SEC573: InfoSec w Python
SEC573 (Special): Automating Information Security with Python
Instructor: Mark Baggett
$2640
Registration Instructions: Please click here and you will be redirected to the SANS registration page. *Please note that you will still need to purchase con tickets at WWHF.
Python is a simple, user-friendly language that is designed to make automating the tasks that security professionals perform quick and easy. Whether you are new to coding or have been coding for years, SANS SEC573: Automating Information Security with Python will have you creating programs that make your job easier and make your work more efficient. This self-paced course starts from the very beginning, assuming you have no prior experience or knowledge of programming. We cover all of the essentials of the language up front. If you already know the essentials, you will find that the pyWars lab environment allows advanced developers to quickly accelerate to more advanced material in the course.
All security professionals, including Penetration Testers, Forensics Analysts, Network Defenders, Security Administrators, and Incident Responders, have one thing in common: CHANGE. Change is constant. Technology, threats, and tools are constantly evolving. If we don’t evolve with them, we’ll become ineffective and irrelevant, unable to provide the vital defenses our organizations increasingly require.
Maybe your chosen Operating System has a new feature that creates interesting forensics artifacts that would be invaluable for your investigation, if only you had a tool to access it. Often for new features and forensics artifacts, no such tool has yet been released. You could try moving your case forward without that evidence or hope that someone creates a tool before the case goes cold…or you can write a tool yourself.
Or perhaps an attacker bypassed your defenses and owned your network months ago. If existing tools were able to find the attack, you wouldn’t be in this situation. You are bleeding sensitive data and the time-consuming manual process of finding and eradicating the attacker is costing you money and hurting your organization big time. The answer is simple if you have the skills: Write a tool to automate your defenses.
Or, as a Penetration tester, you need to evolve as quickly as the threats you are paid to emulate. What do you do when “off-the-shelf” tools and exploits fall short? If you’re good, you write your own tool.
SEC573 is designed to give you the skills you need for tweaking, customizing, or outright developing your own tools. We put you on the path of creating your own tools, empowering you to better automate the daily routine of today’s information security professional and to achieve more value in less time. Again and again, organizations serious about security emphasize their need for skilled tool builders. There is a huge demand for people who can understand a problem and then rapidly develop prototype code to attack or defend against it. Join us and learn Python in-depth and fully weaponized.
You Will Learn How To:
- Leverage Python to perform routine tasks quickly and efficiently
- Automate log analysis and packet analysis with file operations, regular expressions, and analysis modules to find evil
- Develop forensics tools to carve binary data and extract new artifacts
- Read data from databases and the Windows Registry
- Interact with websites to collect intelligence
- Develop UDP and TCP client and server applications
- Automate system processes and process their output
SEC580: Metasploit Kung Fu for Enterprise Pen Testing
Instructor: Jeff McJunkin
$2640
Registration Instructions: Please click here and you will be redirected to the SANS registration page. *Please note that you will still need to purchase con tickets at WWHF.
Many enterprises today face regulatory or compliance requirements that mandate regular penetration testing and vulnerability assessments. Commercial tools and services for performing such tests can be expensive. While really solid free tools such as Metasploit, are available, many testers do not understand the comprehensive feature sets of such tools and how to apply them in a professional-grade testing methodology. Metasploit was designed to help testers with confirming vulnerabilities using an Open Source and easy-to-use framework. This course will help students get the most out of this free tool.
This class will show students how to apply the incredible capabilities of the Metasploit Framework in a comprehensive penetration testing and vulnerability assessment regimen, according to a thorough methodology for performing effective tests. Students who complete the course will have a firm understanding of how Metasploit can fit into their penetration testing and day-to-day assessment activities. The course will provide an in-depth understanding of the Metasploit Framework far beyond simply showing attendees how to exploit a remote system. The class will cover exploitation, post-exploitation reconnaissance, token manipulation, spear-phishing attacks, and the rich feature set of the Meterpreter, a customized shell environment specially created for exploiting and analyzing security flaws.
The course will also cover many of the pitfalls that a tester may encounter when using the Metasploit Framework and how to avoid or work around them, making tests more efficient and safe.
Practical Remote Social Engineering
Instructors: Stephanie “Snow” Carruthers & Jayme Hancock
$2000
Registration Instructions: Please Click Here and register for both the con and training here. If you’ve already purchased a con ticket, please login and add training under the Additional Items tab. If you’d like to purchase training, but not the con (but why?), please email Kate at themarshall at wildwesthackinfest dot com
Skill Level: Basic windows, Linux, and networking experience
Requirements: A laptop with Wi-Fi connectivity and a Kali Virtual Machine with current updates.
Optional: An inexpensive burner phone may be beneficial for students as sock puppet accounts are being created.
This course is designed for consultants and penetration testers. The course is also suitable for those looking to add Social Engineering techniques to their skillset and penetration testers transforming into red team roles looking to master the Social Engineering element.
Additionally, this course can benefit blue team members charged with running an internal security awareness program consisting of phishing and vishing techniques. The addition of this will help bolster any company’s internal security posture.
Prerequisites include knowledge of basic Linux and networking.
Abstract:
Social engineering is one of the most common attack vectors in targeted breaches today. A motivated adversary unable to compromise a network will instead target a more available component: it’s people. This two-day hands-on training covers the two most common Social Engineering attacks: phishing and vishing (voice phishing) with many Capture The Flag (“CTF”) style exercises.
Day one will begin by covering how to quickly build rapport with anyone as well as influence techniques, which can be leveraged to enhance Social Engineering attacks. Using skills taught in class, students will learn how to react on the spot with improv labs. Students will also learn Open-Source Intelligence (“OSINT”) gathering techniques which they can use to amplify their Social Engineering attack’s credibility. These techniques will focus on both automated and manual gathering of target contact information, company sensitive information, and information that is used in pretext development. OSINT gathering includes extensive amounts of hands-on time, including a CTF-style exercise at the end of the day.
On day two, students utilize their new Social Engineering and OSINT skills to develop real-world campaigns for simulated phishing and vishing engagements. Phishing is taught in depth, using the GoPhish framework, with tips and tricks for how to make campaigns more enticing as well as get past email filters. Students will be given target companies to perform OSINT and develop a realistic pretext for a phishing campaign. Simulated credential harvesting phishing campaigns will be deployed by students to give firsthand experience with creating and sending campaigns. Students will take their skills even further during the vishing portion of the class. Students will be divided into teams and given a target company and goals or “flags” to capture. Teams will develop pretexts, select their targets, and then place live phone calls in an attempt to elicit information and capture “flags.”
This course is a very hands-on, CTF-based, course. Student participation is highly encouraged to get the best value out of this course. Upon completion of the training students will feel confident in performing OSINT, choosing targets, pretext development, and performing remote Social Engineering engagements.
Day One: Social Engineering and OSINT
- Ethics and legality
- Rapport building
- Influence techniques
- Improv exercises
- Helps aide students with thinking on their feet
- Open-Source Intelligence Gathering
- Finding targets contact information
- Finding company sensitive information
- Pretext development
- Choosing the best pretext based off goals and OSINT findings
- OSINT CTF
Day Two: Phishing and Vishing
- Pretext development
- Target discovery
- Phishing
- Campaign logistics
- Tips and tricks for successful campaigns
- Campaign goals
- Typosquatted domains
- Setting up a phishing webserver and framework using GoPhish
- SPF, DKIM, and DMARC
- Creating credential harvesting websites
- Malicious payload overview
- Hands-on lab
1. Vishing
- Campaign logistics
- Tips and tricks for successful campaigns
- Campaign goals
- Caller ID Spoofing
- Team based challenge
BIO’s:
Stephanie “Snow” Carruthers is a social engineering professional. At DEF CON 22 she won a black badge for the Social Engineering Capture the Flag (SECTF). Stephanie also was on the winning team for SAINTCON’S Vault Physical Security challenge, which won the team a black badge. Over the last five years Stephanie has presented and taught trainings at multiple InfoSec conferences. Stephanie has performed a variety of Social Engineering and Red Team assessments for clients ranging from start-ups, Fortune 100 companies, to government agencies. She is also on the DEF CON CFP review board as a specialist for Social Engineering submissions. Twitter: @_sn0ww
Jayme is a Senior Network Penetration Tester with a heavy background in systems administration. His interests and experience includes black box penetration testing, social engineering, physical security, open source intelligence gathering, and security control evasion. He has spoken at B-Sides DC, HackWest, Cascadia IT Conference, and has previously trained at BlackHat USA. He holds GXPN, OSCP, CISSP, GCED, CEH, and MCP certifications. Originally from Southern California, Jayme resides in Washington, DC and enjoys astronomy, astrophotography, and good coffee. Twitter: @highmeh
Hacking Enterprises: Exploiting in.security
Instructors: Will Hunt and Owen Shearing
$1750
Registration Instructions: Please Click Here and register for both the con and training here. If you’ve already purchased a con ticket, please login and add training under the Additional Items tab. If you’d like to purchase training, but not the con (but why?), please email Kate at themarshall at wildwesthackinfest dot com
This is an immersive hands-on course that simulates a full-scale enterprise attack scenario. It allows students to assess the situation at every stage of a complex multi-layered penetration test and teaches them multiple ways to identify, enumerate, exploit and compromise an organization. Students will have access to a cloud-based LAB containing multiple networks, some of which are hidden. The theory and exercise content reflect real-world encounters rather than text book challenges and students will complete a vast number of exercises including everything from OSINT and reconnaissance, to creating and executing phishing campaigns against our in-LAB live bots, all the way through to post-exploitation, lateral movement and OOB data exfiltration.
Each Student Will Receive:
We realize that 2-days is not a lot of time and therefore students are also provided with the following benefits.
- 14-day extended LAB access after the course finishes
- Access to a new LAB subnet and CTF style board with challenges to further test your skills
- 14-day Slack support channel access where our security consultants are available
- A Raspberry Pi with Kali Linux pre-installed
- A portable wireless keyboard/mouse
- A hard copy of the RTFM
Who Should Attend:
This training is suited to a variety of students, including:
- Penetration Testers
- Security Professionals
- IT Support, Administrative and Network Personnel
- Anyone looking to enter the world of technical security
Prerequisite Knowledge:
- Familiarity with Windows and Linux command line syntax
- A basic understanding of networking concepts
Technical / Hardware / Software Requirements:
- Students will need to bring a laptop to which they have administrative/root access, running either Windows, Linux or Mac operating systems
- Students will need to have access to VNC, SSH and OpenVPN clients on their laptops
Agenda – Day 1
Introductions and LAB Overview
- Overview of the LAB, subnets, challenges and targets
- Introduction to monitoring and alerting using our in-LAB ELK stack
Leveraging OSINT Activities
- Data scraping from public sources
- Extracting document metadata
Enumerating, Targeting and Assessing IPv4 and IPv6 Hosts
- Identifying local and remote IPv4/IPv6 hosts including port scanning, service enumeration and fingerprinting using nmap and atk6 toolsets
- Parsing and interpreting scan output
- Manual and automated approaches to vulnerability identification
Linux Enumeration
- Enumerating and targeting application servers
- Using Metasploit, nmap scripts and public code
Linux Shells, Post Exploitation and Privilege Escalation
- Exploiting weak file/folder permissions, ownership, SUID, SGID and sudo configurations
- Hacking non-interactive shells and utilising binary breakouts/GTFOBins
- Using Metasploit, hydra, ncrack and LinEnum
P@ssw0rd Cracking (Linux)
- Shadow file construction, hashing and salting (bcrypt, SHAx, MD5)
- Online/offline attack differences, limitations and tool options
- Keyspace, attack types and pros/cons of each
- Utilising hashcat
Windows Enumeration
- Targeting SMB/LDAP for user enumeration
- User enumeration methods (unauthenticated/authenticated)
Phishing
- Phishing campaign infrastructure overview
- Campaign creation and execution against in-LAB live bots
- Gaining access to OWA mailboxes and target hosts on different networks
Agenda – Day 2
Windows Shells, Post Exploitation and Privilege Escalation
- Authenticated local/network enumeration and escalation techniques
- Kerberoasting
- AMSI considerations and recent bypasses
- Leveraging PowerView, Metasploit, Unicorn, SharpSploit and GhostPack
- Extracting LAPS passwords
- Pass the Hash (PtH) attacks
- RDP session hijacking (time dependant)
- Data exfiltration using PowerShell
- Leveraging Mimikatz
P@ssw0rd Cracking (Windows)
- LM/NTLM/NTLMv1/v2/cached creds/Kerberos
- Further hashcat usage including rules and mask attacks
Defensive Monitoring
- Introduction to Kibana
- Investigating logs and events
Overcoming Restrictions/Policies Within an Active Directory Environment
- AppLocker policies/configurations, PowerShell enumeration
- Leveraging publicly disclosed methods/code and tools (GreatSCT)
Situational Awareness, Lateral Movement and Pivoting
- Network segmentation, routing and ingress/egress controls
- Metasploit routing and Meterpreter port forwarding
- Routing, SOCKS proxies and proxychains
- SSH tunnelling (Windows and Linux)
- Targeting hosts over tunnels
Application and Database Enumeration and Exploitation
- Web application enumeration and vulnerability identification over pivots/tunnels
- Exploiting recent SQL injection vulnerabilities
Abusing Domain Trusts to Compromise the Enterprise
- Enumerating trusted domains using PowerView
- Further Mimikatz usage
Gaining Persistence & Data Exfiltration Over OOB Channels
- Investigating persistence mechanisms
- Backdooring hosts to establish out-of-band persistent channels
BIO’s:
Will Hunt (@Stealthsploit) is a cyber security consultant who has worked in IT security for over 10 years. He co-founded in.security Ltd, a specialist cyber security company delivering high-end
consultancy and training services. He has delivered infrastructure and web hacking courses at Black Hat USA and EU, as well as training at other bespoke international events and conferences. Will also assists the UK government in various technical, educational and advisory capacities. Before Will was a security consultant he was an experienced digital forensics consultant and trainer. He runs the blog https://stealthsploit.com.
Owen Shearing (@rebootuser) is a co-founder of in.security Ltd, a specialist cyber security consultancy offering technical and training services based in the UK. He is a CREST CCT level security consultant with a strong background in networking and IT infrastructure and has over a decade of experience in technical security roles. Owen has provided technical training to a variety of audiences at bespoke events and various conferences, including Black Hat Asia, EU and USA. He runs the blog https://rebootuser.com and keeps projects at https://github.com/rebootuser.
Trainers/Contact Information:
Will Hunt / @stealthsploit
Owen Shearing / @rebootuser
Preferred Twitter @insecurity_ltd
Introduction to Software Defined Radio
Instructor: Paul Clark
$2000
Registration Instructions: Please Click Here and register for both the con and training here. If you’ve already purchased a con ticket, please login and add training under the Additional Items tab. If you’d like to purchase training, but not the con (but why?), please email Kate at themarshall at wildwesthackinfest dot com
Software Defined Radios (SDRs) are extraordinarily powerful tools that have been transforming wireless InfoSec. Often, newcomers to SDR get stuck because they haven’t developed a solid understanding of radio basics. In this introductory course we will teach you two things: proficiency with the gnuradio software and the basic concepts of radio design. The course is structured such that your gradually expanding expertise with gnuradio is leveraged to create projects exploring progressively deeper radio topics. Those topics include: signals, sampling, modulation, gain, filtering, I-Q sampling, noise, and the SDR hardware itself. After completing this course, you will have a firm understanding of gnuradio and will be able to build analog receivers and transmitters. These transmitters and receivers will form the basis for nearly all your future SDR-related InfoSec activities.
After laying this foundation, we’ll finish the course with two projects that will give you a taste of the kinds of things SDRs make possible. In the first project, we’ll build a digital radio system with SDR hardware. We’ll then use our skills to reverse engineer a simple digital control system.
This course avoids highly mathematical engineering lectures and focuses on teaching through more than 20 practical, hands-on exercises. You will spend most of your time doing, not just listening.
Class Requirements (skill level): No previous SDR knowledge required.
Class Requirements (hardware/software): Nothing! You’ll use one of our laptops, pre-installed with all the software you’ll need to work through the class projects. You won’t have to create a new Ubuntu partition, build the software and verify that the drivers work. You also won’t have to wait for the instructor to debug the machines of any students that couldn’t quite get their software setup right. You don’t even have to buy any SDR hardware. We take care of all of that. You just show up and start learning.
Speaker Bio:
Paul Clark Factoria Labs
www.factorialabs.com
@factorialabs
Paul has worked extensively in wireless InfoSec and is co-author of the Field Expedient SDR series (www.fieldxp.com). He has been teaching SDR for the last two years, with students ranging in experience from absolute beginners to professional engineers.
