Speakers | SAINTCON 2019

Content Lineup

The following content has been confirmed but is not yet scheduled.


By: Waylon Grange  Professor Plum

YARA is a free and open source pattern matching tool for hunting threats, malware, or other specific patterns in files. It is used by a large majority of security vendors and is baked into many security products. This course takes the beginner from writing their first YARA rule to hunting and categorizing target malware families. We'll discuss what makes a weak signature vs what makes a great signature that can find new threat variants even before your security products do. We'll also show where you can already start using YARA rules, including open source and commercial products that have YARA builtin. If you're new to YARA and want to step up your threat hunting this course is for you!

By: Sam Bowne  

Learn how to take control of Windows and Linux servers running vulnerable software, in a hands-on CTF-style workshop. We begin with easy command injections and SQL injections, and proceed through binary exploits including buffer overflows on the stack and the heap, format string vulnerabilities, and race conditions. After this workshop, you will understand how memory is used by software, and why computers are so easily tricked into executing bytes as code that entered the system as data. Previous experience with C and assembly language is helpful but not required. Participants will need a laptop with VMware, or a credit card and a few dollars to rent cloud servers.

By: Sam Bowne  

Practice red and blue team skills in this fun, CTF-style workshop. Attendees will configure free Linux servers in the Google cloud to detect intrusions using Suricata, log files, and Splunk, and attack them with a Linux cloud server using Metasploit, Ruby, and Python scripts. They will also use Splunk to analyze ransomware and brute-force attacks and perform attribution, using archived event data from a realistic multi-server Windows corporate domain. All workshop materials are freely available on the Web, and will remain available after the workshop. All required software and cloud resources are free to use.

By: Jim Shakespear  jshakespear

Training Part 1: Students will participate in a dedicated Active Directory network to penetrate the domain. During this session, students will use red team tools like Mimikatz and Bloodhound, techniques such as Kerberoast and DCSync, and go through the steps of a penetration assessment. All tools will be run through a Windows VM. To wrap up the assessment, students will help report on issues found in the environment that can be addressed in part 2. Students will need a basic background in Windows and network infrastructure as well as some command-line experience (both cmd and PowerShell). Please bring a laptop with a hypervisor installed and capable of running a Windows 10 VM. It is preferred if you have a base Windows VM already installed that can be joined to the Active Directory environment during the training. Please visit https://www.microsoft.com/en-us/evalcenter/evaluate-windows-10-enterprise to download an evaluation copy of Windows 10, if needed.

By: Jim Shakespear  jshakespear

Training Part 2: Students will participate in a dedicated Active Directory network that has undergone a recent penetration assessment. Based on the results of the assessment, students will implement improvements to the Active Directory domain and test if their actions improve their domain security. Most improvements will be deployed using Group Policy. Some additional tools for assessing/improving security of the domain will include PingCastle and Sysmon. Part of the training will include organizing a separation of privileged accounts and enforcing those accounts as well as setting up a Windows Event Forwarding server and creating alerts for domain events to review. Students will use the Windows 10 VM from part 1 of the training to test our remediation actions. For additional students not attending part 1, most information covered can be easily observed.

By: Aelon Porat  

Learn AWS security design principles and explore its intrusion prevention and detection capabilities in this hands-on training. We'll work from a vulnerable AWS configuration and simulate various attacks on our infrastructure. We'll review and close the holes that allowed these attacks to take place and see how we can identify similar attempts in the future. This workshop assumes hands-on AWS experience (S3, RDS, EC2, etc.) but requires no prior knowledge about its security features. Please complete this short prerequisite list before attending: tiny.cc/aws-intro-security-saintc

By: Aelon Porat  

Join us for a highly interactive AWS workshop. Set up an organization and create a highly-available network in a Virtual Private Cloud (VPC) along with subnets and EC2 servers. Establish access rules and gateways, and expand your network to take advantage of serverless services such as database and storage. Leverage elasticity features to scale the infrastructure up and down, and automatically fail-over as we deliberately overload and kill parts of it. Learn about cost management and create billing alerts to limit unexpected charges. To comply with security requirements, we'll enable various AWS preventative and detective controls. This workshop is recommended for those with no prior AWS experience. A familiarity with basic network concepts is highly recommended. Please complete this short prerequisite list before attending: tiny.cc/aws-intro-saintcon

By: Clint Sorensen  sorefoot

In the heat of a crisis, every keystroke counts and indecision could cost your organization millions of dollars. Threat Hunting Workshop to develop your skills and test your abilities. At the end of the workshop you will be armed with knowledge and hands-on experience in hunting down threats and defending networks against advanced adversaries.

By: Michael Fischer  Fisch

A lab based introduction to Python. Roughly 50/50 lab to lecture ratio. Might be able to structure in a 1-2 hour workshops to allow people to jump in where they are interested.

By: Michael Fischer  Fisch

A lab based introduction to Python. Roughly 50/50 lab to lecture ratio. Might be able to structure in a 1-2 hour workshops to allow people to jump in where they are interested.

By: Kevin Lustic  

Nobody appreciates a good server anymore! Today's developers are increasingly likely to take advantage of the services offered by the myriad public cloud vendors. And it's no wonder; they can focus on their code rather than maintaining and scaling the environment it runs on. While these modern conveniences make offloading risk easy, though, it can be easy to forget that you're still writing code, and responsible for application security! Join me on a quest to understand the OWASP Top Ten list as it applies to serverless (FaaS) environments. Attendees can expect to: - Learn the OWASP Top Ten concepts - Understand those vulnerabilities within the context of AWS Lambda - Learn ways to prevent such vulnerabilities

By: Matt Lorimer  zodiak

Come learn the basics of red teaming and get a jump on the SAINTCON labs. After getting everyone connected into the SAINTCON lab environment, and a basic overview of pen testing and some of the necessary tools, we will dive into the labs. After some enumeration we will pwn a fully patched Windows 10 device to get an initial foothold into one of the environment. This is a great chance to get a solid base and an understanding of how to be successful in SAINTCON labs, CTFs, war games, and more.

By: Seth Law and Justin Larson  

More and more applications these days rely heavily on using web services to deliver content to users. Breaking modern web applications requires an understanding of how these services work. In this course we will review exploits, vulnerabilities, tools and techniques that can be used to break these services. This course provides students with knowledge of these common vulnerabilities while using open source tools and professional techniques used to perform web application penetration tests. Students will be introduced to open source tools including Burp Suite, SQLmap and others, when they should be used, and taught to use these tools to complement a tester's expertise. Most importantly, this course will teach students how to use this knowledge to perform tests on web services. Vulnerabilities: SQLi, Broken Access Control, IDOR, Data Exposure, Resource Exhaustion, Data Enumeration

By: Kyle Feuz  kfeuz

Have you heard your friends or colleagues talk about "sniffing" network traffic? Do you want to know if that new "smart"-X device is actually just a way for companies to "steal" more of your private information. Find out what is really happening on your networks with this introduction to Wireshark, one of the most popular tools used in industry for network analysis. No prior knowledge is necessary. We will start with a brief introduction to Wireshark, its capabilities and uses. Next, we will discuss where and how to monitor your network with Wireshark and what factors affect those decisions. At this point we are now ready to start applying capture filters, display filters, and custom colorization rules to highlight the information we are interested in seeing. We will focus on understanding several popular network protocols including ARP, IP, ICMP, TCP, UDP, HTTP and others. We will also take a look at recently disclosed vulnerability such as the DNS rebinding attacks targeting Roku, Google Home and other devices. The entire workshop will be very hands on with many different sample captures to work from as we identify both normal and abnormal traffic. We will not be doing any live captures.

By: SJ  sj

Revisiting https://github.com/icareaboutprivacy/privacy_alive_and_kicking with new content.