Training

In addition to the lecture tracks, we have specialized and in-depth training courses available before the conference proper. Please review the available courses listed below if you are interested in advanced training.

All training courses listed are available, however in order to ensure that it is worth our trainers' time and effort, each course is pre-registration only until the attendance threshold indicated is met. Once the attendance threshold is met, pre-registrants will be contacted with full registration and tuition payment instructions. Please pre-register for courses listed below by clicking the PRE-REGISTRATION link on the course listing.

Please use the navigation menu to the left to quickly jump to the desired course.

Cloud Computing Security Knowledge Basic

Chris Simpson

Tuition: $695.00
Discount: $50.00 for active Military or Government Employees (email for discount code)
Dates: April 18th
Minimum Attendance Threshold: 6
CCSK_Course_Modules.pdf
REGISTER

The Cloud Computing Security Knowledge- Basic class provides students a comprehensive one day review of cloud security fundamentals and prepares them to take the Cloud Security Alliance CCSK certification exam. Starting with a detailed description of cloud computing, the course covers all major domains in the latest Guidance document from the Cloud Security Alliance, and the recommendations from the European Network and Information Security Agency (ENISA). This class is geared towards security professionals, but is also useful for anyone looking to expand their knowledge of cloud security. (We recommend attendees have at least a basic understanding of security fundamentals, such as firewalls, secure development, encryption, and identity management). Price includes test token to take the CCSK exam.

Prerequisites

• A laptop

Chris Simpson

Chris Simpson is the owner of Bright Moon Security a Cyber Security consulting firm in San Diego, CA. He spent 27 years in the Navy and has extensive experience in the information security field. Previous assignments include a tour as the Information Assurance Manager for Commander, Combined Forces Command Afghanistan and the Third Fleet Information Systems Security Manager. Since leaving the Navy, Chris has focused on cloud security and helping people understand the security issues related to operating in the cloud. He is also an adjunct professor in Cyber Security and Information Assurance at National University.

Cloud Computing Security Knowledge Plus

Chris Simpson

Tuition: $1195.00
Discount: $100.00 for active Military or Government Employees (email for discount code)
Dates: April 18th - 19th
Minimum Attendance Threshold: 6
CCSK_Course_Modules.pdf
REGISTER

The CCSK- Plus class builds upon the CCSK Basic class with expanded material and extensive hands-on activities with a second day of training. Students will learn to apply their knowledge as they perform a series of exercises as they complete a scenario bringing a fictional organization securely into the cloud. This second day of training includes additional lecture, although students will spend most of their time assessing, building, and securing a cloud infrastructure during the exercises. A notebook computer with wireless capability is required for the second day of class. Price includes test token to take the CCSK exam.

Prerequisites

• A laptop with wireless networking, SSH software such as PuTTY, and VirtualBox installed.
• An Amazon EC2 account (instructions will be made available two weeks prior to class)

Chris Simpson

Chris Simpson is the owner of Bright Moon Security a Cyber Security consulting firm in San Diego, CA. He spent 27 years in the Navy and has extensive experience in the information security field. Previous assignments include a tour as the Information Assurance Manager for Commander, Combined Forces Command Afghanistan and the Third Fleet Information Systems Security Manager. Since leaving the Navy, Chris has focused on cloud security and helping people understand the security issues related to operating in the cloud. He is also an adjunct professor in Cyber Security and Information Assurance at National University.

Finding Server Side Vulnerabilities in SCADA/HMI Software

Luigi Auriemma
Donato Ferrante

Tuition: $2,000.00
Discount: $150.00 for active University Students (email for discount code)
Dates: April 18th - 19th
Minimum Attendance Threshold: 6
CANCELED

The security of a SCADA/HMI system relies in its core. Server-side bugs on such systems can heavily impact the functionality and the integrity of whole infrastructure. In this class students will act as attackers; they will learn how to find server-side vulnerabilities in SCADA/HMI software. By working on real applications, Students are taught how to identify encryption and compression algorithms and how to derive protocol opcodes in order to reach obscure spots of SCADA/HMI systems where the most interesting vulnerabilities are.

The course has been divided in four modules.

• Module 1: SCADA security. Students will learn about common security issues that can be found in SCADA systems, and will perform analysis of real world vulnerabilities.
• Module 2: Dissecting SCADA protocols. Students will learn how to reverse and obtain SCADA protocol opcodes.
• Module 3: Fuzzing SCADA systems. Students will learn how to write and use custom fuzzers.
• Module 4: Attacking SCADA systems. Students will learn how to find server-side vulnerabilities in real SCADA systems. Advanced students will learn how to write exploits for the vulnerabilities they will find during this module.

Prerequisites

• Ability to work on a Windows based system
• Basic knowledge of Assembly x86 (nice to have, but not required)
• VirtualBox - we provide a VirtualBox image with all the software already installed on it

Luigi Auriemma

Co-Founder and Security Researcher at ReVuln Ltd. Luigi has been in the security field for more than a decade, as an Independent Security Researcher he is a world recognized expert in this field and discovered more than 2000 vulnerabilities in widely used software. Luigi is the man who found and disclosed several remotely exploitable vulnerabilities in well known server-side SCADA/HMI products of vendors like: GE, Siemens, Wonderware, and ABB/Rockwell.

Donato Ferrante

Co-Founder and Security Researcher at ReVuln Ltd. Prior to founding ReVuln Ltd., Donato was a Security Researcher for Research In Motion (Blackberry), where his daily job was performing security research and vulnerability assessments of RIM authored code, products and services including infrastructure, devices, and QNX operating system. Donato found several vulnerabilities in well known commercial products and open source software and his first public disclosed security advisory was released in 2003.

Malware Analysis (Basic)

Orlando Padilla

Tuition: $1,200.00
Dates: April 16th - 17th
Minimum Attendance Threshold: 6
PRE-REGISTRATION OPEN

This course teaches you all the fundamental requirements necessary to analyze malicious software from a behavioral perspective. Using system monitoring tools this course teaches how to observe malware in a controlled environment to quickly analyze its malicious affects to the system. From simple keyloggers to massive botnets this class covers a wide variety of current threats used on the Internet today with actual samples being analyzed in the training environment. With the majority of the class being hands-on each student will be issued a laptop with a secure environment to learn the skills and essential methodology required to be an effective malware analyst.

Using Microsoft's TM Sysinterals tools we demonstrate the system monitoring required to analyze malware samples. In addition to the Sysinternals Suite we show our students a number of other tools to help facilitate the analysis of internet connected malware and network traffic resulting from the execution of the malware.

Attending students will learn:

• How to identify malware and discover it's capabilities
• How to setup a secure lab environment to analyze malicious software
• How to use open source tools to characterize malware samples quickly obfuscation methods used by attackers to escape detection
• How to analyze many real malware samples including: Keyloggers, Botnets, User Mode Rootkits, Kernel Mode Rootkits, Macro Viruses, Trojan Horses, Worms, and Malicious Documents.

Prerequisites

• General familiarity with the Windows platform

Recommendations

• Windows platform programming experience

Orlando Padilla

Orlando Padilla�s primary areas of expertise include network and application penetration testing, source code review, reverse engineering, and advanced research and development. His work experience includes senior research positions with Symantec's security R&D team as well as security roles with Northrop Grumman, Computer Associates, and Digital Defense.

Experience Highlights

• MTEM 2010 Lecture on Stealth Malware Techniques at MIT
• GFIRST 2008 Co-Talk with Ryan Walters on Advanced Persistent Threats
• Published the following whitepapers (selected):
  • The Impact of Malicious Code on Windows Vista, Symantec Advanced Threat Research, February 2007
  • Wars Within: It�s not just spam anymore, Uninformed Journal Volume 5, September 2006
  • Analyzing Common Binary Parser Mistakes, Uninformed Journal Volume 3, January 2006
  • Athens, Greece, Olympic Games 2004 Lead architecture deployment for their perimeter defenses

Malware Analysis (Intermediate)

Orlando Padilla

Tuition: $2,400.00
Dates: April 16th - 19th
Minimum Attendance Threshold: 6
PRE-REGISTRATION OPEN

This course includes the Basic Malware Analysis Course.

Equipped with the behavioral Malware Analysis knowledge from the Basic Malware Analysis course you're ready to adventure into more advanced malware topics by attending the Intermediate Malware Analysis course. During this two day course we'll show you how to do Static Malware Analysis using a debugger. Since looking at assembly code in a debugger can be frustrating and almost impossible without a previous understanding of programming fundamentals and compiler operations we require that the students who attend this course have Assembly language knowledge or have completed our Assembly for Reverse Engineers course.

During the week of instruction we introduce you to the OllyDbg Debugger. Through controlled evaluation using the debugger we'll teach you how to identify exactly what the malware specimen does and how it's doing it. After you've mastered the evaluation portion of the class we'll teach you how to patch the specimen to make it inactive or crack the program to allow full access to areas that have been hidden or encrypted by the malware developer. Students who attend this class will graduate with the following intermediate malware analysis skills:

Assembly language debugging fundamentals including:

• Conversion methodology from source code to assembly code
• Intel CPU memory management and structures
• CPU control flows and order of operations

OllyDBG / IDA Pro tool topics:

• Tool Features
• Stepping, Stepping Over and Running code
• Useful Plug-ins and Add-ons
• Breakpoint fundamentals and usage
• Patching and assembling executables
• Decrypting and using tools to unpack protected executables

Prerequisites

• General familiarity with the Windows platform
• Windows platform programming experience
• Proficient in IDA Pro
• Proficient with a debugger such as Immunity or OllyDBG
• Familiarity with the Python programming language

Recommendations

• Familiarity with ASM

Orlando Padilla

Orlando Padilla�s primary areas of expertise include network and application penetration testing, source code review, reverse engineering, and advanced research and development. His work experience includes senior research positions with Symantec's security R&D team as well as security roles with Northrop Grumman, Computer Associates, and Digital Defense.

Experience Highlights

• MTEM 2010 Lecture on Stealth Malware Techniques at MIT
• GFIRST 2008 Co-Talk with Ryan Walters on Advanced Persistent Threats
• Published the following whitepapers (selected):
  • The Impact of Malicious Code on Windows Vista, Symantec Advanced Threat Research, February 2007
  • Wars Within: It�s not just spam anymore, Uninformed Journal Volume 5, September 2006
  • Analyzing Common Binary Parser Mistakes, Uninformed Journal Volume 3, January 2006
  • Athens, Greece, Olympic Games 2004 Lead architecture deployment for their perimeter defenses

Metasploit Mastery

James "egypt" Lee

Tuition: $3,000.00
Dates: April 18th - 19th
Minimum Attendance Threshold: 8
CANCELED

The Metasploit Framework is more than a pile of exploits; it is a collection of tools for gaining access where none is provided and a scaffolding for building new tools to extend an attacker's capabilities. This course dives into the newest features of the Metasploit Framework and demonstrates how easy it is to add your own features to it for when nothing exists to solve the problems you face. Topics will include generating custom backdoors in multiple formats; bypassing anti-virus; using the database for maximum benefit; creating custom modules, plugins, and tools for addressing specific tasks; and automating the post-exploitation process, including an introduction to the Meterpreter API. As most of the class will require some amount of programming, an introduction to ruby and setting up a more comfortable development environment will be covered as well.

At the end of the course, students will understand the architecture and design goals of the Metasploit Framework and be able to extend the Framework to solve new problems.

Prerequisites

• A laptop running the most recent version of the Metasploit Framework.
• Working knowledge of Microsoft Windows and at least one Unix-like operating system (Linux, Solaris, Mac OS X, etc).
• Experience with some scripting language, e.g Ruby, Perl, or Python.
• Familiarity with TCP/IP networking and configuring TCP/IP settings on Unix and Windows platforms.

Recommendations

• A laptop running Metasploit on a recent version of Linux, BSD, or Mac OSX.
• Experience using the Metasploit Framework.
• Experience with exploits and vulnerability assessment tools.
• Experience with the Ruby programming language.
• Experience with low-level TCP/IP tools (nmap, hping, wireshark).

James "egypt" Lee

James Lee is core developer and project manager for the open source Metasploit Framework to which he has been contributing since 2008. Before joining Rapid7 to work on Metasploit full time, he discovered numerous vulnerabilities in SCADA and Industrial Control Systems at Idaho National Laboratory. James has presented at Defcon, Blackhat USA, Blackhat DC, SANS Process Control & SCADA Security Summit and other venues.

Mobile Hands-on Exploitation (Introductory)

Aditya Gupta
Subho Halder

Tuition: $1,400.00
Dates: April 16th - 17th
Minimum Attendance Threshold: 6
Mobile_Hands-on_Exploitation_Course-XYSec.pdf
CANCELED

This course will get you familiar with the basics of Mobile Security (android and iOS). You will also get to understand the underlying security concepts, and the sanboxing model in both the platforms.

Once done, we will move our focus on bypassing the security restrictions, finding vulnerabilities in applications, exploiting the vulnerabilities, analyzing malware, cracking applications, static and dynamic analysis, as well as building your own malware for the platforms.

Also for Android, you will learn on how to do exploitation (app/kernel) using Android Framework for Exploitation, and making your exploitation and bug-hunting process much easier and effective.

This training will include theory, as well as hands-on exercises on custom labs build by us. The students would also be given a custom Linux distribution for the training session.

Prerequisites

• Basic familiarity with Linux Operating Systems
• Basic knowledge of mobile operating systems
• Laptop computer with minimum 2GB RAM and 30 GB free Hard Disk space running one of:
  
  • Windows XP SP2 or SP3
  • Windows 7
  • Linux with kernel 2.4 or 2.6
  • Mac OSX 10.5 or 10.6
• Administrative privileges on the laptop computer
• Virtualization software (VMware, Virtualbox, etc.)
• SSH Client

Recommendations

• Knowledge of programming languages such as Java and C/C++, and Python for scripting
• Android 2.3 or more recent device (preferably rooted)
• Jailbroken iPhone/iPad iOS device

Aditya Gupta

Aditya Gupta is a renowned mobile security expert and information security researcher. Also being the lead developer and co-creator of Android Framework for Exploitation, he has done a lot of in-depth research on the security of mobile devices including Android, iOS and Blackberry. He has also discovered serious security flaws in websites such as Google, Apple, Microsoft, Adobe, Skype and many more. In his work with XYSEC, he is committed to perform VAPT and Mobile Application Security Analysis. He has also been working with government clients and intelligence agencies in India, as well as providing them trainings and services on Malware Analysis, Exploit Development and Advanced Web App Hacking.

Subho Halder

Subho Halder is a Programmer, Security Researcher and Penetration Tester. He loves writing exploits and programming in PHP, Java, Perl and Python. He is well equipped and has a deep understanding of Android and Blackberry frameworks. He is the core developer of the codes in Android Framework for Exploitation. You can find him at Google Hall of Fame, Apple Security Researchers List, Microsoft Security Researchers List and many such places. He has conducted many workshops across the globe and also worked closely with government clients and intelligence agencies in India.

Mobile Hands-on Exploitation (Advanced)

Aditya Gupta
Subho Halder

Tuition: $2,800.00
Dates: April 16th - 19th
Minimum Attendance Threshold: 6
Mobile_Hands-on_Exploitation_Course-XYSec.pdf
CANCELED

This course includes the Mobile Hands-on Exploitation (Introductory) course.

This course will also include a quick intro to the basics of Android and iOS Hands-on exploitation class, which was taught in the basic exploitation class. This course will mainly focus on extensive hands-on exercises, Advanced hands-on ARM Exploitation, analysis of rooting and jailbreaking exploits, advanced reversing and malware analysis.

We would also learn how to crack iOS and Android applications, finding vulnerabilities in apps (SQLi, Leaking content providers, logical flaws, directory traversal, authorization issues etc.), develop own exploits and modules for AFE, Network based attacks on mobile devices, Code Auditing, finding flaws in the source code, OWASP Top10 and many more.

We will also have 3 Mobile based hacking events in between the training session, where the participants would be needed to find vulnerability/exploit the given target.

Prerequisites

• A hacker mindset
• Basic familiarity with Linux Operating Systems
• Basic knowledge of mobile operating systems
• Laptop computer with minimum 2GB RAM and 30 GB free Hard Disk space running one of:
  
  • Windows XP SP2 or SP3
  • Windows 7
  • Linux with kernel 2.4 or 2.6
  • Mac OSX 10.5 or 10.6
• Administrative privileges on the laptop computer
• Virtualization software (VMware, Virtualbox, etc.)
• SSH Client
• Android 2.3 or more recent device (preferably rooted)

Recommendations

• Knowledge of programming languages such as Java and C/C++, and Python for scripting
• Proficiency with IDA Pro
• Android 2.3 or more recent device (preferably rooted)
• Jailbroken iPhone/iPad iOS device

Aditya Gupta

Aditya Gupta is a renowned mobile security expert and information security researcher. Also being the lead developer and co-creator of Android Framework for Exploitation, he has done a lot of in-depth research on the security of mobile devices including Android, iOS and Blackberry. He has also discovered serious security flaws in websites such as Google, Apple, Microsoft, Adobe, Skype and many more. In his work with XYSEC, he is committed to perform VAPT and Mobile Application Security Analysis. He has also been working with government clients and intelligence agencies in India, as well as providing them trainings and services on Malware Analysis, Exploit Development and Advanced Web App Hacking.

Subho Halder

Subho Halder is a Programmer, Security Researcher and Penetration Tester. He loves writing exploits and programming in PHP, Java, Perl and Python. He is well equipped and has a deep understanding of Android and Blackberry frameworks. He is the core developer of the codes in Android Framework for Exploitation. You can find him at Google Hall of Fame, Apple Security Researchers List, Microsoft Security Researchers List and many such places. He has conducted many workshops across the globe and also worked closely with government clients and intelligence agencies in India.