ＨｉｄｅＺｅｒｏＯｎｅ

Digital forensics and incident response are two of the most critical fields in all of information security. The staggering number of reported breaches in the last several years has shown that the ability to rapidly respond to attacks is a vital capability for all organizations. Unfortunately, the standard IT staff member is simply unable to effectively respond to security incidents. Successful handling of these situations requires specific training in a number of deeply technical areas including file systems, operating system design, and knowledge of possible network and host attack vectors.  During this training, students will learn how to approach digital investigations in a manner that allows for immediate forensic exploitation of relevant data both in-memory and on-disk. Significant hands-on experience during labs will train students to analyze the same types of evidence and situations that they will encounter in real-world investigations. This class is structured so that a specific analysis technique is discussed and then the students immediately analyze staged evidence using their newly gained knowledge. Not only does this approach reinforce the material learned, but it also gives students a number of new skills as the course proceeds. Upon completion of the training, students will be able to effectively analyze a large number of digital evidence sources, including both on-disk and in-memory data, using the latest and most effective forensics tools and techniques. These skills will be immediately usable in a number of investigative scenarios and will greatly enhance even experienced investigators’ skillset. Students will also leave with media that contains all the tools and resources used throughout the training.

Digital Forensics And Incident Response – Tactical Edition (2021)

The course introduces students to exploit development in MIPS processor architecture. Exploit development on MIPS processor hasn’t seen the attention that other architectures such as x86 and ARM got. With the growing IoT devices, we have been seeing many embedded devices with MIPS architecture alongside ARM. Exploit development is getting harder and harder with exploit mitigation techniques in place. But, the good news is that it is not impossible to write working exploits as exploit mitigation techniques do not fix the underlying problem in the vulnerable source code. This practical training starts with the basics of MIPS Architecture and slowly moves towards writing own shell code and creating working exploits using Return Oriented Programming for a given target binary. To give a sense of real exploitation, real world examples will be discussed with proof of concept exploits. By the end of this training, students will be able to write Memory corruption exploits for MIPS architecture, understand how Return Oriented Programming can be used in MIPS for modern day exploit development and bypass some of the most common exploit mitigation techniques such as ASLR.

Syllabus

• Introduction to MIPS Architecture
• An overview of QEMU MIPS setup
• MIPS compared to x86 and ARM
• Basics of GDB
• Basics of MIPS assembly language
• Debugging MIPS Binaries
• Introduction to Memory corruption attacks
• Writing MIPS shellcode
• Avoiding Bad characters
• Stack based Buffer Overflows in MIPS
• Ret2Libc in MIPS
• Dealing with MIPS cache incoherence
• Exploit Mitigation techniques
• Return Oriented Programming
• Bypassing ASLR
• Introduction to Heap overflows in MIPS

Exploit Development For MIPS (2022)

Stay frosty within AWS, Azure, & GCP environments with this fast-paced and hands-on course which teaches each participant the Tactics, Techniques, and Procedures (TTPs) needed to infiltrate and expand access within cloud platforms. In this course you will: Exploit serverless (e.g. Lambda, Azure Functions) applications for initial access into targets. Pivot between data and control planes to expand access (e.g. secrets, snapshots) Evade and disrupt cloud logging platforms (e.g. CloudTrail) to remain undetected. Breach and backdoor boundaries (e.g. VPCs) to access hard to reach systems. Expanding access within Kubernetes (K8s) envs (e.g. GCP bypass of metadata protections) Compete throughout the course in our hands-on Capture the Flag (CTF) tournament!

Astute AWS/Azure/GCP Cloud Red Team: It’s Raining Shells! – 2021

Malware analysis and memory forensics are powerful analysis and investigative techniques used in reverse engineering, digital forensics, and incident response. With adversaries getting sophisticated and carrying out advanced malware attacks on critical infrastructures, Data Centers, private and public organizations, it is essential for cyber-security professionals to have the necessary skills to detect, respond and investigate such intrusions. Malware analysis and memory Forensics have become a must-have skill for fighting advanced malwares, targeted attacks, and security breaches. This hands-on training teaches the concepts, tools, and techniques to analyze, investigate, and hunt malwares by combining two powerful techniques malware analysis and memory forensics. After taking this course, attendees will be better equipped with the skills to analyze, investigate, and respond to malware-related incidents.