BEYOND THE SCRIPT: PRACTICAL PROBLEM SOLVING TECHNIQUES FOR THE SECURITY PROFESSIONAL

Curious Codes | July 22-23 & July 24-25



Overview

Problem solving and non-linear thinking are critical skills in the network security profession. These skills are hard learned, and often even more difficult to practice. This course will provide you with an opportunity to carry out a variety of attacks on a controlled system. You will solve problems through a collection of hands-on "capture-the-flag" scenarios with built-in challenges designed to test and expand your thought process. You will learn how to tackle these challenges from a practical problem-solving standpoint. Along the way we will discuss real life scenarios and dissect the thought processes required to achieve success in even the most daunting situations. Students will walk away with over $200 worth of tools utilized during the course.

From the start of the course, a set of challenges will be available for the students to participate in and solve. The practical application portion of this course will provide students with time to work on these challenges with the help of the instructors. These challenges will be in the form of a multistage challenge box that will require students to leverage the techniques and skills learned over the previous day. This could include physical locks, RFID replays gathered from around the conference, SCADA/ICS devices to hack and manipulate, etc. Challenges will be diverse and designed to stretch students to work together to leverage each others strengths in order to be successful.

In this course you will:
  • Practice or learn basic penetration testing skills.
  • Perform network enumeration and attack.
  • Capture and Replay RFID tag information.
  • Analyze wireless signals using software defined radios.
  • Circumvent Physical Access Controls.
  • Solve complex problems both individually and as part of a team.

Day 1
  • Assessing Networks for vulnerabilities and exploitation.
  • Web application testing.
  • ICS assessment and exploitation.
  • Radio Frequency Identification - Sniff, Clone and Replay.
  • A fun and interesting homework assignment.

Day 2
  • Basic lock picking techniques.
  • Physical Access Control Systems, getting into where you aren't supposed to be.
  • Wireless penetraion testing.
  • Software Defined Radio - Pulling information from thin air.
  • Practical application of what you have learned.

Who Should Take this Course

This course is designed for system defenders, system and network administrators, red teamers and penetration testers. Experience with system administration, penetration testing tools, and defensive measures will be helpful, but not required.

Student Requirements

A willingness to learn new ways of thinking, solving problems and working in a team.

What Students Should Bring

Students must have a laptop with administrator access capable of running virtual machines.
RJ-45 port or Wired Network Adapter.
Standard open USB port for use during course.

What Students Will Be Provided With

To keep:
  • ChameleonMini
  • RTL-SDR with Antenna
  • Sparrows Mace Picks
  • Flash drive with course materials and other tools

To utilize:
  • Practice locks
  • Demo networks
  • Custom Control System

Trainers

Jeremy "CrYpT" Dodson has been involved in Information Technology for over 20 years, with a focus in Information Security for 18 years. He is a United States Air Force Veteran who has served in support of the National Security Agency, Defense Information Systems Agency, European Command Air Force, Department of Energy and Department of Labor. He has also consulted with HP, DELL, and various other Fortune 500 IT companies. Jeremy has presented at and assisted in conference organization for several INFOSEC conferences in the US. He is a Co-Founder of Curious Codes along with Ryan Clarke, Casey Clarke, and Jay Korpi. Curious Codes is an organization designed to teach cryptography and cryptanalysis through community based events. The mission behind Curious Codes is to promote curiosity and creative thought process through fun and engaging casual crypto experiences.

Ryan "1o57" Clarke self-identifies as a hacker. Currently working as a consultant for the Department of Energy, Mr. Clarke has formerly held positions with multiple three letter agencies both in and out of the Department of Defense. Mr. Clarke is also a former member of the Advanced Programs Group at Intel, and the Professor of Robotics and Embedded Systems at the University of Advancing Technology. Mr. Clarke has consulted for the Department of Energy, the Department of the Interior, several Fortune 50 companies, and multiple domestic and international organizations. Mr. Clarke is also the official cryptographer and puzzle master for the DEF CON security conference, and is one of the conference organizers. For DEF CON Mr. Clarke created the Hardware Hacking Village, the LosT@Defcon Mystery Challenge, the conference badges, and other events and activities which include aspects of network intrusion and security, social engineering, RED and BLUE team testing, mathematics, linguistics, physical security, and various other security and hacker related skillsets. For his work with DEF CON Mr. Clarke has been featured by Wired, Forbes, the Register, CNET, and various other media outlets. Mr. Clarke's academic background and multiple degrees include include computational mathematics, linguistics, cryptography, electrical engineering, computer systems engineering.

Mike "Anch" Guthrie currently works on a Red Team for an agency with a 3 letter acronym. It's not secret squirrel, or hush hush he just doesn't like to talk about himself very much. He has 15 years of experience in penetration testing and cyber security with a background in control systems and security architecture.