Workshops
Here is a list of our 2022 workshops. Workshops are on Friday 22nd July, to attend you will need a main event ticket and a (free) workshop ticket, this helps us to cap numbers as places are limited. Tickets will be released at 9 am on Friday 27th May.
You will need your original ticket number, that came on the mail from Tito and is in the format XXXX-X. Speakers, crew, sponsors, please put your name or organisation in the box and we can validate you later.
https://ti.to/steelcon/steelcon-2022/
Azure Red Team Attack and Detect Workshop
2 hours – 10 am – 12 pm
This workshop will be split into 3 sections:
- Quick Intro presentation – This will include introductions, drivers/motivation for the lab, cyber kill-chain in Azure, detection and alerting capabilities in Azure.
- Attack range lab – Objective-based attack simulation in a lab environment with 2 x Azure Kill-Chain paths. The attendees will work in teams (or solo) to simulate a Red Team exercise through the obstacles and challenges in the lab. This will be a hands-on, interactive session, with Q&A, hints and tips for attack vectors / detection opportunities in Azure environments.
- Detection / alerts engineering – Quick walk-through of creating detection rules in Azure and triggering alerts.
Prerequisites for attendees:
- Administrative rights on a laptop / VM in order to install any software that may be needed
As Cloud based assets and resources become more targeted by Threat Actors and increasingly used by organisations, offensive teams need to be able to simulate those attacks in a safe environment. This workshop will include hands-on challenges to simulate objective-based chain of attack vectors and to learn more about possible Azure detection and alert rules engineering.
Introduction to GEOINT
2 hours – 1 pm – 3 pm
GEOINT is a component of OSINT where a physical location is discovered from clues in media, from still photographs to videos and even sound. The practice requires a selection of skills and knowledge about resources which may be as diverse as power grids, architecture and physics. A successful identification of a location may seem to be almost magical and, at the same time, scary.
This workshop is designed to be fully interactive. It will demonstrate the art of locating through examples and practice. Common search engines and Internet resources will be used to aid in this.
Requirements:
Although several practice images will be provided which can be worked through during the workshop, it would aid if all the attendees could choose at least one photo or video that other attendees can attempt to locate. On the side of fairness, try and choose a video with something interesting and one that won’t dox the attendee, family or friends if it is located. Although a phone can be used for a lot of the searches; as a lot of zooming into pixelated images will happen, it is strongly recommended that all attendees can have access to a laptop or other screen during the workshop.
Network Noob to Ninja
4 hours – 10 am – 3 pm with an hour for lunch (not provided)
The purpose of this workshop is to provide the knowledge and skills to get over the initial learning hump to enable and encourage further learning about networking, including securing networks. These techniques can be used on either a home or production network.
This workshop is aimed at students, SysAdmins and anyone without a network background interested in learning more about networking; after all, networks are the only element that is present in every IT environment globally, regardless of industry, location, size, on-prem, hybrid or cloud.
In this workshop, attendees will learn:
- A working understanding of the OSI model, what each layer does and the considerations for design, security and monitoring should be taken for each of them.
- Techniques and the theory behind network defences to reduce the effect of security events, increase their ability to detect issues and protect against common attack methods, such as reconnaissance and lateral movement.
- A basic understanding to use tools such a Scapy to craft packets and Wireshark (via a lab) to be able to test their network security measures are effective.
Requirements – Laptop with working Scapy. Either running in native Linux or in a VM. It works well in Kali if you need to set it up.
Offensive .NET Reversing
3 hours – 10 am – 1 pm
This workshop is designed to complement the workshop below by Soroush.
.NET Reverse engineering for vulnerability researchers, how to map the attack surface, interesting areas of focus, tools of the trade for offensive RE.
Finding, Abusing, and Exploiting Deserialization Flaws in .NET Framework
3 hours – 2 pm – 5 pm
The workshop above is recommended as a partner to this one.
This short workshop reviews what has been done so far in the world of .NET deserialization and exploitation methods. Then tools created to find and exploit deserialization issues in .NET will be discussed including YSoSerial.Net. Then a manual methodology to identify flaws and to rule out false positives will be introduced. If time allows, we may even be able to jump into extending YSoSerial.Net by means of writing new gadgets and plugins as well.
As real-world examples will be used during this workshop, it is suitable for people familiar with the .NET language and .NET reversing. It is therefore recommended to attend the .NET reversing workshop by @SinSinology and I which should be before this workshop.