Training

Check-in for trainings opens at 8:30am and classes begin at 9:00am.

Malware Discovery and Basic Analysis
Trainer: Michael Gough (Principal Security Consultant) of NCC Group
April 3 – April 4
9am-4pm
$500

Prerequisite/Level: Beginner/Intermediate

Malware Discovery and Malware Analysis is an essential skill for today’s Information Security, Security Operations Center (SOC), and IT professionals. This course is perfect for people wanting to improve and get faster at Incident Response and triage.

This course focuses on performing fast triage and how to discover if a system has malware, how to build a malware analysis lab and perform basic malware analysis quickly. The goal and objectives are to apply the results with actionable information to improve your Information Security program. Tools and techniques used and steps to analyze malware to determine if a system is clean or truly infected will be covered. The concept of Malware Discovery, Basic Malware Analysis, Live Triage/IR vs. forensics will be discussed with exercises linking the concepts together. This course is intended to expose and improve the attendee’s ability to quickly evaluate a system for everyday commodity malware that you might get in email phishing or surfing to advanced targeted malware. The focus will be on Windows systems; but will touch on some tools for Apple and Linux systems as well.

All attendees will get a copy of LOG-MD Professional and File-MD as part of the class.

Ransomware Affiliate Training
Trainers: Andrew Lemon (CEO) of Red Threat
April 3 – April 4
9am-4pm
$500

Prerequisite/Level: Beginner/Intermediate

In this hands-on training students will use tools, techniques, and procedures literally stolen from real ransomware groups. Instructors will guide students through a ransomware engagement from the attacker’s perspective: from gaining initial access to a network, escalating privileges, destroying backups, and exfiltrating data, to disabling antivirus software, creating a ransomware locker, deploying the ransomware, and even negotiating a mock ransom payment. By the end of this training, students will have a firm understanding why ransomware is effective despite the multi-million-dollar tools, cyber kill chains, and frameworks deployed by organizations. Students will also learn what to look for in their own networks and what controls should be deployed to prevent them from being victims.

This is a beginner friendly course targeted at individuals with general IT experience. Familiarity with command line, networking concepts, and active directory will allow students to get the most out of the class. No penetration testing experience is required. Students will need an AWS and snaplabs account to access the labs.

Vulnerability Management
Trainer: Geoff Wilson (CEO) of Go Security Pro
April 3
Time: 10am-3pm
$125

Prerequisite/Level: Beginner/Intermediate – A basic understanding of computer networking (e.g., TCP/IP stack familiarity)

Geoff Wilson with Go Security Pro will open the playbook on what makes for a successful Vulnerability Management program. This class is for IT professionals and leadership who play a role in vulnerability management. Topics include the following:

  • 2024 regulatory landscape relating to vulnerability management
  • Vulnerability management foundations
  • Vulnerability management versus risk management
  • The vulnerability management lifecycle
  • Network Vulnerabilities
  • System & Application Vulnerabilities
  • Vulnerability assessment tools including Burp Suite, Qualys, Tenable,
  • Vulnerability Scanning, Vulnerability Assessments, Penetration Testing
  • Identifying vulnerabilities that scanners don’t find
  • How to prioritize vulnerabilities using:
  • Common Vulnerability Scoring System (CVSS) versions 2 and 3
  • CISA’s Known Exploited Vulnerabilities Catalog
  • Using PowerBI to create custom vulnerability management dashboards
  • Communicating vulnerability management progress to leadership

The training will include hands-on learning opportunities. This training will not be product- specific and only Microsoft Excel and optionally PowerBI will be required. Attendees should bring a laptop computer with Microsoft Excel and PowerBI if possible for the hands-on labs.This training course is designed for IT professionals who are tasked with vulnerability management and want to enhance their capabilities.

Risk Management and Assessments
Trainers: Geoff Wilson (CEO) and Carrie Randolph (GRC Lead) of Go Security Pro
April 4
Time: 9am-4pm
$125

Prerequisite/Level: None/Beginner

Geoff Wilson and Carrie Randolph with Go Security Pro will open the playbook on what makes for a successful Risk Management and Assessment program. This class is for IT professionals and business professionals who play a role in risk management. Topics include the following:

  • 2024 regulatory landscape
  • Risk management foundations
  • Vulnerability management versus risk management
  • The risk management lifecycle
  • How to perform a risk assessment that will satisfy a regulator
  • Common risk management pitfalls
  • Managing assessed risks effectively
  • Governance structures to support risk management
  • Communicating risk to leadership
  • Third party risk management

The training will include hands-on learning opportunities. This training will not be product-specific and only Microsoft Excel will be required. Attendees should bring a laptop computer with Microsoft Excel for the hands-on labs. This training course is designed for IT professionals and other business leaders who want to learn about risk management and risk assessments. The course will focus on IT topics, so an IT background is useful but not necessary.

BASH’n PowerShell
Trainers: James Lawler & John Robertson
April 3
Time: 9am-4pm
$250

Prerequisite/Level: Beginner/Intermediate (Basic Windows and/or Linux Operating Systems)

NOTE: If you have interest in only BASH or only Powershell, please contact info@bsidesok.com to discuss half-day training.

This course will go over and attempt to train the student everything they need to know about BASH and PowerShell in hopes to get more people comfortable with command line interfaces and display the power and speed in doing so. We will go over ways to use these ‘shells’ for anything from system administration to information security related tasks and duties. This course will have instructor presented content, but will be a lot of practical based and hands on practicals for the students learning benefit.

Bring a laptop running Windows with Windows Subsystem for Linux or your Linux machine running PowerShell installed either via snap or the .netcore SDK. We may have time to help you the day of during breaks and exercise time blocks.

Leading an Incident Response
Trainer: Jonathan Kimitt (CISO) and Tanner Shinn (Security Team Lead) of Alias Cybersecurity
April 3
Time: 9am-4pm
$250

Prerequisite/Level: Beginner/Intermediate

No one wishes for an Incident. Everyone eventually wishes they’d planned for one. Join Jonathan Kimmitt and Tanner Shinn for a tag-team workshop. You’ll learn the importance of and process for developing IR policies, procedures, and playbooks. Then you’ll have the chance to practice how those play out in a tabletop-style scenario workthrough. For those with laptops, you’ll have the chance to learn and practice some basic skills and tools used to track down an issue and determine the right course of action. You’ll leave the workshop equipped to approach an Incident from both the operational and technical domains.

Introduction to Pentesting
Trainer: Phillip Wylie
April 4
Time: 9am-4pm
$250

Prerequisite/Level: None/Beginner

Penetration testing or pentesting as it is commonly referred to, is part of the offensive security domain. Pentesting utilizes hacking tools and techniques to assess the security of a target. In this workshop the focus is on networks and web applications. Attendees will learn about the tools, techniques, methodologies, and standards used in pentesting, and vulnerability assessments. The following pentesting methodology and standards covered:

 

  • Penetration Testing Execution Standard (PTES)
  • OWASP Top 10 and Testing Guide
  • Tools covered are but not limited to:
  • Network and web application vulnerability scanners
  • Nmap port and service scanner
  • Metasploit Framework exploitation tool
  • Web app pentesting tools including Burp Suite, ZAP, fuzzers, and more.
  • Plus, other Free and Open-Source Software (FOSS) tools available in the Kali Linux pentesting distribution
Red Team Fundamentals for AD
Trainer: Eric Kuehn (Principal Security Consultant) of Secure Ideas
April 3
Time: 9am-4pm
$250

Prerequisite/Level: Beginner/Intermediate (Basic grasp of Windows Operating Systems and PowerShell)

The Red Team Fundamentals for Active Directory course is an 8-hour class focused on explaining the fundamentals of Active Directory and how different aspects can be exploited when performing penetration tests. The goal is not only to cover different attacks but also explain the details of why they work and how an environment can be made resilient to them and potentially detect malicious activity. This combination opens the course to those looking to hone their offensive skills as well as those who are protecting an enterprise network.

The course mixes lecture with a number of hands-on exercises to reinforce the information and techniques. The activities will cover ways to examine an Active Directory environment, looking for a variety of misconfigurations that are commonly seen in Active Directory implementations (even by some security conscious entities), and then exploit these issues to pivot and escalate our access. Ultimately, the students will gain full control of an AD Forest… [full course description may be found at: https://www.antisyphontraining.com/red-team-fundamentals-for-active-directory/ ]

Escaping the Box: Container & Kubernetes
Trainer: Corey Sabol (Information Security Consultant) of Secure Ideas
April 4
Time: 9am-4pm
$250

Prerequisite/Level: Beginner/Intermediate (Basic understanding of Linux/UNIX command line, networking concepts, and a foundational knowledge of containerization and Kubernetes.)

Join us for a dynamic, one-day deep dive into container escapes and Kubernetes hacking. “Escaping the Box: Container and Kubernetes Hacking” is designed for cybersecurity professionals who are looking to elevate their skillset and understand the vulnerabilities that exist within containerized environments and orchestration tools.

What You Will Learn:

  • Container Fundamentals: Start with a solid foundation by understanding container technologies, such as Docker.
  • Escape Techniques: Master the art and science of escaping from a container to gain wider access to the underlying host or other containers, leveraging real-world scenarios and techniques.
  • Kubernetes Under the Hood: Dive deep into Kubernetes architecture, learning how to exploit its components, such as the API server, etcd, kubelet, and more, for unauthorized access and control.
  • Hands-On Hacking Lab: Apply what you’ve learned in a controlled, realistic lab environment. Test your skills against challenges designed to mimic real-world vulnerabilities in container and Kubernetes setups.
  • Defense Strategies: Learn not just to exploit, but also to protect. We’ll cover the best practices in securing containerized environments and Kubernetes clusters, including network policies, pod security policies, and role-based access control (RBAC).

Takeaway:
Participants will leave with a practical understanding of container and Kubernetes security vulnerabilities, equipped with the knowledge to both exploit and defend against these vulnerabilities in real-world scenarios.
Embark on this journey to master the art of breaking out of containers and maneuvering through Kubernetes clusters, arming yourself with the skills to protect your organization in the era of cloud-native technologies.