I was hoping to do these descriptions in the Eventbrite ticket system but it didn’t work out so here is the description of the four workshops we will be putting on on Friday 15th. If you want more information get in touch and we will answer if we can or will put you in touch with the presenter.
These workshops are free but to come along you must have a ticket to the main event, we will be checking tickets when they are “bought” and on the door and we will turn people away if we need to. Below are the times of the workshop:
|1-2 pm||2-3 pm||3-4 pm||4-5 pm|
|Advanced Malware Unpacking (This is a full 4hr Slot)|
|Exploring & Exploiting Video Game Security (2hrs)||Exploring & Exploiting Video Game Security (2hrs)|
|Posh C2 (1hr)||Posh C2 (1hr)||Lock smithing – MadBob (2hrs)|
Kyriakos Economou – Advanced Malware Unpacking
1pm to 5pm
One of the biggest challenges that malware analysts need to face are custom packing techniques used in modern malware. A simple solution to that problem is taking memory dumps of the involved processes. However, this usually results into obtaining malformed PE files that can only be analysed statically. This limitation combined with obfuscation, and self-modifying code can become extremely frustrating. This course aims to provide the necessary knowledge to the malware analysts to manually unpack and isolate working PE files that can be analysed both dynamically and statically. Forget about UPX and similar things you have been seeing around for years. This is a highly technical course that aims to push some tools and your knowledge about the PE file format and some Windows internals concepts to their limits.
The aim of this workshop is to help professional malware analysts and in general people involved in malware analysis during IR engagements. This workshop will and should be highly interactive. You are welcome to bring your own Windows based malware analysis VMs (I will be using Win7 x86) and use your preferred tools at will. We will be working with real malware samples, so it is implied that if you take part in this workshop you know what you are doing.
The plan is to share some samples with the attendees, let them work on each one of them for a few minutes (around 20 mins), and then go through them together regarding the unpacking process. Having said that, knowing how to use a debugger is necessary. We will be using OllyDbg v1.10 and a few other tools that will be provided to the attendees. People with no experience in this area are welcome, but in that case they will benefit more from shadowing others.
Elliot Ward – Exploring & Exploiting Video Game Security
1pm to 5pm
This presentation will look at the current state of security within the video game industry while focusing on the unique challenges which the industry faces. It aims to give an overview of the current security issues and provide a basis for attendees to begin having fun hacking games.
It will start by providing some background surrounding the various threat actors and their motivations, followed by a summary of some specific security concerns with a primary focus on cheating in online multiplayer games such as MMORPGs and online gambling platforms. Once an overview of concerns has been presented the talk will focus on common cheats or ‘hacks’ such as:
- Item Duplication
- Speed hacks
- And more!
Including live demos utilising both client and server side attacks to facilitate these goals. Some examples of the techniques covered will include:
- DLL Injection
- Memory Manipulation
- And more!
Finally we will take a look at the strengths and weaknesses of some defensive techniques and technologies which are currently being used to thwart cheaters and analyse their potential use within business software to improve overall software security.
Madbob‘s Re-Keying Workshop
3pm to 5pm
Test your skills at re-pinning.
Take a more in-depth look at how pin tumbler locks work, by stripping and re-keying them.
Ben Turner and Dave “Granddad” Hardy – Red Teaming with PoSH C2
1pm to 3pm
Nettitude are releasing their own PowerShell C2 (PoshC2) in time for Steelcon. This workshop is aimed to help people get setup and start attacking client devices ready for their next red teaming engagement or social engineering test. This tool is not only written for red teamer’s but can be used in almost all forms of internal penetration testing too. The key areas that we will focus on are as follows:
- PoshC2 Installation
- Gaining an Initial Foothold
- Persistence and Situational Awareness
- Privilege Escalation Techniques
- Lateral Movement
- Acting on Objectives and Data Exfiltration
The only thing you are required to bring is an up-to-date version of Windows 10 or Windows 7 to run the lab from. Nettitude will have the lab environment setup via either WiFi or Ethernet. It is worth noting you don’t have to be a PowerShell wizard to benefit from this workshop as its very leading. Hopefully PoshC2 is written in such a way to help people who are new to PowerShell and red teaming but also strongly benefits the advanced red teamer with lateral movement capabilities and fully proxy aware payloads.