Here's the list of trainings for the 2019 edition! As usual, we tried to bring you various types of trainings while maintaining an affordable price for both professionals and students.
2 days training, by JP Aumasson and Philipp Jovanovic
Price: 1500.- CHF / Special student price: 800.- CHF
This training will familiarize developers and security professionals of any level with modern cryptography concepts and best practices, such as randomness generation, symmetric and asymmetric encryption, hash functions, and protocols. After covering the basics, we introduce the latest applications and innovations in cryptography, such as TLS 1.3, quantum and post-quantum cryptography, or blockchain applications.
The class is
- Practice-oriented: Lectures present real-world failures and by analyze how they could have been avoided, and exercise sessions consist of a mix of made-up problems and examples of real vulnerabilities found in widely deployed systems.
- Offense-oriented: Participants put into practice the notions and tools encountered during the lectures by being challenged to find, exploit, and fix vulnerabilities in cryptographic software.
- Interactive: We encourage participants to ask questions about the topics presented or even other topics, which usually leads to interesting discussions.
This class was previously taught at events including Troopers, Black Hat Europe, Hardware Security Training and in private sessions for organizations including Google.ABOUT THE TRAINERS
Both trainers hold PhDs in cryptography and have in combination more than 15 years of experience in designing cryptosystems and in finding vulnerabilities in real-world applications, including critical industrial systems. The trainers are also experienced speakers due to regular presentations of their latest research at IT security and cryptography conferences all around the world.
Day 1, morning: lectures (~4h)
- Secure randomness generation
- What is randomness?
- The notion of entropy
- Random number generators and the differences between TRNGs, PRNGs, and DRBGs
- Implementations of random number generators in Linux, MacOS, and Windows
- Testing PRNGs
- Cryptography basics
- Symmetric cryptography: DRBGs, hash functions, PRFs, MACs, block/stream ciphers, block cipher modes, authenticated encryption)
- Asymmetric cryptography: key agreement protocols, signing schemes, public key encryption systems
- Security notions, attack models, protocols
- Elliptic-curve cryptography
- Different curve shapes (Weierstrass, Montgomery, Edwards, twisted Edwards forms)
- Mathematical operations on elliptic curves (addition, scalar multiplication, point counting)
- The Curve25519 curve
- The elliptic curve discrete logarithm problem
- ECC-based key agreement, encryption, signing
- Security / performance comparisons between RSA, classic DL, and ECC-based approaches
- How to use ECC correctly
- Quantum and post-quantum cryptography
- Principles of quantum computing
- Requirements for building a scalable quantum computer
- Impact on public-key and private-key cryptography
- Post-quantum crypto: types of constructions, example of hash-based signatures
Day 1, afternoon: exercises (~4h)
- Entropy evaluation
- Analysing the security properties of the Lorawan IoT protocol
- Breaking a weak PRNG, hash function, and RSA-based system
- Implementing basic ECC-based schemes (DH, DSA, ElGamal)
Day 2, morning: lectures (~4h)
- Side-channel attacks
- What are side-channels?
- Timing and cache-timing attacks
- Oracle attacks (Bleichenbacher and Manger attacks on RSA, CBC padding oracle)
- Bug attacks and optimization attacks
- Cryptography libraries
- Most common libraries (OpenSSL, NaCl, sodium, etc.)
- Comparison of strengths and limitations in terms of security, speed, or license
- Key lengths
- Transport layer security (TLS)
- History overview
- Comparison between TLS 1.2 and TLS 1.3
- Overview on TLS attacks
- How to check / secure TLS servers
- Secure messaging
- Differences between synchronous and asynchronous messaging
- Security goals
- The Signal protocol, its strengths limitations
- Non-cryptographic risks
- Bitcoin and blockchain technologies
- How does Bitcoin work?
- What are blockchains?
- Double spending attacks
- Proof-of-work schemes
- Nakamoto consensus
Day 2, afternoon: exercises (~4h)
- Analysing the output of randomness generators
- CBC oracles
- Breaking the authenticated encryption cipher in the open smart grid protocol
- Analysing a bug in the DH code of libsodium
- Decrypting ciphertexts by exploiting a flawed PRNG
Participants should have some familiarity with common programming languages such as C and Python. This course is suitable for people who are new to cryptography and IT security. All the theory and concepts related to cryptography and cryptanalysis are explained during the course.
A notebook capable running a VMWare or Virtualbox hypervisor, in order to run the virtual machine image containing the exercises.
2 days training, by Jordan Santarsieri
Price: 1500.- CHF
SAP is a core part of the business-critical infrastructure of 95% of the biggest companies in the world, these companies rely on SAP to perform their most sensitive daily operations such as processing employees payroll and benefits, managing logistics, managing suppliers / customers, material management, releasing payments to providers, credit cards processing, business intelligence, etc.
This training provides the latest information on SAP specific attacks and remediation / protection activities. It starts with an introduction to SAP (No previous SAP knowledge is required), and it will teach you through several hands-on exercises and demos, to how to perform your own vulnerability assessments, audits and penetration tests on your SAP platform, you will be very well equipped to understand the critical risks your SAP platform may be facing, how to assess them and more importantly, you will know which are the best-practices to effectively mitigate them, pro-actively protecting your business-critical platform.
He is engaged in a daily effort to identify, analyze, exploit and mitigate vulnerabilities affecting ERP systems and business-critical applications, helping Vicxer's customers (Global Fortune-500 companies and defense contractors) to stay one step ahead of cyber-threats.
Jordan has also discovered critical vulnerabilities in Oracle and SAP software, and is a frequent speaker at international security conferences such as Black-Hat, Insomnihack, YSTS, Auscert, Sec-T, HITB, Rootcon, NanoSec Hacker Halted, OWASP US, 8dot8 and Ekoparty.
- Introduction to SAP
- What SAP security used to be in the past
- What SAP security is nowadays
- Introduction to SAP security tools (the open-source way)
- Securing the SAP Infrastructure
- SAP Router
- SAP Web-dispatcher
- The role of a firewall
- How to attack and secure: SAP & Windows
- How to attack and secure: SAP & Unix
- How to attack and secure: SAP & Oracle
- How to attack and secure: SAP & HANA
- Authentication mechanisms
- User Security
- Password Policy
- SAP Gateway & RFC
- SAP Message Server
- SAP Management Console
- SAP Solution Manager
- SAP System Landscape Directory
- ABAP Security
- SAP Back-doors
- SAP Updates
- SAP ICM
- SAP J2EE
- Understanding the J2EE Framework
- Different SAP Web J2EE Applications
- J2EE Authentication Mechanisms
- SAP JCO
- SAP Security Audit Trail
- How to react in case of an SAP Intrusion
- SAP Lab – Packet wars! (Apply what you learned! Attack and defend the SAP systems!)
The only thing that the students need to bring is their own laptops. All the labs, SAP VMs, SAP clients and tools will be provided by us. Students must have enough privileges to install new software (vmware) and change their own IP Address, nothing more!
2 days training, by Vinod Tiwari
Price: 1500.- CHF
Unfortunately, this training had to be cancelled, sorry for the inconvenience.
2 days training, by Adrien Stoffel
Price: 1500.- CHF / Special student price: 800.- CHF
During this training students will learn how to exploit vulnerabilities and bypass current security mitigations on Linux systems, against both local and remote targets. The training will start with a refresher on modern stack buffer overflows and then present other vulnerabilities classes, with a emphasis on heap exploitation and packed with many practice labs.
This training is for security professionals and/or CTF enthusiasts who want to improve their pwning skills.ABOUT THE TRAINER
Adrien Stoffel (@__awe) is a senior security engineer at SCRT SA, working on penetration testing and security research. He's been involved in the CTF community for more than 5 years and he currently leads the 0daysober team. His current focus area is Linux heap exploits but he also love to tackle some Windows challenges. He has also created the W3Challs hacking platform, hosting challenges in categories including web, crypto, and userland/kernel wargames.
Topics for the first part of the course include:
- review of the current state of Linux userland security
- ROP and JOP techniques on Intel x86 and x86_64 architectures
- SSP bypasses
- other vulnerability classes
- miscellaneous tips and tricks relevant to both real life exploits and CTFs
- improving exploit reliability
- C++ exploitation (vftables, corruption of std objects...)
Then we will dive into heap-based exploitation and detail the inner workings of the glibc heap allocator so that you can finally understand the magic behind ptmalloc and how it can be abused to achieve remote code execution. Once you have made sense out of the allocator, we'll move onto exploitation, with step-by-step practice labs:
- manipulate allocations to put the heap in a deterministic state
- concepts behind heap overflow and Use After Free vulnerabilities
- discover the memory layout using some heap-fu to defeat Full-ASLR
- abuse heap data to get code execution or arbitrary read/write primitives
- achieve the same results with metadata-only techniques
- find the best suitable target to get code execution
This training requires some basic to intermediate knowledge in binary exploitation. You are expected to:
- be at ease with UNIX environments and know any scripting language (such as python or ruby)
- have a good understanding of the C language and be able to understand basic Intel assembly
- be familiar with basic exploitation techniques like stack buffer overflows
- know gdb basics
Students must bring a 64-bit laptop with VMware or VirtualBox installed.
2 days training, by Julien Oberson & Deniz Mutlu
Price: 1500.- CHF / Special student price: 800.- CHF
This training will be given in FRENCH
This training will familiarize system administrators and security professionals of any level with modern Windows attacks and best security practices, such as Windows security components and protocols, network scanning, Metasploit, lateral movements, credentials theft and vulnerability exploitation. After covering a large attack overview, the course introduces the latest Microsoft security features, such as Windows monitoring and log analysis, credentials protection, advanced authentication system, privileged access management, and much more. After that the course members will understand how to protect their infrastructure against modern attacks. Gets your hands dirty: This class is practice-oriented, lectures present real-world attacks and defenses methods that participants put into practice.ABOUT THE TRAINER
The course gives an idea of how pentesters and hackers think, and the best way to defend against them. To do so, this training is given by a duo of Red Team / Blue Team engineers. Both trainers have in combination more than 13 years of experience in offensive and defensive security.
- Windows Security Models (Authentication, Kerberos, NTLM, Active Directory)
- Windows Network Discovery (Network Scan, Active Directory Discovery, PingCastle)
- Metasploit in a nutshell (Modules, Exploit, Meterpreter)
- Lateral Movements (Pass-the-hash, Pass-the-ticket, Kerberoast, GPP, Bloodhound)
- Physical Attacks (Coldboot attack, DMA, Bitlocker, Secureboot)
- Vulnerability Exploitation & Protections (ASLR, MS17-010)
- Advanced Authentication Systems (vSmartCard, Windows Hello, MFA)
- Credential Protections (LSA Protection, VSM, Credential Guard)
- Privileged Access Management (Logon Types, Restricted Admin, Powershell Remoting, MSA/GMSA)
- Windows Monitoring & Log Analysis (Windows event forwarding)
- Active Directory Persistence (DCSync, Golden Ticket, Skeleton Key)
- Anti-virus evasion (MSFVenom, Windows Defender, AppLocker, Device Guard, Software restriction policy, Attack Surface Reduction)
Participants should have some familiarity with Windows Domains. A notebook capable of running an SSH client in order to connect to the infrastructure containing the exercises. The training will be given in French.