Class Format: Speaker will be on video and audio, as well as chatting(texting) in Discord. You will only be able to ask questions in Discord (not via voice to the speaker) So you must signup for Discord - and join the GRAYHAT Discord Server [https://discord.gg/grayhat and the Hands-on-labs channel during the training time.Hacking in the Kill-ChainThis....
IR-1044 Incident Response and the ATT&CK MatrixAccess to this live class is done via Zoomhttps://zoom.us/j/4108472927password of "student1"
Fuzzing with AFLThis workshop will teach you how to discover vulnerabilities using the iconic American Fuzzy Lop. AFL revolutionized the fuzzing world and is the go-to fuzzer for many professionals, including those at Google's Project Zero.You will learn when fuzzing is appropriate, how to select and set up various types of target, and how to....
Discover the CyberPatriot OrganizationThe Airforce Association is a 501(c)3 Non-Profit Organization Focused on:"Educating the American Public advocating for strong national security and supporting military members and their families.STEM Education is todays National Security Impartive.
Class Format: Speaker will be on video and audio, as well as chatting(texting) in Discord. You will only be able to ask questions in Discord (not via voice to the speaker) So you must signup for Discord - and join the GRAYHAT Discord Server [https://discord.gg/grayhat and the Hands-on-labs channel during the training time. Speakers: Hakan Nohre....
The Cyber Defense Clinic (CDC) is an 8 years in the making, its a unique hands-on attack and defend experience that teaches WHY you need security solutions. The CDC platform utilizes integrations with key tools including Cisco, Splunk, Rapid7, Radware, and IBM. All modules use real data and real attack and defend techniques!Important Pre-Lab Day....
Violent Python shows you how to move from a theoretical understanding of offensive computing concepts to a practical implementation. Instead of relying on another attacker’s tools, this class will teach you to forge your own weapons using the Python programming language. Demonstrate how to write Python scripts to automate large-scale network attacks, extract metadata, and....
In this two hour hands-on workshop you will play the role of both the red team and the blue team. We have set up an isolated environment for each attendee to go through a Purple Team Exercise. Attendees will be able to create adversary emulation campaigns with SCYTHE and run them in a small environment....
What threats do we need to take into account when building a system? A key method for answering this question is an approach called threat modeling. The cybersecurity landscape and threats are ever-changing and that there is a need for modeling, diagramming various threats and impacts to prepare for unique types of threats. Most of....
In this workshop you will be introduced to a vulnerable website which has already been compromised. It will be your job to find the flaws, figure out the path of exploitation and fix the issues before the adversary comes back to pillage more PII. Join as an individual or a team and beat the clock,....
Offensive Embedded Exploitation: Getting your hands dirty with IoT/Devices Class Format: Speaker will be on video and audio, as well as chatting(texting) in Discord. You will only be able to ask questions in Discord (not via voice to the speaker) So you must signup for discord - and join the Red Team Village Discord Server, and....
Open Source Threat Hunting: Achieving Big Impact at Low Cost “hunting at scale with open source tools.” Demonstrate and go hands on with how to start hunting and how to leverage free and open source tools to threat hunt on your own data. We will walk you through the most common and effective tools and....
From Building your own Layer 3 lab with virtual switches and routers, to exploiting and pivoting to own the entire network.
Title: Building Secure ContainersAbstract: Building containers is the foundation for many different types of application deployment. Whether you are deploying open-source software and services or writing your own applications, the environments today start with containers. However, containers were never designed for security, that will be up to you. So many configurations leave exposures for the....
Introduction to Car Hacking. The Basics and the ModsOBD-II - Port AccessVAG-COM Diagnostic Systems *(VCDS)CAN Gateway and Applications
This 4-hour lab will help the attendees to increase their understanding of the Attack Kill Chain by letting them assume the role of the attacker. The lab will cover - the initial compromise of a client through spear phishing and exploiting a client side vulnerability - escalating the privileges on the compromised client - using....
This 4-hour lab will help the attendees to increase their understanding of the Attack Kill Chain by letting them assume the role of the attacker. The lab will cover - the initial compromise of a client through spear phishing and exploiting a client side vulnerability - escalating the privileges on the compromised client - using....
Practical Malware Analysis
Hands-On Introduction to Exploit Development This course will provide a hands-on foundation in discovering and exploiting memory corruption issues. Complex memory corruption issues are discovered in software by security researchers regularly, resulting in bug bounties and exploit sales. In this workshop we will discuss how memory corruption works and gain some experience using the tools....
Adversarial Emulation using Splunk Attack Range - Local DeploymentThe Splunk Security Research Team has been working on new improvements and additions to the Splunk Attack Range, a tool that allows security researchers and analysts to quickly deploy environments locally and in the cloud in order to replicate attacks based on attack simulation engines. This deployment attempts to....
Class Format: Speaker will be on video and audio, as well as chatting(texting) in Discord. You will only be able to ask questions in Discord (not via voice to the speaker) So you must signup for discord - and join the Red Team Village Discord Server, and the Hands-on-labs channel during the training time. Speaker: Jeff....
Advanced Exploiting Layer 3 Takes your skills of building the layer 3 lab to the next level, here you will learn how to exploit various devices in your lab, including figuring out what a device is by scans and mapping, creating a attack plan and pivoting.
Presentation Information------------------------Presentation Title: Attacking Networks with pCraftThere are a lot of tools to create and run attacks, from a simple Python script, to running Metasploit. This training is not for these tools, instead, it will focus on the Network portion of how attacks work using a tool I have written called Pcraft. We create scenarios....
DescriptionThe Cyber Defense Clinic (CDC) is an 8 years in the making, its a unique hands-on attack and defend experience that teaches WHY you need security solutions. The CDC platform utilizes integrations with key tools including Cisco, Splunk, Rapid7, Radware, and IBM. All modules use real data and real attack and defend techniques!Important Pre-Lab Day....
Class Format: Speaker will be on video and audio, as well as chatting(texting) in Discord. You will only be able to ask questions in Discord (not via voice to the speaker) So you must signup for Discord - and join the GRAYHAT Discord Server [https://discord.gg/grayhat and the Hands-on-labs channel during the training time.Speakers: Hakan NohreFour-Hour LabPresentation....
Training Title: Fuzzing and finding vulnerabilities with WinAFL/AFL Brief Details: Many people are interested in finding vulnerabilities but don't know where to start. This workshop is aimed at solving this problem. At first we will cover different types of vulnerabilities like Buffer overflow, heap overflow, integer overflow, Use After Free. We will than discuss what....
Exploit Development
(AB) Abusing DNS for Risk ReductionA Defensive look at DNSMalicious activity on the Internet routinely threatens and affects domain name registrants and end-users by leveraging vulnerabilities and features of all aspects of the Internet and DNS ecosystems (protocols, computer systems, domain registration processes, users, etc). When at scale, some of these nefarious activities may threaten....
Pentesting or ethical hacking as it is more commonly known has become a much sought-after job by people in IT, InfoSec, or those just trying to get into the industry. In this presentation, Phillip Wylie shares the blueprint for becoming a pentester. The presentation combines Phillip’s experience as a pentester and ethical hacking instructor to....
An intermediate talk for folks that have heard what app whitelisting bypasses are, but haven't used them yet. We will cover the basics, do a number of walk throughs (including files they can use to test awl bypasses after the talk), and real-life examples of how I use them on red team assessments. Students will....
Foundation - Discuss the foundational perquisite knowledge needed to become a pentester. Discuss the IT basic skills such as operating systems, networking and security needed to be a pentester.Hacking skills – Discuss developing hacking skills and the hacker mindset.Build your Pentest Lab
An intermediate talk for folks that have heard what app whitelisting bypasses are, but haven't used them yet. We will cover the basics, do a number of walk throughs (including files they can use to test awl bypasses after the talk), and real-life examples of how I use them on red team assessments. Students will....