Workshop Structure
A live CTF scoreboard will be running so participants can compete to solve challenges. The instructor will briefly explain the principles and demonstrate the attacks, but workshop participants will spend most of their time performing hands-on projects. Complete instructions will guide participants through beginning projects, and a series of challenges of escalating difficulty are presented to encourage each participant to progress to their appropriate level of accomplishment. This way, novices can gain awareness of the tools, techniques, and results of each activity, and more advanced participants can delve deeply into the details. Our goal is to make sure each participant learns useful, new things in their area of interest.
All materials and challenges are freely available at samsclass.info, and will remain available after the workshop ends. Participants are encouraged to add these projects into their own classes.
Prior Knowledge
Participants should be familiar with networking and security at the CompTia Network+ and Security+ level. Some experience writing code in any language is helpful for the Secure Coding portion.
Technical Requirements
Participants should have a computer with broadband Internet and at least two screens. They should also have a credit card to apply for free cloud server hosting.
Topics
Incident Response
When computer networks are breached, incident response (IR) is required to assess the damage, eject the attackers, and improve security measures so they cannot return. This class covers the IR tools and techniques required to defend modern corporate networks. We will work with these tools: Splunk, the ATT&CK Matrix, Velociraptor, Zeek, Wireshark, and Yara.
Machine Learning
Covers machine learning functionality, attacks and defenses. We'll attack public Large Learning Models with prompt injection, and make custom machine learning models with Python. We'll create various models including linear regression, polynomial regression, and Support Vector Machines, train them, and evaluate their performance. Projects include computer vision, breaking a CAPTCHA, deblurring images, regression, and classification tasks. We will perform poisoning and evasion attacks on machine learning systems, and implement deep neural rejection to block such attacks. We will use TensorFlow and SecML on free Google Colab cloud systems.
Cryptography
Mathematical underpinnings and practical applications of modern cryptographic systems, including AES, RSA, ECC, and hashing algorithms. The class focuses on practical applications: selecting, implementing, testing, and maintaining systems to protect data on modern computer networks. We will also cover the Crystals-Kyber post-quantum encryption method.
Secure Coding
Learn how to find vulnerabilities in code and fix them. First we will discuss threat analysis and how to prioritize risks using the STRIDE model and the CVSS scoring system. Then participants will examine deliberately insecure apps written in PHP, NodeJS, or other common languages. They will work in groups, and use three methods to find flaws: a source code scanner, a dynamic vulnerability scanner, and manual testing. Discussions during and after these examinations will help the participants understand how to apply these techniques to improve the quality of the code they write.
Web Application Security
Participants will use free online Web Security Academy projects to find and exploit vulnerabilities in modern Web applications, including command injection, SQL injection, Cross-Site Request Forgery, Cross-Site Scripting, cookie manipulation, and Server-Side Template Injection. The primary tool used will be BurpSuite. They will also find and exploit weaknesses in APIs using Postman.
|