Please contact us directly at email@example.com if you have questions for any of the below trainings.
If you are a trainer send an abstract, and related information to the same email address.
Early Bird pricing are valid until Jan 1st 2018.
Regular Pricing are valid until March 1st 2018.
Any registration after the 1st March will subject to a 20% fee.
2 Day Course, lecture and exercises
Early bird: $1,950 USD/student
Regular: $2,250 USD/student
Date: 4-5 April 2018
Network defense is informed by knowing the network, and knowing the adversary – but few practitioners have the fortune of possessing this knowledge before a major breach. Industrial Control System (ICS) networks provide particular challenges due to limitations on operational testing and traditional red team exercises. To address the need for critical assessment of ICS-related networks for developing defensive strategy, this training provides attendees with a comprehensive exercise to identify critical network assets within a theoretical IT and ICS environment, driven by threat intelligence and threat actor profiles.
Starting with an overview of strategy and applying strategic concepts to network defense, attendees will formulate a comprehensive, adversary-oriented network defense plan covering IT and ICS environments. Following additional overview and critique of planning, attendees will then test the plan through an iterative, guided wargaming exercise – the goal being to test planning comprehensiveness, identify gaps, and improve planning and implementation over time. This training is suitable for all levels of security practitioner – from CISO to SOC analyst – as a means to improve and refine defensive planning, especially within environments containing ICS.
Who Should Attend:
Key Learning Objectives:
Joe Slowik is currently an adversary hunter for Dragos: finding, tracking, and defeating ICS threats is both his job and his passion. Prior to that, Joe ran the incident response team at Los Alamos National Laboratory, where he transitioned the organization from passive alert monitoring to active hunting operations. Joe got his start in ‘cyber’ thanks to the Navy telling him to work on computers instead of riding submarines – and he has been moving ever further away from government work since.
4 Day Course, lecture and exercises
Early bird: $3,900 USD/student
Regular: $4,500 USD/student
Date: 2-5 April 2018
This class is designed to introduce students to the best tools and technology available for automating vulnerability discovery and crash triage with a focus on delivering a practical approach to applying this technology in real deployments at any scale.
Through an applied understanding of introductory program analysis and binary translation, techniques for finding various bug classes and methods for improved crash debugging will be discussed. We will analyze the properties of memory corruption from integer overflows, uninitialized variables, use-after-free and look at applying tools such as compiler plugins, binary instrumentation frameworks, memory debuggers, and fuzzers to discovering each one.
Next take a deep dive into fuzzing, covering all aspects of this practical approach to finding bugs. As the most approachable and versatile of the available tools, the student will apply various fuzzing techniques to several real-world pieces of software. Students will learn strategies for analyzing attack surface, writing grammars, and generating effective corpus. We will explore in detail the latest innovations such as harnessing code coverage for guided evolutionary fuzzing and symbolic reasoning for concolic fuzzing.
We approach crash analysis through the lens of scriptable debuggers and program analysis. We will once again look at properties of how memory corruption manifests in a crashing condition. We will apply tools like reverse debugging and memory debugging scripts to assist in interactively diagnosing root cause of crashes. Then we will leverage the power of dynamic taint tracking and graph slicing to help isolate the path of user controlled input in the program and identify the exact input bytes influencing a crash. Lastly, we will look at possible ways to aid in determining severity of a vulnerability.
This class will focus on x86/x64 architecture and target Windows and Linux environments, however some discussion regarding applications to ARM and mobile platforms will also be included and all of the concepts if not the direct tools will be useful in other environments.
Who Should Attend:
This class is meant for professional developers or security researchers looking to add an automation component to their software security analysis. Students wanting to learn a programmatic and tool driven approach to analyzing software vulnerabilities and crash triage will benefit from this course.
Key Learning Objectives
Students should be prepared to tackle challenging and diverse subject matter and be comfortable writing functions in in C/C++ and python to complete exercises involving completing plugins for the discussed platforms. Attendees should have basic experience with debugging native x86/x64 memory corruption vulnerabilities on Linux or Windows.
Hardware / Software Requirements
Students should have the latest VMware Player, Workstation, or Fusion working on their machine
Richard Johnson is a computer security specialist with a focus on software vulnerability analysis. Currently the Research Manager of Talos Group for Cisco, Richard offers 15 years of expertise and leadership in the software security industry. Current responsibilities include research and development of advanced fuzzing and crash analysis technologies facilitating the automation of the vulnerability triage and discovery process. Richard has presented annually at top-tier industry conferences worldwide for over a decade and was co-founder of the Uninformed Journal.