Training Programs!
Ruby Security
Hal Brodigan
Trail of BitsThis training will take place on June 3rd in New York City. Attendance is $1000 per person and student discounts are available. This training comes with free admission to SummerCon.
In the last year, many new vulnerabilities and vulnerability classes have been discovered in Ruby applications. These vulnerabilities make use of features specific to the Ruby language and common idioms present in large Ruby projects, such as serialization and deserialization of data in the YAML format. As these vulnerability classes were initially discovered in popular and well-studied open source software, it is extremely likely that they occur in applications throughout the Ruby ecosystem. These applications frequently represent lucrative targets for attackers, and with the appearance of new and easily exploitable bug classes, the potential for targeted and mass exploitation of Ruby programs has been demonstrated to the world. In this training, we aim to bridge a knowledge and skills gap by bringing information about these new vulnerability classes to software developers.
This training will cover the recent Ruby on Rails vulnerabilities classes, their root causes, and include demonstrations and exercises where students develop exploits for real-world vulnerabilities. Students will learn the patterns behind the vulnerabilities and develop software engineering strategies to avoid introducing vulnerabilities of this type into their projects.
Sign up for Ruby Security | Full Course Info
Hardware Hacking
Joe Grand
Grand Idea StudioThis training will take place on June 5-6 in New York City. Attendance is $2500 per person and student discounts are available. This training comes with free admission to SummerCon.
This course focuses on hardware hacking and reverse engineering techniques commonly used against hardware products. It is a combination of lecture and hands-on exercises, culminating with students attempting to defeat the security of a custom-designed circuit board. During the course, students will:
- Understand the mindset of hardware hackers and why they do what they do
- Learn skills needed to successfully reverse engineer and analyze electronic products
- Apply real world techniques to defeat the security mechanisms of a custom circuit board
Sign up for Hardware Hacking | Full Course Info
Offensive Techniques
Russ Gideon and David Kerb
Attack ResearchThis training will take place on June 4-6 in New York City. Attendance is $3500 per person and student discounts are available. This training comes with free admission to SummerCon.
This course is designed to teach students how to plan and execute a successful attack against a target, using the same techniques and mindsets that real attackers use. Attack Research will bring a unique approach to penetration testing, using deep system knowledge and lesser-known techniques that will arm the student with true offensive capabilities. This class is designed to help students think past the need for known exploits. Alternating between hands-on exercises and lectures the students will walk away with having been given the chance to utilize the new skills that they will learn. A virtual target network will be provided, along with all of the software needed to participate in the labs.
Sign up for Offensive Techniques | Full Course Info
Wireless Embedded Systems
Travis Goodspeed
GoodFETThis training will take place June 4-6th in New York City. Attendance is $3500 per person and student discounts are available. This training comes with free admission to SummerCon.
'Reversing and Exploiting 8 and 16-bit Wireless Embedded Systems' is intended to teach hardware reverse engineering and exploitation to students who are already familiar with those topics on larger computers. You will learn how to extract code and keys from locked chips, how to locate and sniff the internal buses of a board, and how to inject foreign machine code into a microcontroller with a memory corruption exploit. Students will be given a GoodFET to keep. A diverse set of targets will be examined, both open source and commercial. Targets have roughly the same components as a smart meter.
Sign up for Wireless Embedded Systems | Full Course Info