Activities

Villages

Training & Workshops

Friday, September 24th

Intro to Web Application Penetration Testing - Friday (All Day)

Instructors: Alex Lauerman (Founder & Principal Consultant at TrustFoundry), Matt South (Senior Consultant at TrustFoundry)
Dates: Friday, September 24th
Audience: Foundation – just starting out or hobbyists, Intermediate – good IT and security foundation required, Advanced – “deep in the weeds” technical talk
Cost: $150/student

Overview

Learn the tools and techniques for conducting a web application penetration test. Get your hands dirty with HTTP and Burp Suite. This workshop will provide a solid introduction to web application penetration testing. This class is designed for those with little to no web application penetration testing experience, although it will move quickly. This class will include hands on challenges where attendees use skills acquired during the class to exploit web applications. Attendees will walk away with a basic understanding of the tools and processes for conducting a web application penetration test.

Agenda

HTTP Basics, Burp Intro and Setup
Proxy Tab
Target Tab
Repeater Tab
Authentication
Decoder Tab
Comparer Tab
Intruder Tab
Fuzzing directories
Null Byte Injection
Burp Crawler (Spider)
Authorization
Cross-Site Scripting (XSS)
Same Origin and Cross-Site Request Forgery (CSRF)
Injection
SQL Injection
Command Injection
Other Injections
Path Traversal
File Upload Vulnerabilities
Sequencer Tab
Burp Scanner – Active & Passive
Extender Tab
Useful Burp Extensions
Pentesting Methodologies
Platform & TLS Testing
More Burp Configuration
Options
ZAP Overview

Prerequisites

Basic knowledge of HTTP requests and responses, and any web application programming experience will be helpful, but is not required.

Security+ Firehose Training - Friday (All Day)

Instructor: Lauren Proehl (Manager, Threat Hunting Operations and Research (THOR) at CenturyLink), David Evenden (Principal Pentester at StandardUser Cyber Security)
Date(s): Friday, September 24th
Audience: Foundation – just starting out or hobbyists, Intermediate – good IT and security foundation required
Cost: $25/student

This is a full day training to prepare attendees to take the CompTIA Security+ (SY0-501) exam. This course is based on the book “Security+: A Practitioners Study Guide” authored by Lauren Proehl and David Evenden.

The course will be broken up into the primary sections of the book:

  1. Threats and Attacks
  2. Vulnerabilities
  3. Technologies: Security Support
  4. Technologies: Security Posture Assessment
  5. Technologies: Configuration
  6. Architecture and Design
  7. Architecture, Design and Identity Management
  8. Identity and Access Management
  9. Risk Management
  10. Cryptography and PKI

By the end of this training, attendees will have a strong foundation to go take the Security+ exam. Attendees are strongly encouraged to conduct a few review sections before attempting the exam to reinforce ideas and teachings from the training.

Each attendee will receive a copy of “Security+: A Practitioners Study Guide” with attendance.

A Crash Course In Assembly For Malware Reverse Engineers - Friday (All Day)

Instructor: Adam Gilbert (Founder and CEO at AGDC Services)
Date(s): Friday, September 24th
Audience: Foundation – just starting out or hobbyists
Cost: $200/student

If you want a preview of the instructor’s teaching style, view his malware analysis videos on YouTube, https://youtube.com/AGDCservices.
You can also reach out on Twitter at  @AGDCservices for additional questions.

Do you analyze malware in a sandbox but get lost when there are limited results and you need to read the assembly to know why? If you want to dig into the malicious assembly code but don’t know how to start, this class is for you.

This lab based workshop will introduce everything you need to get started statically analyzing malware down at the code level. We will review all the fundamentals; tools, assembly instructions, memory layout, calling conventions, essential API’s, common programming patterns, and more. On top of the fundamentals, you will learn strategies to put everything together and actually analyze malicious assembly code to discover Indicators of Compromise (IOC’s) not visible in a sandbox. Our goal is for you to start viewing assembly code as source code, no different than reading C or Java.

The focus isn’t on assembly in general, it is on the skills related to malicious assembly code. All of our examples are algorithms found in malware. You should come away with tangible skills that can be applied directly to reverse engineering malware, not academic skills you need to translate to malware analysis on your own. You won’t be a malware expert after just one course, but you will come away with everything you need to practice and progress from a triage analyst all the way up to a true malware reverse engineer.

Student Requirements:

  • Students should have an entry level understanding of programming in any language. A general idea of malware analysis goals will be helpful, but is not necessary.
  • Students must bring a 64 bit laptop with:
    1. VirtualBox or VMWare Workstation installed (VMWare Workstation Player is acceptable)
    2. 25GB of free disk space to install a provided analysis VM
    3. 8GB of RAM
    4. 1 USB slot
    5. Internet Connectivity
PowerShell Crash Course - Friday (All Day)

Instructor: Jay Honeycutt (Cyber Operations Technician at Maryland National Guard Cyber Protection Team)
Date(s): Friday, September 24th
Audience: Foundation – just starting out or hobbyists
Cost: $100/student

This course will give you the basics of PowerShell. You will learn the PowerShell syntax. Learn things like how to repeat tasks, iterate through a list of objects, and the various things you can do with PowerShell objects. You will also learn how to discover new cmdlets, modules, and functions. You will gain experience by practicing what the instructor is teaching and demos production scripts and tools. The target audience for this course are individuals who are new to scripting and individuals who are new to PowerShell.

Automating Detection and Analysis of Fileless Malware using Ansible, Zeek, RITA and Volatility Framework - Friday (All Day)

Instructor: Evan Wagner (Sr. Incident Response Specialist at Walmart), Christopher Williams
Date(s): Friday, September 24th
Audience: Intermediate – good IT and security foundation required
Cost: $100/student

Requirements:
Laptop with 100+GB of free space. We will be working with memory and VM images.
Virtualization hypervisor – to run Linux OS image that will be provided.

You will be provided with:
Slides from the training
Example PCAPs, Memory and VM images will be provided
Scripts and tools to acquire and convert memory images
Automation code, configuration files and Ansible playbooks used in the training.

Summary:
Demonstrate detecting command and control beacons (DNS and HTTPS) using RITA and Zeek. Then using SOAR (security orchestration and automated response) we capture and analyze a memory snapshot of the infected endpoint running file-less malware for analysis in Volatility.

In this training we will go over the following:

• SecOps automation with Ansible.
• Working with Zeek
• Working with Rita
• Detecting and assigning OS Build Profiles
• Making your own Volatility profiles for your systems if they don’t exist
• Setting appropriate methods of memory acquisition
• Discussion on retention threshold and storage requirements.
• Running Volatility modules against the memory images and exporting data
• Post processing on the module output data to generate the raw files and memory pages for hashing integrity and analysis
• Identifying the suspected process artifacts to understand, block, and hunt
• General Volatility procedures:
◦ Running Processes and their command line arguments
◦ File handles that were opened
◦ Network Connections
◦ DLLs
◦ API Hooks
◦ Callbacks
◦ Mutexes
◦ Registry key edits
◦ In-Memory MFT
◦ Device Drivers
◦ Kernel Modules
◦ and more
• Producing timelines from memory to search through and explore temporal spaces of interest
• Detecting Persistence
• Working with Yara rules and creating your own to quickly identify discovered behavior in the future

Why ransomware is winning... How to profile companies like the bad guys - Friday (Morning)

Instructor: Michael James (Principal OSINT Specialist at QOMPLX)
Date(s): Friday, September 24th
Audience: Foundation – just starting out or hobbyists, Intermediate – good IT and security foundation required
Cost: $70/student

Malicious actors use OSINT to mark organizations as targets. You should know what they are looking for so you can defend them.

We will learn how Information Security Professionals leverage information and assist in research about a corporation’s background. Our goal is to understand who runs the company, what is the culture of a company, and who works for that company. This involves researching a number of different facets of an organization. We can apply this information to determine specific questions or goals.

Investigating corporate assets can assist:
+people moving careers
+investing in companies
+allow actionable decisions to be taken with more certainty. (Vendor approval, acquisitions, insider threats, protection of critical systems for day-to-day operations.)

During this training, we will build the steps needed to observe information and analyze it into actionable intelligence.

Let's visit the deepweb - Friday (Afternoon)

Instructor: Michael James (Principal OSINT Specialist at QOMPLX)
Date(s): Friday, September 24th
Audience: Foundation – just starting out or hobbyists, Intermediate – good IT and security foundation required
Cost: $70/student

The famed deep web is often a topic that comes up when discussing security, data breaches, and darknet markets. We often see ransomware groups using the deep web to communicate and post stolen information. But where do you start?

Our goal will be to demystify these dark alleys. This training will cover operational security steps you need to take before entering onion sites and will increase your ability to search the TOR network with confidence. We will clarify what the deep web is and look at the future of this space.

We will discover where to find onion sites, what opsec fails to look out for, capturing relevant details (email, username, technical findings, currency exchanges), and other information that can assist us in protecting our environment.

This course will provide techniques that allow us to gain more information on these sites. We will apply Open source intelligence practices to reveal a deeper understanding of the deep web. If you are interested in data breaches, where to find them, and what other information you can discover on the TOR network, you should attend this session.

Accelerated Introduction to OSINT - Friday (Morning)

Instructor: Joe Gray
Date(s): Friday, September 24th
Audience: Foundation – just starting out or hobbyists, Intermediate – good IT and security foundation required
Cost: $100/student (Discount codes available. Use your OSINT skillz to find a deal!)

This 4-hour course, taught by a member of the winning team at the DEFCON 28 OSINT Search Party, will begin with a series of foundational discussions about Open Source Intelligence and adjacent forms of intelligence. From this launching point, the course will dive into commonly used techniques and the use of social media to perform some basic tenets of OSINT investigations. Command-line tools may be discussed or demonstrated, but students will be able to follow along fully using nothing more than a web browser.

In brief, this course covers the following via lectures, labs, and demonstrations:

  • Open Source Intelligence (OSINT) Definitions
  • What is (and is NOT) OSINT
  • OSINT vs OSINF
  • Adjacent forms of Intelligence
  • Enablement of other Disciplines outside Intelligence
  • OSINT Heartbeat
  • Introduction to OSINT Tradecraft

Prerequisites

General familiarity with web browsers, an inquisitive mind are the main prerequisites. Some familiarity with Linux will enhance student experiences.

Alternative & Advanced Search Engine OSINT - Friday (Afternoon)

Instructor: Joe Gray
Date(s): Friday, September 24th
Audience: Intermediate – good IT and security foundation required
Cost: $100/student (Discount codes available. Use your OSINT skillz to find a deal!)

During the course of 4 hours, students will learn about a variety of search engines and techniques. This course will work on advanced search operators initially then pivot into regional and specialized search engines, providing students with a whole new area of the internet to use for OSINT collection and analysis.

In brief, this course covers the following via lectures, labs, and demonstrations:

  • Google Dorking/Advanced Operators
  • Other Search Engines
  • Regional
  • Specialized Focus
  • Techniques for more effective searching abroad
  • Considerations and use of each

Prerequisites

This is a moderately advanced course. It is recommended that students have some exposure or experience with both OSINT and Search Engines.

Capture the Flag
by Depth Security

BsidesKC will be holding the third annual MUD CTF competition again this year! The CTF challenge layout will be presented in the form of a nostalgic MUD (Multi-User Dungeon) platform created specifically for the event. Contestants will move throughout the world, finding challenges to complete, flags to submit, and secrets to uncover. Players will be able to form groups and work together, or work on their own. The scoreboard will be in the form of an in-game leaderboard.

Challenge Categories

The CTF will have various categories of challenges. You’ll have a mix of the following: Web, Forensics, Reverse Engineering, Crypto, Programming and Miscellaneous.

Challenge difficulty

We want everyone playing to be able to progress throughout the world and see all it has to offer. Even if you aren’t an expert in the above topics, you will be able to solve most of the challenges with some research.

Prizes

Cash prizes will be awarded to the top three teams.

Requirements

Just a laptop! To connect to our CTF MUD world, you can connect in via a web based client or telnet to our server and start your journey.

Secure Code Warrior Tournament 
by Secure Code Warrior

Are. You. Ready? Head to the AppSec battlefield and prove that you are the ultimate secure coding champion. Go head-to-head with your peers as you test your web application security knowledge of the OWASP Top 10. Strut your skills. Crush the competition. Score excellent prizes and take home the title of Secure Code Warrior! 
The same application security vulnerabilities that plagued developers 10 years ago still exist as problems today. Coders know how to code, but can they code securely? True security champions are hard to find, but they can be hiding in your midst. Maybe it’s you?? Time to prove your skills.
Players will be presented with a series of vulnerable code challenges that will ask them to identify the problem, locate the insecure code, and fix the vulnerability. Select from a range of software languages to complete the tournament, including Java EE, Java Spring, C# MVC, C# WebForms, Ruby on Rails, Python Django, Scala Play & Node.JS. It’s gamified, it’s relevant, but most of all – it’s fun.
Watch as you earn points and climb to the top of the real-time leaderboard during the event. Prizes will be awarded to the top 3 point scorers, with one security superhero being crowned the ultimate Secure Code Warrior. Will it be you?
Note: You must register for BSidesKC to participate. Also, make sure you bring your laptop!