Trainings available for Security Fest 2018!

This year we will be holding training sessions the day before the actual conference. The venue is the same, but trainings are held in smaller rooms, limited to 10 attendees per training session. The trainings are estimated to be 6 hours long with one hour set aside for lunch.

IoT Firmware Exploitation and Attack Countermeasures with Aaron Guzman 

The IoT Firmware Exploitation and Attack Countermeasures training is designed to provide techniques for testing of embedded IoT systems, employing proactive controls, embedded application security best practices, and address the challenges of building security into embedded devices. This course is suited for embedded systems engineers, software developers, and security professionals. Hands on demonstrations and labs will be given throughout the course. Upon completion of the course, trainees will learn the following:

– How to identify vulnerabilities in embedded devices
– Understand the embedded security testing methodology, techniques, and tools
– Firmware reverse engineering, emulation, and binary exploitation
– How to backdoor firmware for MIPs and ARM architectures
– Understand embedded system design constraints that pose security risks
– Learn defensive practices to protect embedded applications
– Identify and apply best practices, as well as techniques for integrating security into the software development lifecycle
– Understand IoT botnet exploitation techniques that impact critical infrastructures and how to apply appropriate mitigating controls for product security teams

Bio: Aaron Guzman is a Security Consultant from the Los Angeles area with expertise in web app security, mobile app security, and embedded security. Mr. Guzman has spoke at several word-wide conferences which include: DEF CON, AppSec EU, AppSec USA, HackFest, Security Fest, HackMiami, 44Con, AusCERT as well as several regional BSides events. Furthermore, Aaron is a Chapter leader for the Open Web Application Security Project (OWASP) Los Angeles, Cloud Security Alliance SoCal (CSA SoCal), a Technical Editor, and author of “IoT Pentesting CookBook” with Packt Publishing. He has contributed to many IoT security guidance publications from CSA, OWASP, Prpl, and several others. Aaron leads the OWASP Embedded Application Security project; providing practical guidance to address the most common firmware security bugs to the embedded and IoT community. Follow Aaron’s latest research on Twitter at @scriptingxss


Course Prerequisites:
– Familiarity with a Linux operating system
– Admin Rights to Computer….If you do not have install rights no problem as we will work in pairs for the labs.

Hardware:
– At least 25 GB of free space
– Laptop with a minimum of 4 GB RAM
– USB access allowed

Software:
– Virtualization software installed (VMWare and/or VirtualBox)

PRICE: 10 000 SEK inc VAT (includes entrance for the main conference)

 

Using DNS to your advantage with Irena Damsky

DNS is the one of the basic layers that holds the Internet together. Without it, not much else works… even malware. This six-hour workshop is focused on how to use DNS to the advantage of defending networks. With good techniques it is possible to find a great deal of misuse based on DNS such as DGAs, fast/double flux networks, phishing, and brand impersonation. Tools like passive DNS, whois, and active probing allow defenders to proactively search for malicious indicators before they are operationalized so defenders can get ahead of the attack cycle.

* Gathering data using DNS
* WHOIS
* Passive DNS (pDNS)
* Research topics
* And more!

Bio: @DamskyIrena (as you might have seen her on Twitter) is a freelance Israeli security and intelligence researcher with a disturbing affection to cats and unicorns. In the past she was the VP Research for ThreatSTOP, used to work for Check Point, reached a rank of Captain (now in reserve) in the Israeli Defense forces and even managed to earn both an Bsc and Msc in computer science.

PRICE: 10 000 SEK inc VAT (includes entrance for the main conference)

 

More information about Security Fest

Please sign up now to recieve information as soon as it becomes available.