777 Ward Avenue
Shakacon will offer five different trainings this year:
Training 1: Mobile Applications, Jim Manico – June 25-26, 2013
Description: The major cause of web insecurity is poor development practices. This highly intensive 2-day course provides essential application security training for web application, webservice and mobile software developers and architects. The class is a combination of lecture, hands-on security testing and code review. Participants will not only learn the most common threats against applications, but more importantly they will learn how to also fix the problems and design secure web solutions via defense-based code samples and review. We provide free email support for life for all students. Digital copies of all course ware will be provided.
Biography: Jim Manico is the VP of Security Architecture for WhiteHat Security, a web security firm. He authors and delivers developer security awareness training for WhiteHat Security and has a background as a software developer and architect. Jim is also a global board member for the OWASP foundation. He manages and participates in several OWASP projects, including the OWASP cheat sheet series and the OWASP podcast series.
Training 2: Being an Advanced Persistent Threat: How to Compromise and Persist on Any Network, Colin Ames & Chris Potter – June 25-26, 2013
Description: With this course you will learn how to leverage the latest offensive techniques and capabilities to compromise and persist on any network with a 100% success rate. Students will walk away with the skills and tools needed to compromise any system regardless of skill set. During this course we will discuss the tactical exploitation methodology. This methodology includes targeting systems and users, profiling the selected targets, properly weaponizing exploits and payloads, proper exfiltration and miss-attribution techniques and how to get away with all of it. All of these techniques are taught with hands on, real world, and lab based exercises. Each student will receive a TEENSY USB device for the final exercise of the course as well as copies of all slides, tools, and relevant source code material. Prizes will also be given out for successful exercises.
Biographies: Colin Ames is a founding Partner and Security Researcher with Attack Research where he consults for both the private and public sectors. He’s currently focused on Pen testing, Exploit Development, Reverse Engineering, and Malware Analysis.
Chris Potter is a Security Consultant and Researcher with Secure DNA. Chris specializes in web based application development security. He has collaborated with some of the top security researchers and companies in the world and has performed static and dynamic security assessments for numerous companies and government agencies across the U.S. and Asia.
Training 3: iPhone Mobile Application Hacking, Chilik Tamir – June 25-26, 2013
Description: This course will focus on the techniques and tools for testing the security of iPhone mobile applications. During this course the students will learn about important topics such as the iPhone Security model, the emulator, how to perform static analysis, traffic manipulation, and dynamic analysis. By taking this course you will be able to perform penetration testing on iPhone mobile applications and expose potential vulnerabilities in the tested application. The objectives of the course are:
- Understand the iPhone application threat landscape
- Perform penetration testing on iPhone mobile apps
- Identify vulnerabilities and exploit them
Before attending this course, students should be familiar with:
- Common security concepts
- C/C++ background
- Basic knowledge of the iOS development platform
Biography: Chilik Tamir is an information security expert with over two decades of experience in training, research, development, testing and consulting in the field of applicative information security for clients in the fields of finance, security, government offices and corporations. His latest research – the iOS iNalyzer is an open-source iOS application Penetration Testing Dashboard. Among his previous publications you will find AppUse – a testing environment for Android applications developed together with Erez Metula; Belch – an automatic tool for analysis and testing of binary protocols such as Flex and Java-Serialization; as well as his lectures in conferences in Israel such as OWASP IL 2011, OWASP IL 2012 and DC9723. He is the Chief Scientist at AppSec Labs, where he acts as head of R&D and innovation. Chilik holds a Biomedical Engineering B.Sc. degree.
Training 4: Lock Picking and Physical Security, Deviant Ollam – June 25, 2013
Description: Physical security is an oft-overlooked component of data and system security in the technology world. While frequently forgotten, it is no less critical than timely patches, appropriate password policies, and proper user permissions. You can have the most hardened servers and network but that doesn’t make the slightest difference if someone can gain direct access to a keyboard or, worse yet, march your hardware right out the door. This course will cover basic Pin Tumbler Locks in Doors, Deadbolts, & Padlocks Wafer Locks in Desks, Cabinets, & Access Panels Shimming & Decoding of Combination Locks Lock Bumping & Countermeasures Attacking Pick-Resistant Pins Secrets of Master Keyed Systems Quick Lock Bypassing Tactics An introduction to Key Impressioning.
Biography: While paying the bills as a security auditor and penetration testing consultant with his company, The CORE Group, Deviant is also member of the Board of Directors of the US division of TOOOL, The Open Organisation Of Lockpickers. His debut book “Practical Lock Picking” became one of Syngress Publishing’s best-selling titles. At multiple annual security conferences Deviant runs the Lockpicking Village workshop area, and he has conducted physical security training sessions at Black Hat, DeepSec, ToorCon, HackCon, ShakaCon, HackInTheBox, CanSecWest, ekoparty, and the United States Military Academy at West Point.
Training 5: Shodan: Computer Search Engine, Shawn Merdinger – June 26, 2013
Description: The Shodan computer search engine is a powerful opensource database of scanned IP banners. This course is an introduction to using Shodan’s Web search interface, the API and data export functions. Basic usage of Shodan’s search limiter terms and utilization of focused key word searches are covered, with a special focus on proven search strategies and tactics to both filter results and discover key targets. Customizing queries for your organization, automating searches, creating useful network exposure metrics, importing results into other security tools, and using Shodan modules in Metasploit are also covered. Exploring novel uses of Shodan, such as importing data into tools like Maltego are planned, time-permitting.
Students will be provided training Shodan accounts with full access to Shodan, course training materials, and BackTrack DVD/VM. Students will need a laptop with virtual machine capability or bootable DVD, along with Wifi capability. Students should have basic knowledge of using search engines, some scripting ability, and general knowledge of top tools like nmap, Metasploit, etc.
Biography: Shawn Merdinger is a security analyst and researcher at the University of Florida & Shands Academic Health Center. With over a decade of experience in information security, he’s worked with Cisco Systems, TippingPoint, and as an independent security consultant. He is a technical editor for publishers Cisco Press, Pearson, Wiley and Syngress. Shawn has presented original security research at security conferences such as DerbyCon, DEFCON, Ph-Neutral, ShmooCon, CONfidence, NoConName, O’Reilly, ISSA, Infragard, IT Underground, CarolinaCon and SecurityOpus. He holds a masters in information science from the University of Texas at Austin, and is currently pursuing a second masters in healthcare security research at the University of Florida.