ＨｉｄｅＺｅｒｏＯｎｅ

Security Defense and Detection TTX is a comprehensive four-day tabletop exercise that involves the introduction to completion of security TTXs (tabletop exercises), IR playbooks, and after-action reports. The exercises are paired with video and lab demonstrations that reinforce their purpose. The training as a whole is compatible with the world’s most popular RPG rules.

The preparation phase will walk students through the creation of specific IR playbooks that can be utilized in any environment as well as during later parts of the class. The next phase introduces the gamification of the TTXs. The students split up into separate “corporations” with assigned verticals, hit points, armor class, budgets, strengths, and weaknesses. Selection of departments and skills allow the players to further their modifiers. Throughout the exercise, each company will take turns rolling their way through decisions such as large purchases, attack severity, defense capability, and incident response decisions.

 Antisyphon: Security Defense and Detection TTX w/ Amanda Berlin and Jeremy Mio

This will be a high level exploration of the Payment Card Industry Security Standards Council. Students will receive a strong understanding of the organization’s history, structure, the standards they maintain, qualified professional certifications, and the lists of validated solutions. This course is a great starting off point for IT or security professionals who reference “PCI” but don’t fully understand everything that entails.

Antisyphon: Introduction to PCI (PCI 101)

In the Intro to Offensive Tooling class, you will learn about many of the tools used by attackers to identify vulnerabilities and exploit them. This hands-on course covers a variety of offensive tools, such as Nmap, Recon-ng, Metasploit, Proxychains, Responder, and many more. Through a series of practical labs, you will gain experience in using these tools to assess the security of systems and networks. In addition to learning how to use these tools effectively, you will also explore the ethical considerations surrounding offensive tooling, how to responsibly use these tools to protect sensitive information, and prevent cyber attacks. By the end of this course, you will have a strong foundation in offensive tooling and be well-equipped to apply your knowledge to a wide range of security challenges.

Antisyphon: Offensive Development w/ Greg Hatcher & John Stigerwalt

Linux is everywhere– running in the cloud, on cell phones, and in embedded devices that make up the “Internet of Things”. Often neglected by their owners, vulnerable Linux systems are low-hanging fruit for attackers wishing to create powerful botnets or mine cryptocurrencies. Ransomware type attacks may target Linux-based database systems and other important infrastructure. As attacks against Linux become more and more common, there is an increasing demand for skilled Linux investigators. But even experienced forensics professionals may lack sufficient background to properly conduct Linux investigations. Linux is its own particular religion and requires dedicated study and practice to become comfortable.

Antisyphon: Linux Forensics w/ Hal Pomeranz

The Enterprise Forensics and Response course is designed to provide students with both an investigative construct and techniques that allow them to scale incident response activities in an enterprise environment. The focus of the lecture portion of the course work is understanding the incident investigation process, objective oriented analysis and response, intrusion analysis and an exploration of attacker Tactics and Techniques. The technical portion of the course will focus on how to conduct incident investigations at enterprise scale using the remote evidence acquisition and analysis tool Velociraptor along with other free and open-source tools. The focus of the technical portion will be on extracting usable Indicators of Compromise (IOCs) related to specific MITRE ATT&CK tactics. For example, students will be instructed on extracting and analyzing evidence related to the Execution TA0002 of malicious code or LOLBAS. From here, they will be tasked with addressing containment and eradication measures. This course will combine technical elements along with lecture that provides students with both an investigative construct and techniques that allows them to analyze evidence and provide stakeholders with data necessary to limit the damage of modern cyber-attacks.

Antisyphon: Enterprise Forensics and Response