ＨｉｄｅＺｅｒｏＯｎｅ

SEC505 teaches security professionals how to secure Windows environments and automate security tasks using PowerShell while maintaining robust protection against internal and external threats. The course explores techniques for hardening Windows systems, securing PowerShell scripts, and detecting malicious automation. Participants will gain practical experience in securing automation workflows, managing administrative privileges, and mitigating common attack vectors like PowerShell-based exploits. With hands-on labs and real-world examples, SEC505 enables attendees to effectively secure Windows environments, automate incident response, and safeguard against advanced threats that target Windows systems and PowerShell automation.

SEC488 provides foundational knowledge for securing cloud environments across various platforms, including AWS, Azure, and Google Cloud. This course is designed for security professionals seeking to understand cloud-specific risks, security controls, and compliance requirements. Participants will explore core topics such as identity and access management (IAM), secure configuration, data protection, and monitoring in cloud-native environments. With hands-on labs and practical exercises, students will gain the skills needed to identify vulnerabilities, implement security best practices, and safeguard cloud infrastructure. SEC488 is the ideal starting point for building a strong cloud security strategy and ensuring a secure adoption of cloud technologies.

“Security” is arguably one of the most challenging disciplines to move from being an individual contributor (IC) to being a manager. While security ICs can perform most tasks in isolation, a manager needs to regularly interact with people both inside and outside of the team. Further, “security” has its own language which can be completely foreign to people outside of the discipline. How do you take security concerns and convert them into a language that senior leaders and “C” levels can understand? Honing these skills will be the primary objective of this course. In this course, we will cover all of the steps needed to stand up and lead a security team within an organization. We start with a clean slate so that every aspect gets covered. If you are in an environment that already has a security team, this can help fill in the gaps. This course will have a heavy focus on how to integrate the security team with the rest of the business units. We’ll look at strategies for increasing funding, as well as converting “security risks” into “business risks” so they are better understood by the organization’s leadership. The course includes a lot of collateral like a full set of pre-written security policies. The goal is to help you build an effective security team in as little time as possible.

Antisyphon: Security Leadership and Management w/ Chris Brenton

As penetration testers, we all have a need to establish command and control channels in our customer environments. This can be done under the guise of an “assumed compromise” context or in a more adversarial Red Team context. The age of endpoint detection and response (EDR) solutions and application whitelisting has created significant barriers to commodity/well known malware deployment for adversarial exercises. This class focuses on the demonstration of an Open Command Channel framework called “OpenC2RAT”, and then developing, enhancing, and deploying the “OpenC2RAT” command channel software into a target environment. Students will learn about the internal details of a command channel architecture and methods to deploy in an application-whitelisted context. The class will introduce students to blocks of code written in C#, GoLang, and Python to achieve these goals. In addition, the class will introduce some ideas to deploy existing shellcode such as Cobalt Strike Beacon or Meterpreter within a programmed wrapper to enhance success in the age of modern endpoint defense. Many of the techniques introduced in this class can be used to evade modern defensive technologies.

Antisyphon: Enterprise Attacker Emulation and C2 Implant Development w/ Joff Thyer