CircleCityCon 2020 Workshops

Register Here

With @sambowne, @djhardb, @KaitlynGuru, and @infosecirvin.


All these workshops are structured in a CTF format. Each participant works at their own pace. The techniques will be demonstrated, with complete step-by-step instructions to lead beginners through the easy challenges. There are also harder challenges for more experienced participants. We will help participants as needed, to ensure that everyone learns new techniques.

Participants need a credit card and a few dollars to rent Google Cloud servers. We will use Debian Linux and Windows Server 2016 systems. All the tools we will use are freely available, and all the training materials will remain available to everyone after the workshop ends.

Workshop 1: Go the Wrong Way

Friday, June 12, 2020 12:00 pm - 4:00 pm EST

Level: Beginner

Good developers study documentation carefully and thoroughly understand their language. However, some people just want to code fast, break into things, and skip over the details. This CTF is for them.

Even if you've never programmed before, you can make simple attack tools in Go. We'll peform port scans, HTTP requests, brute-force logins, crack password hashes, and perform encryption using XOR and AES.

Workshop 2: Introduction to Attack Techniques

Friday, June 12, 2020 4:00 pm - 8:00 pm EST

Level: Beginner

Learn how to take over Windows, Linux, and Android systems, and how to defend them. We begin with common tools: Nmap, Metasploit, and Armitage, and then go into buffer overflows, packet crafting, command injection, and SQL injection. We will also exploit Android and iOS apps, including WhatsApp, Bank of America, and Progressive Insurance.

No previous experience with programming or attacking is required.

Workshop 3: Securing Web Apps

Saturday, June 13, 2020 2:00 pm - 6:00 pm EST

Level: Intermediate

Participants will attack Web applications with: command injection; SQL injection; Cross-Site Request Forgery; Cross-Site Scripting; cookie manipulation; and Server-Side Template Injection. We will also exploit Drupal and SAML. We will then implement network defenses and monitoring agents. We will use Burp, Splunk, and Suricata. Prerequisites: participants should know basic security and networking. Experience with Web development is helpful but not necessary.

Workshop 4: Incident Response and the ATT&CK Matrix

Sunday, June 14, 2020 2:00 pm - 6:00 pm EST

Level: Beginner

Practice techniques to detect, analyze and respond to intrusions. We will construct targets and attackers on the Google cloud, and send attacks using Metasploit and Caldera to emulate APT attackers. We will monitor and analyze the attacks using Splunk, Suricata, Sysmon, Wireshark, Yara and online analysis tools including PacketTotal and VirusTotal.

We will cover the ATT&CK Matrix in detail, which enumerates threat actors, tactics and techniques, so red and blue teams can better communicate and work together to secure networks.

Updated 5-18-2020