TWO-DAY TRAINING

The WWHF con is not included with the training, you must purchase a con ticket seperately. Training tickets include breakfast and lunch on Oct 22nd and 23rd. Hours are 8am-5pm with a 1-hour lunch break and two mid-session breaks.

WARNING! This part is slightly painful to understand, but I promise we can get through it together.

To register for SANS SEC573 or SEC580: Please click on the blue button below and you will be redirected to the SANS registration page. *Please note that you will still need to purchase con tickets at WWHF.

To register for the Hosted Training: Please click the link and register for both the con and training here. If you’ve already purchased a con ticket, please login and add training under the Additional Items tab. If you’d like to purchase training, but not the con (but why?), please email Kate at themarshall at wildwesthackinfest dot com

Click Here to Register for SANS - SEC573 (Special) & SEC580

Click Here to Register for Hosted - Social Engineering, in.security & SDR Training

SEC573: InfoSec w Python

SEC573 (Special): Automating Information Security with Python

Instructor: Mark Baggett

$2640+ taxes & fees

Registration Instructions: Please click here and you will be redirected to the SANS registration page. *Please note that you will still need to purchase con tickets at WWHF.

Python is a simple, user-friendly language that is designed to make automating the tasks that security professionals perform quick and easy. Whether you are new to coding or have been coding for years, SANS SEC573: Automating Information Security with Python will have you creating programs that make your job easier and make your work more efficient. This self-paced course starts from the very beginning, assuming you have no prior experience or knowledge of programming. We cover all of the essentials of the language up front. If you already know the essentials, you will find that the pyWars lab environment allows advanced developers to quickly accelerate to more advanced material in the course.

All security professionals, including Penetration Testers, Forensics Analysts, Network Defenders, Security Administrators, and Incident Responders, have one thing in common: CHANGE. Change is constant. Technology, threats, and tools are constantly evolving. If we don’t evolve with them, we’ll become ineffective and irrelevant, unable to provide the vital defenses our organizations increasingly require.

Maybe your chosen Operating System has a new feature that creates interesting forensics artifacts that would be invaluable for your investigation, if only you had a tool to access it. Often for new features and forensics artifacts, no such tool has yet been released. You could try moving your case forward without that evidence or hope that someone creates a tool before the case goes cold…or you can write a tool yourself.

Or perhaps an attacker bypassed your defenses and owned your network months ago. If existing tools were able to find the attack, you wouldn’t be in this situation. You are bleeding sensitive data and the time-consuming manual process of finding and eradicating the attacker is costing you money and hurting your organization big time. The answer is simple if you have the skills: Write a tool to automate your defenses.

Or, as a Penetration tester, you need to evolve as quickly as the threats you are paid to emulate. What do you do when “off-the-shelf” tools and exploits fall short? If you’re good, you write your own tool.

SEC573 is designed to give you the skills you need for tweaking, customizing, or outright developing your own tools. We put you on the path of creating your own tools, empowering you to better automate the daily routine of today’s information security professional and to achieve more value in less time. Again and again, organizations serious about security emphasize their need for skilled tool builders. There is a huge demand for people who can understand a problem and then rapidly develop prototype code to attack or defend against it. Join us and learn Python in-depth and fully weaponized.

You Will Learn How To:

Leverage Python to perform routine tasks quickly and efficiently
Automate log analysis and packet analysis with file operations, regular expressions, and analysis modules to find evil
Develop forensics tools to carve binary data and extract new artifacts
Read data from databases and the Windows Registry
Interact with websites to collect intelligence
Develop UDP and TCP client and server applications
Automate system processes and process their output

SANS Registration Link: https://www.sans.org/event/wild-west-hackin-2019/

SEC580: Metasploit Kung Fu for Enterprise Pen Testing

Instructor: Jeff McJunkin

$2640 + taxes & fees

Registration Instructions: Please click here and you will be redirected to the SANS registration page. *Please note that you will still need to purchase con tickets at WWHF.

Many enterprises today face regulatory or compliance requirements that mandate regular penetration testing and vulnerability assessments. Commercial tools and services for performing such tests can be expensive. While really solid free tools such as Metasploit, are available, many testers do not understand the comprehensive feature sets of such tools and how to apply them in a professional-grade testing methodology. Metasploit was designed to help testers with confirming vulnerabilities using an Open Source and easy-to-use framework. This course will help students get the most out of this free tool.

This class will show students how to apply the incredible capabilities of the Metasploit Framework in a comprehensive penetration testing and vulnerability assessment regimen, according to a thorough methodology for performing effective tests. Students who complete the course will have a firm understanding of how Metasploit can fit into their penetration testing and day-to-day assessment activities. The course will provide an in-depth understanding of the Metasploit Framework far beyond simply showing attendees how to exploit a remote system. The class will cover exploitation, post-exploitation reconnaissance, token manipulation, spear-phishing attacks, and the rich feature set of the Meterpreter, a customized shell environment specially created for exploiting and analyzing security flaws.

The course will also cover many of the pitfalls that a tester may encounter when using the Metasploit Framework and how to avoid or work around them, making tests more efficient and safe.

SANS Registration Link: https://www.sans.org/event/wild-west-hackin-2019/

Practical Remote Social Engineering

Instructors: Stephanie “Snow” Carruthers & Jayme Hancock

$2000 + taxes & fees

Registration Instructions: Please Click Here and register for both the con and training here. If you’ve already purchased a con ticket, please login and add training under the Additional Items tab. If you’d like to purchase training, but not the con (but why?), please email Kate at themarshall at wildwesthackinfest dot com

Skill Level: Basic windows, Linux, and networking experience

Requirements: A laptop with Wi-Fi connectivity and a Kali Virtual Machine with current updates.

Optional: An inexpensive burner phone may be beneficial for students as sock puppet accounts are being created.

This course is designed for consultants and penetration testers. The course is also suitable for those looking to add Social Engineering techniques to their skillset and penetration testers transforming into red team roles looking to master the Social Engineering element.

Additionally, this course can benefit blue team members charged with running an internal security awareness program consisting of phishing and vishing techniques. The addition of this will help bolster any company’s internal security posture.

Prerequisites include knowledge of basic Linux and networking.

Abstract:

Social engineering is one of the most common attack vectors in targeted breaches today. A motivated adversary unable to compromise a network will instead target a more available component: it’s people. This two-day hands-on training covers the two most common Social Engineering attacks: phishing and vishing (voice phishing) with many Capture The Flag (“CTF”) style exercises.

Day one will begin by covering how to quickly build rapport with anyone as well as influence techniques, which can be leveraged to enhance Social Engineering attacks. Using skills taught in class, students will learn how to react on the spot with improv labs. Students will also learn Open-Source Intelligence (“OSINT”) gathering techniques which they can use to amplify their Social Engineering attack’s credibility. These techniques will focus on both automated and manual gathering of target contact information, company sensitive information, and information that is used in pretext development. OSINT gathering includes extensive amounts of hands-on time, including a CTF-style exercise at the end of the day.

On day two, students utilize their new Social Engineering and OSINT skills to develop real-world campaigns for simulated phishing and vishing engagements. Phishing is taught in depth, using the GoPhish framework, with tips and tricks for how to make campaigns more enticing as well as get past email filters. Students will be given target companies to perform OSINT and develop a realistic pretext for a phishing campaign. Simulated credential harvesting phishing campaigns will be deployed by students to give firsthand experience with creating and sending campaigns. Students will take their skills even further during the vishing portion of the class. Students will be divided into teams and given a target company and goals or “flags” to capture. Teams will develop pretexts, select their targets, and then place live phone calls in an attempt to elicit information and capture “flags.”

This course is a very hands-on, CTF-based, course. Student participation is highly encouraged to get the best value out of this course. Upon completion of the training students will feel confident in performing OSINT, choosing targets, pretext development, and performing remote Social Engineering engagements.

Day One: Social Engineering and OSINT

Ethics and legality
Rapport building
Influence techniques
Improv exercises
- Helps aide students with thinking on their feet
- Open-Source Intelligence Gathering
- Finding targets contact information
- Finding company sensitive information
Pretext development
Choosing the best pretext based off goals and OSINT findings
OSINT CTF

Day Two: Phishing and Vishing

Pretext development
Target discovery
Phishing
- Campaign logistics
- Tips and tricks for successful campaigns
- Campaign goals
- Typosquatted domains
- Setting up a phishing webserver and framework using GoPhish
- SPF, DKIM, and DMARC
- Creating credential harvesting websites
- Malicious payload overview
- Hands-on lab

1. Vishing

Campaign logistics
Tips and tricks for successful campaigns
Campaign goals
Caller ID Spoofing
Team based challenge

BIO’s:

Stephanie “Snow” Carruthers is a social engineering professional. At DEF CON 22 she won a black badge for the Social Engineering Capture the Flag (SECTF). Stephanie also was on the winning team for SAINTCON’S Vault Physical Security challenge, which won the team a black badge. Over the last five years Stephanie has presented and taught trainings at multiple InfoSec conferences. Stephanie has performed a variety of Social Engineering and Red Team assessments for clients ranging from start-ups, Fortune 100 companies, to government agencies. She is also on the DEF CON CFP review board as a specialist for Social Engineering submissions. Twitter: @_sn0ww

Jayme is a Senior Network Penetration Tester with a heavy background in systems administration. His interests and experience includes black box penetration testing, social engineering, physical security, open source intelligence gathering, and security control evasion. He has spoken at B-Sides DC, HackWest, Cascadia IT Conference, and has previously trained at BlackHat USA. He holds GXPN, OSCP, CISSP, GCED, CEH, and MCP certifications. Originally from Southern California, Jayme resides in Washington, DC and enjoys astronomy, astrophotography, and good coffee. Twitter: @highmeh

Hacking Enterprises: Exploiting in.security

Instructors: Will Hunt and Owen Shearing

$1750 + taxes & fees

This is an immersive hands-on course that simulates a full-scale enterprise attack scenario. It allows students to assess the situation at every stage of a complex multi-layered penetration test and teaches them multiple ways to identify, enumerate, exploit and compromise an organization. Students will have access to a cloud-based LAB containing multiple networks, some of which are hidden. The theory and exercise content reflect real-world encounters rather than text book challenges and students will complete a vast number of exercises including everything from OSINT and reconnaissance, to creating and executing phishing campaigns against our in-LAB live bots, all the way through to post-exploitation, lateral movement and OOB data exfiltration.

Each Student Will Receive:

We realize that 2-days is not a lot of time and therefore students are also provided with the following benefits.

14-day extended LAB access after the course finishes
Access to a new LAB subnet and CTF style board with challenges to further test your skills
14-day Slack support channel access where our security consultants are available
A Raspberry Pi with Kali Linux pre-installed
A portable wireless keyboard/mouse
A hard copy of the RTFM

Who Should Attend:

This training is suited to a variety of students, including:

Penetration Testers
Security Professionals
IT Support, Administrative and Network Personnel
Anyone looking to enter the world of technical security

Prerequisite Knowledge:

Familiarity with Windows and Linux command line syntax
A basic understanding of networking concepts

Technical / Hardware / Software Requirements:

Students will need to bring a laptop to which they have administrative/root access, running either Windows, Linux or Mac operating systems
Students will need to have access to VNC, SSH and OpenVPN clients on their laptops

Agenda – Day 1

Introductions and LAB Overview

Overview of the LAB, subnets, challenges and targets
Introduction to monitoring and alerting using our in-LAB ELK stack

Leveraging OSINT Activities

Data scraping from public sources
Extracting document metadata

Enumerating, Targeting and Assessing IPv4 and IPv6 Hosts

Identifying local and remote IPv4/IPv6 hosts including port scanning, service enumeration and fingerprinting using nmap and atk6 toolsets
Parsing and interpreting scan output

Manual and automated approaches to vulnerability identification

Linux Enumeration

Enumerating and targeting application servers
Using Metasploit, nmap scripts and public code

Linux Shells, Post Exploitation and Privilege Escalation

Exploiting weak file/folder permissions, ownership, SUID, SGID and sudo configurations
Hacking non-interactive shells and utilising binary breakouts/GTFOBins
Using Metasploit, hydra, ncrack and LinEnum

P@ssw0rd Cracking (Linux)

Shadow file construction, hashing and salting (bcrypt, SHAx, MD5)
Online/offline attack differences, limitations and tool options
Keyspace, attack types and pros/cons of each
Utilising hashcat

Windows Enumeration

Targeting SMB/LDAP for user enumeration
User enumeration methods (unauthenticated/authenticated)

Phishing

Phishing campaign infrastructure overview
Campaign creation and execution against in-LAB live bots
Gaining access to OWA mailboxes and target hosts on different networks

Agenda – Day 2

Windows Shells, Post Exploitation and Privilege Escalation

Authenticated local/network enumeration and escalation techniques
Kerberoasting
AMSI considerations and recent bypasses
Leveraging PowerView, Metasploit, Unicorn, SharpSploit and GhostPack
Extracting LAPS passwords
Pass the Hash (PtH) attacks
RDP session hijacking (time dependant)
Data exfiltration using PowerShell
Leveraging Mimikatz

P@ssw0rd Cracking (Windows)

LM/NTLM/NTLMv1/v2/cached creds/Kerberos
Further hashcat usage including rules and mask attacks

Defensive Monitoring

Introduction to Kibana
Investigating logs and events

Overcoming Restrictions/Policies Within an Active Directory Environment

AppLocker policies/configurations, PowerShell enumeration
Leveraging publicly disclosed methods/code and tools (GreatSCT)

Situational Awareness, Lateral Movement and Pivoting

Network segmentation, routing and ingress/egress controls
Metasploit routing and Meterpreter port forwarding
Routing, SOCKS proxies and proxychains
SSH tunnelling (Windows and Linux)
Targeting hosts over tunnels

Application and Database Enumeration and Exploitation

Web application enumeration and vulnerability identification over pivots/tunnels
Exploiting recent SQL injection vulnerabilities

Abusing Domain Trusts to Compromise the Enterprise

Enumerating trusted domains using PowerView
Further Mimikatz usage

Gaining Persistence & Data Exfiltration Over OOB Channels

Investigating persistence mechanisms
Backdooring hosts to establish out-of-band persistent channels

BIO’s:

Will Hunt (@Stealthsploit) is a cyber security consultant who has worked in IT security for over 10 years. He co-founded in.security Ltd, a specialist cyber security company delivering high-end

consultancy and training services. He has delivered infrastructure and web hacking courses at Black Hat USA and EU, as well as training at other bespoke international events and conferences. Will also assists the UK government in various technical, educational and advisory capacities. Before Will was a security consultant he was an experienced digital forensics consultant and trainer. He runs the blog https://stealthsploit.com.

Owen Shearing (@rebootuser) is a co-founder of in.security Ltd, a specialist cyber security consultancy offering technical and training services based in the UK. He is a CREST CCT level security consultant with a strong background in networking and IT infrastructure and has over a decade of experience in technical security roles. Owen has provided technical training to a variety of audiences at bespoke events and various conferences, including Black Hat Asia, EU and USA. He runs the blog https://rebootuser.com and keeps projects at https://github.com/rebootuser.

Trainers/Contact Information:

Will Hunt / @stealthsploit

Owen Shearing / @rebootuser

Preferred Twitter @insecurity_ltd

Introduction to Software Defined Radio

Instructor: Paul Clark

$2000 + taxes & fees

Software Defined Radios (SDRs) are extraordinarily powerful tools that have been transforming wireless InfoSec. Often, newcomers to SDR get stuck because they haven’t developed a solid understanding of radio basics. In this introductory course we will teach you two things: proficiency with the gnuradio software and the basic concepts of radio design. The course is structured such that your gradually expanding expertise with gnuradio is leveraged to create projects exploring progressively deeper radio topics. Those topics include: signals, sampling, modulation, gain, filtering, I-Q sampling, noise, and the SDR hardware itself. After completing this course, you will have a firm understanding of gnuradio and will be able to build analog receivers and transmitters. These transmitters and receivers will form the basis for nearly all your future SDR-related InfoSec activities.

After laying this foundation, we’ll finish the course with two projects that will give you a taste of the kinds of things SDRs make possible. In the first project, we’ll build a digital radio system with SDR hardware. We’ll then use our skills to reverse engineer a simple digital control system.

This course avoids highly mathematical engineering lectures and focuses on teaching through more than 20 practical, hands-on exercises. You will spend most of your time doing, not just listening.

Class Requirements (skill level): No previous SDR knowledge required.

Class Requirements (hardware/software): Nothing! You’ll use one of our laptops, pre-installed with all the software you’ll need to work through the class projects. You won’t have to create a new Ubuntu partition, build the software and verify that the drivers work. You also won’t have to wait for the instructor to debug the machines of any students that couldn’t quite get their software setup right. You don’t even have to buy any SDR hardware. We take care of all of that. You just show up and start learning.

Speaker Bio:

Paul Clark Factoria Labs

www.factorialabs.com

@factorialabs

Paul has worked extensively in wireless InfoSec and is co-author of the Field Expedient SDR series (www.fieldxp.com). He has been teaching SDR for the last two years, with students ranging in experience from absolute beginners to professional engineers.