Topic: Digital Investigations Unlocked: Exploring OSINT and Wi-Fi
October 4 (1-day Training)
Abstract: The internet is a vast ocean of information waiting to be explored. This class offers the keys to unlock its secrets through OSINT and Wi-Fi investigations. Learn how to unearth hidden information with browser-based OSINT tools and techniques, database searching, and dorking. Explore the depths of advanced OSINT with Maltego and Linux tools, and navigate the world of Wi-Fi investigations with Wigle, foxhunting, and microcontrollers.
Students will learn:
OSINT investigation fundamentals
Browser-based OSINT investigation tools and techniques Database searching, dorking, extensions
Advanced OSINT with Maltego and Linux tools
Wi-Fi investigations using Wigle, foxhunting, and microcontrollers
Topic: Tactical Wireshark: A Deep Dive into Intrusion Analysis, Malware Incidents, and Extraction of Forensic Evidence
October 3-4 (2-day Training)
Abstract: Take a systematic approach at identifying intrusions that range from the most basic to the most sophisticated, using Wireshark, an open-source protocol analyzer. This training will show you how to effectively manipulate and monitor different conversations and perform statistical analysis of these conversations to identify the IP and TCP information of interest. You’ll be walked through a review of the different methods malware uses, from inception through the spread across and compromise of a network of machines. The process from the initial “click” through intrusion, the characteristics of
Command and Control (C2), and the different types of lateral movement will be detailed at the packet level. Finally, you’ll explore the network capture file and identification of data for a potential forensics’ extraction, including inherent capabilities for the extraction of objects such as file data and other
corresponding components in support of a forensics investigation.
Students will learn:
complete understanding of the process of carving files from raw PCAP data within the Wireshark tool
Use Wireshark to identify intrusions into a network
Exercise methods to uncover network data even when it is in encrypted form
Analyze malware Command and Control (C2) communications and identify IOCs
Extract data in a forensically sound manner to support investigations
Leverage capture file statistics to reconstruct network events
Abstract: In the hacking world, physical access is king. Organizations spend millions of dollars to keep their assets safe with physical access controls, but these are not without flaw. This course is designed to help you assess, strategize, and navigate your way through the complex world of physical access controls from small to large enterprise organizations. Many organizations rely on a group of people, apart from Infosec, to make decisions about how to restrict access to facilities, assets, and critical operations. Unfortunately, the process for evaluating technology that is implemented at the door is often very different than how Infosec selects vendors, and the criteria for doing so it far less regulated. Electronic physical access technology is highly proprietary, and as a result, the technology functions quite differently than what Infosec professionals are used to, leaving many questions or blind spots in the security coverage.
This course is all about understanding physical security from a holistic view and methods to defeat many popular access controls. In your journey to the controlled area, you need to access and defeat various hardware locks, access card readers, security sensors, and often the access cards—all of which we will
cover and perform hands-on exercises. We will also discuss and demonstrate how blended technical and social engineering attacks can be utilized in defeating access controls. Laptops are not required for this course. Attendees will rotate through various “stations” with pre-configured equipment and tools to gain hands-on experience and sharpen their skills.
Topic: Red Team meets Blue Team – Understanding the Attack and How to Prevent It
October 3-4 (2-day Training)
Abstract: During this demo filled workshop, we will be looking at common attacks from the perspective of the attacker and the defender. We will focus on common attacker behaviors as part of a breach lifecycle and better understand how to detect and deter these attacks. By leveraging the behaviors of attackers, and understanding their methods through demos, you will learn how they apply their tradecraft against organizations and be able to use that insight to anticipate their moves and better defend your crown jewels. This workshop will focus on areas to include:
Open-Source Intelligence (OSINT), reconnaissance and enumeration
Phishing and social engineering attacks including bypassing key controls such as MFA
Password spraying and credential stuffing
Assessing and bypassing Multi-Factor Authentication (MFA)
Command & Control (C2) for privileged internal access
This workshop will leverage the MITRE ATT&CK framework and discuss real world case-studies as well as hands-on labs, providing students with an opportunity to use common attack tools and understand how to implement countermeasures. Students will be able to take the skills and hands-on experience gained in the course back to their organization and apply them immediately.
This workshop is designed for IT and Cybersecurity professionals or anyone wanting to get their foot in the door. The workshop will cover a broad range of topics quickly, starting from the basics to ensure attendees are setup for success.
Bringing a computer is NOT required, however a dedicated Kali Linux laptop or virtual machine is recommended to follow-along during the demos.