NotSoSecure
Black Hills Information Security
FortyNorth
FortyNorth
FalconForce
FalconForce
FalconForce
Czech Technical University
Czech Technical University
While security awareness and collective experience regarding the Cloud has been steadily improving, one common difficulty is applying theoretical knowledge to real-life scenarios. This training’s goal is to help attendees bridge this gap by understanding how conventional technologies integrate with Cloud solutions. The training is scenario-based and focuses on applied exercises.
Xavier is a managing security consultant at NCC Group, with experience in both academia and the private sector. He has worked as a developer, security researcher and consultant. Xavier currently spends most of his time focusing on application and cloud security, as well as driving the development of Scout Suite (https://github.com/nccgroup/ScoutSuite/), an open source multi-cloud security-auditing tool.
Xavier holds the AWS Certified Security – Specialty, Offensive Security Certified Professional (OSCP), Offensive Security Certified Expert (OSCE) and Offensive Security Wireless Professional (OSWP) certifications.
This hands-on training teaches the essential know-how of malware traffic analysis: the experience and knowledge of understanding malware behaviors on the network. The core of the training is not about the tools, but the experience transmitted and gained by students. Students should leave with the knowledge to recognize malicious actions of malware in the network.
Veronica Valeros , Czech Technical University
Veronica is a researcher and intelligence analyst from Argentina. Her research strongly focuses on helping people. A jack of all trades, she currently specializes in threat intelligence, malware traffic analysis, and data analysis. She has presented her research at international conferences such as BlackHat, EkoParty, Botconf, Virus Bulletin, Deepsec, and others. She is the co-founder of the MatesLab hackerspace based in Argentina and co-founder of the Independent Fund for Women in Tech. She is currently the director of the Civilsphere project at the Czech Technical University, dedicated to protecting civil organizations and individuals from targeted attacks. She's also the project leader at the Stratosphere Laboratory, a research group in the Czech Technical University dedicated to study and research in cybersecurity and machine learning.
This hands-on training teaches the essential know-how of malware traffic analysis: the experience and knowledge of understanding malware behaviors on the network. The core of the training is not about the tools, but the experience transmitted and gained by students. Students should leave with the knowledge to recognize malicious actions of malware in the network.
Sebastian Garcia , Czech Technical University
Sebastian is a malware researcher and security teacher with extensive machine learning experience applied to network traffic. He created the Stratosphere IPS project, a machine learning-based, free software IPS to protect civil society. He likes to analyze network patterns and attacks with machine learning. As a researcher in the AIC group of Czech Technical University in Prague, he believes that free software and machine learning tools can help better protect users from abuse of their digital rights. He has been teaching in several countries and Universities and working on penetration testing for both corporations and governments. He was lucky enough to talk in Ekoparty, DeepSec, Hacktivity, Botconf, Hacklu, InBot, SecuritySessions, ECAI, CitizenLab, ArgenCor, Free Software Foundation Europe, Virus Bulletin, BSides Vienna, HITB Singapore, CACIC, etc. As a co-founder of the MatesLab hackspace, he is a free software advocate that worked on honeypots, malware detection, distributed scanning (dnmap) keystroke dynamics, Bluetooth analysis, privacy protection, intruder detection, robotics, microphone detection with SDR (Salamandra), and biohacking.
The purpose of the Red Team Training is to understand the underlying concept of red teaming. The training will cover payloads generation, lateral movement techniques, initial foothold and internal reconnaissance. The training is aiming to provide a deep understanding of all the previously described aspects of a red team.
Charles Hamilton is a Red Teamer, who holds the OSCE, OSCP, and SLAE64 certifications. He has more than ten years of experience delivering offensive testing services for various government clients and commercial verticals. In recent years, Charles has focused on covert Red Team operations against complex and secured environments. These operations have allowed him to hone his craft at quietly navigating a client's network without detection. Since 2014, he is the founder and operator of the RingZer0 Team website, a platform focused on teaching hacking fundamentals. The RingZer0 community currently has more than 36,000 members worldwide. Charles is also a prolific toolsmith and speaker in the InfoSec industry under the handle of Mr.Un1k0d3r. Some of Charles Hamilton trade craft can be found in his github repository (see below)
The Intrusion Operations class provides students a unique opportunity to learn and implement real-world techniques used by advanced adversaries. An attacker can easily break into an organization by abusing misconfigurations, but the inverse also applies - defenders can easily detect red teams and malicious actors using commodity malware, default indicators, and more. You will learn how to overcome enterprise defenses and hardened infrastructure. You will leverage custom tooling and advanced configurations to break into a simulated corporate network and develop targeted malware profiles to remain undetected. You will leave this class with the skills and tools to develop custom tradecraft for long term persistence.
Olaf Hartong Co-Founder & Defensive Specialist, FalconForce
Olaf Hartong is a Defensive Specialist and security researcher at FalconForce. He specialises in understanding the attacker tradecraft and thereby improving detection. He has a varied background in blue and purple team operations, network engineering, and security transformation projects.
Olaf has presented at many industry conferences including Black Hat, DEF CON, DerbyCon, Splunk .conf, FIRST, MITRE ATT&CKcon, and various other conferences. Olaf is the author of various tools including ThreatHunting for Splunk, ATTACKdatamap and Sysmon-modular.
The Intrusion Operations class provides students a unique opportunity to learn and implement real-world techniques used by advanced adversaries. An attacker can easily break into an organization by abusing misconfigurations, but the inverse also applies - defenders can easily detect red teams and malicious actors using commodity malware, default indicators, and more. You will learn how to overcome enterprise defenses and hardened infrastructure. You will leverage custom tooling and advanced configurations to break into a simulated corporate network and develop targeted malware profiles to remain undetected. You will leave this class with the skills and tools to develop custom tradecraft for long term persistence.
Gijs Hollestelle Co-Founder & Security Specialist, FalconForce
Gijs Hollestelle is specialized in advanced offensive and defensive capabilities. Gijs spent the last 15 years working in various technical security related roles related to ethical hacking, red teaming, cryptography, blue teaming and secure coding. Apart from solving technical challenges in the cyber security area he also enjoys teaching others to do the same. He is also an avid CTF player, competing at the highest level with multiple CTF teams including Eindbazen and Hack.ERS.
The Intrusion Operations class provides students a unique opportunity to learn and implement real-world techniques used by advanced adversaries. An attacker can easily break into an organization by abusing misconfigurations, but the inverse also applies - defenders can easily detect red teams and malicious actors using commodity malware, default indicators, and more. You will learn how to overcome enterprise defenses and hardened infrastructure. You will leverage custom tooling and advanced configurations to break into a simulated corporate network and develop targeted malware profiles to remain undetected. You will leave this class with the skills and tools to develop custom tradecraft for long term persistence.
Henri Hambartsumyan Co-Founder & Red Teamer, FalconForce
Henri Hambartsumyan is an experienced technical security professional, with 10 years of technical security experience. Henri started his career as pentester and moved to the more advanced pentesting projects. Later he started executing "covert operations", which the industry later dubbed to "red teaming". In the recent years, Henri has performed countless red team operations amongst which 4 TIBER exercises. Next to projects, Henri spent most off-time in developing AV bypasses for future ops. The last year, Henri has taken an interest in blue teaming, especially in detecting more advanced tradecraft in a realistic way. Due to his in-depth understanding of the tradecraft, he currently develops detection rules for advanced attacks as part of blog series FalconFriday and for clients. Next to this, he is still active in performing red teams.
The Intrusion Operations class provides students a unique opportunity to learn and implement real-world techniques used by advanced adversaries. An attacker can easily break into an organization by abusing misconfigurations, but the inverse also applies - defenders can easily detect red teams and malicious actors using commodity malware, default indicators, and more. You will learn how to overcome enterprise defenses and hardened infrastructure. You will leverage custom tooling and advanced configurations to break into a simulated corporate network and develop targeted malware profiles to remain undetected. You will leave this class with the skills and tools to develop custom tradecraft for long term persistence.
Chris Truncer Co-Founder and Offensive Security Lead, FortyNorth
Christopher Truncer (@ChrisTruncer) is a co-founder and Offensive Security Lead with FortyNorth Security. He is a co-founder and current developer of the Veil-Framework, a project aimed to bridge the gap between advanced red team and penetration testing toolsets. Chris began developing tools that are not only designed for the offensive community, but can enhance the defensive community's ability to defend their network as well.
The Intrusion Operations class provides students a unique opportunity to learn and implement real-world techniques used by advanced adversaries. An attacker can easily break into an organization by abusing misconfigurations, but the inverse also applies - defenders can easily detect red teams and malicious actors using commodity malware, default indicators, and more. You will learn how to overcome enterprise defenses and hardened infrastructure. You will leverage custom tooling and advanced configurations to break into a simulated corporate network and develop targeted malware profiles to remain undetected. You will leave this class with the skills and tools to develop custom tradecraft for long term persistence.
Matt Grandy Sr. Offensive Security Engineer, FortyNorth
Matthew Grandy is a senior offensive security engineer with extensive experience leading penetration testing and red team engagements across various industries. He is an offensive security certified expert (OSCE) as well as an offensive security certified professional (OSCP) and contributes regularly to the open source community, as he believes very strongly in elevating the security industry as a whole. Most notably, Matthew has contributed to the C# EyeWitness project as well as created MiddleOut, a C# compression utility. Matthew is also a previous Black Hat and Wild West Hackin' Fest instructor.
In this 2-Day Intermediate hands-on course delegates will gain an understanding of application security vulnerabilities including the industry standard OWASP Top 10 list and learn strategies to defend against them.
Abhijay Singh Principal Security Consultant, NotSoSecure
Abhijay Singh is an information security professional working as a Principal Security Consultant at NotSoSecure. He has 8+ years of corporate experience with expertise in the area of Application Security, Network and Vulnerability Assessment. Abhijay currently holds industry recognized accreditations including OSCP. As well as being a hands on pen tester, Abhjay is also a experienced trainer and co- contributor for NotSoSecure’s AppSec for Developers, DevSecOps and AppSecOps courses. Abhijay has delivered training at numerous leading global Security conferences. His current expertise revolves around finding interesting bugs in Web Applications and loves doing Android and iOS app security assessments. In his spare time, he is an inveterate bug bounty hunter and likes to read/learn new technologies.
Modern Webapp Pentesting is unique in its approach to testing webapps. Too many courses are built around the OWASP Top Ten, this class is built around attack scenarios.
Brian King Penetration Tester, Black Hills Information Security
Brian King has been pentesting webapps since 2008. He was the second hire into his employer's application security team at a time when "PCI" was brand new and long before bug bounty programs - when experienced webapp pentesters had to be made, not found. His internal training and coaching efforts built a successful team of 30 testers, few of whom had significant security experience before joining the team. Brian believes that webapps are the best targets for pentesting because although they all look familiar on the surface, they're all different and often in surprising ways. Each webapp is a collection of puzzles for a pentester and the first puzzle is figuring out where the other puzzles are! Once you get started, each test can be an engaging chance to practice your problem-solving skills and dive into new technologies.
Relying on publicly available and stock tooling to leverage weaknesses in enterprise Windows environments to execute effective red team operations is becoming increasingly difficult. However, complex environments, with custom applications and configurations, often contain significant exploit potential attackers could utilize. Red team operators capable of taking advantage of these weaknesses can simulate more advanced adversaries, and help organizations remove difficult to identify attack chains. This course teaches the methodology and tools to find, triage, and utilize exploitable vulnerabilities on Windows systems in time-sensitive engagements. You will dive into the vulnerability classes that SpecterOps routinely finds in mature environments and practice methods of identification, triage, and exploitation.
Dhruv Shah Senior Security Consultant and Trainer, NotSoSecure
Dhruv has been with NotSoSecure since 2017 and has worked on security issues with a broad range of clients, including major banking, finance and media companies. This work involves web and application penetration testing and network assessments. He is also involved in Red Team assessments appraising system and network vulnerabilities with little or no prior knowledge of them. His trainer work has involved running courses at BlackHat Chicago and researching and updating the NotSoSecure Advanced Web Hacking training course.
Dhruv holds a Masters degree in IT and has seven years’ specialist experience in Information Security. He started off as a trainer sensitising staff in private sector organisations about security issues and what hackers look for when they launch attacks on networks. He then moved employers where he carried out penetration testing work in Indian government agencies and then at banking clients in the Middle East. He now has extensive penetration testing experience for Fortune 500 companies involving web and mobile applications, networks, Infra and and Red Team work. In his spare time, he co-authored the book “Kali Linux Intrusion and Exploitation” and is an active member and moderator of one of the Null chapters in India.
Alex Ivkin is a director of solutions at Eclypsium, a US security company. His focus is on secure deployments of (in)secure software, including container orchestration, application security, and firmware security. Alex has two decades of security integration experience, presented at numerous security conferences, delivered trainings, holds MS in CSci, co-authored the ISACA CSXP certification and climbs mountains in his spare time.
Emily is a digital forensics investigator on the Insider Threat Investigations team at Morgan Stanley. In her role, Emily helps protect the Firm against insider threats by conducting investigations and working to improve forensic tooling and techniques. In her spare time, Emily's passion for forensics persists as a hobby, but she also enjoys crime shows, ballet, and pursuing her not-so-secret mission of finding the best ice cream in the world.
Roger Johnston is a security analyst at Ubisoft Montreal where he specializes in adversary emulation and threat intelligence.
In 2019 he worked closely with the Credibility Coalition misinfosec working group to develop counters for disinformation, and to provide tooling to the AMITT community.
Today, Roger volunteers with the Cognitive Security Collaborative where he builds capabilities to bootstrap elf communities, provides trainings, and evangelizes the need for greater awareness of disinformation. His recent work at Cognitive Security Collaborative includes the launch of a MISP sharing community for influence operations.
Through Cognitive Security Collaborative, Roger recently joined the CTI League to counter COVID-19 disinformation.
Sara-Jayne “SJ” Terp is a data nerd with a long history of working on the hardest data problems she can find. Her background includes designing unmanned vehicle systems, transport, intelligence and disaster data systems with an emphasis on how humans and autonomous systems work together; developing crowdsourced advocacy tools, managing innovations, teaching data science to Columbia’s international development students, designing probabilistic network algorithms, working as a pyrotechnician, and CTO of the UN’s big data team. Her current interests are focused on misinformation mechanisms and counters; she founded Bodacea Light Industries to focus on this, worked with the Global Disinformation Index to create an independent disinformation rating system, and runs a Credibility Coalition working group on the application of information security principles to misinformation. SJ holds degrees in artificial intelligence and pattern analysis and neural networks.
Philippe is a security researcher working for GoSecure. His research is focused on Web application security. His past work experience includes pentesting, secure code review and software development. He is the author of the widely used Java static analysis tool OWASP Find Security Bugs (FSB). He is also a contributor to the static analysis tool for .NET called Security Code Scan. He built many plugins for Burp and ZAP proxy tools: Retire.js, Reissue Request Scripter, CSP Auditor and many others. Philippe has presented at several conferences including Black Hat Arsenal, SecTor, AppSec USA, ATLSecCon, NorthSec, and 44CON.
Olivier Bilodeau Cybersecurity Research Lead, GoSecure
Olivier Bilodeau is leading the Cybersecurity Research team at GoSecure. With more than 10 years of infosec experience, he enjoys attracting embedded Linux malware, writing tools for malware research, reverse-engineering all-the-things and vulnerability research. Passionate communicator, Olivier has spoken at several conferences like BlackHat USA/Europe, Defcon, Botconf, SecTor, Derbycon, HackFest and many more. Invested in his community, he co-organizes MontréHack, a monthly workshop focused on applied information security, and NorthSec, Montreal's community conference and Capture-The-Flag.
Former pentester, I used to play a lot with Microsoft Active Directory infrastructures, both on defensive and offensive aspects at Synacktiv, a french offensive security company. I am now in the Reverse Engineering team within my company, focusing on Windows and hardware topics.
Alexandre is a security researcher working for GoSecure. His area of expertise is reverse engineering, binary exploitation and tool development. His previous experience as a software developer covers a broad spectrum of topics ranging from low-level systems and binary protocols to web applications. Prior to joining the research team, Alexandre spent time as an Ethical Hacker honing his offensive security skills. His areas of interest include binary analysis, compiler theory and systems programming. Alexandre gives back to the Montréal infosec community by volunteering his time, contributing workshops and designing application security challenges for events like MontréHack and REcon.
Kelley works on the Account Security team at Twilio. Previously she worked in a variety of API platform and data engineering roles at startups. Her research focuses on authentication user experience and design trade-offs for different risk profiles and 2FA channels. Kelley lives in Brooklyn, is an avid home cook, and spends too much time on Twitter (@kelleyrobinson).
Vitor Ventura is a Cisco Talos security researcher. Has a researcher, he investigated and published various articles on emerging threats. Most of the days Vitor is hunting for threats, investigating, them reversing code but also looking for the geopolitical and/or economic context that better suits them. Vitor has been a speaker in conferences, like Recon Brussels, Defcon Crypto Village and BSides Lisbon among others. Prior to that he was IBM X-Force IRIS European manager where he was lead responder on several high profile organizations affected by the WannaCry and NotPetya infections, helping to determine the extent of the damage and to define the recovery path. Before that he did penetration testing at IBM X-Force Red, where Vitor lead flagship projects like Connected Car assessments and Oil and Gas ICS security assessments, custom mobile devices among other IoT security projects. Vitor holds multiple security related certifications like GREM (GIAC Reverse Engineer Malware), CISM (Certified Information Security Manager).
Paul is a security researcher within Talos, Cisco’s threat intelligence and research organization. As a researcher, he performs investigations to identify new threats and presents his findings as publications and at international security conferences throughout the world. He has been involved in security research for 7 years, mainly focusing on malware analysis, malware hunting and more specially on Advanced Persistence Threat campaigns and rootkit capabilities. He previously worked for several incident response team within the private and public sectors.
bx enjoys tinkering with systems in undocumented manners to find hidden sources of computation. She has previously studied the weird machines present in application linkers and loaders, publishing some nifty PoC along the way, but has since turned her focus towards the kinds of loaders that bootstrap systems. bx is currently a senior security researcher at Narf Industries.
Alyssa Miller (CISM) is a hacker, security advocate, author, professional, and public speaker with almost 15 years of experience in the security industry. She has always had a passion for deconstructing technology, particularly since buying her first computer at the age of 12 teaching herself BASIC programming. In her career, Alyssa has performed all forms of security assessments but given her developer background, she had a dedication to application security. She specializes in working with business and security leaders to design and deploy effective security programs that create a true culture of shared responsibility and developer enablement.
Alyssa is also committed to evangelizing security. Not only does she speak internationally at various industry, vendor and corporate events, Alyssa also engages in the community through her online content, media appearances, and security community activism. Her journey through security was recently featured in an article by Cybercrime Magazine. She’s also been recognized in Peerlyst’s e-Book “50 Influential Penetration Testers”. Alyssa is board member for Women of Security (WoSEC) and co-host of The Uncommon Journey podcast focusing on the unique stories of security professionals across the community. Finally, Alyssa is an Application Security Advocate for London-based Snyk Ltd.
Yehuda Lindell is a professor at Bar-Ilan University in Israel and the CEO of Unbound Tech. Yehuda attained his Ph.D. at the Weizmann Institute of Science in 2002 and spent two years at the IBM T.J. Watson research lab as a Postdoctoral fellow in the cryptography research group. Yehuda has carried out extensive research in cryptography, and has published over 100 conference and journal publications, as well as one of the leading undergraduate textbooks on cryptography. Yehuda has presented at numerous international conferences, workshops and university seminars, and has served on program committees for top international conferences in cryptography. In addition to Yehuda's notable academic work, he has significant industry experience in the design and deployment of cryptography in a wide variety of scenarios.
I am a crypto specialist in Microsoft Research's Security and Cryptography team. I’m currently involved in projects related to post-quantum cryptography, such as the Open Quantum Safe project. I’m also leading the development of the U-Prove technology. I’m also interested in privacy-enhancing technologies, smart cloud encryption (e.g., searchable and homomorphic encryption), and the intersection of AI and security. Prior to joining Microsoft in 2008, I was the Chief Security Engineer at Credentica, a crypto developer at Silanis Technology working on digital signature systems, and a security engineer at Zero-Knowledge Systems working on TOR-like systems.
Holger is working for Cisco Talos, the threat research organization of Cisco. Our goal is to find and reverse engineer new unknown malware campaigns. My team uncovered attacks like NotPetya, WannaCry, DNSpionage, SeaTurtle and many more. I am frequently presenting on internal and external conferences, for example: Microsoft Digital Crime Consortium (DCC), Google Annual RE Meeting, FIRST, ISC, 4th International Conference on Cybersecurity and Privacy Balkan, BSIDES Munich, SecIT Germany, CiscoLive and more.