Only a Ninja Can Stop a Ninja

This class is run a little different from most classes. We provide you purpose-built recorded lectures instead of trapping you in realtime with live-lectures. But fear not, the instructor is always right there eagerly waiting to mingle with the students and answer any questions you have. (The instructor really likes being asked questions. It shows you're paying attention ;)). One of many benefits is that you can watch lectures at 2x speed and zoom ahead of the other students and get to the hands on labs quicker. Or if there's bits of material you already know, you can just skip them and move on to the bits you don't know! Another big benefit is that you get to take the full lectures and labs with you! That means if you forget stuff and then need it in 6 months, you can quickly re-bootstrap yourself! Or you can watch the class twice, to really grow those neural connections and cement it in your brain! And unlike live lectures, our lectures are always getting more factually accurate, by having any accidental errors edited out.

Go HERE to join the 2-day x86-64 Assembly class. Or,
Go HERE to join the 2-day x86-64 OS Internals class. Or,
Go HERE to join the 4-day x86-64 Reset Vector Firmware class.

This class is designed to give you all the background you need to understand how x86-64 reset vector firmware works, and what the most common security misconfigurations are. It will prepare you to be able to read and understand the existing attack and defense research in the space, taking an explicit walk through of the attack and defense moves and counter-moves threat tree. And as always, this classes teaches you to be comfortable with Reading The Fun Manual (RTFM!) to go seek out the most accurate details of how things work, and to see out new problems in new areas that no one's read yet with a security mindset.

You can also opt to attend this class on 23 & 24 Nov instead. To do so, just email info@cyberweek.ae

Go HERE to join the 2-day x86-64 Assembly class. Or,
Go HERE to join the 2-day x86-64 OS Internals class. Or,
Go HERE to join the 4-day x86-64 All You Can Learn Buffet class.

This class teaches you about the fundamental hardware mechanisms which all operating systems, virtualization systems, and firmware *must* interact with in order to run successfully on x86 hardware. This is taught in a *mostly* OS-agnostic way focusing on Intel-isms rather than OS-isms (albeit with using Windows as reinforcement, thanks to its excellent kernel-level debugging support.) This class also teaches you to be comfortable with Reading The Fun Manual (RTFM!) to give you self-sufficiency when seeking out the most accurate details of how things work.

You can also opt to attend this class on 23 & 24 Nov instead. To do so, just email info@cyberweek.ae

Go HERE to join the 2-day x86-64 Assembly class. Or,
Go HERE to join the 2-day x86-64 Reset Vector Firmware class. Or,
Go HERE to join the 4-day x86-64 All You Can Learn Buffet class.

This class teaches you how to disassemble binaries, read x86-64 assembly language, and debug black-box binaries in WinDbg and GDB. This knowledge of assembly is the fundamental skill which is required to learn reverse engineering and vulnerability exploitation. Reverse engineering is in turn a fundamental skill which is required for malware analysis and vulnerability hunting.

 

You can also opt to attend this class on 23 & 24 Nov instead. To do so, just email info@cyberweek.ae

 
Go HERE to join the 2-day x86-64 OS Internals class. Or,
Go HERE to join the 2-day x86-64 Reset Vector Firmware class. Or,
Go HERE to join the 4-day x86-64 All You Can Learn Buffet class.  

The primary goal of this training is to show and teach you how to generate offensive attack events/symptoms against Linux boxes that you will detect in parallel by using PurpleLABS SOC stack powered by Sigma Rules – the open standard event description ruleset – and the rest of the dedicated, Open Source security solutions in use. Participants will thoroughly familiarize themselves with the content of the available Sigma detection rules and their structure, better understand the essence of offensive actions in Linux subsystems, learn the low-level relationships between data sources, and thus achieve knowledge in creating their own detection rules (and eventually bypassing them).

Participants will thoroughly familiarize themselves with the content of the available Sigma detection rules and their structure, better understand the essence of offensive actions, learn the low-level relationships between data sources, and thus achieve knowledge in creating their own detection rules (and eventually bypassing them).

This training is designed to give to Integrated Circuit professionals as well as newcomers a deep understanding of the complete Reverse-Engineering and Exploitation chain for various purposes such as building more secure designs, choosing the right device for a given application, improving the security risk assessment by taking the embedded firmware into consideration but also to find vulnerabilities in « Secure Elements » so as to conduct forensics analysis.

 

ALL TRAINEES WILL BE ENTITLED TO APPLY FOR A 30-DAY CHIPJUICE LICENSE BY TEXPLAINED

 

The course will not focus on the mathematics or theory, but on the practical applications: the course will provide a mix of technical and theoretical insights and shows you how to practically implement fraud detection models.Moreover, during the course you will understand how to deal with the typical challenges of the fraud analytics task (e.g., data scarcity and imbalancing) and will get advice from real-life experience to help you prevent making common mistakes in the fraud detection domain.

During this two day training we are going to discuss threat model of IoT devices with backend interaction. Our examples are based on STM32 and ESP32 microcontrollers, SDR demonstrations are done with bladeRF 2.0.
YOU WILL BE USING YOUR HITB BADGE AS AN IOT HACKING DOLL AND YOU’LL BE ABLE TO PUMP YOUR SKILLS BY SOLVING OVER A DOZEN SPECIALLY CRAFTED CTF-LIKE CHALLENGES!

This is an introductory course for those starting the journey into penetration testing or those working in environments where understanding how hackers think and the tools, tactics and techniques they use are of essence. The course presents the background information, technical skills and basic concepts required to those desiring a foundation in the world of information security. By the end of the course, you will have a good grasp of how vulnerabilities and exploits work, how attackers think about networks and systems and have compromised several of them, from infrastructure, web applications to Wi-Fi.

INCLUDES IN-TRAINING ACCESS TO YOUR OWN INDIVIDUAL LAB, POST-TRAINING SUPPORT, AND CREDENTIALS TO SENSEPOST’S WEB CLASS PORTAL CONTAINING SLIDES, WALKTHROUGHS AND TOOLS!

If you want to learn how to understand and compromise WiFi networks, this is your course. If you want to really understand what’s going on and master WiFi attacks in such a way that you can vary them when you encounter real world complexities, this course will teach you what you need to know. This course is highly practical, with concepts taught through theory delivered while your hands are on the keyboard, and semi-self-directed practicals at the end of each section to reinforce the learning.

INCLUDES IN-TRAINING ACCESS TO YOUR OWN INDIVIDUAL LAB, POST-TRAINING SUPPORT, AND CREDENTIALS TO SENSEPOST’S WEB CLASS PORTAL CONTAINING SLIDES, WALKTHROUGHS AND TOOLS!

This course will teach you how to analyse web applications for vulnerabilities and exploit them. SensePost has been conducting penetration tests against web applications for nearly two decades and has distilled their approach into this course. Providing a thorough and scientific approach, techniques to maximise coverage of an application will be taught. Whether you're a developer looking to better understand how to defend your applications or a penetration tester looking to enhance your web application bug hunting, this course is for you.

INCLUDES IN-TRAINING ACCESS TO YOUR OWN INDIVIDUAL LAB, POST-TRAINING SUPPORT, AND CREDENTIALS TO SENSEPOST’S WEB CLASS PORTAL CONTAINING SLIDES, WALKTHROUGHS AND TOOLS!

Participants will thoroughly familiarize themselves with the content of the available Sigma detection rules and their structure, better understand the essence of offensive actions, learn the low-level relationships between data sources, and thus achieve knowledge in creating their own detection rules (and eventually bypassing them).

This interactive course will teach security professionals how to use data science techniques to quickly manipulate and analyze network and security data and ultimately uncover valuable insights from this data.

WITH POST-TRAINING 30-DAY SUPPORT BY THE INSTRUCTOR

This training introduces the learner to the world of automotive security and car hacking, and gives an opportunity to learn about in-vehicle networks - the nervous system of a vehicle - hands-on. Students will learn the fundamentals of in-vehicle networking, the most common technologies used, and how to use a CAN bus using accessible hardware and software available to anyone for further research and education. With automotive security becoming a legal requirement in more and more countries, there is no better time to begin learning how to hack (and of course, defend) a vehicle!

This class is intended for students who have basic experience in reverse engineering and have to deal with obfuscated code. Furthermore, the course is also interesting for experienced reverse engineers who aim to deepen their understanding in program analysis techniques and code (de)obfuscation.

This course will explain the concept and architecture of IoT devices, and then jump into legit “in the wild” / real hacking techniques and analysis used against real targets.  We will also review the real world exploit, as a framework for how these security issues start through development, so that students can get a glimpse of the world of IoT security.

New for 2021, in.security's 2-day Defending Enterprises training is the natural counterpart to their popular Hacking Enterprises course. From SIEM monitoring, alerting and threat hunting, you’ll play a SOC analyst in their cloud-based lab and try to rapidly locate IOA’s and IOC’s from an enterprise breach. You’ll use a combination of Microsoft Azure Sentinel and Elastic platforms to perform practical exercises. In each instance, filters and/or expressions will be supplied for both platforms (where applicable).

14-DAYS FREE LAB TIME AFTER CLASS AND DISCORD SUPPORT

Keeping software free of vulnerabilities is a cat-and-mouse game, because of the multiple layers where security bugs can hide within the software stack of an application. Therefore we show techniques to discover bugs in both, source code, bytecode and native code, as needed in real life.

Modern web applications are complex and it’s all about full-stack nowadays. That’s why you need to dive into full-stack exploitation if you want to master web attacks and maximize your payouts. Say ‘No’ to classical web application hacking. Join this unique hands-on training and become a full‑stack exploitation master.

COMES WITH FREE ACCESS TO DAWID CZAGAN'S 6x ONLINE COURSES:

• “Start Hacking and Making Money Today at HackerOne”
• “Keep Hacking and Making Money at HackerOne”
• “Case Studies of Award-Winning XSS Attacks: Part 1”
• “Case Studies of Award-Winning XSS Attacks: Part 2”
• “DOUBLE Your Web Hacking Rewards with Fuzzing”
• “How Web Hackers Make BIG MONEY: Remote Code Execution”

 

This course explains through practical and real examples how to analyze malicious documents, which are the main vector of infection by malware in the current days and, different of the common intuition, can be very hard to analyze. During the class, students will learn how to perform static and dynamic analysis of different types of documents such as pdf, doc/docx, xls/xlsx, rtf, msi, and so on, which adversaries use many anti-forensic tricks such as obfuscated shellcodes, embedded documents, obfuscated scripts, and many other tactics.

This course will give you all the prerequisites to understand which kind of vulnerability can be found inside Rust code. You will learn how to find low hanging fruits bugs manually and automatically using Rust auditing tools. Finally, you will discover how to build custom Rust fuzzers, triage/debug crashes and improve your code coverage using different techniques. This training offers participants multiple hands-on exercises allowing them to internalize concepts and techniques taught in class.

This course explains through practical and real examples how to identify and hide backdoors in asymmetric cryptographic protocols using modified random number generators. This class is focusing on practical examples and real life case studies. During the course we will analyze and implement fully undetectable and indistinguishable backdoors in common applications such as SSH, HTTPS, PGP and VPN.

In this course we introduce common Active Directory misconfigurations, what their root cause is and how they can be abused. The course focuses on abusing real life misconfigurations and steers away from the traditional penetration testing tools and methodologies.

This class is designed to introduce students to the best tools and technology available for automating vulnerability discovery and crash triage with a focus on delivering a practical approach to finding vulnerabilities in real world targets.

This 4-day course will give an in depth examination of a variety of current heap allocators in the context of exploit development, including glibc’s ptmalloc2, Chrome’s PartitionAlloc, JEMalloc, TCMalloc, and embedded allocators such as avr-libc, newlib, or dietlibc, and those used in Linux Docker images such musl and uClibc.  

The TEEPwn experience takes an offensive perspective and dives into the darker corners of TEE security. It is designed with a system-level approach, where you will experience exploitation of powerful vulnerabilities specific for TEE technology. Moreover, it’s hands-on, well-guided and driven by an exciting jeopardy-style game format.

This hands-on training teaches concepts, techniques and tools to understand the behavior and characteristics of malware by combining two powerful techniques, malware analysis and memory forensics. This course will introduce attendees to basics of malware analysis,reverse engineering, Windows internals and memory forensics, it then gradually progresses deep into more advanced concepts of memory forensics.