Workshops

Alethe Denis

OSINT for Social Engineering: A Phishy Little Liars Workshop

 

Based on the talk delivered at BSidesSF 2020 and The Layer 8 Conference 2020, this ‘OSINT for Social Engineering’ workshop steps through each phase of pretext development. From the initial acquisition of the target to implementation and testing of the pretexts developed from information gathered during OSINT this workshop will show attendees how to find the data they need to inspire great pretexts and what makes or breaks a pretext. 

 

This 3-hour workshop breaks each section of the talk out into a more granular view and steps attendees through the process from start to finish including two labs where attendees will be assigned their own target and build out their own pretext using what they have learned.

Bio:

Alethe Denis is a social engineer who specializes in open-source intelligence (OSINT) and phishing, specifically vishing (voice elicitation). The winner of a black badge at DEFCON 27 in the Social Engineering Capture the Flag contest, she is the VP of Dragonfly Security and a Founding Member of the DC209 DEFCON Group. She's presented at BSides San Francisco 2020 and the Layer 8 conference as well as joined panels at DerbyCon and the Human Firewall Event. 

 

LinkedIn: https://www.linkedin.com/in/alethe

 

Twitter: https://twitter.com/alethedenis

Christina Lekati

Social Engineering Workshop: Defending against human exploitation

and removing attack verticals

 

Social Engineering has become today the most prevalent attack method for initiating and enabling attacks. We read in the news about large-scale attacks where investigators are not able to pinpoint the phase of initiation. These are often indications of social engineering-initiated attacks. By design, this is a type of attack that moves in the shadows, delivered by criminals that are able to blend in multiple environments and often leave no trace, making it very difficult to identify the point of initial compromise. Similar to warfare operations, these threat actors strive to create an asymmetrical advantage based on a carefully planned strategy. However, how relevant is social engineering today and how much of a threat factor does it pose for companies and organizations?

 

This workshop aims to discuss these questions and provide insights on the methodology employed by attackers in order to build a strategy and an asymmetrical advantage. We will take a look at the typical backbone and methodology of a social engineering attack strategy as well as on what makes some targets more attractive than others. We will discuss the information that attackers commonly seek to gather, as well as common methods of information harvesting. Taking it a step further, we will also explore a methodology of profiling followed by attackers, in order to identify and select the best targets. Last, attendees will be provided with examples of best practices that aim to increase their organizational security and create a human perimeter.

Katie Paxton-Fear

The Ultimate Guide to Bug Bounty Hunting

Interested in the world of bug bounty hunting? Want to get started but feel utterly overwhelmed with it all? This workshop is designed for you! Instead of being told to ‘google it’ this workshop will guide you through the basics, to give you the confidence to approach bug bounty. Starting with the basics of bug hunting, how to use burp, what kind of bugs exist, what should you look for? And demoing each step, finally ending with some next steps if you decide to pursue bug hunting. This workshop is designed for beginners who are familiar with the idea of bug bounties but want some guidance in getting started. So grab your favourite note-taking method, burp community edition, Firefox and a pen, and let’s get you hacking!

Bio:

Katie is a PhD student studying Machine Learning and Cyber Security. Although she’s more known for her work in the bug bounty community, coming through a mentorship program she now helps others with her YouTube channel. Her channel is focused on beginners who want to find their first bug even if they have no technical background. Her videos cover a range of topics from technical to professional skills. Outside of all that she has been knitting for several years and claims that her success is all due to her handmade lucky socks!

@InsiderPhD

YouTube as InsiderPhD.

Phillip Wylie, CISSP, GWAPT, OSCP

Pwning Web Apps – An Intro to Web App Pentesting

 

Web applications have become the most popular and widely used application type due to portability and compatibility, and these attributes have made them widely used for businesses of all sizes. Web application security and the assessment of security is often misunderstood, overlooked, or just ignored. Web applications and websites accessible through the Internet can be a risk and, when not secure, can expose sensitive information and access to underlying IT infrastructure. The skills taught in this workshop are valuable to aspiring to become pentesters or security researchers and participate in bug bounties. Attendees will be provided with a virtual machine-based lab learning environment for use in the workshop and after to continue learning web app pentesting. Participants will receive a list of resources to further their study of web app pentesting.

Bio:

Phillip Wylie is the Senior Red Team Lead for a global consumer products company, Adjunct Instructor at Richland College, and The Pwn School Project founder. Phillip has over 22 years of experience with the last 8 years spent as a pentester. Phillip has a passion for mentoring and education. His passion motivated him to start teaching and founding The Pwn School Project a monthly educational meetup focusing on cybersecurity and ethical hacking. Phillip teaches Ethical Hacking and Web Application Pentesting at Richland College in Dallas, TX. Phillip is a co-host for The Uncommon Journey podcast. Phillip holds the following certifications; CISSP, NSA-IAM, OSCP, GWAPT.

 

http://TheHackerMaker.com

@PhillipWylie

Carson Owlett

Overflowing Buffers 101

 

Participants will walk through the process of fuzzing for and developing an exploit for a buffer overflow on a linux system. This workshop is oriented towards beginners with minimal exploit development experience. Participants should have a computer with linux, python, gdb, and msfvenom.

OSINT for missing people
Workshop from 3x TraceLabs Winners.

Hosted By:

Presented by 

@cybersecstu, @TheCyberViking, @rag_sec, and @AlanTheBlank

 

Event is active only on Sunday, June 7th.

Starts: 3:00 PM PT

Ends: 5:45 PM PT


 You will learn about the core fundamentals of Open Source Intelligence everything from:

- Dorking
- GeoINT
- Reverse Image Searching/Image Analysis
- SOCMINT - Social Media Intelligence

- Tools/resources

- Other Useful Techniques
- Mindset of Analysis

 

There will be a mini CTF/Challenge at the end.

 

You will need a laptop (clearly), if you have a VM with Kali Linux that is ok, but not required, recommended Browsers are Firefox, Safari and Brave.

Car Hacking Village

Hosted By:

Car Hacking Village UK are going to be virtually available for WHackzCon

 

Event is active only on Sunday, June 7th.

Starts: 10:00 AM PT

Ends: 12:00 PM PT

Where: 

https://www.mintynet.com/car-hack/vCHV-PD0.html  

 

Contact @mintynet on Discord for credentials to get access to PD0.

 

You can view the instrument cluster on:

 https://www.twitch.tv/carhackingvillage 
 

PD0 is most of the ECUs from a UK specification Peugeot 208 car, it has simulators to make it think that the vehicle is on the road. PD0 includes 3 different CAN buses which can all be interacted with via the ssh sessions provided.

If you have previously done some car hacking there are some challenges on the link above, if it is new to you @mintynet will be available to show how to interact with the vehicle.

There will be a maximum of 5 sessions on the hardware at a time other wise you may not be able to tell if you are the one making changes to the vehicle.

LockpickExtreme Workshop

Hosted by: 

Event is active only on Sunday, June 7th.
*Must register to participate in this event*

Register Below

Lockpick Extreme Remote Lockpicking workshop. Sunday, June 7th. Registration is limited! Sign up at https://www.lockpickextreme.com/registration

Thank you to all those involved for your time and expertise for to make these workshops happen!

CAM_resized.png
Twitch Logo
Twitter Logo
LinkedIn Logo

©2020 WeAreHackerz