WAHCKon[2] Perth 2015

Perth's First Hacker Con
2nd & 3rd of May 2015
Empyrean Function Centre
12 Lake street Northbridge, WA 6003



[ home ] || [ sponsors ] || [ cfp ] || [ scheduled training ] || [ contact ]

[ talks ] || [ speakers ] || [ venue ] || [ schedule ] || [ merch ] || [ events


[ BUY TICKETS ]
or if you can't afford a ticket see our call for charity


WAHCKon is pleased to announce that the following training will be taking place this year on 2015-04-30 and 2015-05-01!

Ticket Sales Close 24/04/2015


Tickets can be purchased from the WAHCKon store, or if you are unable to afford to purchase a ticket, apply for our charity program for training:

To qualify simply email training@wahckon.org.au with the following information:

  • Your name
  • Contact information (phone, email, etc.)
  • The desired training session that you wish to attend
  • A short reason why you should be considered for free training
  • These places are limited, and will be assessed based on priority, so get in fast!



    The Training schedule is as follows (Same for both days, free training takes place on Thursday, paid training takes place on Friday. Please note that some training may have free and paid sessions running at the same time):

    Room 1 Room 2 Room 3
    Matt Jones Emmanuel Law Silvio Cesare


    ==================================================================================

    Applying Threat Modelling For Pragmatic Security Approaches
    Trainer: Matt Jones, Volvent

    Bio

    Matt runs Volvent Security specialising in Threat Modeling, Low-level code review, and Custom Security Engineering for a mix of interesting clients. He spent several years working in Swiss Finance as a SME and was responsible for the strategy and technical solutions of their global Threat and Vulnerability Management, developing bespoke security solutions. Since 2003 he has contributed to Ruxcon. Research interests include vulnerability analysis, data mining and machine learning, and security visualisation.

    Description

    Threat Modeling is the process of assessing a target application or infrastructure and then building a model that represents the perceived threats it may be facing. This model can prove invaluable for understanding, tracking, and improving security postures and also feed into preparing security activities and security strategies.

    While there's been a couple of books and presentations on Threat Modeling, there is limited resources and guidance for applying the concepts in the real-world. It can be a daunting and overwhelming task trying to jump into a new Threat Model, so this training will spend a day sharing the theory, war-stories, and approaches from years of real-world Threat Modeling work and will include hands-onexercises.

    • The agenda for the training is as follows:
    • * Introduction:
    • An introduction to Threat Modeling and a look at previous work.
    • * Concepts:
    • The basics, approaches, terminology, and current methodologies.
    • * Theory:
    • A run-through of the history of vulnerabilities and security incidents while examining common software architectures and how security practices are often applied in real-world organisations.
    • * Exercises:
    • #1: Preparing a threat model for a simple real-world web application
    • #2: Preparing a threat model for a larger application with several components
    • #3: Preparing a threat model for an entire organisation
    • * Application:
    • A guide for how to grow and use a Threat Model over time, from tracking and collaborating with security activities (e.g. penetration testing) to designing and implementing smart security defenses.
    • * Wrap Up:
    • Conclusion and Q&A time while enjoying whiskey and bacon.

    Duration

    6-8 hours

    Price

    $250 per person



    ==================================================================================

    A hands on introduction to hardware hacking
    Trainer: Dr. Silvio Cesare

    Bio

    Dr. Silvio Cesare received the Ph.D in 2013 from Deakin University. His research interests include malware detection, software similarity, and physical security of electronic and radio devices. He is the Director of Anti-Malware Engineering at Qualys where he is commercializing the concepts from his Ph.D. on malware detection. He is also author of the book Software Similarity and Classification, published by Springer. He has worked in industry within Australia, France and the United States. This work includes time as the scanner architect of Qualys - now the world's largest vulnerability assessment company. In addition to his Ph.D., he has a Bachelor of Information Technology and a Master of Informatics by research from CQUniversity. He is currently studying part-time in a Master of Engineering (Digital Systems and Telecommunications) at the ANU. He is a member of the IEEE, hosts the popular panel discussion at Ruxcon, is an organiser of Ruxmon Canberra, and lives in Canberra, Australia.

    Description

    In this 1 day training event, you'll learn the basics of introductory hardware hacking. You'll learn practical skills and tool usage and also learn some underlying theory.

    Specifically, time permitting, you'll learn:

  • 1) Basic electronics theory.
  • 2) How to solder. You'll implement this basic skill to build a small toy electronics kit.
  • 3) How to interface with UART. You'll disassemble an ADSL router, solder header pins, and interface with it.
  • 4) How to dump serial flash using the BusPirate.
  • Duration

    6 Hours

    Price

    $250 per person

    Requirements

    All hardware and tools will be provided but you'll need to bring a laptop. You don't need to know about electronics or hardware to get value out of this course.



    ==================================================================================

    Windows Exploitation for the man on the street.
    Trainer: Emmanuel Law, Aura Information Security

    Bio

    Emmanuel will be coming from across the ditch. Senior security consultant @ Aura Information Security (NZ) by day, he enjoys fuzzing and exploiting stuff during his free time. Having run this course twice at kiwicon, it will now make it's Australia debut @ Wahckon.

    Description

    Do the terms buffer-over-flows, shell codes and ASLR excites you? Want to have a glimpse of what takes place behind an exploit writer's mind? Would you like a try at writing a browser exploit? This training is for the man on the street and (almost) no assumption is made on you having any per-requisite knowledge. This training is ideal for you if you have no prior experience in exploitation it will attempt to ease you into the world of exploitation by covering classic buffer over flows and slowly build our way up to more advanced exploitation techniques. The focus of the training is to take complex concepts and turn them into simple, clear and concise presentations that a man on the street can follow.

    The following topics would be covered should time permit:

  • ASM Refresher
  • Classic Buffer overflow
  • SEH Exploitation
  • Return-oriented programming (ROP) technique
  • ASLR + Heap Spray
  • Hands on exercises on writing your own browser exploit
  • This will be a hands on experience in understanding windows exploitation and its various mitigation

    Duration

    8 Hours

    Price

    $400 per person

    Requirements

    Some basic Assembly would be helpful but participants could potentially pickup what they need to know during first hour. Should have at least program or scripted (any language) some stuff before.



    [ facebook ] || [ twitter ] || [ email ] || [ 2013 ] || [ 2014 ] || [ CoC ]