Upcoming Events

Trainers: Zef Cekaj and Jason Randall This two-day course covers a real audit and discovery of vulnerabilities in enterprise software. If you’ve ever wanted to learn how CVEs are made or would just like to participate in a guided group audit of an enterprise application, this is your class. We will cover basic reverse engineering and debugging, some scripting, a few pro tips, and next steps. More information can be found at: https://bsidesaustin.com/bsides-austin-2019-training-days/

Trainer: Brad Duncan This one-day workshop provides a foundation for investigating pcaps of malicious network traffic. We begin with basic investigation concepts, setting up Wireshark, and identifying hosts or users in network traffic. Participants then learn characteristics of malware infections and other suspicious network traffic. The workshop covers techniques for determining the root cause of an infection and false-positive alerts. We conclude with an evaluation designed to give participants experience in writing an incident report. You can find more information…

Trainer: Mark McLauchlin ELK is an powerful open source search application. Often overlooked is the parsing functionality it can provide to enrich security event log data. This hands-on training will go over the ELK stack including installation and configuration of Filebeat, Logstash, Elasticsearch, and Kibana along with some best practices. A good portion of the time will be parsing log events with Logstash. Logstash is referred to as the Swiss army knife for log parsing and deservedly so. It has…

Trainer: Cale Black MWR will be giving participants access to their cloud-based training labs: The Playground. These challenges will help equip security professionals (both defensive and offensive) with the expertise to defend their network and applications by better understanding how they are attacked and exploited.  The two Playground challenges are listed below. Active Directory Hacking: This lab will walk you through a full compromise of an Active Directory environment. This will involve utilizing the following skills: Delivery and execution of…

Trainer: Evan Wagner What is Volatility Framework Supported Formats Profiles / Debug Symbols / PDBs Operating Systems and Builds Plugins Concepts Availability Github Repository Distro Packages Rekall Fork Why use Volatility Considerations and experiences from in the field How to Capture Memory Physical Memory Hibernation Files Page/Swap Space Virtual Machine Snapshots and VMEM Converting VMWare Suspend Snapshot into memory dump Crashdumps Space considerations Using pmem tool Working with Image Formats What is compatible and what is not AFF4 format Extracting…