Conference:March 6-8, 2017
Workshops:March 9-10, 2017
Workshop: Continuous Dis-Integration: Red Team Attacks
Location:
- Albert, 2nd flr.
When:
- Thursday
Prerequisites
- Participants should have experience with the Linux environment
- Comfort using the command line is a big plus
- Participants should bring their own laptop capable of running a VMWARE Virtual Machine
- Please pre-download VMware Player (Windows) or a working Trial of VMWARE Fusion (Mac)
- Participants should bring a curious and mischievous brain
Do you write code? Do you have code? Do you ever stay awake at night wondering how evil hackers might steal it all for nefarious purposes? Are you interested in learning some super 1337 skills for yourself? Well, you’re in luck. Two evil hackers are ready to share and teach you few tricks they have used during live Red Team engagements to penetrate network defenses and find unexpected entry points. Join us in hacking the Gibson in this hands on workshop that will teach Penetration Testing skills and mitigations specifically tailored for the development community.
This Red Team workshop will provide students perspective and hands on experience with attack simulation tactics used to uncover vulnerabilities, also known as Red Teaming. Students can expect to cover topics such as social engineering (human manipulation), pivoting through network environments, attacking build pipelines, bypassing authentication, and looting systems for secrets.
Takeaways:
- Into to the Concept of Red Teaming
- Story Time: Social Engineering
- Social Engineering Mitigations
- Concepts of post exploitation and system looting
- Lab: Abusing Github CLI
- Lab: Bypassing Jenkins Google Authentication
- Lab: Abusing the Jenkins Script Console and Shelling your first box
- Mitigating the Jenkins Script Console Issues
- Lab: Abusing build jobs to Shell that box again
- Mitigating Controls and the Concept of Least Privilege
- Challenge Lab: Competitive Post Exploitation / Looting Lab
Other Workshops:
Tracks
-
Architecting for Failure
Building fault tolerate systems that are truly resilient
-
Architectures You've Always Wondered about
QCon classic track. You know the names. Hear their lessons and challenges.
-
Modern Distributed Architectures
Migrating, deploying, and realizing modern cloud architecture.
-
Fast & Furious: Ad Serving, Finance, & Performance
Learn some of the tips and technicals of high speed, low latency systems in Ad Serving and Finance
-
Java - Performance, Patterns and Predictions
Skills embracing the evolution of Java (multi-core, cloud, modularity) and reenforcing core platform fundamentals (performance, concurrency, ubiquity).
-
Performance Mythbusting
Performance myths that need busting and the tools & techniques to get there
-
Dark Code: The Legacy/Tech Debt Dilemma
How do you evolve your code and modernize your architecture when you're stuck with part legacy code and technical debt? Lessons from the trenches.
-
Modern Learning Systems
Real world use of the latest machine learning technologies in production environments
-
Practical Cryptography & Blockchains: Beyond the Hype
Looking past the hype of blockchain technologies, alternate title: Weaselfree Cryptography & Blockchain
-
Applied JavaScript - Atomic Applications and APIs
Angular, React, Electron, Node: The hottest trends and techniques in the JavaScript space
-
Containers - State Of The Art
What is the state of the art, what's next, & other interesting questions on containers.
-
Observability Done Right: Automating Insight & Software Telemetry
Tools, practices, and methods to know what your system is doing
-
Data Engineering : Where the Rubber meets the Road in Data Science
Science does not imply engineering. Engineering tools and techniques for Data Scientists
-
Modern CS in the Real World
Applied, practical, & real-world dive into industry adoption of modern CS ideas
-
Workhorse Languages, Not Called Java
Workhorse languages not called Java.
-
Security: Lessons Learned From Being Pwned
How Attackers Think. Penetration testing techniques, exploits, toolsets, and skills of software hackers
-
Engineering Culture @{{cool_company}}
Culture, Organization Structure, Modern Agile War Stories
-
Softskills: Essential Skills for Developers
Skills for the developer in the workplace