Training week for BSidesAugusta 2022 is September 26-29. This year, there will be five live training classes at the Georgia Cyber Center. Hurry! Seats are limited. You can buy your tickets on the registration pagestarting July 14 at Noon Eastern Time.
Free non-transferable ticket to BSidesAugustaOctober 1
Individual classes may be canceled if they do not meet a minimum enrollment by the enrollment deadline. If a class is canceled due to lack of enrollment or for any other reason, training refunds (for the cost of the training only) will be automatically issued to registered students. For all other refund requests, please see the refund policy on the BSidesAugusta registration page.
Course Name: Incident Response in AWS by Chris Farris
Date(s): September 28-29
Training Time: 8:30 AM – 5 PM with one hour lunch
Trainer Name(s):Chris Farris (@jcfarris)
Trainer Bio:Chris Farris is currently the cloud governance lead for a major media company. He’s spent the last few years focused on wrangling a diverse set of developers and operations teams across the globe. Automation is the only thing keeping him sane at this point. Chris started working in the IT Industry just as the Web was starting and Linux was gaining a cult following. Chris is a CISSP, has his GCIH and numerous AWS certifications including the AWS Security Specialty. He opines on security and technology on Twitter and at his websitehttps://www.chrisfarris.com.
Course Description: In this two-day course, you’ll experience in real-time a cloud incident and subsequent data breach, simulated in a vulnerable-by-design application. Students will act as our fictional company’s incident response team, and experience the various phases of the IR lifecycle. As an adversary compromises our simulated application we’ll cover detection, conduct a forensic investigation of the CloudTrail logs to determine what the attacker did, execute containment activities, and then perform an analysis to see if a data breach occurred. The class is targeted toward SOC analysts and security engineers who are new to AWS and need a crash course in CloudTrail, S3, IAM, Serverless, and the many ways the public cloud changes the incident response process. Students need only a basic understanding of AWS and their laptops, as the entire. cloud environment will be pre-built for our incident.
Target Audience: Security Operations Analysts, Incident Responders, Security Engineers & Architects who want to experience an incident in AWS before it happens to them for real.
Knowledge/Experience/Prerequisites: This course won’t teach the basics of incident response. It’s designed to bridge the gap for SOC analysts and incident responders and the brave new world of AWS and public cloud. A very basic understanding of AWS would be helpful but won’t be required.
What attendees need to bring: A laptop with Chrome browser.
Course Name: Malware Traffic Analysis by Brad Duncan
Date(s): September 29
Training Time: 9 AM – 5 PM with one hour lunch
Trainer Name(s):Brad Duncan (@malware_traffic)
Trainer Bio:Brad Duncan is a Threat Intelligence Analyst at Palo Alto Networks Unit 42. He specializes in analysis of Windows-based malware infection traffic and has authored several blog posts for Palo Alto Networks, including a series of Wireshark tutorials and workshop videos. Brad is also a handler for the Internet Storm Center (ISC) and has published more than 230 diaries at isc.sans.edu. In 2013, he established a blog at www.malware-traffic-analysis.net, where he routinely blogs technical details and analysis of infection traffic. Through the blog, Brad has provided traffic analysis exercises and over 2,000 malware and traffic samples to a growing community of information security professionals.
Course Description: Most security professionals don’t have access to full packet captures (pcaps) of traffic when investigating suspicious events in their network. However, pcap analysis provides a more thorough understanding of malicious traffic, and such analysis can greatly improve someone’s analytical skillset. This full day of training provides a foundation for investigating pcaps of malicious activity, focusing on Windows-based malware infections. We first cover basic investigation concepts, setting up Wireshark, and identifying hosts and users in network traffic. To understand malicious traffic, you must first understand normal traffic on your network, so this training reviews non-malicious activity from Windows hosts. Participants then learn the characteristics of malware infection traffic and other malicious network activity. This training concludes with an evaluation designed to give participants experience in writing an incident report.
Target Audience: Security professionals who want to know more about real-world traffic from Windows-based malware infections and suspicious network activity. This training is ideally targeted at new security analysts that investigate suspicious activity on their organization’s IT network. However, knowledge from this training has proven helpful to other people like (but not limited to) reverse engineers and incident responders.
What attendees need to bring: Students should bring a laptop, preferably running a non-Windows OS. Why not Windows? Because some pcaps used in this workshop contain Windows-based malware. A Windows laptop using a virtual machine running Linux will work for this. Students should also have a recent version of Wireshark installed, at least version 3.x. Note that some Linux distros use older 2.x versions of Wireshark, and 2.x has outdated filter expressions not used in our training.
Course Name: OSINT Immersion: Uncovering Online Secrets by Micah Hoffman and Griffin Glynn, My OSINT Training
Date(s): September 28-29
Training Time: 9 AM – 5 PM with one hour lunch
Trainer Name(s): Micah Hoffman (@webbreacher) and Griffin Glynn (@hatless1der), My OSINT Training
Trainer Bio:With decades of OSINT investigation, offensive security, and cyber defense experience and with engaging and approachable teaching styles, Micah Hoffman and Griffin Glynn from the My OSINT Training company (https://myosint.training) are proud to be your instructors for this course. Micah runs the My OSINT Training company, is co-founder of the OSINT Games CTF challenge site, and President of The OSINT Curious Project. Griffin Glynn is an instructor and course creator at My OSINT Training and the Director of Intelligence at the National Child Protection Task Force (NCPTF), a non-profit focused on assisting law enforcement in solving cases of missing, exploited, and trafficked children around the world. Griffin comes from a 20-year private-sector background in criminal investigations, and in the OSINT community goes by hatless1der. Micah and Griffin have trained thousands of people and look forward to helping you gain more OSINT skills.
Course Description: This is the ultimate, 2-day OSINT course for people of all skill levels. Whether you just found out OSINT stands for Open-Source Intelligence, or have been doing recon on systems for years, Griffin and Micah will teach you new tips and tricks for finding online secrets and then show you how to analyze and apply that data in your work. Whether you are looking for computer systems attached to the Internet or the people that use them, this course has something for everyone. Class outline:
a. Introduction to OSINT Investigations
b. OSINT Tools and Resources
c. Effectively Using Search Engines
d. People Search Engines
e. Email Address investigations including breach data
f. Username Investigations
g. Image analysis
h. Introduction to the Tor Darkweb
i. Introduction to Social Media Investigations
j. Domains and IP Investigations k. Website Investigations
Target Audience: Anyone that can use a computer.
What attendees need to bring: Bring a computer that can get onto the Internet. Students taking this course will get the most out of it if they bring a laptop computer that can connect to the guest WiFi (or they can use their own connection to the Internet), can install browser extensions, add-ons and other software and have both a Facebook and Twitter account they can use for exploration purposes. None of these are requirements as students can watch Micah and Griffin’s live demos and use the resources they provide to learn.
Course Name: Red Team Fundamentals for Active Directory (RTFM4AD) by Eric Kuehn and Aaron Moss, Secure Ideas
Date(s): September 29
Training Time: 9 AM – 4:30 PM with one hour lunch
Trainer Name(s):Eric Kuehn and Aaron Moss, Secure Ideas
Trainer Bio:Before coming to Secure Ideas, Eric spent close to 20 years working with enterprise scale Microsoft infrastructures for large Fortune 100 companies. Since its release, his core focus has been Active Directory. He was the technical leader and responsible for the engineering and architecture of one of the most complex and largest AD infrastructures used by one of the world’s largest financial institutions. This included ongoing maintenance and major enhancements of not only a highly secure authentication environment, but also of all the supporting tool sets required to monitor its health and integrity. This experience has given him a very strong knowledge of a variety of Microsoft products and best practices. Now that Eric has moved to consulting with Secure Ideas, he continues to utilize his knowledge of Active Directory, both in exploiting common configurations in penetration tests as well as providing training and awareness briefings to multiple audiences.
Course Description: The Red Team Fundamentals for Active Directory (RTFM4AD) course is a one-day class focused on explaining the fundamentals of Active Directory and how different aspects can be exploited when performing penetration tests. The goal is to not only cover different attacks but also explain the details of why they work and how an environment can be made resilient to them and potentially detect malicious activity. This combination opens the course to those looking to hone their offensive skills as well as those who are protecting an enterprise network. The course mixes lecture with a number of hands-on exercises to reinforce the information and techniques. The activities will cover ways to examine an Active Directory environment, looking for a variety of misconfigurations which are commonly seen in Active Directory implementations (even by some security conscious entities), and then exploit these issues to pivot and escalate our access. Ultimately, the students will gain full control of an AD Forest.
Students will be provided access to a lab to learn both the attacks and defenses while in class which will contain realistic targets and tools. This environment enables the attendees to understand how the covered techniques are used in the real world.
Target Audience:Red Team / Blue Team members.
Knowledge/Experience/Prerequisites:While attendees don’t necessarily need any prior security experience to take this course, they will get the most out of it with a basic grasp of Windows Operating Systems and PowerShell.
What attendees need to bring: A laptop that has the ability to RDP to remote devices.
Trainer Bio:Security Onion Solutions instructors have years of experience in threat hunting, enterprise security monitoring, and log management. They have worked in real-world operational security roles, engineered monitoring strategies and solutions, and handled real-world incidents. They bring their practical experience to the classroom, enabling students in both theory and hands-on application to hunt adversaries in environments large and small.
Course Description: This four-day course is geared for analysts and administrators of Security Onion 2. Students will gain a foundational understanding of this exciting platform – how to architect, deploy, and manage their Security Onion 2 grid. The course also covers major analyst workflows, reinforced through real-world case studies.
The class will cover the following topics:
● Security Onion Console
● Security Onion 2 System Architecture
● Deploying a Security Onion 2 Distributed Architecture
● Common Administrative Tasks
● Security Onion 2 Workflows __○ Alert Triage & Case Creation with SOC Alerts and Cases __○ Ad hoc Hunting with Kibana and SOC Hunt __○ Detection Engineering with Playbook
● Grid Management __○ Users __○ Firewalls __○ Updating __○ Monitoring __○ Troubleshooting __○ Hardening ● Tuning the Grid __○ Berkeley Packet Filters __○ Performance Tuning – Zeek and Suricata __○ Alert Tuning – Suricata and Playbook
● Integrating Endpoint Data with Osquery and Wazuh
● Zeek __○ Logs __○ Scripts __○ Intel Framework
● Alternative Deployment Architectures __○ Airgap Deployments __○ Cloud Deployments
● Multiple Labs and Case Studies
Target Audience: Analysts and administrators of Security Onion 2.
Knowledge/Experience/Prerequisites: Security Onion Essentials at https://securityonionsolutions.com/training (2 hours; free) Should have a basic understanding of networks, TCP/IP, and standard protocols such as DNS, HTTP, SSL, etc. Knowledge/experience with Linux is recommended, but not required.
What attendees need to bring: Laptops will be provided to students. Students may want to bring writing utensils to take notes in their course books.
Registration Deadline: 9/16/2022
Discounts are available for active duty US military, active US Federal civilian employees, as well as active members of ISSA and Infragard. Send an e-mail toInfo@BSidesAugusta.orgfor details.