Antisyphon

Antisyphon offers a variety of information security training courses tailored to beginners and seasoned professionals alike. Wild West Hackin’ Fest proudly provides Antisyphon training throughout the year. You can find courses in the Antisyphon course catalog below.

Please click here for a list of upcoming training courses.

Antisyphon Training Courses:

  • Active Defense & Cyber Deception w/ John Strand

    16 Hours

    Course Description: Active Defenses have been capturing a large amount of attention in the media lately. There are those who thirst for vengeance and want to directly attack the attackers. There are those who believe that any sort of active response directed at an attacker is wrong. We believe the answer is somewhere in between.

    Learn more about this course.

  • Advanced Endpoint Investigations w/ Alissa Torres

    16 Hours

    Course Description: For most security teams, high operational tempo (measured in dumpster fire lumens) incentivizes analysts to stick to well-tailored playbooks that prioritize remediation at the expense of proper incident scoping and root cause analysis. Though modern endpoint security products have significantly improved host visibility, most critical incidents will require the acquisition and analysis of additional endpoint data. This course focuses on four core investigative competencies: endpoint data collection, investigative triage, incident response pivots, and root cause analysis.

    After learning about key endpoint artifact and memory analysis techniques for Windows and Linux, attendees will work through real-world scenarios in hands-on labs. We’ll pivot from initial detection into host triage analysis to discern attackers’ discovery, defense evasion and lateral movement techniques. Attendees will learn to identify key indicators for the generation of high-fidelity detections.

    Learn more about this course.

  • Advanced Network Threat Hunting w/ Chris Brenton

    16 Hours

    Course Description: We will spend most of this class analyzing pcap files for Command and Control (C2) communications in order to identify malware back channels. It is assumed that the student will already understand the basics of network threat hunting, so we can immediately jump into applying that knowledge. The goal will be to create a threat hunting runbook that you can use within your own organization in order to identify systems that have been compromised.

    Learn more about this course.

  • Applied Purple Teaming w/ Kent Ickler and Jordan Drysdale

    16 Hours

    Course Description: Applied Purple Teaming (APT) will first introduce students to threat optics on Windows systems. This course will provide instruction for configuring and installing Sysmon to gather endpoint logs. Students will also be introduced to Windows Audit Policies and will get to deploy a high visibility audit policy stack. Windows Event Collection and Forwarding will be implemented to demonstrate the free Windows logging stack built in and licensed under the existing agreement you have with Microsoft. The event collector will finally be configured to ship logs to the Hunting ELK (HELK) where students will get to review threat optics using Kibana. The majority of the class will be iterating through the TTPs of a standard pentest to demonstrate effective logging and detections against some attacks that are challenging to detect. The Atomic Purple Team lifecycle will be used to attack, hunt and detect, and defend against all of the attacks! Come join us for another round of APT with updated materials and to have a great time in the Wild West!

    Learn more about this course.

  • Attack Emulation Tools: Atomic Red Team, CALDERA and More w/ Darin and Carrie Roberts

    16 Hours

    Course Description: Attack Emulation tools help you measure, monitor and improve your security controls by executing scripted attacks. Atomic Red Team and CALDERA are two open source attack emulation projects that are mapped directly to the Mitre ATT&CK Framework. This class will provide an overview of the Mitre ATT&CK framework and give you in-depth, hands-on knowledge of how to execute scripted attacks that exercise many of the techniques defined in Mitre ATT&CK. You will be provided with hands-on lab instructions for emulating a variety of attacks and creating visualizations using Mitre ATT&CK Navigator. At the end of this class you will have the knowledge and tools to begin executing simulated attacks within your own test environment where you can create and validate detections in a script-able and consistent way.

    Whether you are a student of information security or a seasoned network defender there is something to learn from getting involved in the Attack Emulation space and this course will help you do that.

    Learn more about this course.

  • Breaching the Cloud w/ Beau Bullock

    16 Hours

    Course Description: This training walks through a complete penetration testing methodology of cloud-based infrastructure. Starting with no information other than the company name you will learn to discover what cloud-specific assets your target is using. Following the enumeration of cloud services, you will learn how to discover misconfigurations that commonly expose sensitive data as well as a thorough understanding of how to get an initial foothold into a cloud-based organization.

    Learn more about this course.

  • Defending the Enterprise w/ Kent Ickler and Jordan Drysdale

    16 Hours

    Course Description: For the luckiest of enterprises, the awareness of an insecure environment is proven not in public discord after a breach but instead by effective security penetration tests. Time and time again Jordan and Kent have witnessed organizations struggle with network management, Active Directory, organizational change, and an increasingly experienced adversary.

    For new and legacy enterprises alike, Defending the Enterprise explores the configuration practices and opportunities that secure networks, Windows, and Active Directory from the most common and effective adversarial techniques. Have the confidence that your organization is prepared for tomorrow’s security threats by learning how to defend against network poisoning, credential abuse, exploitable vulnerabilities, lateral movement, and privilege escalation.

    The best defended networks are those which have matured from countless penetration tests and security incidents. Learn from Kent and Jordan, two seasoned offensive and defensive security experts, to shortcut your organization’s security posture into a well-fortified fortress.

    Learn more about this course.

  • Enterprise Attacker Emulation and C2 Implant Development w/ Joff Thyer

    16 Hours

    Course Description: This class focuses on the demonstration of an Open Command Channel framework called “OpenC2RAT”, and then developing, enhancing, and deploying the “OpenC2RAT” command channel software into a target environment. Students will learn about the internal details of a command channel architecture and methods to deploy in an application-whitelisted context. The class will introduce students to blocks of code written in C#, GoLang, and Python to achieve these goals. In addition, the class will introduce some ideas to deploy existing shellcode such as Cobalt Strike Beacon or Meterpreter within a programmed wrapper to enhance success in the age of modern endpoint defense. Many of the techniques introduced in this class can be used to evade modern defense technologies.

    Learn more about this course.

  • Getting Started with Packet Decoding w/ Chris Brenton

    16 Hours

    Course Description: One of the core disciplines of security is understanding how systems communicate over the Internet. This skill set is crucial to spotting abnormal behavior and attack patterns. In this class, we will go beyond the fundamentals of how IP communicates and dive into the subtle nuances. This will help the student identify anomalous patterns when they occur.

    Much of this class is spent focusing on the IP, ICMP, UDP, and TCP headers. We will step through each of the fields within each header to ensure that the student understands how the data within that field plays a role in communications. This knowledge is deepened by observing the behavior in packet decodes, some of which are normal traffic while some are common attacks. The goal is to give the student a foundational knowledge of IP communications that they can immediately apply to their daily workflows.

    This class assumes that you are new to decoding network traffic. There are no prerequisites beyond being able to load and run a virtual machine (VM) on your system and some familiarity with working at the command line. The class is filled with hands-on exercises, many of which are walk-throughs of packet decoding tools that will guide you through the process. Full labs are then used to reinforce what you have learned.

    Learn more about this course.

  • HackerOps w/ Ralph May

    16 Hours

    Course Description: To conduct an advanced attack, you need more than just a collection of simple scripts. In addi-tion to talent, you need a large amount of managed and unmanaged code. The more code and resources that are required to conduct an engagement, the more time we need. Time is some-thing we don’t have a lot of on an engagement.

    Today, to be an advanced and effective attacker, you need to move fast, and that speed re-quires a move to a DevOps style of managing infrastructure and code. With cloud resources and APIs to manage these resources, the days of manual setup are long behind us.

    Where do we get started? And how does it all work?

    In this training, we learn the fundamentals of DevOps and how we can code our TTPs. Coding TTPs allows for new tactics and improved OPSEC to be shared without the cost of knowledge transfer and manual setup. This class will introduce students to Terraform Ansible and Docker with the goal of writing TTPs to use and share.

    In this class we will learn the fundamentals of Terraform Ansible and Docker with an emphasis on how we can use these tools to code our TTPs. After we have the fundamentals, we will start coding and get comfortable with YAML and will review how to create resources and cus-tomize TTPs. Lastly, we will work through multiple labs and examples that you can take with you for your next engagement.

    Learn more about this course.

  • Getting Started in Security with BHIS and MITRE ATT&CK w/ John Strand

    16 Hours

    Course Description: This 16-hour (4-days, 4-hour sessions) information security training class is designed for people who are new to computer security. We will cover the core fundamentals with lots of hands-on labs demonstrating the attacks and defenses every security professional must know to be successful.

    Learn more about this course.

  • Introduction to IOT Device Hacking w/ Rick Wisser and David Fletcher

    16 Hours

    Course Description: With over 21.5 billion interconnected devices in the world and a future estimate of 6.2 trillion devices by 2025, understanding and learning how to methodologically assess those devices is sure to be a valuable skill. “Introduction to IOT Device Hacking” will present a methodological approach for understanding attack surfaces, interacting with various protocols and interfaces, determining exploitative scale, and ultimately attacking various types of IOT devices. Beginning with reconnaissance and ending with compromising the IOT device, students will get hands-on experience and valuable skills. This course provides students with a vulnerable device and tools to perform typical attacks using various protocols and interfaces.

    Learn more about this course.

  • Modern WebApp Pentesting w/ BB King

    16 Hours

    Course Description: Modern WebApp Pentesting is unique in its approach to testing webapps. Too many courses are built around the assumption that a webapp pentester’s skills should grow along a straight line, starting with something like the OWASP Top Ten and culminating in something like Attacking Web Cryptography. Real webapps don’t follow that same path, and neither should real webapp pentesters. Attacking Web Sockets is not more difficult than attacking HTTP traffic, it’s just different. Web APIs are not something you’re qualified to test only after you’ve put your time in on traditional webapps … they’re just different.

    Learn more about this course.

  • Network Forensics and Detection w/ Troy Wojewoda

    16 Hours

    Course Description: Incident responders are continually faced with the challenge of collecting and analyzing relevant event data—network communications is no exception. This course uses an assortment of network data acquisition tools and techniques with a focus on open-source, vendor-neutral solutions. Students who take this course will learn how to perform network traffic and protocol analysis that ultimately supports cybersecurity incident response efforts. From reconnaissance to data exfiltration, network traffic scales to provide a bird’s-eye view of attacker activity. Leveraging the vantage point of key network traffic chokepoints, this course explores nearly every phase of an attacker’s methodology. Students will learn network traffic analysis concepts and work through hands-on lab exercises that reinforce the course material using real-world attack scenarios.

    Learn more about this course.

  • Red Team: Getting Access w/ Michael Allen

    16 Hours

    Course Description: Getting a foothold is the first step in a successful breach—be it in the form of user credentials, email access, or code execution on a target system. This course will provide students with the fundamental skills and know-how to perform the most common attacks used to get an initial foothold during a red team exercise.

    Since Microsoft products and services are the most widespread platform in use by organizations, Office 365 and Microsoft Windows will be the primary targets of student exercises. Core concepts will also be discussed so that students can apply the lessons learned to other platforms in the future.

    Learn more about this course.

  • Securing the Cloud: Foundations w/ Andrew Krug

    16 Hours

    Course Description: In this course, we’ll explore Amazon Web Services (AWS) as a platform. We will take the perspective of a new startup company spinning up infrastructure in AWS for the very first time. We’ll use a scenario-based approach, where you’ll don the persona of a security engineer on your first day at a new startup. This course will demonstrate ideas like secure-by-default and will examine services and patterns for locking down defaults using a combination of open source and platform native tooling. Finally, attendees will walk away with a practical understanding of various controls, detections, and guardrails.

    Learn more about this course.

  • Security Defense and Detection TTX w/ Amanda Berlin and Jeremy Mio

    16 Hours

    Course Description: Security Defense and Detection TTX is a comprehensive four-day tabletop exercise that involves the introduction to completion of security TTXs (tabletop exercises), IR playbooks, and after-action reports. The exercises are paired with video and lab demonstrations that reinforce their purpose. The training as a whole is compatible with the world’s most popular RPG rules.

    The preparation phase will walk students through the creation of specific IR playbooks that can be utilized in any environment as well as during later parts of the class. The next phase introduces the gamification of the TTXs. The students split up into separate “corporations” with assigned verticals, hit points, armor class, budgets, strengths, and weaknesses. Selection of departments and skills allow the players to further their modifiers. Throughout the exercise, each company will take turns rolling their way through decisions such as large purchases, attack severity, defense capability, and incident response decisions.

    Learn more about this course.

  • Security Leadership and Management w/ Chris Brenton

    16 Hours

    Course Description: “Security” is arguably one of the most challenging disciplines to move from being an individual contributor (IC) to being a manager. While security ICs can perform most tasks in isolation, a manager needs to regularly interact with people both inside and outside of the team. Further, “security” has its own language which can be completely foreign to people outside of the discipline. How do you take security concerns and convert them into a language that senior leaders and “C” levels can understand? Honing these skills will be the primary objective of this course.

    Learn more about this course.

  • SOC Core Skills w/ John Strand

    16 Hours

    Course Description: This 16-hour (4-days, 4-hour sessions) information security training course will cover the core security skills all Security Operation Center (SOC) analysts need to have. These are the skills that all Black Hills Information Security (BHIS) SOC team members need to have.

    Learn more about this course.

  • Windows Post Exploitation w/ Kyle Avery

    16 Hours

    Course Description: So you popped a shell, now what?

    Windows Post Exploitation focuses on four major components of any adversary simulation or red team exercise: enumeration, persistence, privilege escalation, and lateral movement. Each of these steps will be covered in detail with hands-on labs in a custom Active Directory environment. In addition, students will learn several modern techniques to minimize opportunities for detection.

    This course goes beyond teaching popular tactics, techniques, and procedures. Instead, students will learn how to covertly gather and leverage information about a target environment to achieve their objectives efficiently.

    A review of each post-ex capability will include discussion on the OPSEC implications and publicly documented detection recommendations. Open-source SIEM rules from Sigma and Elastic will be used as a starting point for avoiding alert generation. No technique is undetectable; the key is understanding an environment’s detection capabilities and choosing the best course of action.

    Learn more about this course.