This workshop is structured as a Capture-The-Flag competition, so each participant can proceed at their own pace. The techniques will be briefly demonstrated, and we will provide tips and help as needed to make sure everyone is able to solve at least some of the challenges.
The participants will not all learn the same thing, but will each learn something new and useful.
All the software used is freely available, and all the projects are copyright-free and available freely on the Web. No textbooks are required. Participants should understand networking and security at the Net+ and Security+ level. No programming experience is required.
Even if you have never programmed before, you can quickly and easily learn how to make custom hacking tools in Python. We build tools that perform port scanning, brute-force attacks, crack password hashes, and XOR encryption. Python is among the top three programming languages in the world, for good reason: it's the easiest language to use for general purposes.
Participants need only a computer and a Web browser. No previous programming experience is required.
Learn how blockchains, cryptocurrency, coin offerings, and smart contracts work in a series of challenges. We will also cover the underlying cryptography: hashes, symmetric encryption, and asymmetric encryption. We will configure wallets, servers, and vulnerable smart contracts, and exploit them.
We will configure systems using Bitcoin, Ethereum, Hyperledger, Multichain, Stellar, and more. We will perform exploits including double-spend, reentrancy, integer underflow, and logic flaws.
No previous experience with coding or blockchains is required.
Learn how to gather threat intelligence from public feeds using STIX and TAXII and use them to protect users from attacks with a proxy server.
To handle attacks that do get through, learn how to use these tools for incident response:
Learn how to take control of Windows and Linux servers running vulnerable software, in a hands-on CTF-style workshop. We begin with easy command injections and SQL injections, and proceed through binary exploits incuding buffer overflows on the stack and the heap, format string vulnerabilities, and race conditions.
After this workshop, you will understand how memory is used by software, and why computers are so easily tricked into executing bytes as code that entered the system as data.
We will exploit 32-bit and 64-bit Intel systems, and also ARM-based systems. We will examine modern Windows defenses in detail and how to defeat them, including ASLR, DEP, stack cookies, and SEHOP.
Previous experience with C and assembly language is helpful but not required.
Learn how satellites move and how they communicate. We will collect data from satellites, decode it, and generate visible images. We will cover these topics:
Posted 1-28-22