Register for Maddie Stone's Training - "From n00b to l33t" on 26th February

Trainings

Workshops & training sessions organized aimed at scouting, nurturing & empowering women talents in the field of cyber-security.

Network Traffic Analysis

Silvia Nerea Anguita

Cybersecurity Auditor, Siemens
Friday, 19th February - 20:30 - 22:00 IST
Silvia Nerea Anguita
About Silvia Nerea Anguita

Silvia Nerea Anguita (@silvianerea_) is a Cybersecurity Auditor at Siemens. On a day to day she works identifying security vulnerabilities in Siemens infrastructure, products and services. Prior to that she worked as a penetration tester for 2 years mainly focusing on web and mobile applications. Studied a bachelors in Computer Science and a masters degree in Cybersecurity.

Training Overview

This training will introduce you to the basic of traffic analysis. We will see how messages and files are transmitted over the network depending on the protocol being used and see which of them send the data encrypted and which not. The training will explain what are the things you need to focus on when analyzing a traffic dump and what kind of data and information you can get from it. You want to know how to get confidential information sent over the network? Or how an attack looks like from the packets perspective? We will finish the training by analyzing a couple of example so you can get your hand dirty!

From n00b to l33t

Maddie Stone

Security Researcher, Google Project Zero
Register Now
Friday, 26th February - 21:30 - 23:30 IST
Maddie Stone
About Maddie Stone

Maddie Stone (@maddiestone) is a Security Researcher on Google Project Zero where she focuses on 0-days used in-the-wild. Previously, she was a reverse engineer and team lead on the Android Security team, focusing predominantly on pre-installed and off-Google Play malware. Maddie also spent many years deep in the circuitry and firmware of embedded devices. Maddie really loves reverse engineering and hopes you will too!

Training Overview

Have you ever wondered what reverse engineering is? And how people do it? Have you been confused or intimidated by assembly? Then this workshop is for you! In this 2 hour workshop, you're going to learn about and how to do binary reverse engineering. In this workshop, no knowledge of assembly is needed. Only a basic comfort in understanding pseudo code is required. We'll cover the different types of reverse engineering, how you do it, and (hopefully!) why it's so much fun. You'll finish the workshop having reversed your own little program!

Symbolic execution / angr for CTF

Thaís Moreira Hamasaki

Offensive Security Researcher, Intel
Register Now
Friday, 5th March - 20:30 - 22:30 IST
Friday, 12th March - 20:30 - 22:30 IST
Thaís Moreira Hamasaki
About Thaís Moreira Hamasaki

Thaís Moreira Hamasaki is an Offensive Security Researcher @ Intel - STORM. Previous to that, she worked as a Malware Researcher @ F-Secure, with a focus on static analysis, reverse engineering, and logical programming.

Thaís started her career within the anti-virus industry working on data and malware analysis, where she developed her knowledge of threat protection systems. She won the "best rookie speaker" award from BSides London for her very first talk about "Using SMT solvers to deobfuscate malware binaries". Recent research topics include platform security, SMM, and GFX. She is a member of the Düsseldorf Hackerspace aka Chaosdorf, where she also leads the groups for Reverse Engineering and x86 Assembly. In her free time, you can find Thaís writing bad code, cooking, or climbing somewhere offline.

Training Overview

Symbolic execution is a powerful tool for code verification, bug hunting and reverse engineering. In this class, we will dive into the concepts of constraint programming and SMT solvers and how binary analysis tools, such as angr, integrate these concepts into their frameworks.

It is going to be a very practical class, where we are going to solve various CTF challenges with the goal of visiting different features of angr.

Most of CTF players use z3 and angr to save time when solving reverse engineering challenge and that is also the path we are going to take.

If time is available, we will also check manticore and miasm, two other tools with symbolic execution engines with different features!

Prerequisite
  • Be comfortable understanding and writing Python3 code
  • Familiarity with x86/x64 assembly
Requirements
  • VMware Workstation or Player (at least version 12) (no VirtualBox)
  • At least 8GB of RAM
  • At least 40GB of free disk space
  • A laptop with administrative privileges

Reverse Engineering C++ binaries

Gal Zaban

Security Researcher, Cymotive
Saturday, 20th March
Sunday, 28th March
Gal Zaban
About Gal Zaban

Gal Zaban is a Reverse Engineer with a particular interest in C++ code, currently working as a Vulnerability Researcher in the Automotive Industry. As part of her journey in understanding the catacombs of C++, she developed various RE tools for C++ including 'Virtuailor'. In her spare time when she's not dwelling into low-level research, she designs and sews her own clothes and plays the Clarinet.

Training Overview

This training is the shortened version of my original "Reversing and Auditing C++ Binaries", this course will be a class for security researchers who want to expand their horizons and skills in reversing C++ binaries.

C++ Binaries are full of mysteries, they have objects, inheritance, templates, vtables and many more and reverse engineering them is a task on its own. In order to correctly and clearly map a C++ compiled binary it requires a vast knowledge of C++ Internals.

The training will explain C++ reverse engineering topics including techniques and tools for dealing with C++ Binaries research. We will start with the identification of basic structures in C++ and continue with C++ Objects and Inheritance in a binary and how to represent them in IDA.

Afterward, we will also study work methods and design patterns in C++. Finally, we will practice, fight and untangle deep and modern C++ programs using static and dynamic analysis.

OWASP Juice Shop - Web Application Penetration Testing Basics

Zoey Garvey

Consultant Software Engineer, Federal Reserve Bank of San Fransisco
Sunday, 21st March
Zoey Garvey
About Zoey Garvey

Zoey Garvey has decades of experience coding and building web applications, and more recently has pivoted to breaking and securing them, as well as contributing web challenges to various training platforms and CTFs.

Training Overview

This training will introduce you to web application penetration testing on a single page application and get you familiar with some of the OWASP Top 10. We'll start by learning some basics about single page applications and how they're setup, and some of the tools, resources and options for enumerating and attacking web applications. We'll then move on to learning the basics of SQL injection, XSS, and Broken Access Control, and put those skills into practice attacking the OWASP Juice Shop. We can explore other topics as time permits. You'll also be able to use the VM for self-guided study after the session is over.

Prerequisite
  • A VM will be provided that includes everything necessary for the training. You'll need virtualbox or VMWare.
  • Basic familiarity with HTTP, HTML, JavaScript(or another language), SQL and how web servers work will be helpful, but is not required. We can gauge the class's experience levels at the beginning and go from there.

Understanding TLS and MITM Attacks

Caroline Leman

Security Engineer, ANSSI
Saturday, 13th March
Caroline Leman
About Caroline Leman

Caroline is a reverse engineer, security enthousiast and feminist. She has been contributing to miasm (https://github.com/cea-sec/miasm).

Training Overview

Have you ever wanted to know why Firefox warns you about concretely when the big "THIS PAGE IS UNSECURE" appears ?

Well, in this workshop we will be doing what Firefox tries to protect you from: Eavesdropping someone's network.

We'll go from theory to practice:
How do you get packets supposed to go from a computer to another to come to your machine ?
That's called the Women-In-The-Middle attack, and we'll use Scapy (pre-installed in kali linux) to do that using a technique called ARP-Spoofiing.
And even if this look fun, you might know that nowadays traffic is encrypted so what can we do with these encrypted packets ?
Firstly we'll go through the basics of TLS, seeing how does your connection gets encrypted and how the trust between client and server is built : that's the part where certificates signature and verification arrives.
With these basics, we'll see what could go wrong, what happens if you say to firefox "No, I understand the risks and continue" from the attacker's perspective.
I have prepared pair of VMs for each of you and you will be able to really eavesdrop on this small environment - it's really a hands on intro to WITM attacks and network interception.
After this training, you will:
  • have performed a WITM attack with Scapy
  • know how to manually generate TLS certificates
  • have a better idea of what Burp or ZAP proxy do when they "intercept TLS traffic"
  • better understand your browser's security messages
  • have an overview of what TLS is for and what is concretly protects us from

Kick-Start to Secure Software Development.

Arya M Shankar

Product & Solution Security Professional, Siemens
During Conference
Arya M Shankar
About Arya M Shankar

As a Product and Solution Security Professional at Siemens I am currently into Secure Software Development (R&D) and Cyber Security Analyst roles. Also have experience working in sensitive projects for Indian govt. defence organisations(DRDO - R&D). Have 4+ years of experience in different domain of Cyber Security. Pursued Masters in Cyber Security Systems & Networks with a bachelors in Computer Science Engineering.

Training Overview

We read, write and understand Code :)

There is a popular misconception that those who code can develop software. Yes, they can, but not always secured, reliable and efficient ones. And who would buy it? If someone does, for how long would it serve!

This training would focus on enlightening about good and bad coding, which is the backbone of Secure Software Development. Take you through the overall software development architecture, an in-depth understanding of each stage and a quick peek into adversary entry points. Finally to the world of secure coding, a vast domain which is least explored and splendid opportunity for the skilled ones.

If you believe that you deliver good code, you might rethink after the session. If you don’t code, life would be much easier learning the right things the right way than re-learning later.

Beginner Level Training

Beginner level cyber-security training sessions for young women aspirants, conducted by members of team Shakti from 15th of January.

Namitha S

Namitha S

Introduction to CTF

15 January 2021
60 mins
Meenakshi S L

Meenakshi S L

Introduction to Cryptography

22 January 2021
60 mins
Simran Kathpalia

Simran Kathpalia

Introduction to Reverse Engineering

29 January 2021
60 mins
Namitha S

Namitha S

Introduction to Reverse Engineering

29 January 2021
60 mins
Sandra Bino

Sandra Bino

Introduction to Binary Exploitation

06 February 2021
60 mins
Gopika Subramanium

Gopika Subramanium

Introduction to Web Expoitation

13 February 2021
60 mins
© Team Shakti 2020 - 2021. All Rights Reserved.