Trainings

Advanced Infrastructure Hacking – 3 day (Onsite) with Tiago Carvalho

Overview

The course teaches you a wealth of advanced Pen Testing techniques, from the neat and the new, to the ridiculous. You will learn how to compromise modern Operating Systems, networking devices and Cloud environments. From hacking Domain Controllers to local root, from VLAN Hopping and VoIP Hacking to compromising Cloud account keys, we have got everything covered.

Course Outline

• IPV4/IPV6 SCANNING, OSINT
• Advanced topics in network scanning
• Understanding & exploiting IPv6 Targets
• Advanced OSINT Data gathering
• WEB TECHNOLOGIES
• Exploiting DVCS (git)
• Owning Continuous Integration (CI) servers
• Deserialization Attacks (Java, Python, Node, PHP)
• HACKING DATABASE SERVERS
• Mysql
• Postgres
• Oracle
• MongoDBli>
• WINDOWS EXPLOITATION
• Windows Enumeration and Configuration Issues
• Windows Desktop ‘Breakout’ and AppLocker Bypass Techniques (Win 10)
• Local Privilege Escalation
• A/V & AMSI Bypass techniques
• Offensive PowerShell Tools and Techniques
• Post Exploitation Tips, Tools and Methodology
• AD EXPLOITATION
• Active Directory Delegation Reviews and Pwnage (Win 2016 server)
• Pass the Hash/Ticket Pivoting and WinRM Certificates
• Cross Domain and Forest attacks
• Pivoting, Port Forwarding and Lateral Movement Techniques
• Persistence and backdooring techniques (Golden Ticket, DCSync, LOLBAS)
• Command and Control (C2) Frameworks
• LINUX EXPLOITATION
• Linux Vulnerabilities and Configuration Issues
• Treasure hunting via enumeration
• File Share/SSH Hacks
• X11 Vulnerabilities
• Restricted Shells Breakouts
• Breaking Hardened Web Servers
• Local Privilege Escalation
• MongoDB exploitation
• TTY hacks, Pivoting
• Gaining root via misconfigurations
• Kernel Exploitation
• Post Exploitation and credentials harvesting
• CONTAINER BREAKOUT
• Breaking and Abusing Docker
• Exploiting Kubernetes environments
• Breaking out of kubernetes containers
• CLOUD HACKING
• AWS/Azure/GCP specific attacks
• Storage Misconfigurations
• Credentials, API’s and token Abuse
• IaaS, PaaS, SaaS, CaaS and Serverless exploitation
• Azure AD attacks
• VPN EXPLOITATION
• Exploiting Insecure VPN Configuration
• VLAN ATTACKS
• VLAN Concepts
• VLAN Hopping Attacks

Who should take this course

System Administrators, SOC Analysts, Penetration Testers, Network Engineers, security enthusiasts and if you want to take your skills to next level.

Student requirements

The only requirement for this course is that you must bring your own laptop and have admin/root access on it. During the course, we will give you VPN access to our state-of-art Hacklab which is hosted in our data-center in the UK. Once you are connected to the lab, you will find all the relevant tools/VMs there. We also provide a dedicated Kali VM to each attendee on the hacklab, accessed using SSH. So, you don’t need to bring any VMs with you. All you need is admin access to install the VPN client and once connected, you are good to go!  Attendees may optionally come prepared with an OpenVPN client (e.g. OpenVPN Client for Windows, we suggest Tunnelblick for Mac, the OpenVPN client is often included natively for Linux but may need installing/updating) and an SSH client (e.g. PuTTY for Windows, generally included natively for Linux/Mac) installed.

Trainings provides

If you are looking to develop your hacking skills further, either for working as a pen tester, or you need to understand how hackers work so that you are better able to defend against it, then this course is for you. In addition to increasing your knowledge and confidence, it provides excellent preparation for the advanced hacking examinations. By utilizing the Hack-Lab following the Advanced Infrastructure Hacking course you are provided with time to test and hone your skills and your understanding of the tools and applications used throughout the course. You can take these away for working with on a day to day basis. There are guides, walkthroughs and examples for you to use as follow-up so that you can translate these modules into practical values within your business. Access to our Hack-Lab is not just for your work during the course, you will have access for 30 days after the course too. This gives you plenty of time to practice the concepts taught during the course. The Hack-Lab contains a wide variety of challenges from local privilege escalation to VLAN hopping etc. Numerous scripts and tools will also be provided during the course, along with Delegate handouts.

Hacking Android, iOS and IoT apps by Example - 3 day (Onsite) with Abraham Aranguren

This course will take any student and make sure that: - The general level of proficiency is much higher than when they came - The skills acquired can be immediately applied to mobile app security assessments - Skills can be sharpened via continued education in our training portal for free - The student is equipped to defeat common mobile app assessment challenges - People who are new to mobile security will learn a lot in this training. - Advanced students will come out with enhanced skills and more efficient workflows - The skills gained are highly practical and applicable to real-world assessments

Overview

This course is a 100% hands-on deep dive into the OWASP Mobile Security Testing Guide (MSTG) and relevant items of the OWASP Mobile Application Security Verification Standard (MASVS), so this course covers and goes beyond the OWASP Mobile Top Ten. Learn about Android, iOS and IoT app security by improving your mobile security testing kung-fu. Ideal for Penetration Testers, Mobile Developers and everybody interested in mobile app security. All action, no fluff, improve your security analysis workflow and immediately apply these gained skills in your workplace, packed with exercises, extra mile challenges and CTF, self-paced and suitable for all skill levels, with continued education via unlimited email support, lifetime access, step-by-step video recordings and interesting apps to practice, including all future updates for free. Teaser Video: https://www.youtube.com/watch?v=Re5oqfVkgd4

Course Outline

Day 1: Hacking Android & IoT apps by Example

Part 0 - Android Security Crash Course

• The state of Android Security
• Android security architecture and its components
• Android apps and the filesystem
• Android app signing, sandboxing and provisioning
• Recommended lab setup tips

Part 1

• Static Analysis with Runtime Checks
• Tools and techniques to retrieve/decompile/reverse and review APKs
• Identification of the attack surface of Android apps and general information gathering
• Identification of common vulnerability patterns in Android apps
• Hardcoded secrets
• Logic bugs
• Access control flaws
• Intents
• Cool injection attacks and more
• The art of repackaging
• Tips to get around not having root
• Manipulating the Android Manifest
• Defeating SSL/TLS pinning
• Defeating root detection
• Dealing with apps in foreign languages and more

Part 2

• Dynamic Analysis
• Monitoring data: LogCat, Insecure file storage, Android Keystore, etc.
• The art of MitM: Intercepting Network Communications
• The art of Instrumentation: Hooking with Xposed
• App behaviour monitoring at runtime
• Defeating Certificate Pinning and root detection at runtime
• Modifying app behaviour at runtime

Part 3

• Test Your Skills
• CTF time, including finding IoT vulnerabilities through app analysis

Day 2: Hacking iOS & IoT apps by Example

Part 0

• iOS Security Crash Course
• The state of iOS Security
• iOS security architecture and its components
• iOS app signing, sandboxing and provisioning
• iOS apps and the filesystem
• Recommended lab setup tips

Part 1:

• Static Analysis with runtime checks
• Tools and techniques to retrieve/decompile/reverse and review IPAs
• Identification of the attack surface of iOS apps and general information gathering
• Identification of common vulnerability patterns in iOS apps:
• Hardcoded secrets
• Logic bugs
• Access control flaws
• URL handlers
• Cool injection attacks, and more Patching and Resigning iOS binaries to alter app behaviour
• Tips to test without a jailbreak

Part 2

• Dynamic Analysis
• Monitoring data: LogCat, Insecure file storage, Android Keystore, etc.
• The art of MitM: Intercepting Network Communications
• The art of Instrumentation: Hooking with Xposed
• App behaviour monitoring at runtime
• Defeating Certificate Pinning and root detection at runtime
• Modifying app behaviour at runtime

Part 3

• Test Your Skills
• CTF time, including finding IoT vulnerabilities through app analysis

Day 3: Leveling up your Android Instrumentation Kung-fu

Part 1: Frida & Objection on Android

• Focus on Dynamic Analysis
• Practical Frida scripts and labs
• Useful Objection labs and modules

Part 2: radare2 & r2frida on Android

• Introduction to radare2 & r2frida
• Multiple scenarios with radare2, r2frida and other tools to improve your instrumentation workflows
• Multiple case studies & exercises

Part 3: RMS on Android

• Automating instrumentation with RMS on Android
• MuDefeating certificate pinning with instrumentation
• MulRoot detection bypasses with instrumentation
• MulRoMultiple practical instrumentation exercises

Part 4

• Test Your Skills

Who should take this course

Any mobile developer, penetration tester or person interested in mobile security will benefit from attending this training regardless of the initial skill level: the course is for beginners, intermediate and advanced level students. While beginners are introduced to the nuances of mobile app security from scratch, intermediate and advanced level learners get to perfect both their knowledge and skills on the subject. Extra mile challenges are available in every module to help more advanced students polish their skills. The course is crafted in a way that regardless of your skill level you will significantly improve your mobile security skills. If you are new and cannot complete the labs during the class, that is OK, as you keep training portal access, you will learn a lot in the class but can continue from home with the training portal. If you are more advanced in mobile security you can try to complete the labs in full and then take the CTF challenges we have for each day, you will likely also attempt to complete some exercises from home later.

Student requirements

The requirements for attending this course are:

• Linux command line basics
• Android basics
• iOS basics

Trainings provides

Attendees will be provided with:

• Lifetime access to training portal, with all course materials
• Unlimited access to future updates and step-by-step video recordings
• Unlimited email support, if you need help while you practice at home later - Government-mandated and police apps in various countries
• Many other excitingly vulnerable real-world apps
• IoT apps controlling Toys, Drones, etc.
• Digital copies of all training material
• Custom Build Lab VMs
• Purpose Build Vulnerable Test apps
• Source code for test apps

Completing this training ensures attendees will be competent and able to:

• Intercept mobile app network communications
• Bypass certificate and public key pinning protections
• Bypass jailbreak/root detection
• Reverse engineer and analyze mobile apps from a blackbox perspective - Review mobile app source code to identify security flaws
• Perform a mobile app security review

Advanced Malware Unpacking - 3 day (Online) with Kyriakos Economou

Overview

What started as a hobby with reverse engineering software protection, later became a large part of our professional careers in deciphering and debugging heavily obfuscated malware.

Zeroperil has combined the most interesting aspects from reverse engineering software protection and malware into this fast paced and intense course.

The course aims to teach students how to deal with a large variety of executable packers, crypters and modern malware loaders.

Attendees will learn advanced tactics, techniques and procedures in order to be able to retrieve the original malware samples from within multiple layers of obfuscation. As a result, static analysis will be easier and indicators of compromise can be extracted. Unpacked malware binaries will be fully working, allowing for dynamic analysis.

Students will gain the confidence to approach unknown executable packers and crypters by learning and applying principles that we will be teaching throughout the course.

Techniques for automated sample unpacking by taking advantage of the x86dbg/x64dbg scripting engine will be covered. By the end of the course students will be able to write their own powerful debugger automation scripts.

Delivery

The training course is fully remote and sessions will be conducted over Microsoft Teams. Each student will be presented with a copy of the training materials.

Prerequisites

Although this course does go through the necessary introductory and background theory of several technical aspects, the following set of skills is desirable prior attending:

• Basic usage of user-mode debuggers (Olly, x64/x32Dbg)
• Basic understanding of x86/x64 assembly language
• Basic knowledge of programming concepts such as pointers, loops, functions etc…
• Experience with handling malware safely (i.e. Virtual Machines and network segregation)

Technical requirements

Although this course does go through the necessary introductory and background theory of several technical aspects, the following set of skills is desirable prior attending:

• Computer/laptop able to handle a VM with a minimum of 4 dedicated CPU cores, and 4 GB of RAM
• Good internet connectivity
• A virtualisation software that is able to take runtime snapshots of the guest OS
• A virtualisation software that is able to run modern Windows OS (10, 8.1, 7)

Target audience

With the increasing number of attacks involving malware of all kinds for example remote access trojans, ransomware and information stealers to name but a few; malware analysis skills have become a necessity for security operators. Having the ability and knowledge to deal with malware that use advanced techniques to hinder the analysis, is essential for the reverse engineer. Many malware analysts rely on third-party tools to automate their work, which instead should be part of their skillset simply because tools can and do fail.

If you always wanted to learn how to reverse engineer and unpack well-known executable packers such as UPX, ASPack, PECompact, WinUpack, ASProtect, and learn to deal with modern malware loaders, this is definitely the training course for you.

This training course is open to all information security professionals and reverse engineering enthusiasts who are interested in elevating their Windows malware analysis skills to ninja level. The course will provide advanced technical skills that will give an analyst the ability to unpack common executable packers and malware loaders by hand.

The following roles in information security will mostly benefit from this course:

• MALWARE ANALYSTS
• INCIDENT RESPONDERS

Content Outline

Day 1

• x86/x64 architecture refresher
• Microsoft Windows ABI
• PE file format refresher
• Debugging & Anti-Debugging
• x32/x64Dbg Tour
• Introduction to executable packers

Day 2

• Manual unpacking a variety of executable packers
• Unpacking automation with x32/x64Dbg scripting engine

Day 3

• Reverse engineering and unpacking of malware loaders of real malware samples.
• Unpacking automation with x32/x64Dbg scripting engine

What you will learn

• Analyse and reverse engineer executable packers
• Reverse engineer modern malware loaders
• Common anti-reversing tricks and how to bypass them
• Analyse self-modifying code
• Generic methods to locate the OEP in packed binaries
• Analyse and fix IAT pointers hijacking (Imports Redirection)
• Various hints and tips on how to take advantage of a user-mode debugger to analyse packers and malware loaders on runtime
• Manual unpacking of common packers and generic malware loaders
• Automate unpacking of previously analysed packers
• Produce fully working unpacked samples that can be analysed both dynamically and statically

Take aways

Hand-outs will be given in PDF format covering the unpacking process of the malware samples. You will also get a copy of our unpacking scripts that we will be showcasing during the course, as well as all source code that may be used during demos.

DISCLAIMER

During this course we will be dealing with real malware samples.

Some basic instructions will be given during the course on the safe handling of live malware samples; however, it is the attendee’s responsibility to ensure that correct procedures are carried out.

ZEROPERIL LTD ASSUMES NO RESPONSIBILITY FOR ANY DAMAGES CAUSED DUE TO INCORRECT HANDLING OF MALWARE SAMPLES.

AppSecOps - 3 day (Online) with Jovin Lobo and Dharmendra Gupta

Overview

AppSecOps is a 3-day course providing a holistic approach towards application security for developers with automation. This class covers the latest OWASP Top 10 (2021 edition) through an attacker’s perspective and looks at the various best practices/code snippets in Java, .NET, NodeJS, and Python to write secure code. Throughout this class, developers will be able to get on the same page with security professionals, understand their language, learn how to fix or mitigate vulnerabilities learnt during the class and also get acquainted with some real-world breaches, for example, “The Equifax” breach in September 2017.Various bug bounty case studies from popular websites like Facebook, Google, Shopify, PayPal, Twitter etc will be discussed explaining the financial repercussions of application security vulnerabilities like SSRF,XXE,SQL Injection, Authentication issues etc… Post learning and understanding what application security vulnerabilities are and how to fix and identify, this class will talk about what DevOps is and will cover the short-comings of having a traditional security set-up in a devops environment. We will then show how to use automation to weed out some of the vulnerabilities by injecting security into a DevOps pipeline. As part of the class attendees will be provided access to an online lab where they can practice their application security skills and practice implementing security in a Jenkins pipeline. We will provide a vagrant script and show the participants how to set up the custom developed DevSecOps-Lab VM containing all the tools and code which are used for demonstrating the DevSecOps pipeline.

Course Outline

• Application Security Basics
• Understanding the HTTP Protocol
• Security Misconfigurations
• Insufficient Logging and Monitoring
• Authentication Flaws
• Authorization Bypass Techniques
• Cross-Site Scripting (XSS)
• Cross-Site Request Forgery Scripting
• Server-Side Request Forgery (SSRF)
• SQL Injection
• XML External Entity (XXE) Attacks
• Unrestricted File Uploads
• Deserialization Vulnerabilities
• Client-Side Security Concerns
• Source Code Review
• Case Study/ Demo - Chaining vulnerabilities
• CTF - AppSec
• Introduction and overview of DevOps
• What and Why of DevSecOps?
• Integrating Security in CI/CD
• Vulnerability Management using Archerysec
• Secret Management using Vault
• Pre-Commit Hooks using Talisman
• Software Composition Analysis using Dependency-Checker
• SAST – Static Application Security Testing using FindSecBugs
• DAST – Dynamic Application Security Testing using ZAP
• VA -  Vulnerability Assessment using OpenVAS
• Compliance as Code using Inspec
• Security in Infrastructure as a Code using Trivy
• Production Real-Time Alerting and Monitoring using ModSecurity WAF
• DevSecOps in AWS
• Challenges & Enablers in DevSecOps
• CTF - DevSecOps

Who should take this course

This class is ideal for Web/API developers who work day-in-day out building full-stack web applications or web APIs. Anyone who is looking to develop a skill-set into web application security and identify web application flaws can also benefit from this course. DevOps engineers, security and solutions architects, system administrators will also strongly benefit from this course as it’ll give them a holistic approach towards application security.

Student requirements

The requirements for attending this course are:

• Any laptop with Chrome & Firefox browser and Admin privileges.
• In order to access our labs, you'll need an unfiltered direct connection to the internet. Our labs will not be accessible from behind a proxy or a firewalled internet connection.
• Download and Install the following Software on Laptop/System:
BurpSuite
• Windows - https://portswigger.net/burp/releases/download?product=community&version=2020.1&type=WindowsX64
• Mac - https://portswigger.net/burp/releases/download?product=community&version=2020.1&type=MacOsx
• Linux - https://portswigger.net/burp/releases/download?product=community&version=2020.1&type=Linux

Trainings provides

This training is delivered at Nullcon, OWASP and other leading cyber conferences globally as well as to blue chip private clients.