Want to see some super cool, fantastic awesome workshops??
Us too but this is all we could find!!
Death by Slide Deck by Arron Finnon Biography: "Arron ""finux"" Finnon has been involved in security research for a over 7 years. Arron has discussed a wide range of security related topics at a number of Security/Hacking conferences in both the UK and internationally, as well as producing over 100 security related podcasts. Interviewing countless security professionals as part of the Finux Tech Weekly podcast show. During Arron’s time at The University of Abertay Dundee he was also awarded the SICSA Student Open Source Award for his Advocacy of Free and Open Source software for his work whilst president of The UAD Linux Society. Arron now spends his time between consulting as well as research for Alba13 Research Labs, a company which he founded." Abstract: This short workshop looks at how bad presentations make for bad talks. Its a shame, as most people who give talks spend little time thinking about the visual effects of terrible slide decks and how they can detract from the message they're trying to deliver. Over the years i have seen countless crap slide decks, and a handful of amazing ones. This workshop will aim to help you give a good talk that isn't death by powerpoint! Audience: Techies, Business, Management, PenTesters, Hackers, Any Geek Requirements: A Soul (but not mandatory) Duration: 1 hour
Mobile Application Testing Consideration by Tim Brown Biography: "Tim Brown has been working as an senior information security consultant at Portcullis 10 almost years, having previously worked in financial institutions and telcos. He is a certified CREST Team Leader allowing him to perform all manner of security assessments including policy reviews, infrastructure testing, host hardening, product reviews, source code audits, application assessments and hardware reviews. As Head Of Research at Portcullis is equally happy performing white box assessments with access to source code or where necessary diving into proprietary binaries and protocols using reverse engineering methodologies. Tim has contributed to a number of Portcullis’ bespoke offerings covering subjects as diverse as mobile (iOS, Android and Symbian) applications, hardware hacking, SCADA and secure development. Outside of the customer driven realm of information assurance, Tim is also a prolific researcher with papers on KDE, Vista and web application security to his name. His most recent research has been into the world of POSIX alike OS such as FreeBSD, GNU/Linux, Solaris and AIX. In addition to this, Tim is credited with over 100 vulnerability advisories covering topics as varied as the TCP/IP stack, web browser flaws, appliance management interfaces, enterprise applications and mobile applications. Finally, Tim is a strong believer in open source software and contributes to a variety of projects including Debian and OpenVAS as well as pro-bono security reviews of projects he makes use of." Abstract: A quick dive into the world of mobile application testing, focusing on Android but with consideration for Windows Mobile, BB10 and iOS. It will be based on Portcullis' mobile application testing methodology although it will cover much of the equivalent OWASP methodology of which I am a contributor. It will cover testing from a network perspective as well as how you assess the attack surface an application presents locally. Audience: Techies, Pentesters, Hackers, Any Geek Requirements: A laptop with the Android SDK installed. I may be able to make a VMware image available closer to the time. Duration: 2 hours (bring some coffee)
Metasploit: You can look like Hugh Jackman too! by Patryck Winkelmolen Biography: "Patryck Winkelmolen is most famous for winning the 2013 Eurotrash Security Podcast contest, which in turn allowed him to visit BSidesLondon2013. Despite all the fame, success and groupies that came with winning the prize he remained quite humble and down to earth.. Patryck spends most of his days in Amsterdam. By day, he works as a consultant for the largest ISP The Netherlands can offer. He loves huge companies, because those are the places where people and technology eventually won’t get along and clash. These clashes cannot simply be fixed or replaced by a very small shell script, and will therefore remain the battlefield for human intervention over the next few years. Nobody really knows what he does at night, but it might have got something to do with being a co-author of the freely available LPIC2 Exam Prep guide from the hands of his employer. This year, he wants to give back to all the folks that made BSidesLondon possible! He will be doing this by teaching a Metasploit Framework Introduction Workshop at BsidesLondon2014." Abstract: "You know about computers and stuff. You replaced some characters from your password so it reads 'Sw0rdf1sh' now. You know there are hundreds of tools out there, but you only have one lifetime to explore them all… This is where the Metasploit Framework comes in. One framework to rule them all... During this practical workshop session you will learn about the various stages of a pentest, and how the various puzzle pieces fit together. By using a centralised tool like the Metasploit Framework we can concentrate on results rather than effort. By the end of this workshop, you will have an understanding of the Metasploit Framework, how it can aid you in increasing your overall security and last but not least; You will be more bitter, but much wiser!" Audience: Any Geek Requirements: - Laptop (please leave the VAX at home..) - Virtualization software installed - Kali Linux guest installed Duration: 1 hour
Getting at serial consoles in embedded devices by Paul Marsh Biography: Paul works as a pentester of things for SecQuest infosec. In a previous life, he spent a great number of years in the IBM EMEA x-force hacking team, breaking more things. His interests include satellite hacking, hardware breaking, CNC machine building, POTS and VoIP telephony and of course infosec. He wont hear a bad word said about the iSeries / AS400 either! Paul has presented at a few European security conferences and to closed groups on a variety of interesting infosec related topics. Abstract: A talk on embedded devices and their use of serial consoles lasting for perhaps 20 minutes, some demonstration of finding consoles in a few different bits of kit, vsat modems, routers, media players etc. Opportunities for interested folks to have a go at doing this themselves and getting to grips with what hardware they will need to start picking away at hardware to find the consoles and get root. Audience: Techies, PenTesters, Hackers, Any Geek Requirements: A laptop, tty terminal emulator, and interface. We can probably find a handful of USB->serial adapters to give out to interested folks, but really the point of the workshop is to show people that they can get at the underlying system even if the network connection isnt playing ball. Duration: 1 hour
Connect Dradis to everything: API, universal file upload and Excel(!) by Daniel Martin Biography: "Daniel Martin (creator of the Dradis Framework) Daniel has been in the industry for the last ten years. He created Dradis in Dec'07 and has been working on it every day since. His focus is on application security and is passionate about the Ruby programming language. He has presented in DC4420 and DEFCON and has been a webapp security trainer in BlackHat. Last year he authored CPNI's Development and implementation of secure web applications Technical Note. He's found bugs in software like Microsoft Sharepoint and Oracle BPEL." Abstract: "The next version of Dradis will ship with an API to allow you to push data in from external sources. Learn about it and how to start using it (Metasploit integration? Sure! Push using `curl` from Bash or inside your python script? Why not!). If HTTP APIs are not your thing, we'll also be introducing a new universal file upload so you can output your results into a file and feed them to Dradis directly. Learn about this new feature, the file format and how to make your tools and scripts compatible with very little effort. Finally, you'll also learn how to get your results into Excel. Don't roll your eyes just yet. I know, nobody likes Excel... well except *the Business* (and maybe *the Client*), meaning there is a good chance you'll be asked to provide your findings in Excel format sooner or later. Learn how to do this in the most effortless and painless way, so you can get on with your hacking efforts. Dradis is an open-source framework to enable you to work efficiently by gathering information from different tools and presenting it in a variety of formats. We currently support Burp Scanner, Nessus, NeXpose, Nikto, Nmap, OpenVAS, OSVDB, Qualys, Retina, SureCheck, VulnDB HQ, w3af, wXf and Zed Attack Proxy but with what you'll learn in this workshop you'll be able to connect Dradis to any other tool and present the information in any way you need. Dradis is written in Rails so this is a great chance to learn a bit about Rails and how Rails apps work under the covers." Audience: Techies, PenTesters, Hackers Requirements: Laptop running BackTrack VM (or Kali for you youngsters Duration: 1 hour
Exploit Development - Abusing the Stack by Toby Reynolds Biography: "A 24/7 Ethical Hacker and security enthusiast based in the City of London, focused on testing custom built binary and web based applications. Introduced to computers at an early age I have grown up using them throughout my life and have always been fascinated with the technicality of how and why they work. This has helped me in developing my own unique style of learning while helping me on a personal and a professional level." Abstract: "A step by step workstop showing the process of finding vulnerabilities within binary applications. From Fuzzing to creating a Remote Code Execution exploits we will be emersing ourselves within the world of the computer memory to craft custom exploit code using a variety of different payloads." Audience: Techies, PenTesters, Hackers, Any Geek Requirements: Windows XP (any version) with the following installed: Immunity Debugger, Python 2.7, Metasploit 3/4 File download: HERE Duration: 1 hour
Extracting Configs From Common Remote Access Trojans by Kevin Breen Biography: "By Day I'm a SANS Certified Intrusion Analyst and Malware Reverse Engineer for a large UK CIRT. In my spare time I'm an Independant researcher and blogger. My current projects include Remote Administration Tools, Analysis of C2 Network Traffic and Yara rule writing." Abstract: This Workshop will take you through the steps required to extract and decode the Configuration settings from common Remote Access Trojans and create share able IOC's. Staring with a Group effort the Instructor will lead you through all the steps required using a simple Publicly available RAT. You will be shown how to use simple debugging techniques and a few lines of python to get the information you require. Finally showing you methods that will achieve identical results without looking at a single line of assembly. Once the group has created a working decoder each participant will be given their own random sample of a RAT to figure out and decode. The final wrap up will deal with Creating IOC's on the artifacts you find. Audience: Techies, PenTesters, Hackers, Any Geek Requirements: Laptop capable of running a Windows 7 x32 1.5Gb RAM Virtual Machine. A Box to think outside of. A little python knowledge will help but is not required. Duration: 1 hour
Foundational Packetry: Building packets with Scapy by Matt Erasmus Biography: He's not telling you anything....ssshh it's a secret.. Abstract: Attendees will learn to build all sorts of packets with the goal being to grab a web page after building a packet from scratch. Basics will be covered with DNS, HTTP and other such shenanigans getting a deeper look. Audience: Beginner / intermediate people with an interest in networking and building. Python knowledge is recommended but not really necessary. Requirements: Laptop / Python / Scapy Duration: 2 hours
Practical Regular Expressions by Campbell Murray Biography: Penetration tester and technical director with many years of experience in multiple security fields. A frequent public speaker in information security and mentor. Abstract: Reg Ex for Red and Blue Teamers will take a hands on approach and walk the regular expression newbie through using simple regular expressions, up to developing your own scripts to perform repeat actions. We will work through practical examples such as parsing pen test tool HTML reports into usable text files and searching packet captures. All material will be supplied to attendees on a USB stick. Attendess will leave this session with the confidence to start using regular expressions day to day. Audience: All attendees may benefit from this session if they are unsure of the benefits of RegEx, or just want some hands on help to get started. Requirements: The session will be hands on so bring a laptop, preferably with a battery that can last an hour at least! We will be working with Grep, so most Linux distributions should be fine either as the host OS or as a virtual machine. Duration: 2 hours
Exploit Dev 101 by Liviu Itoafa Biography: Penetration Tester with a passion for security and technical issues. Areas of interest relate to ethical hacking, investigating security incidents and researching software vulnerabilities. I became a coding enthusiast a long time ago when I found out you can do game cheats by patching binaries. Since then, I enjoy programming stuff for fun, fuzzing applications and reverse engineering. Abstract: "This will quickly go through finding exploits using fuzzing and debuggers. We'll play with crash dumps and reverse engineer a simple network protocol. To make things interesting, we'll build a custom shellcode, exploit an exotic class of vulnerabilities and bypass common protection mechanism. Hopefully we'll also have fun.(you will have fun damn it) The takeaway from this workshop is to get you interested in more advanced exploitation processes. Audience: Beginner / intermediate people with an interest in networking and building. Python knowledge is recommended but not really necessary. Requirements: Medium level x86 assembly knowledge, Basic Python Scripting, Basic understanding of C programming concepts and familiar with Olly/Immunity Duration: 2 hours
Nice, Nice, Baby - Moving on from Vanilla Testing by John and Mike Biography: Mike is a loud mouthed northerner masquerading as a security evangelist, with his blue sky thinking and goal orientated diversity he is constantly looking for ways to implement proactive security assessments without reinventing the wheel. Leveraging his plethora of security knowledge and experience, he is constantly seeking to push the envelope, providing return on investment while raising the bar. Cyber Cyber Cyber APT China alert(1). John is an info sec derp born of half-Troll half-asleep... A Bug hunter, a poet, Cat Fancier, a man, a visionary, a possibly mentally ill App sec chap. Abstract: "Aimed at novice to intermediate testers, this workshop aims to provide the attendee with the ability to move on from basic exploitation techniques. The workshop will take the format of a presentation, coupled with a hands on section, allowing the attendees to attempt to utilise the techniques explained. ""Bug hunting"" will also be covered, with an explanation of how this can help hone skills in a ""real life"" environment, while potentially gaining income. Audience: Novice - intermediate testers, looking to move away from basic issues / scanner reliance Requirements: Attendees must have a laptop with JAVA installed - 1 day full license of Burp Provided courtesty of Portswigger Duration: 2 hours
Advance Password Cracking by Yiannis Chrysanthou Biography: A man of few words (none in fact in this case). Abstract: This workshop is aimed at Penetration testers/security enthusiasts who would like to learn more about Hashcat suite. It will cover the following tools from Hashcat Suite: • hashcat • hashcat-utils • oclHashcat • maskprocessor • statsprocessor The workshop will start with a brief review of the whole toolset of Hashcat Suite, the hardware requirements and Hashcat capabilities. We will then go over the tools and apply techniques against hash lists that were collected from various online sources (pastebin, forums etc). In brief, people attending the workshop will then be able to gather wordlists, learn to identify patterns, generate rulesets and fully utilise all the tools that hashcat family suite provides. The attendees will then have the opportunity to try those tools. The tools will be available to download or from USB sticks that will be supplied on that day. Audience: Hackers / Pentesters Requirements: Probably a laptop as the tools are available on the day Duration: 1 hour 30 minutes