Trainings

Here's the list of trainings for the 2019 edition! As usual, we tried to bring you various types of trainings while maintaining an affordable price for both professionals and students.

Once you've registered for a training, we will send you a code to get the two days conference for only 100.-. This is a manual process so you should receive the code in ~1 business day.

Billetterie Weezevent

Crypto Attacks & Defenses

2 days training, by JP Aumasson and Philipp Jovanovic

Price: 1500.- CHF / Special student price: 800.- CHF

DESCRIPTION

This training will familiarize developers and security professionals of any level with modern cryptography concepts and best practices, such as randomness generation, symmetric and asymmetric encryption, hash functions, and protocols. After covering the basics, we introduce the latest applications and innovations in cryptography, such as TLS 1.3, quantum and post-quantum cryptography, or blockchain applications.

The class is

  • Practice-oriented: Lectures present real-world failures and by analyze how they could have been avoided, and exercise sessions consist of a mix of made-up problems and examples of real vulnerabilities found in widely deployed systems.
  • Offense-oriented: Participants put into practice the notions and tools encountered during the lectures by being challenged to find, exploit, and fix vulnerabilities in cryptographic software.
  • Interactive: We encourage participants to ask questions about the topics presented or even other topics, which usually leads to interesting discussions.

This class was previously taught at events including Troopers, Black Hat Europe, Hardware Security Training and in private sessions for organizations including Google.

ABOUT THE TRAINERS

Both trainers hold PhDs in cryptography and have in combination more than 15 years of experience in designing cryptosystems and in finding vulnerabilities in real-world applications, including critical industrial systems. The trainers are also experienced speakers due to regular presentations of their latest research at IT security and cryptography conferences all around the world.

COURSE OUTLINE

Day 1, morning: lectures (~4h)

  • Secure randomness generation
    • What is randomness?
    • The notion of entropy
    • Random number generators and the differences between TRNGs, PRNGs, and DRBGs
    • Implementations of random number generators in Linux, MacOS, and Windows
    • Testing PRNGs
  • Cryptography basics
    • Symmetric cryptography: DRBGs, hash functions, PRFs, MACs, block/stream ciphers, block cipher modes, authenticated encryption)
    • Asymmetric cryptography: key agreement protocols, signing schemes, public key encryption systems
    • Security notions, attack models, protocols
  • Elliptic-curve cryptography
    • Different curve shapes (Weierstrass, Montgomery, Edwards, twisted Edwards forms)
    • Mathematical operations on elliptic curves (addition, scalar multiplication, point counting)
    • The Curve25519 curve
    • The elliptic curve discrete logarithm problem
    • ECC-based key agreement, encryption, signing
    • Security / performance comparisons between RSA, classic DL, and ECC-based approaches
    • How to use ECC correctly
  • Quantum and post-quantum cryptography
    • Principles of quantum computing
    • Requirements for building a scalable quantum computer
    • Impact on public-key and private-key cryptography
    • Post-quantum crypto: types of constructions, example of hash-based signatures

Day 1, afternoon: exercises (~4h)

  • Entropy evaluation
  • Analysing the security properties of the Lorawan IoT protocol
  • Breaking a weak PRNG, hash function, and RSA-based system
  • Implementing basic ECC-based schemes (DH, DSA, ElGamal)

Day 2, morning: lectures (~4h)

  • Side-channel attacks
    • What are side-channels?
    • Timing and cache-timing attacks
    • Oracle attacks (Bleichenbacher and Manger attacks on RSA, CBC padding oracle)
    • Bug attacks and optimization attacks
  • Cryptography libraries
    • Most common libraries (OpenSSL, NaCl, sodium, etc.)
    • Comparison of strengths and limitations in terms of security, speed, or license
    • Key lengths
  • Transport layer security (TLS)
    • History overview
    • Comparison between TLS 1.2 and TLS 1.3
    • Overview on TLS attacks
    • How to check / secure TLS servers
  • Secure messaging
    • Differences between synchronous and asynchronous messaging
    • Security goals
    • The Signal protocol, its strengths limitations
    • Non-cryptographic risks
  • Bitcoin and blockchain technologies
    • How does Bitcoin work?
    • What are blockchains?
    • Double spending attacks
    • Proof-of-work schemes
    • Nakamoto consensus

Day 2, afternoon: exercises (~4h)

  • Analysing the output of randomness generators
  • CBC oracles
  • Breaking the authenticated encryption cipher in the open smart grid protocol
  • Analysing a bug in the DH code of libsodium
  • Decrypting ciphertexts by exploiting a flawed PRNG

CLASS REQUIREMENTS

Participants should have some familiarity with common programming languages such as C and Python. This course is suitable for people who are new to cryptography and IT security. All the theory and concepts related to cryptography and cryptanalysis are explained during the course.
A notebook capable running a VMWare or Virtualbox hypervisor, in order to run the virtual machine image containing the exercises.

Hands-on SAP Hacking and Defense

2 days training, by Jordan Santarsieri

Price: 1500.- CHF

DESCRIPTION

SAP is a core part of the business-critical infrastructure of 95% of the biggest companies in the world, these companies rely on SAP to perform their most sensitive daily operations such as processing employees payroll and benefits, managing logistics, managing suppliers / customers, material management, releasing payments to providers, credit cards processing, business intelligence, etc.
This training provides the latest information on SAP specific attacks and remediation / protection activities. It starts with an introduction to SAP (No previous SAP knowledge is required), and it will teach you through several hands-on exercises and demos, to how to perform your own vulnerability assessments, audits and penetration tests on your SAP platform, you will be very well equipped to understand the critical risks your SAP platform may be facing, how to assess them and more importantly, you will know which are the best-practices to effectively mitigate them, pro-actively protecting your business-critical platform.

ABOUT THE TRAINER
Mr Santarsieri is a founder partner at Vicxer where he utilizes his 12+ years of experience in the security industry, to bring top notch research into the ERP (SAP / Oracle) world.

He is engaged in a daily effort to identify, analyze, exploit and mitigate vulnerabilities affecting ERP systems and business-critical applications, helping Vicxer's customers (Global Fortune-500 companies and defense contractors) to stay one step ahead of cyber-threats.

Jordan has also discovered critical vulnerabilities in Oracle and SAP software, and is a frequent speaker at international security conferences such as Black-Hat, Insomnihack, YSTS, Auscert, Sec-T, HITB, Rootcon, NanoSec Hacker Halted, OWASP US, 8dot8 and Ekoparty.

COURSE OUTLINE

Day 1

  • Introduction to SAP
  • What SAP security used to be in the past
  • What SAP security is nowadays
  • Introduction to SAP security tools (the open-source way)
  • Securing the SAP Infrastructure
  • SAP Router
  • SAP Web-dispatcher
  • The role of a firewall
  • How to attack and secure: SAP & Windows
  • How to attack and secure: SAP & Unix
  • How to attack and secure: SAP & Oracle
  • How to attack and secure: SAP & HANA
  • Authentication mechanisms
  • User Security
  • Password Policy
  • Authorizations
  • SAP Gateway & RFC
  • SAP Message Server
  • SAP Management Console

Day 2

  • SAP Solution Manager
  • SAP System Landscape Directory
  • ABAP Security
  • SAP Back-doors
  • SAP Updates
  • Encryption
  • SAP ICM
  • SAP J2EE
  • Understanding the J2EE Framework
  • Different SAP Web J2EE Applications
  • J2EE Authentication Mechanisms
  • SAP JCO
  • SAP Security Audit Trail
  • How to react in case of an SAP Intrusion
  • SAP Lab – Packet wars! (Apply what you learned! Attack and defend the SAP systems!)

CLASS REQUIREMENTS

The only thing that the students need to bring is their own laptops. All the labs, SAP VMs, SAP clients and tools will be provided by us. Students must have enough privileges to install new software (vmware) and change their own IP Address, nothing more!

Securing Modern Cloud (AWS)

2 days training, by Vinod Tiwari

Price: 1500.- CHF

DESCRIPTION

The course objective is to teach the attendees security best practices to be followed inside AWS while designing software architecture and to provide practical knowledge of AWS security services. Also, understanding Incident Response process and learn how to Implement Vulnerability Assessment & Patch Management activities with tools like Inspect and EC2 Systems Manager. Learn stateful (security groups) and stateless (NACLs) packet inspections. Implementing AWS WAF, Bastion Hosts, Guard Duty and others. Implement Centralized Control with AWS Organizations, Federations, Delegations. Understanding data-protection mechanisms with various techniques including KMS Envelope encryptions, ACM, and others.

ABOUT THE TRAINER

Vinod is an OSCP, AWS Certified Solutions Architect and AWS Certified Developer with over 6 years of experience in information security. He is a passionate security researcher with experience in handling security assessment and penetration testing projects for various Private, Financial and Governmental clients. He has good experience in security strategic planning to improve overall security posture of an enterprise. His area of expertise is Application Security, Network Security, Mobile Security etc. He is actively involved in bug bounties and have been acknowledged by companies such as, but not limited to Google, Facebook, AT&T, Adobe, Uber, Yahoo, Dropbox, LinkedIn, eBay, Barracuda etc. He is a strong believer of responsible disclosure policies and working hard to make internet a safer place.

COURSE OUTLINE

1. AWS Security & Compliance
Description: Understand the policies & procedures around penetration testing and incident response in AWS. What’s your responsibility and what does AWS takes care for you.

  • Shared Responsibility Model
  • Security of AWS & Security in AWS

2. Identity Access Management
Description: Understand how you can avoid a chaos of access management by regular use of AWS IAM. Learn intricacies of IAM policies & conditions, and how a simple error in policy can mess up the access.

  • IAM in whole
  • Security Policies and how to write one
  • STS and its uses
  • S3 bucket policies
  • Policy precedence in case of conflict
  • Demo

3. Data Protection
Description: Learn server-side encryption and encryption at rest in AWS. Understand the multi-tenancy of KMS and best use cases. Learn hardware security module and compliancerequirements.

  • KMS and its uses with object storage & block storage
  • ACM
  • Cloud HSM

4. Architecture best practices
Description: Learn the best practices to be followed while architecting network infrastructure in AWS. Do’s and don’ts in VPC. Network packet flow inside VPC, packet capture and network forensics.

  • VPCs, subnets, security groups, NACLs & route tables
  • Instance tenancy
  • Encryption & use cases
  • AWS WAF & Shield
  • Secrets manager
  • Demo

5. Logging & Monitoring
Description: Take a look into how to read cloudtrail, cloudwatch and vpc flow logs and how these logs can help in IR. Managing assets and adhering to AWS recommended practices.

  • Cloudtrail, demo
  • VPC flow logs, demo
  • Cloudwatch, demo
  • AWS config, trusted advisor & demo

6. Automation
Description: Learn how Lambda can be integrated with few native AWS services to keep your infrastructure complied with security best practices. Also, how to design & implement fault tolerant architecture with use of Autoscaling.

  • Autoscaling, demo
  • AWS Lambda, demo

7. Penetration testing & incident response
Description: How to proceed with Penetration testing in AWS. Using AWS security assessment service to run security scans and automating the patch management.

  • Penetration testing practices in AWS
  • AWS Inspector
  • Incident response use case
  • Working with cloudtrail and vpc flow logs
  • Perfect forward secrecy
  • Systems manager

CLASS REQUIREMENTS

Students should bring their laptops and have an AWS account setup in order to reproduce the demos and the theory given throughout the course.

Modern Linux Exploitation

2 days training, by Adrien Stoffel

Price: 1500.- CHF / Special student price: 800.- CHF

DESCRIPTION

During this training students will learn how to exploit vulnerabilities and bypass current security mitigations on Linux systems, against both local and remote targets. The training will start with a refresher on modern stack buffer overflows and then present other vulnerabilities classes, with a emphasis on heap exploitation and packed with many practice labs.

This training is for security professionals and/or CTF enthusiasts who want to improve their pwning skills.

ABOUT THE TRAINER

Adrien Stoffel (@__awe) is a senior security engineer at SCRT SA, working on penetration testing and security research. He's been involved in the CTF community for more than 5 years and he currently leads the 0daysober team. His current focus area is Linux heap exploits but he also love to tackle some Windows challenges. He has also created the W3Challs hacking platform, hosting challenges in categories including web, crypto, and userland/kernel wargames.

COURSE OUTLINE

Topics for the first part of the course include:

  • review of the current state of Linux userland security
  • ROP and JOP techniques on Intel x86 and x86_64 architectures
  • SSP bypasses
  • other vulnerability classes
  • miscellaneous tips and tricks relevant to both real life exploits and CTFs
  • improving exploit reliability
  • C++ exploitation (vftables, corruption of std objects...)

Then we will dive into heap-based exploitation and detail the inner workings of the glibc heap allocator so that you can finally understand the magic behind ptmalloc and how it can be abused to achieve remote code execution. Once you have made sense out of the allocator, we'll move onto exploitation, with step-by-step practice labs:

  • manipulate allocations to put the heap in a deterministic state
  • concepts behind heap overflow and Use After Free vulnerabilities
  • discover the memory layout using some heap-fu to defeat Full-ASLR
  • abuse heap data to get code execution or arbitrary read/write primitives
  • achieve the same results with metadata-only techniques
  • find the best suitable target to get code execution

CLASS REQUIREMENTS

This training requires some basic to intermediate knowledge in binary exploitation. You are expected to:

  • be at ease with UNIX environments and know any scripting language (such as python or ruby)
  • have a good understanding of the C language and be able to understand basic Intel assembly
  • be familiar with basic exploitation techniques like stack buffer overflows
  • know gdb basics

Students must bring a 64-bit laptop with VMware or VirtualBox installed.

Windows Attacks & Defenses

2 days training, by Julien Oberson & Deniz Mutlu

Price: 1500.- CHF / Special student price: 800.- CHF

This training will be given in FRENCH

DESCRIPTION

This training will familiarize system administrators and security professionals of any level with modern Windows attacks and best security practices, such as Windows security components and protocols, network scanning, Metasploit, lateral movements, credentials theft and vulnerability exploitation. After covering a large attack overview, the course introduces the latest Microsoft security features, such as Windows monitoring and log analysis, credentials protection, advanced authentication system, privileged access management, and much more. After that the course members will understand how to protect their infrastructure against modern attacks. Gets your hands dirty: This class is practice-oriented, lectures present real-world attacks and defenses methods that participants put into practice.

ABOUT THE TRAINER

The course gives an idea of how pentesters and hackers think, and the best way to defend against them. To do so, this training is given by a duo of Red Team / Blue Team engineers. Both trainers have in combination more than 13 years of experience in offensive and defensive security.

COURSE OUTLINE

Day 1

  • Windows Security Models (Authentication, Kerberos, NTLM, Active Directory)
  • Windows Network Discovery (Network Scan, Active Directory Discovery, PingCastle)
  • Metasploit in a nutshell (Modules, Exploit, Meterpreter)
  • Lateral Movements (Pass-the-hash, Pass-the-ticket, Kerberoast, GPP, Bloodhound)
  • Physical Attacks (Coldboot attack, DMA, Bitlocker, Secureboot)
  • Vulnerability Exploitation & Protections (ASLR, MS17-010)

Day 2

  • Advanced Authentication Systems (vSmartCard, Windows Hello, MFA)
  • Credential Protections (LSA Protection, VSM, Credential Guard)
  • Privileged Access Management (Logon Types, Restricted Admin, Powershell Remoting, MSA/GMSA)
  • Windows Monitoring & Log Analysis (Windows event forwarding)
  • Active Directory Persistence (DCSync, Golden Ticket, Skeleton Key)
  • Anti-virus evasion (MSFVenom, Windows Defender, AppLocker, Device Guard, Software restriction policy, Attack Surface Reduction)

CLASS REQUIREMENTS

Participants should have some familiarity with Windows Domains. A notebook capable of running an SSH client in order to connect to the infrastructure containing the exercises. The training will be given in French.