Loading…

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Training 6 Hours - AppSec Village [clear filter]
Sunday, November 22
 

09:00 WIB

CyberWarOps Training: Red and Blue Team Joint Operations
Adversaries are rapidly adapting the convoluted offensive techniques that are focused to circumvent the defense mechanism in order to accomplish their motive on the attack surface. Whereas most of the organization are not pretty much aware of the techniques used by the threat actor to accomplish their motive which leaves the defensive mechanism of the organization in a very fragile position. The fragility of the defense makes it easier for the threat actors to break or bypass the security boundaries of the organization which leads to harsh consequences. To avoid these consequences, the organization adopts the concept of depicting the art of the threat actors on the attack surface to know the security loopholes before the attacker exploit it to accomplish its motive. This particular exercise of depicting the nature of threat actor on the attack surface is known as Red Teaming.
"CyberWarFare: Red and Blue Team Joint Operations" aims to provide the trainees with the insights of the offensive techniques used by the red team and defensive techniques employed by the blue teams in an enterprise.
From Red Team perspective, trainee will not only understand the advanced Real World Cyber Attacks but also simulate Tactics, Techniques and Procedures (TTP's) widely used by APT groups.
However, from Blue Team perspective, trainee will understand how to Monitor, Detect, Analyse and then Respond against the real-time attacks performed by red team.
Paper Link: http://bit.ly/CWF_OID

Speakers
avatar for Yash Bharadwaj

Yash Bharadwaj

Red Team Security Researcher @cybewarfarelabs, CyberWarFare Labs
Yash Bharadwaj is currently working as Red Team Security Researcher at CyberWarFare Labs [https://cyberwarfare.live]. He is highly attentive towards finding, learning and discovering new TTP’s used during offensive engagements. His area of interest includes (but not limited to... Read More →
avatar for Manish Gupta

Manish Gupta

Red Team Security Researcher, Citrix
Manish Gupta is a Red Team Security Engineer at Citrix in India. Where he specializes in Offensive Security and Red Teaming Activities on enterprise Environment. A part-time Bug Bounty Hunter and CTF Player. His Research interest includes Real World Cyber Attack Simulation and Advanced... Read More →


Sunday November 22, 2020 09:00 - 17:00 WIB

09:00 WIB

Kubernetes Overview and exploitation
Introduction:
This attacker focused, hands-on training will set you on the path to understanding common vulnerabilities in containerized environments (Docker) and get familiar with Kubernetes clusters
It will help you to learn the approach to follow and the process for testing and auditing containers and Kubernetes clusters
By the end of the training participants will able to identify and exploit applications running on containers inside Kubernetes clusters with a hands-on approach

Abstract:
An organization using microservices or any other distributed architecture rely heavily on containers and container orchestration engines like Kubernetes and as such its infrastructure security is paramount to its business operations.
This session will set the base for security testers and DevOps teams to test for common security vulnerabilities and configuration weaknesses across containerized environments and distributed systems. It also helps to understand - the approach and process to audit the Kubernetes environment for security posture.
The courseware is meant to introduce participants to container and cluster management with Kubernetes. The focus is on the security aspects of the application and the container infrastructure. The participants will learn the common tools and techniques that are used to attack applications running in containerized environments.
The participants will be introduced to Kubernetes and learn to assess the attack surfaces applicable for a given application on the cluster
The participants will learn how to audit for security based on best practices using tools and custom scripts

As part of the course delivery, the trainer will share examples of real-world security issues found in penetration
testing engagements to showcase the mapping of the concepts with what usually happens in the real world.

Hardware Requirements
At least 8 GB of RAM, 10GB of Diskspace free on the system
The laptop should support hardware-based virtualization
If your laptop can run a 64-bit virtual machine in Oracle VirtualBox it should work
Network Connectivity

Prerequisites
Basic knowledge of using the Linux command line
System administration basics like servers, applications configuration, and deployment
Familiarity with container environments like Docker and distributed systems would be useful

Take-Aways
Complete hands-on training with a practical approach and real-world scenarios
Presentation and a PDF created for the training session
Resources and references for further learning and practice

Speakers
avatar for Mihir Shah

Mihir Shah

Consultant, Awake Security
Mihir Shah currently works as a threat researcher for Awake Security and is an Industry mentor for Stanford University, he also works as a security Advisory personnel for multiple companies. He has been a prior speaker and trainer at conferences like OWASP Seasides, Kubernetes Day... Read More →


Sunday November 22, 2020 09:00 - 17:00 WIB

09:30 WIB

Building Scalable Labs for Offensive and Defensive Security Scenarios
Numerous cybersecurity and penetration testing tools and techniques have the potential to damage or destroy the target system or the underlying network. In addition, if malware is used in testing, there is the potential for infection and spread if testing in an Internet-connected testbed. This class will teach how to build your own virtualized, physical, or cloud-based environment to practice your skills in a safe ecosystem. You will learn what you need to create a lab for offensive and defensive cybersecurity concepts. You will also learn and obtain access to numerous tools that you can use to practice your skills, from virtual machines (VMs), Docker containers, and intentionally vulnerable systems.
You will learn how you can leverage tools like Virtual Box, VMWare Workstation/Fusion, ESXi, Proxmox, or even OpenStack to build your own cyber range. In addition, you will also learn how to use tools like Vagrant and Ansible to automate a lot of tasks. Vagrant files and Ansible playbooks will be shared during the class for you to build complex lab environments within minutes. You will also learn how to create environments in cloud services such as AWS, Azure, Google Cloud, and Digital Ocean.
This course is designed for anyone preparing for a certification like Certified Ethical Hacker (CEH), CompTIA PenTest+, CEH Practical, Offensive Security Certified Professional (OSCP), Cisco CCIE Security, CCNP Security. It is also designed to help those just learning how to perform penetration testing (ethical hacking), exploit development, or reverse engineer malware.
This live and interactive training is designed to help you get started building different lab environments to practice cybersecurity skills. This training is important for any individuals preparing for cybersecurity certifications or that are just passionate about learning new hands-on skills.

Speakers
avatar for Omar Santos

Omar Santos

Principal Engineer, Cisco
Omar Santos is an active member of the security community, where he leads several industry-wide initiatives and standard bodies. Omar is the author of over 20 books and video courses. Omar is a Principal Engineer of Cisco’s Product Security Incident Response Team (PSIRT) where he... Read More →


Sunday November 22, 2020 09:30 - 16:00 WIB