Trainings

/* * Custom CSS For Timetable */ #sched-schedule-3-561802631 .sched-column-header { background: #e8e8e8; color: #3f3f3f; } #sched-schedule-3-561802631 .sched-column-header:after { background: #ffffff; } #sched-schedule-3-561802631 .sched-columns .sched-column:last-child .sched-column-header:after { background: #e8e8e8; } #sched-schedule-3-561802631 .sched-column-bg-block { background: #ffffff; border-color: #e8e8e8; } #sched-schedule-3-561802631 .sched-column-bg-block:after { background: #f5f5f5; } #sched-schedule-3-561802631 .sched-row-no-title .sched-column .sched-column-bg { box-shadow: 0 -1px 0 #e8e8e8; } #sched-schedule-3-561802631 .sched-title { color: #3f3f3f; } #sched-schedule-3-561802631 .sched-time-value { color: #3f3f3f; } #sched-schedule-3-561802631 .sched-event .sched-event-inner { color: #ffffff; text-align: center; } #sched-schedule-3-561802631 .sched-event.sched-event-invert .sched-event-inner { } /*#sched-schedule-3-561802631 a.sched-event.sched-event-sort-hidden { opacity: 0; }*/ #sched-schedule-3-561802631 .sched-sort .sched-sort-current .sched-sort-current-label { width: 100px; } #sched-schedule-3-561802631 .sched-sort.sched-sort-open .sched-sort-dropdown .sched-sort-current .sched-sort-current-label { width: 180px; } /* * Custom CSS Event Popup */ #sched-schedule-3-561802631-popup .sched-popup-description { } #sched-schedule-3-561802631-popup .sched-popup-description .sched-meta a, #sched-schedule-3-561802631-popup .sched-popup-description .sched-popup-description-text a { color: #18bc9c; } #sched-schedule-3-561802631-popup .sched-popup-description .sched-meta, #sched-schedule-3-561802631-popup .sched-popup-description .sched-popup-description-text { color: #535353; background: #ffffff; } /* * List */ #sched-schedule-3-561802631-list .sched-list-title { color: #3f3f3f; } #sched-schedule-3-561802631-list .sched-list-column-title { color: #3f3f3f; } #sched-schedule-3-561802631-list .sched-list-event { color: #3f3f3f; } #sched-schedule-3-561802631-list .sched-list-event:hover { color: #000; } #sched-schedule-3-561802631-list .sched-list-event-description { color: #666; } #sched-schedule-3-561802631-list .sched-list-event-title { font-weight: bold; ; }

May 9 (Monday)

08:00
09:00
10:00
11:00
12:00
13:00
14:00
15:00
16:00
17:00
May 9 (Monday)
REGISTRATION

Registration of attendees

REGISTRATION
Registration of attendees

Introduction to Capture the Flag
(Kara Nance & Lucas McDaniel)

Location Description Trainer
Training room 1 Capture the Flag (CTF) events are games where participants are awarded points for finding flags (i.e., specific pieces of data) within the environment. This exploration is largely guided by challenges such as gaining access to an account, or finding some hidden information within a service. This gentle introduction to CTF focuses on challenges designed to explore various security concepts without requiring specialized tools. No prior knowledge (or software) is expected or required to participate.  Kara Nance & Lucas McDaniel

TBC
(TBC)

Location Description Trainer
Training room 2 TBC TBC

Automate your exploitation and reverse engineering with SMT
(Cornelius Aschermann)

Location Description Trainer
Training room 3 You want to crack crypto? You want to find vulnerabilities and create exploits? Or do you enjoy working on code obfuscation and de-obfuscation?

With the right tools, this can be like a walk in the park. SMT solvers should be in everybody's toolbox because they can automate your hunt. Readily available solvers can be used very efficiently on a wide variety of problems: analyzing crypto, payload & ROP chain generation, automatic exploit generation, obfuscation & deobfuscation, optimization, triggering certain codepaths, and many more.

This training will be a non-academic, hands-on introduction to SMT solving with a focus on real world exploitation and reverse engineering scenarios. We will be using SMT solvers to crack custom crypto, prove the correctness of deobfuscations and find easy-to-miss signedness bugs in C code. It will give you the knowledge needed to transform common problems into an SMT query that can then be solved by off-the-shelf SMT solvers.

You will need no prior experience with python or SMT solvers.		 Cornelius Aschermann

Introduction to Honeypots or: How I Learned to Stop Worrying and Love My Enemies
(Guillaume Arcas)

Location Description Trainer(s)
 Training room 4 This introductory non-technical 4-hours workshop will present the basics of Honeypot and their history, the different types of honeypots, how to deploy and manage them, the pros and cons of using honeypots, etc. It is intended for technical or non-technical people who want to know everything about honeypots before using its but were afraid to ask. Guillaume Arcas

Lunch

Lunch

Educational Capture the Flag Experience
(Kara Nance and Lucas McDaniel)

Location Description Trainer
Training room 1 This Capture the Flag (CTF) serves as a more technical introduction to common security tools.  Staged in a James Bond-themed environment, participants will be tasked with attacking various SPECTRE services in order to find flags.  Challenges will focus on common tools and techniques to perform network reconnaissance, digital forensics, web application pentests, identify service misconfigurations, and more.  No prior knowledge (or software) is required to participate. Kara Nance & Lucas McDaniel

Malicious PDF analysis with peepdf
(Jose Miguel Esparza)

Location Description Trainer
Training room 2 PDF exploits are still used as attack vector in order to execute code in the victims' computers. They are still included in some Exploit Kits nowadays, but are usually chosen to perform targeted attacks too. This session will show you how to distinguish a malicious PDF file from a harmless one, how to extract and analyze all the relevant elements like Javascript code and shellcodes, and how to automate the analysis using peepdf. Attendees will learn helpful tricks to analyze those documents and they will not get scared by opening a PDF document anymore. Jose Miguel Esparza

None

A look under the hood of the Honeypots CONPOT and SNARE
(Lukas Rist)

Location Description Trainer
Training room 4 Synopsis: The ICS/SCADA honeypot Conpot is used to attract and collect attacks against industrial control systems. We will give in insight into the challenges of developing an industrial honeypot, how we deploy Conpot and how to do proper configuration and extension.

SNARE is a next generation web application honeypot and successor of Glastopf. We introduce what's new and how we emulate thousands of known and unknown web vulnerabilities. While doing so we will write our own honeypot and learn about PHP sandboxing.		 Lukas Rist

May 9 (Monday)
May 9 (Monday)
/* * Custom CSS For Timetable */ #sched-schedule-5-1790534850 .sched-column-header { background: #e8e8e8; color: #3f3f3f; } #sched-schedule-5-1790534850 .sched-column-header:after { background: #ffffff; } #sched-schedule-5-1790534850 .sched-columns .sched-column:last-child .sched-column-header:after { background: #e8e8e8; } #sched-schedule-5-1790534850 .sched-column-bg-block { background: #ffffff; border-color: #e8e8e8; } #sched-schedule-5-1790534850 .sched-column-bg-block:after { background: #f5f5f5; } #sched-schedule-5-1790534850 .sched-row-no-title .sched-column .sched-column-bg { box-shadow: 0 -1px 0 #e8e8e8; } #sched-schedule-5-1790534850 .sched-title { color: #3f3f3f; } #sched-schedule-5-1790534850 .sched-time-value { color: #3f3f3f; } #sched-schedule-5-1790534850 .sched-event .sched-event-inner { color: #ffffff; text-align: center; } #sched-schedule-5-1790534850 .sched-event.sched-event-invert .sched-event-inner { } /*#sched-schedule-5-1790534850 a.sched-event.sched-event-sort-hidden { opacity: 0; }*/ #sched-schedule-5-1790534850 .sched-sort .sched-sort-current .sched-sort-current-label { width: 100px; } #sched-schedule-5-1790534850 .sched-sort.sched-sort-open .sched-sort-dropdown .sched-sort-current .sched-sort-current-label { width: 180px; } /* * Custom CSS Event Popup */ #sched-schedule-5-1790534850-popup .sched-popup-description { } #sched-schedule-5-1790534850-popup .sched-popup-description .sched-meta a, #sched-schedule-5-1790534850-popup .sched-popup-description .sched-popup-description-text a { color: #18bc9c; } #sched-schedule-5-1790534850-popup .sched-popup-description .sched-meta, #sched-schedule-5-1790534850-popup .sched-popup-description .sched-popup-description-text { color: #535353; background: #ffffff; } /* * List */ #sched-schedule-5-1790534850-list .sched-list-title { color: #3f3f3f; } #sched-schedule-5-1790534850-list .sched-list-column-title { color: #3f3f3f; } #sched-schedule-5-1790534850-list .sched-list-event { color: #3f3f3f; } #sched-schedule-5-1790534850-list .sched-list-event:hover { color: #000; } #sched-schedule-5-1790534850-list .sched-list-event-description { color: #666; } #sched-schedule-5-1790534850-list .sched-list-event-title { font-weight: bold; ; }

May 10 (Tuesday)

08:00
09:00
10:00
11:00
12:00
13:00
14:00
15:00
16:00
17:00
May 10 (Tuesday)
REGISTRATION

Introduction to Machine Learning for Malware Classification
(Brian Hay)

Location Description Trainer
Training room 1 This workshop will provide an introduction to malware classification using Python. No prior machine learning knowledge is required, and a brief introduction to Python will be provided for those more familiar with other languages. During the workshop we will begin by building simple classifiers, and work towards a classifier that can be trained to identify live malware samples. Brian Hay

Malicious PDF analysis with peepdf
(Jose Miguel Esparza)

Location Description Trainer
Training room 2 PDF exploits are still used as attack vector in order to execute code in the victims' computers. They are still included in some Exploit Kits nowadays, but are usually chosen to perform targeted attacks too. This session will show you how to distinguish a malicious PDF file from a harmless one, how to extract and analyze all the relevant elements like Javascript code and shellcodes, and how to automate the analysis using peepdf. Attendees will learn helpful tricks to analyze those documents and they will not get scared by opening a PDF document anymore. Jose Miguel Esparza

Network Analysis and Forensics
(Guillaume Arcas)

Location Description Trainer
Training room 3  This tutorial will include the following basic components:
1. Introduction to network analysis & forensics
2. Tools: Wireshark, snort & other open source software
3. Basic Usage 1: How to extract files from PCAPs
4. Basic Usage 2: How to track web surfing from PCAPs
5. Basic Usage 3: How to identify a malware from PCAPs
6. Advanced Usage: Introduction to GSoC plugins
7. Attendees will learn how to use Wireshark and Open Source network analysis tools to quickly find key elements in live or dumped network traffic. Training will be based on real-life situations & PCAPs.		 Guillaume Arcas

Defending Industrial Control Systems (ICS)
(Kevin Owens)

Location Description Trainer
Training room 4 In this workshop, you will learn what an industrial control system (ICS) is, along with the components that make up an ICS. Students will learn about the threats to ICS and what steps can be taken to protect the ICS. At the conclusion of the class, students will have a tabletop exercise, pitting the red team (malicious actors/attackers) against the blue team (defenders). Kevin Owens

Lunch

A look under the hood of the Honeypots CONPOT and SNARE
(Lukas Rist)

Location Description Trainer
Training room 4 Synopsis: The ICS/SCADA honeypot Conpot is used to attract and collect attacks against industrial control systems. We will give in insight into the challenges of developing an industrial honeypot, how we deploy Conpot and how to do proper configuration and extension.

SNARE is a next generation web application honeypot and successor of Glastopf. We introduce what's new and how we emulate thousands of known and unknown web vulnerabilities. While doing so we will write our own honeypot and learn about PHP sandboxing.		 Lukas Rist

Introduction to Memory Analysis
(Golden Richard)

Location Description Trainer
Training room 2 Traditionally, digital forensics was concerned primarily with data stored on non-storage devices, such as hard drives, floppies, thumb drives, etc. Recently, interest in memory forensics has increased, because it allows digital forensics investigators, incident response personnel, and malware analysts to incorporate the analysis of running systems and volatile memory into their investigations. Memory forensics can be used not only to focus traditional storage forensic investigations by helping to pinpoint actionable evidence, but also to substantially expand the scope and quality of an inquiry to include enumeration of both legitimate and hidden processes, network connections, open files, volatile registry contents, clipboard data, cached files, command line history, detection and scrutiny of user and kernel-level malware, recovery of encryption keys, and more. This session provides an introduction to fundamental techniques in memory forensics, concentrating on Windows, Linux, and Mac OS X. The primary tool used in the class is the open source Volatility memory forensics framework. Golden Richard

Educational Capture the Flag Experience
(Kara Nance and Lucas McDaniel)

Location Description Trainer
Training room 3  This Capture the Flag (CTF) serves as a more technical introduction to common security tools.  Staged in a James Bond-themed environment, participants will be tasked with attacking various SPECTRE services in order to find flags.  Challenges will focus on common tools and techniques to perform network reconnaissance, digital forensics, web application pentests, identify service misconfigurations, and more.  No prior knowledge (or software) is required to participate. Kara Nance & Lucas McDaniel

None

May 10 (Tuesday)
May 10 (Tuesday)

© The Honeynet Project