to the floor, does your badge work? If so, is it visible? If not, what do you do when the Receptionist challenges you?

  • The goal of this exercise is to once again, think on your feet! Several companies take their badge display policy very seriously. Which guise fits best in this situation?

Level 4 - Hack the Planet!

  • After gaining access to the suite, it is time to complete the primary objective of the assessment: installing the payload to create remote network access.

  • The goals of this exercise are:

    • Convince an employee to give you access to their system

    • Install the remote-access payload via your USB device without raising suspicion

    • Exit the building gracefully

 

Real-world Examples

  • During this time, Tim and Brent will share real-world examples of similar scenarios, and how they successfully handled them.

  • Participants: What are some real-world examples that you run into during assessments?

    • Others can share their real-world examples and what has or hasn't worked for them.

 

How Do I Get a Job Doing This?

Which certifications and training are offered? / How do I get a job doing this?

  • General Practitioner - Become a general practitioner first. As a penetration tester, you can use a plethora of offensive security techniques that you will need when performing covert physical security assessments that include additional attack vectors.

  • Continued Education and Certs

    • First off, practice on your own!

    • Training - There are numerous materials offered from us as well as other industry professionals.

  • Hacker / Lockpicking Communities

    • Network with the community, hang out in the lockpick and bypass villages 

Trainer Bio:

Brent is a Sr. Principal Security Consultant at Dark Wolf Solutions, specializing in covert entry, social engineering assessments, and drone hacking. He founded the Nashville DEF CON group (DC615), and former Global Coordinator for the official DEF CON conference “Groups” program.

He is also a trusted adviser for the TN Dept of Safety and Homeland Security on the topic of physical and cyber security.

Brent also helped establish the methodology for small Unmanned Aerial Systems (sUAS) hacking for the Defense Innovation Unit (DIU) and the Association for Uncrewed Vehicle Systems International (AUVSI). Brent has held the role of Web/Project Manager and IT Security Director for a global franchise company as well as Web Manager and information security positions for television personalities on The Travel Channel.

He has also been interviewed on the popular web series, “Hak5” with Darren Kitchen, BBC News, and on Microsoft’s “Roadtrip Nation” television series.He and Brent White have also been featured a couple of times on the true crime series "Profiling Evil". His experience includes Drone Hacking, Internal/External Penetration, Wireless, Application and Physical Security assessments, Social Engineering, and more. Brent has also spoken at numerous security conferences, including ISSA International, DEF CON, Black Hat, DerbyCon, HackSpaceCon, SaintCon, NolaCon, various B-Sides events, Techno Security Con, TakeDownCon and Appalachian Institute of Digital Evidence conference at Marshall University, and more. 

Tim Roberts. Sr. Principal Security Consultant with close to 20 years of information security experience. I have held management, IT, and physical security roles across multiple industries, including healthcare, finance, and government. My professional experiences include Internal/External Network, Wireless, Application, Physical Security - specializing in Covert Entry, Social Engineering, and OSINT penetration assessments and research. These experiences have led to successful Red Team assessments against commercial and government environments.

I am the founding member of the Lexington DEF CON group (DC859) and was part of the DEF CON Groups program. I have been interviewed on the subject of "White hat hacking" for Microsoft’s “Roadtrip Nation” television series, was featured on IDG Enterprise’s CSO Online publication by Ryan Francis on social engineering, was interviewed at Black Hat by HelpNetSecurity on security awareness and "Know Your Adversary" and regularly featured on ProfilingEvil on "Security Awareness" for WeHackPeople.com.

I have spoken and conducted training at several industry recognized security and hacker conferences, including ISC West, ISSA International, DEF CON, DerbyCon, various B-Sides, CircleCityCon, Techno Security Con, SaintCon, Appalachian Institute of Digital Evidence - Marshall University, GrrCon, NolaCon, Who's Your Hacker, Red Team Village, Gray Hat, keynote for the S&H Law - FBI/Hacker Panel, and more. I host the Bypass Village as part of WeHackPeople.com at HackRedCon.

Check out some of my talks and more at www.wehackpeople.com 

In addition to my professional background, I am also an accomplished martial artist with 25+ yrs of experience and was inducted in the International Black belt Hall of Fame. I am a Capoeira Instructor for Beira Mar Capoeira and a Master in Heuk Choo Kwan Hapkido. I have also instructed Law Enforcement Combative programs. I competed in the USTU Olympics and 3 years of international competition in Europe as part of Team America. 

When I am not "breaking into" places and systems for clients, speaking at security conferences, or teaching martial arts, I also run an award winning stunt show for Ulfhedinn Entertainment, LLC and was featured in Renaissance Magazine.

Brent Whte
bottom of page