WWHF Pre-Conference Training
Multi-location DeadwoodOne of the very cool things about Wild West Hackin’ Fest is that we bring the very best in infosec training, workshops, and presentations. Here are the training classes we have scheduled.
One of the very cool things about Wild West Hackin’ Fest is that we bring the very best in infosec training, workshops, and presentations. Here are the training classes we have scheduled.
On-Site Registration for Training. Please show up early if you are attending classes.
Incident Response can be one of the most difficult aspects of Information Security and foundational skills are critical. The goal of this course is to provide the core components that make up a successful Incident Response program.
Cyber Threat Intelligence (CTI) is a crucial component in the fight against malicious cyber actors. This entry-level course is designed to provide an overview of CTI, its importance, and how it is used to detect, prevent, and support others against cyber threats. The course covers the basics of CTI, including how to create intelligence, augmenting other teams with intelligence, threat modeling, and the tools and techniques used to collect and analyze data. You will also learn about the intelligence cycle, which includes the steps involved in CTI collection, analysis, and dissemination.
Modern Webapp Pentesting is unique in its approach to testing webapps. Too many courses are built around the assumption that a webapp pentester’s skills should grow along a straight line, starting with something like the OWASP Top Ten and culminating in something like Attacking Web Cryptography. Real webapps don’t follow that same path, and neither should real webapp pentesters. This course doesn’t worry about where a student falls on the imaginary scale of beginner to expert but instead focuses on finding and exploiting the kinds of issues found in real webapps today, based on the instructor’s many years of ongoing experience in testing real webapps today.
This course aims to teach the fundamentals of the Python programming language such that a student will gain a beginning to intermediate level of competency with the language. Labs will be presented in a Capture the Flag (CTF) style format as well as some more comprehensive programming tasks.
The course simulates real world attack scenarios with a focus is on exploiting the variety of overlooked domain features and not just software vulnerabilities.
We cover topics like AD enumeration, what tools to use, domain privilege escalation, gaining credentials, Kerberos based attacks (Golden ticket, Silver ticket and more), and Delegation abuse. The training will be conducted in a hands-on manner, with participants performing various exercises and simulations to understand how attackers can compromise Active Directory environments.
This 16-hour course is a quick jumpstart on the Linux command-line. Start from the basics and work all the way up to command-line programming. Short learning modules and lots of practical hands-on activities will put you on the road to Linux command-line mastery. And electronic copies of everything are yours to take home, so you can continue the learning even after class is over.
Dive deep into cutting edge techniques that bypass or neuter modern endpoint defenses. Learn how these solutions work to mitigate their utility and hide deep within code on the endpoint. The days of downloading that binary from the internet and pointing it at a remote machine are over. Today’s defenses oftentimes call for multiple bypasses within a single piece of code.
In this training course, we will examine the different types of penetration testing engagements and take a deep dive into establishing a repeatable testing methodology for executing quality tests. We will look at some tools of the trade to understand what they are doing under the hood, identify what separates a great finding from a good finding in reports, and really zero in on establishing your own methodology!
Join experts Whitney Champion and Eric Capuano as they teach about Velociraptor! This course will teach you the ins and outs of Velociraptor for common threat hunting and incident response use-cases. This Velociraptor training course will provide you with the knowledge of deploying a server, distributing agents, finding threats, and responding to intrusions.
For most security teams, high operational tempo (measured in dumpster fire lumens) incentivizes analysts to stick to well-tailored playbooks that prioritize remediation at the expense of proper incident scoping and root cause analysis. Though modern endpoint security products have significantly improved host visibility, most critical incidents will require the acquisition and analysis of additional endpoint data. This course focuses on four core investigative competencies: endpoint data collection, investigative triage, incident response pivots, and root cause analysis.
Do you want to level up your cloud penetration testing skills? The attack surface of many organizations has changed to include third-party hosted services such as Amazon Web Services, Microsoft Azure, and Google Cloud Platform. In this training course, hacking concepts will be introduced for each of those services.
Enterprises have been working tirelessly to improve their security postures through defense-in-depth approaches. Offensive teams have also been putting in long hours of research into bypassing the latest EDR’s and defensive products that keep them on their toes. Long gone “hopefully” are the days of hurdling an HTA file laced with a download cradle at a mature organization with a “Free iPad” ruse and watching your screen fill with incoming agents.
The course progresses from basic to very advanced practical OSINT techniques that you can use in your investigative routine. No special software, operating system, or paid licenses are required. Bookmarks for all tools and websites used will be provided for quick access.
Not everyone taking a pen test class will want to be a penetration tester. Hence, we have organized this class to be a well-rounded experience, allowing both aspiring red teamers and blue teamers to get the most out of it. This class will provide students with hands-on experience with all phases of a penetration test, from information gathering to reporting.
As a cyber security defender and investigator, we often just get to analyze an environment that suffered a ransomware attack after the ransomware execution, where we are trying to make our way back in time to understand the scope and initial infection vectors of a breach. However, knowing how attackers operate and having an understanding of their tools can help tremendously to conduct a more effective analysis and response and ultimately lower the impact of such attacks. This is why in this workshop we will teach you how to perform the common steps of every phase in a ransomware attack scenario as the attacker, from initial infection to impact.