For the third year we are offering paid training the week before the main conference. We have two day three day classes and one two day, the three day classes will be on July 9th, 10th and 11th, the two day class will be on the 10th and 11th.
If you are interested in training, this is how the booking process will work…
This year we are taking a 10% deposit to secure a place. Go to our Eventbrite page, sign up for the training you want and pay the deposit. As the trainers require a minimum number of attendees, we need that number of deposits before we can confirm the class will run. We will be in touch as soon as the class is filled or, at worst, two weeks before, if we have to cancel the class due to lack of attendees.
If you have any questions about this process, please get in touch –
Your ticket to attend a class will also get you entry to the Friday workshops and the conference and party on the Saturday.
Note, we are not VAT registered and so will not be charging VAT on the training.
Days: July 9th, 10th and 11th
This course aims to train an already inquisitive mind on how to operate and simulate real-world threat actors, at various levels of sophistication. Candidates of the course will learn an in-depth methodology and approach, while operating at the standards required for a professional Red Teamer.
The course can be used to train both Red and Blue Teamers in the offensive techniques adopted by various threat actors and build a better understanding on how these techniques are used to bypass defensive measures and breach organizations security around the globe.
Please note this is not a beginners course and is not designed for those who are brand new to penetration testing. It is designed for those currently looking to break into Red Teaming from traditional disciplines.
All candidates must bring their own laptop, capable of both Wi-Fi and Ethernet connections in order to connect to the training lab network. The laptop should have the ability to run two Virtual Machines, preferably on VMWare.
The student must have administrative rights over the laptop in order to install any software that may be required. Laptop Hardware requirements: • 8 GB RAM minimum • Ethernet Adaptor • 50 GB of available HDD space
Days: July 9th, 10th and 11th
This course provides effective knowledge and hands-on experience on basic malware analysis. It introduces current and relevant techniques that will prepare students to become a proficient malware researcher heavily using IDA Pro or Ghidra (for static analysis).
- Introduction to malware
- Windows fundamentals
- Executable file formats (PE)
- Introduction to reverse engineering
- Tools & setting up a reverse engineering lab.
- Brief Introduction to Graph’s theory
- Static Analysis: from C to assembler
- Manual Code reconstruction: from (any) assembler to C
- Static unpacking
- Hands on various malwares.
- Dynamic unpacking
- Manual reconstruction, IDA Python batch automation, VMs, memory dumping and analysis, volatility…
- Final Exercise
- Reverse engineering of a real world malware.
- Knows C
- Knowing some assembly language (x86, ARM, …) is an advantage but is not actually required
- Laptop with Ubuntu installed
- Microsoft Windows as a VM
- IDA (7.0 or higher, commercial version required for IDA Python) for static
and dynamic analysis; Ghidra for static analysis
Days: July 10th and 11th
You’ve decided that your products need better security, and security needs to be considered in the software design. But your team is focused on quick delivery, neglecting any discussion around quality or security.
Threat modelling, a structured methodology for security-based analysis of a complex system, can help identify and prioritise potential threats and attack vectors, and understand the appropriate mitigations. A good threat model is essential for a robust, secure design and architecture, and can support mitigation of all relevant threats.
This interactive Workshop will consist of a series of informational classes, presenting the methodology and techniques in an educational format. This will largely be based on methodologies such as STRIDE-per-element, attack trees, and our own value driven approach for integrating lightweight threat modelling into an agile development workflow.
In between the classes, we will shift to hands-on, collaborative working sessions, wherein we will apply each of the techniques discussed. Eventually we will go through the whole threat modelling process for a selection of features or use cases, for a sample application with modern architecture. Depending on the size of the class, we will also break into smaller working groups.
AviD will facilitate these sessions, with the attendees all actively taking part in the modelling activity. We will rotate through a variety of approaches and techniques, with an open dialogue around the models to evoke insight and learn how to examine our assumptions.
Participants will take turns leading parts of the session under AviD’s guidance, with hands-on creation of different types of diagrams and other artefacts. Participants will also gain experience with a range of formal vs. lightweight approaches, enabling them to select the most appropriate trade-off between depth and agility for each situation.
The course will cover the following topics, combined with both group exercises and hands-on challenges. Practice scenarios will be provided, based on real life systems, for which students will build threat models.
Day 1: Fundamentals and Threats
- Overview – The course will start with explaining the concept of Threat Modelling in general, as well as defining goals – and non-goals – for a successful threat modelling practice. Will also cover “meta” topics like applicability, constraints, and output.
- Modelling Basics – This will cover the basic tools, diagrams (e.g. DFDs), concepts, and different approaches to threat modelling.
- Building Blocks – A common framework for building a threat modelling process, with replaceable modules.
- Application Decomposition – How to diagram a system and dig into the correct details to flesh out the system’s story. We’ll examine several scenarios.
- STRIDE and Other Models – Some illustrative examples of the STRIDE classification framework, as well as alternative models for specific use cases.
- Threat Identification – We will practice applying STRIDE by element for each of the scenarios.
- Risk Rating – This shows different ways to understand the risk level per threat, and apply to those we’ve found. (e.g. OWASP Risk Rating, CWSS, etc)
Day 2: Mitigation and Agile
- Countermeasures – Based on the previously analysed scenarios, the group will define countermeasures for each threat. We will discuss benefits, drawbacks, and alternatives.
- Retrospective – Here we’ll take a look at the models we’ve completed, and analyse them for shortcomings.
- Agile Integration – As an alternative to a full-size STRIDE matrix, we will see various options for lightweight threat models, as well as their constraints, and how to integrate with an agile development process. We will practice expanding user stories for our scenarios, and creating several new ones.
- Full Process – As a culmination of all the techniques that were described during the course, students will be challenged to complete a full threat model for a (small) system, based on the different stages of threat modelling.
- Extras – Depending on how fast the core modules and exercises are completed, some extras can be covered, such as optional tools, alternative methodologies, and additional practice scenarios.