HITBSecTrain 2020
Brought to you by the same folks who run HITB Security Conferences around the world, HITBSecTrain is a curated series of cutting-edge and hands-on technical training courses delivered to you in-person and virtually by some of the most respected leading practitioners in the computer security industry.
A practical approach to malware analysis, hunting and memory forensics
DATE: 15-17 November 2020
TIME: 09:00 to 17:00 GST / GMT+4
This hands-on training teaches concepts, techniques and tools to understand the behavior and characteristics of malware by combining two powerful techniques, malware analysis and memory forensics.
Malware analysis and memory forensics are powerful analysis and investigative techniques used in reverse engineering, digital forensics and incident response.
Adversaries are becoming more sophisticated and carrying out advanced malware attacks on critical infrastructures, Data Centers, private and public organizations. This makes detecting, responding and investigating such intrusions increasingly critical for information security professionals.
Malware analysis and memory forensics have become a must-have skill for fighting advanced malwares, targeted attacks and security breaches.
This course will introduce attendees to basics of malware analysis,reverse engineering, Windows internals and memory forensics. It will then gradually progress deeper into more advanced concepts of memory forensics.
This course uses hands-on labs using real world malware samples and infected memory images (Crimewares, APT malwares, Rootkits etc) to help attendees gain better understanding of the subject.
The training also shows how these techniques can be incorporated in a sandbox to automate malware analysis. After taking this course attendees will be equipped with skill to analyze, investigate and respond to malware related incidents.
Students will be provided with:
- Course material
- Lab solution material
- Videos used in the course
- Malware samples used in the course/labs
- Memory Images used in the course/labs
- Custom Scripts
- Linux VM (to be opened with VMware Workstation/Fusion) containing necessary tools and samples
Mastering mobile hacking
DATE: 16-18 November 2020
TIME: 09:00 to 17:00 GST / GMT+4
In this training, veteran pentesters Guillaume Lopes and Davy Douhine will share many techniques, tips and tricks to deliver to pentesters, bug bounty researchers, app makers or anyone curious a 100% hands-on 3 days mobile training.
Goal is to introduce tools (Adb, Apktool, Jadx, Cycript, Frida, Objection, Hopper, etc.) and techniques to help trainees work faster and in a more efficient way in the mobile (Android and iOS) ecosystem. This is the exact training that you would have liked to have before wasting your precious time trying and failing while trying to assess the security of mobile applications.
- A VM will be provided to the attendees with the pre-installed tools to cover most of the labs.
- A Corellium access (iOS virtualisation) will be provided.
Secure coding and DevSecOps
DATE: 15-18 November 2020
TIME: 09:00 to 17:00 GST / GMT+4
The goal of this training is to equip participants with the skills, techniques, and mindset needed to secure applications using DevSecOps best practices.
In this training, participants will learn how to handle security at scale using DevSecOps practices. We will start with the basics of the Secure Coding, Secure SDLC, DevSecOps and move towards advanced concepts such as Security as Code, Configuration management, and Infrastructure as code.
The content of the training includes the know-how to do secure code reviews, security testing (SAST, DAST, SCA), and ways to support their teams in adopting the security tools and increase in the security posture of the applications through “secure by design” principles.
Training sessions will be comprised of both theory, demos, and hands-on exercises.
Black belt pentesting / Bug hunting millionaire: Mastering web attacks with full-stack exploitation
DATE: 15-16 November 2020
TIME: 09:00 to 17:00 GMT+4
Modern web applications are complex and it’s all about full-stack nowadays. That’s why you need to dive into full-stack exploitation if you want to master web attacks and maximize your payouts. Say ‘No’ to classical web application hacking. Join this unique hands-on training and become a full‑stack exploitation master.
HackerOne bug hunters have earned $20 million in bug bounties until 2017 and they are expected to earn $100 million by the end of 2020. Some of HackerOne customers include the United States Department of Defense, General Motors, Uber, Twitter, and Yahoo.
It clearly shows where the challenges and opportunities are for you in the upcoming years. What you need is a solid technical training by one of the Top 10 HackerOne bug hunters.
In & out (purple edition) – detection as code vs adversary simulations
DATE: 15-17 November 2020
TIME: 09:00 to 18:00 CET
This special In & Out – Detection as Code vs Adversary Simulations – Purple Edition (Red and Blue on Steroids) is an advanced, fast-track, lab-based training created to present participants:
- The importance of Blue and Red team cooperation
- Advanced detection methods and techniques against exfiltration and lateral movement including event mapping, grouping, and tagging
- Understand the tactics and behaviors of the adversary after gaining initial access to the network (Linux/Windows)
- Detection methods of C2 traffic, tunneling, hiding, pivoting and custom, simulated malicious network events
- Capabilities of many popular Open Source tools and integration with 3rd party security (IDS/IPS/WAF/EDR/FPC) and analytics solutions against adversaries C2-based actions
- Verification methods and techniques for product and service providers from IT Security space → in terms of internal testing and PoC / PoV programs
The primary goal of this training is to generate offensive attack events/symptoms within PurpleLABS infrastructure that later should be detected by Open Source SOC stack including Sigma – the open standard event description rule set and the rest of dedicated, open-source security solutions in use.
Participants will thoroughly familiarize themselves with the content of the available Sigma detection rules and their structure, better understand the essence of offensive actions, learn the low-level relationships between data sources, and thus achieve knowledge in creating their own detection rules and eventually bypassing them.
5G security awareness
DATE: 18 November 2020
TIME: 09:00 to 17:00 CET / GMT+2
This training is tailored to be accessible for everyone as a high-level study on 5G technology from a security standpoint, what are the innovative initiatives out there and some of the best practices we can learn from these.
This 5G Security awareness training will be delivered in 3 sessions of 2 hours each on 18 November, structured into 3x 2-hour remote video conference sessions.
- 09:00 – 11:00 CET: Security Strategies and Policies in a 5G World
- 12:00 – 14:00 CET: Diving into 5G Security
- 15:00 – 17:00 CET: Dealing with Legacy (from 2G to 5G)
Applied data science and machine learning for cyber security
DATE: 15-17 November 2020
TIME: 09:00 to 17:00 GST / GMT+4
This interactive course will teach security professionals how to use data science techniques to quickly manipulate and analyze network and security data and ultimately uncover valuable insights from this data.
The course will cover the entire data science process from data preparation, feature engineering and selection, exploratory data analysis, data visualization, machine learning, model evaluation and optimization and finally, implementing at scale—all with a focus on security related problems.
Participants will learn how to read in data in a variety of common formats then write scripts to analyze and visualize that data.
Software deobfuscation techniques
DATE: 15-17 November 2020
TIME: 09:00 to 17:00 GMT+4
Code obfuscation has become a vital tool to protect, for example, intellectual property against competitors. In general, it attempts to impede program understanding by making the to-be-protected program more complex. As a consequence, a human analyst who still aims to reason about the obfuscated code has to overcome this barrier by transforming it into a representation that is easier to understand.
In this training, we get to know state-of-the-art code obfuscation techniques and have a look at how these complicate reverse engineering. Afterwards, we gradually become familiar with different deobfuscation techniques and use them to break obfuscation schemes in hands-on sessions. Thereby, participants will deepen their knowledge of program analysis and learn when and how (not) to use different techniques.
First, we have a look at important code obfuscation techniques and discuss how to attack them. Afterwards, we analyze a virtual machine-based (VM-based) obfuscation scheme, learn VM hardening techniques and see how to deal with them.
In the second part, we cover SMT-based program analysis. In detail, students learn how to solve program analysis problems with SMT solvers, how to prove characteristics of code, how to deobfuscate mixed Boolean-Arithmetic and how to break weak cryptography.
Before we use symbolic execution to automate large parts of code deobfuscation, we first introduce intermediate languages and compiler optimizations to simplify industrial-grade obfuscation schemes. Following, we use symbolic execution to automate SMT-based program analysis and break opaque predicates.
The last part covers program synthesis, an approach that learns the code’s semantics based on its input-output behavior. We explore how to collect input-output pairs; then, we use program synthesis to deobfuscate mixed Boolean-Arithmetic and learn the semantics of VM instruction handlers.
TS-501 5G telecom security hands-on
DATE: 15-17 November 2020
TIME: 09:00 to 18:00 CET
With the growth in 5G proof-of-concepts and early deployment, 5G market adoption and usage direction are increasing and being set in place as operators prepare for massive deployment.
This 5G Training Session (TS-501) will help security and telecom professionals get an understanding of the key concepts of 5G, their security, the implementation of such architectures and the impact in terms of related risks.
All trainees will receive the full deck of the training materials at the conclusion of the session.
Advanced fuzzing and crash analysis
DATE: 16-19 November 2020
TIME: 09:00 to 17:00 (GMT +4)
This class is designed to introduce students to the best tools and technology available for automating vulnerability discovery and crash triage with a focus on delivering a practical approach to applying this technology in real deployments.
Through an applied understanding of introductory program analysis and binary translation, techniques for finding various bug classes and methods for improved crash debugging will be discussed.
We will take a deep dive into fuzzing, covering all aspects of this practical approach to finding bugs. As the most approachable and versatile of the available tools, the student will apply various fuzzing techniques to several real-world pieces of software.
Students will learn strategies for analyzing attack surface, writing grammars, and generating effective corpus. We will explore in detail the latest innovations such as harnessing code coverage for guided evolutionary fuzzing and symbolic reasoning for concolic fuzzing.
We approach crash analysis through the lens of scriptable debuggers and program analysis. We will apply tools like reverse debugging and memory debuggers to assist in interactively diagnosing root cause of crashes.
Then we will leverage the power of dynamic taint tracking and graph slicing to help isolate the path of user controlled input in the program and identify the exact input bytes influencing a crash. Lastly, we will look at possible ways to determine the impact of a vulnerability.
This class will focus on x86/x64 architecture and target file parsers, network parsers and browsers on both Windows and Linux environments.