WAHCKon is pleased to announce that the following training will be taking place this year on 2015-04-30 and 2015-05-01!
Ticket Sales Close 24/04/2015
Tickets can be purchased from the WAHCKon store, or if you are unable to afford to purchase a ticket, apply for our charity program for training:
To qualify simply email firstname.lastname@example.org with the following information:
Contact information (phone, email, etc.)
The desired training session that you wish to attend
A short reason why you should be considered for free training
These places are limited, and will be assessed based on priority, so get in fast!
The Training schedule is as follows (Same for both days, free training takes place on Thursday, paid training takes place on Friday. Please note that some training may have free and paid sessions running at the same time):
Applying Threat Modelling For Pragmatic Security Approaches
Trainer: Matt Jones, Volvent
Matt runs Volvent Security specialising in Threat Modeling, Low-level code review, and Custom Security Engineering for a mix of interesting clients. He spent several years working in Swiss Finance as a SME and was responsible for the strategy and technical solutions of their global Threat and Vulnerability Management, developing bespoke security solutions. Since 2003 he has contributed to Ruxcon. Research interests include vulnerability analysis, data mining and machine learning, and security visualisation.
Threat Modeling is the process of assessing a target application or infrastructure and then building a model that represents the perceived threats it may be facing. This model can prove invaluable for understanding, tracking, and improving security postures and also feed into preparing security activities and security strategies.
While there's been a couple of books and presentations on Threat Modeling, there is limited resources and guidance for applying the concepts in the real-world. It can be a daunting and overwhelming task trying to jump into a new Threat Model, so this training will spend a day sharing the theory, war-stories, and approaches from years of real-world Threat Modeling work and will include hands-onexercises.
- The agenda for the training is as follows:
- * Introduction:
- An introduction to Threat Modeling and a look at previous work.
- * Concepts:
- The basics, approaches, terminology, and current methodologies.
- * Theory:
- A run-through of the history of vulnerabilities and security incidents while examining common software architectures and how security practices are often applied in real-world organisations.
- * Exercises:
- #1: Preparing a threat model for a simple real-world web application
- #2: Preparing a threat model for a larger application with several components
- #3: Preparing a threat model for an entire organisation
- * Application:
- A guide for how to grow and use a Threat Model over time, from tracking and collaborating with security activities (e.g. penetration testing) to designing and implementing smart security defenses.
- * Wrap Up:
- Conclusion and Q&A time while enjoying whiskey and bacon.
$250 per person
A hands on introduction to hardware hacking
Trainer: Dr. Silvio Cesare
Dr. Silvio Cesare received the Ph.D in 2013 from Deakin University. His research interests include malware detection, software similarity, and physical security of electronic and radio devices. He is the Director of Anti-Malware Engineering at Qualys where he is commercializing the concepts from his Ph.D. on malware detection. He is also author of the book Software Similarity and Classification, published by Springer. He has worked in industry within Australia, France and the United States. This work includes time as the scanner architect of Qualys - now the world's largest vulnerability assessment company. In addition to his Ph.D., he has a Bachelor of Information Technology and a Master of Informatics by research from CQUniversity. He is currently studying part-time in a Master of Engineering (Digital Systems and Telecommunications) at the ANU. He is a member of the IEEE, hosts the popular panel discussion at Ruxcon, is an organiser of Ruxmon Canberra, and lives in Canberra, Australia.
In this 1 day training event, you'll learn the basics of introductory hardware hacking. You'll learn practical skills and tool usage and also learn some underlying theory.
Specifically, time permitting, you'll learn:
1) Basic electronics theory.
2) How to solder. You'll implement this basic skill to build a small toy electronics kit.
3) How to interface with UART. You'll disassemble an ADSL router, solder header pins, and interface with it.
4) How to dump serial flash using the BusPirate.
$250 per person
All hardware and tools will be provided but you'll need to bring a laptop. You don't need to know about electronics or hardware to get value out of this course.
Windows Exploitation for the man on the street.
Trainer: Emmanuel Law, Aura Information Security
Emmanuel will be coming from across the ditch. Senior security consultant @ Aura Information Security (NZ) by day, he enjoys fuzzing and exploiting stuff during his free time. Having run this course twice at kiwicon, it will now make it's Australia debut @ Wahckon.
Do the terms buffer-over-flows, shell codes and ASLR excites you? Want to have a glimpse of what takes place behind an exploit writer's mind? Would you like a try at writing a browser exploit? This training is for the man on the street and (almost) no assumption is made on you having any per-requisite knowledge. This training is ideal for you if you have no prior experience in exploitation it will attempt to ease you into the world of exploitation by covering classic buffer over flows and slowly build our way up to more advanced exploitation techniques. The focus of the training is to take complex concepts and turn them into simple, clear and concise presentations that a man on the street can follow.
The following topics would be covered should time permit:
Classic Buffer overflow
Return-oriented programming (ROP) technique
ASLR + Heap Spray
Hands on exercises on writing your own browser exploit
This will be a hands on experience in understanding windows exploitation and its various mitigation
$400 per person
Some basic Assembly would be helpful but participants could potentially pickup what they need to know during first hour. Should have at least program or scripted (any language) some stuff before.