Training 2018

The trainings and workshops will happen the 20th and 21st of March 2018 at the Starling Hotel Geneva, right next to Palexpo.
Some of the training are only one day long, check the detailed description below for more information.

Note: We offer a significant cost reduction for people coming to the training and the conference, but only after the training registration is complete. The conference will only cost you 100.- CHF for the two days if you booked a training.
We also have two reduced training cost for Student, "Modern Linux exploitation" and "Sécurité des applications Web avancées".

First, register for one of the training below. Once the payment is validated, we will send you a coupon for the conference registration.

Hands-on Hardware Hacking with Joe Grand (EN, 2 days, 20th-21st March)

Price: 2000.- CHF

Trainer: Joe Grand (@joegrand) is a product designer, hardware hacker, and the founder of Grand Idea Studio (www.grandideastudio.com). He specializes in the invention and design of electronic devices. Also known as Kingpin, Joe was a member of the legendary hacker group L0pht Heavy Industries, where he helped raise awareness of computer security vulnerability research and disclosure. Joe has spent nearly two decades discovering security flaws in embedded systems and teaching others how to reverse engineer such systems. He holds a Bachelor of Science degree in Computer Engineering from Boston University and a Doctorate of Science in Technology (Honorary) degree from the University of Advancing Technology.

Description: Joe Grand's Hands-on Hardware Hacking training brings you through the techniques commonly used to reverse engineer and defeat the security of electronic devices. This comprehensive class covers the hardware hacking process, including product teardown, component identification, circuit board reverse engineering, soldering and desoldering, signal monitoring and analysis, and memory extraction and manipulation. It concludes with a final challenge where you’ll attempt to defeat the security mechanism of a custom electronic device.

Through the combination of lecture and hands-on exercises, you’ll gain the skills, resources, and confidence needed to explore and exploit electronic systems. No prior hardware experience is required.

A detailed course outline can be found at http://grandideastudio.com/wp-content/uploads/hh_training_agenda.pdf

Objectives: Understand the hardware hacking process and mindset. Learn the skills needed to successfully analyze, reverse engineer, modify, and attack electronic devices. Apply real world techniques to defeat the security of a custom circuit board

Course materials: Lecture slides and hardware hacking/embedded security reference material. Hardware hacking tools, including a soldering iron, multimeter, logic analyzer, and device programmer. Grand Idea Studio’s custom training circuit board

What to bring: Students must provide their own computer running Windows (administrator access required, within a virtual machine is OK) and containing a functional USB interface. Software and drivers will need to be installed.

Hacking and Hardening Windows Infrastructure Workshop by CQURE (EN, 1 day, 20th March)

Including Windows 10 and its new security features! Can Windows 10 be hacked?!

Price: 800.- CHF

Trainer: Paula Januszkiewicz (@paulacqure) is the CEO and Founder of CQURE Inc. and CQURE Academy. She has 14 years of experience in the cybersecurity field, performing penetration tests, architecture consulting, trainings and seminars. She has performed hundreds of security projects, including those for governmental organizations and big enterprises, at the same time being a top speaker and a keynote speaker at many well-known conferences, including Microsoft Ignite (rated No 1 Speaker among 1100 speakers and 26000 attendees), RSA (in 2017 in San Francisco her session was one of the 5 hottest sessions), Black Hat, TechEd North America, TechEd Europe, TechEd Middle East, CyberCrime etc., where she is often rated as No 1 speaker. Her presentations gather thousands of people. Paula also creates security awareness programs for various organizations, including awareness sessions for top management (telecoms, banks, government etc.). She is passionate about sharing her knowledge with others. In private, she enjoys working with her research team, converting the results of her findings to authored leading-edge trainings and tools used in practice in projects. She wrote a book about Threat Management Gateway and she’s currently working on the next one... so stay tuned for more. She has access to a source code of Windows, an honor granted to just few people around the world! Paula is a type that suffers, when doing nothing – every year she takes over 215 flights to provide security services to international organizations and enterprises. You can always expect some thoughtful ideas and interesting arguments!

Description

  • Module 1: Windows 10 / Windows Server 2016 - Platform Security and Internals: This module will prepare you for the training! It also contains very useful tips about auditing your environment
  • Module 2: Attacks on Credentials and Prevention Solutions: This module involves usage of the custom tools built by the CQURE Team. Some of the tools were first on the market, so you are learning from the best!
  • Module 3: Attacking and Securing Windows Network: Starting from simple network sniffing, ending up with advanced network monitoring to the size of the buffers written. Several techniques used during the training.
  • Module 4: Handling Ransomware and Other Malicious Software: In this module you will become familiar with the techniques used by modern malware. Especially for ransomware the launch process itself has changed over years to reach its final form - it is important to know how to prevent it.
  • Module 5: Offline Access – Threats and Prevention: Offline access is immediately rewarding the attacker: you do not have to try hard to get the highest privileges and possibility to change anything you want on a drive. In this module you will learn the impact of offline access and how according to best practices we can prevent it.
  • Module 6: Windows Security Summary: Module covers discussion about solutions and implementations with top priorities.

The full course description can be download here: MasterClass_HHW_2018.

What to bring: A Windows laptop with administrator rights is required.

Active Directory Attack and Defense by ADSecurity (EN, 2 days, 20th-21st March)

Price: 1600.- CHF

Trainer: Joel Leo started at Digital Island in 1998 with a fresh MCSE in Windows NT 4, he has earned experience across a number of platforms and technologies with many jumbles of letters after his name to go along with them. He’s a Principal Systems Engineer and the Active Directory Architect for Gap, Inc. and a consultant for several other organizations, focusing primarily on Active Directory. When he’s not validating replication consistency, you can usually find him hitting the waves at home in Hawaii or hotdropping targets in Eve Online.

Description

  • Day One: Overview and Attacking AD
    • Active Directory and PowerShell overview
    • Domain Controllers & authentication
    • Intrusion methods – gaining a foothold
    • Recon – mapping the network and finding weaknesses
    • Finding credentials (passwords)
    • Cracking service account passwords as a domain user
    • Credential Theft and Re-use
    • Privilege Escalation
    • Kerberos Attacks: Golden Tickets, Silver Ticket, Trust Tickets, etc.
    • Persistence Methods
    • Forged Kerberos Tickets (Golden Tickets, Silver Tickets, etc.)
    • WMI
  • Day Two: Defending the Enterprise
    • Traditional defense methods and why they fail
    • PowerShell attacks and detection
    • Windows Server security enhancements
    • Active Directory Domain security enhancements
    • Practical Active Directory defenses.
    • The future of Windows security
    • Windows Server 2016
    • Microsoft Passport authentication

Takeaways

Every attendee receives all of the session material including the presentation slides, detailed whitepaper, and demo videos (as appropriate).

Goals:

  • Better understand what attackers are doing once they gain a foothold and how to mitigate the
  • impact of this access.
  • Identify the areas in which traditional security methods fall short.
  • Learn what defensive measures are effective and how they mitigate current threats.

What to bring: A Windows laptop with administrator rights is required.

Learn Reverse Engineering Through Game Hacking by Vector35 (EN, 1 day, 21st March)

Price: 800.- CHF

Trainer: Jordan Wiens (@psifertex) started his professional career at the University of Florida where he got to do a little bit of everything security related. His love of CTFs, however, drove him to a job at a government contractor where he honed his reverse engineering and vulnerability research skills. Now, his goal in life is to become a professional CTF e-sports caster which is why he founded Vector 35. He claims he can stop buying NERF any time he wants, but no one believes him.

Description: PwnAdventure3 was an MMO designed to be hacked. In this one day-workshop, learn the basics of reverse engineering with Binary Ninja and PwnAdventure 3. You'll get an introduction to x86 instructions, learn how to patch binaries to modify their behavior, and how to extract meaningful information from a large complicated program. If you're already familiar with the basics, there are plenty of advanced exercises that will challenge you as well. A free student license of Binary Ninja is included.

What to bring: Student laptops should be capable of running Windows x64 and the windows pa3 binary from http://pwnadventure.com/ (though the binary in the class is different, if your computer can handle that version, it will run the version for this course). We don't recommend using a VM as the GPU requirements usually mean it's too slow. Donwload the game from the website and test if your computer can handle it. The graphic details can be tune to improve the performance.

Modern Linux exploitation by SCRT (EN, 2 days, 20th-21st March)

Price: 1500.- CHF / 800.- for students

Trainer: Adrien Stoffel (@__awe) is a senior security engineer at SCRT SA, working on penetration tests and security research. He's been involved in the CTF community for years and he currently leads the 0daysober team. His current focus area is Linux heap exploits but he also love to tackle some Windows challenges. He has also created the W3Challs hacking platform, hosting challenges in categories including web, crypto, and userland/kernel wargames.

Description: During this training students will learn how to exploit vulnerabilities and bypass current security mitigations on Linux systems, against both local and remote targets. The training will start with a refresher on modern stack buffer overflows and then present other vulnerabilities classes, with many practice labs.
Topics for the first part of the course include:

  • review of the current state of Linux userland security
  • ROP and JOP techniques on Intel x86 and x86_64 architectures
  • SSP bypasses
  • other vulnerability classes
  • miscellaneous tips and tricks relevant to both real life exploits and CTFs
  • improving exploit reliability
  • C++ exploitation (vftables, corruption of std objects...)

Then we will dive into heap-based exploitation and detail the inner workings of the glibc heap allocator so that you can finally understand the magic behind ptmalloc and how it can be abused to achieve remote code execution. Once you have made sense out of the allocator, we'll move onto exploitation, with step-by-step practice labs:

  • manipulate allocations to put the heap in a deterministic state
  • concepts behind heap overflow and Use After Free vulnerabilities
  • discover the memory layout using some heap-fu to defeat Full-ASLR
  • abuse heap data to get code execution or arbitrary read/write primitives
  • achieve the same results with metadata-only techniques
  • find the best suitable target to get code execution

Required level: Intermediate in binary exploitation

This training is for security professionals and/or CTF enthusiasts that want to improve their pwning skills. You are expected to:

  • be at ease with UNIX environments and know any scripting language (such as python or ruby)
  • have a good understanding of the C language and be able to understand basic Intel assembly
  • be familiar with basic exploitation techniques like stack buffer overflows
  • know gdb basics

What to bring: a 64-bit laptop with VMware or VirtualBox installed.

Sécurité des applications Web avancées, par SCRT (FR, 2 jours, 20th-21st March)

Price: 1500.- CHF / 800.- for students

Trainer: Alain Mowat est le responsable de la division Audit chez SCRT, où il travaille depuis bientôt 10 ans. Dans cette fonction, il essaye continuellement d'améliorer la qualité des audits de sécurité effectués par l'entreprise, tout en effectuant encore des tests d'intrusion, des attaques d'ingénierie sociale ou encore des formations liées à la sécurité informatique. Avec un intérêt marqué pour la sécurité des applications Web, il a découvert plusieurs failles importantes dans des applications ou services couramment utilisées par le grand public et les a remontées à l'éditeur.

Objectif: Permettre aux participants de connaitre la méthodologie et les outils nécessaires à l'analyse de sécurité d'une application Web.

Description:

La formation "Sécurité des applications Web" est une formation destinée à toute personne ayant des connaissances de base en développement Web ou en sécurité avec pour but de présenter les attaques les plus communes et comment s'en prémunir. La formation est basée autour d'un certain nombre d'exercices permettant aux participants de mettre immédiatement en pratique les techniques et notions discutées.

La formation débute par une introduction aux différentes technologies Web, suivi d'une explication de la méthodologie d'attaque appliquée lors de l'audit d'un site Web. Les vulnérabilités les plus communément rencontrées sont alors décortiquées et exploitées pour permettre aux participant de comprendre les causes et conséquences de chacune d'entre elles.

Les points suivants seront traités lors de la formations:

  • Attaques serveur:
    • Injections
    • Contrôle d'accès manquant
    • Gestion de l'authentification et des sessions
    • Attaques XML
    • SSRF
  • Attaques clientes:
    • XSS
    • CSRF
    • JSONP
    • Contournement Same Origin Policy
    • UI Redressing
  • Chiffrement dans les applications Web
    • Chiffrement symétrique
    • Chiffrement asymétrique
    • Gestion des nombres aléatoires

Prérequis: Les participants doivent avoir des connaissances de base en développement ou en sécurité des applications Web et doivent amener un laptop sur lequel ils ont des privilèges d'administrateur et une carte réseau.