Conference Tickets
TICKET SALE STARTS ON JUne 1st at 5 PM CET
PLAN - PRICE
Description
The 15th of July at 5 PM CEST sharp, a (probably last) batch of business tickets will be made available.
Conference tickets sold out ? If there are no more conference tickets available, you can always consider purchasing a training ticket which will always allow you to purchase a conference ticket as well. Check out the training page for more info.
Training Tickets
Conference training is taking place between 16-18 September. Check out the training page for more information
- Corelan Heap Masterclass
- Azure Cloud Attacks for Red and Blue Teams
- Hacking Enterprises - 2024 Red Edition
- Operational Purple Teaming for Defenders
- A Complete Practical Approach to Malware Analysis & Threat Hunting Using Memory Forensics
- Physical Security Testing
- A quick, efficient, yet not entirely sane, primer on Cyber Deception
- DevSecOps Masterclass: AppSec Automation Edition
- CTI + DE&TH: Intelligence Driven Detection Engineering and Threat Hunting
Description: The Corelan “HEAP” exploit development MASTERCLASS is a fast-paced, mind-bending, hands-on course where you will learn advanced heap manipulation and exploit development techniques from an experienced exploit developer. During this 4 or 5-day class (sometimes just 3 “long” days at a conference), students will get the opportunity to learn how to write heap exploits for the Windows platform, using Windows 7, Windows 10 and Windows 11 as the example platform, but mostly focusing on learning & applying generic techniques that can be applied to other operating systems and heap implementations. We will discuss differences between Windows 7 and Windows 10/Windows 11 and explore previously undocumented techniques to achieve important exploitation primitives in Windows 10 & Windows 11. The trainer will share his “notes from the field” and various tips & tricks to become more effective at writing exploits.
This is most certainly not an entry level course. In fact, this is a one of the finest and most advanced courses you will find on heap exploit development for Windows, and probably the only one that dives deep into the Windows heap manager on Windows 7 and Windows 10/11 and demystifies how the heap really works.
REMARK : This training starts at 9:00 and will end around 22:00 PM. That means +10 hours each day (Dinner will be foreseen)
Instructor: Peter Van Eeckhoutte
Duration: 3-day
Description: More than 95 percent of Fortune 500 use Azure today! A huge number of organizations now use Azure AD as an Identity and Access Management platform using the hybrid cloud model. This makes it imperative to understand the risks associated with Azure as not only the Windows infrastructure and apps use it but also identities of users across an enterprise are authenticated using it.
In addition to cloud-only identity, the ability to connect on-prem Active Directory, applications and infrastructure to Azure brings some very interesting opportunities and risks too. Often complex to understand, this setup of components, infrastructure and identity is a security challenge. This hands-on training aims towards abusing Azure and a number of services offered by it. We will cover multiple complex attack lifecycles against a lab containing multiple live Azure tenants.
All the phases of Azure red teaming and pentesting – Recon, Initial access, Enumeration, Privilege Escalation, Lateral Movement, Persistence and Data mining are covered. We will also discuss detecting and monitoring for the techniques we use. The course is a mixture of fun, demos, exercises, hands-on and lecture. The training focuses more on methodology and techniques than tools.
If you are a security professional trying to improve your skills in Azure cloud security, Azure Pentesting or Red teaming the Azure cloud this is the right class for you!
Instructor: Nikhil Mittal
Duration: 3-day
Description: Updated for 2024, our Hacking Enterprises training is the natural counterpart to our popular Defending Enterprises course.
In this multi-layered offensive engagement, you will fully compromise a simulated enterprise in this immersive hands-on course that covers a multitude of TTP’s. Targeting modern operating systems including Windows 11, you’ll use modern techniques and focus on exploiting configuration weaknesses rather than throwing traditional exploits. Logical thinking and creativity will definitely be put to the test!
You will work to get initial access in a fictional organisation where multiple networks exist, some easily accessible, others not so. You’ll implant and establish C2, but manual techniques will always be emphasised so you’re equipped with the knowledge to work without reliance on frameworks.
Course content has been designed to reflect real-world challenges and you’ll perform numerous hands-on exercises including executing exploitative phishing campaigns against our simulated users for initial access, finding new networks that in turn bring new challenges including IPv6 exploitation, subverting AMSI and AWL, credential harvesting, passphrase cracking, pivoting, lateral movement, ADCS abuse, userland and privileged persistence via OOB channels and much more!
Instructor: William Hunt and Owen Shearing
Duration: 3-day
Description: This hands-on training connects red and blue in a series of live attack-defense exercises and demos. The group of participants will work as one team against a simulated threat actor, APT 0x00, with full disclosure of the attacker’s progress and technical insights on the executed techniques. The adversary’s capability and stealth will steadily improve over the course of the training.
Participants are dropped in a simulated corporate network environment, which they must defend from a threat actor over the course of the training. The attacker is simulated by a red team specialist, who will share valuable insights about commonly used threat actor techniques used in the attack. Together with a blue team instructor, you will learn how to hunt for these techniques, build detections that can help defend your organization and eradicate the attacker.
Instructor: Dennis Van Elst and Thomas Eugène
Duration: 3-day
Description: This hands-on training teaches the concepts, tools, and techniques to analyze, investigate and hunt malwares by combining two powerful techniques malware analysis and memory forensics.This course will introduce attendees to basics of malware analysis, reverse engineering, Windows internals and memory forensics, it then gradually progresses deep into more advanced concepts of malware analysis & memory forensics. Attendees will learn to perform static, dynamic, code and memory analysis.
This course consists of scenario-based hands-on labs after each module which involves analyzing real-world malware samples and infected memory images (crimeware, APT malware, fileless malwares, Rootkits etc). This hands-on training is designed to help attendees gain a better understanding of the subject in short span. Throughout the course, the attendees will learn the latest techniques used by the adversaries to compromise and persist on the system.
The training also demonstrates how to integrate the malware analysis and forensics techniques into a custom sandbox to automate the analysis of malicious code. After taking this course attendees will be better equipped with skills to analyze, investigate and respond to malware-related incidents.
Instructors: Monnappa K A and Sajan Shetty
Duration: 3-day
Description: Learn how attackers are covertly gaining physical entry into your environment to steal data, access systems, deploy network implants and listening/video devices. We will teach you the TTPs the attackers are using to incorporate into your Red Team engagements or perform audits on your own. Over 3 days of immersive and hands-on training we will teach you the skills you need to be able to perform physical security engagements as part of a blue team or red team in a legal, safe, and professional manner.
Curriculum:
- Roles of locks in society
- Ethics & Laws of Physical Security
- Physical Recon (remote and up close)
- Door Assessment
- Locking Picking
- Lock bypassing
- Decoding keys & Locks
- Field Key generation
- Door bypassing
- Window bypassing
- Essential Alarm Bypassing
- Master Keying and Keyed Alike systems
- Access Control Systems
- ID Badge cloning attacks
- PACS Reader attacks
- Weaponizing Readers
- Social Engineering
Each student will leave with a comprehensive tool kit containing everything they need to get started in this up-and-coming area of Red Teaming, Penetration Testing and Consultancy.
Instructors: Chris Cowling and Jiři Vanek
Duration: 3-day
Description: Active Defenses have been capturing a large amount of attention in the media lately. There are those who thirst for vengeance and want to directly attack the attackers. There are those who believe that any sort of active response directed at an attacker is wrong. We believe the answer is somewhere in between.
In this class, you will learn how to force an attacker to take more moves to attack your network. These moves may increase your ability to detect them. You will learn how to gain better attribution as to who is attacking you and why. You will also find out how to get access to a bad guy’s system. And most importantly, you will find out how to do the above legally.
The current threat landscape is shifting. Traditional defenses are failing us. We need to develop new strategies to defend ourselves. Even more importantly, we need to better understand who is attacking us and why. Some of the things we talk about you may implement immediately, others may take you a while to implement. Either way, consider what we discuss as a collection of tools at your disposal when you need them to annoy attackers, attribute who is attacking you, and finally, attack the attackers.
This class is based on the DARPA funded Active Defense Harbinger Distribution live Linux environment. This VM is built from the ground up for defenders to quickly implement Active Defenses in their environments. This class is also very heavy with hands-on labs. We will not just talk about Active Defenses. We will be doing hands-on labs and through them in a way that can be quickly and easily implemented in your environment.
This course is different from other courses…
- The concepts, the approach, the labs
- Most of the labs are not in the slides (because we like you :-))
- This makes them more accessible after class, when you need them most
- All labs using the VM are inside the VM, within github
- This means you do not have to dig through hundreds of pages to figure out how something works later
- There are also prerecorded video walkthroughs of each lab on the USB and embedded in Discord!
Instructors: John Strand
Duration: 2-day (Starting Tuesday 17th of September)
Description: DevOps has changed the way we deliver apps. However, security remains a serious bottleneck, especially Application Security. This is largely due to the speed of innovation in DevOps, contrasted with the escalating attacks against Applications.
This training takes a comprehensive, focused and practical approach at implementing DevSecOps Practices with a focus on Application Security Automation. The training is based on our 4.9/5 Rated DevSecOps Masterclass at Blackhat.
The training is a hardcore hands-on journey into:
- Hands-on SAST for Apps and Infrastructure-as-Code, with a focus on Semgrep and CodeQL. Develop Custom SAST rules like a bawse!
- Supply-Chain Security Automation: SBOMs, Source Composition Analysis and Security Engineering techniques
- Assurance and Provenance for artifacts. Mastery over Cosign and SLSA for Supply-Chain Provenance
- DAST Automation and Security Regressions with ZAP and Nuclei.
- Policy-As-Code: Leverage Open Policy Agent (OPA) with use-cases from API Access Control to OS Policy Controls.
Participants get a 2 month access to our online lab environment for DevSecOps training
Instructors: Vishnu Prasad and Abhay Bhargav
Duration: 2-day (Starting Tuesday 17th of September)
Description: The Paralus Technical Cyber Threat Intelligence (CTI) plus Detection Engineering and Threat Hunting (DE&TH) training is designed to be an intensive and technical introduction to these security concepts. By working through topics in a rapid, focused nature, students will quickly gain familiarity with core principles behind CTI work and how this applies to and informs subsequent DE&TH operations.
This course is designed to be highly interactive and conversational, with opportunities to test out and explore concepts within the material to ensure the greatest possible immersion into critical CTI and DE&TH ideas. Building on a foundation of core CTI concepts, attendees will then work towards immediate applications of CTI research across DE&TH deliverables, including proper development mechanisms within detection engineering and hypothesis development and testing for threat hunting.
Instructors: Joe Slowik
Duration: 2-day (Starting Tuesday 17th of September)