CanSecWest 2022 Dojos
x86-64 OS Internals by Xeno Kovah
x86-64 Intel Firmware Attack & Defense by Xeno Kovah
x86-64 All You Can Learn Buffet! by Xeno Kovah
x86-64 Assembly by Xeno Kovah
C/C++ Implementation Vulnerabilities by Xeno Kovah
Cognitive Security: Defending against Misinformation, Disinformation and Other Information Harms by SJ Terp and Pablo Breuer
Assessing and Exploiting Control Systems and IIoT by Justin Searle
Evil Mainframe: Mainframe Hacking for Penetration Testers by Phil Young
Heap Exploitation by Maxwell Dulin and Zachary Minneker
Automated Program Analysis using Machine Learning by Hahna Kane Latonick
Black Belt Pentesting / Bug Hunting Millionaire: Mastering Web Attacks with Full-Stack Exploitation by Dawid Czagan
Advanced Penetration Testing: Mastering Web Attacks with Full-Stack Exploitation by Dawid Czagan
Web Hacking Secrets: How to Hack Legally and Earn Thousands of Dollars at HackerOne by Dawid Czagan
Windows Kernel Exploitation Advanced Training by Ashfaq Ansari
Windows Kernel Exploitation Foundations by Ashfaq Ansari
Hacking JavaScript Desktop apps: Master the Future of Attack Vectors by Abraham Aranguren and Anirudh Anand
Hacking Android & iOS apps by Example by Abraham Aranguren, Abhishek J M, Anirudh Anand and Juan Urbano Stordeur
Reproducing Zero-Days with Mayhem by Nathan Jackson
More details below!
-
x86-64 Assembly
by Xeno Kovah
-
x86-64 OS Internals
by Xeno Kovah
-
x86-64 Intel Firmware Attack and Defend
by Xeno Kovah
-
x86-64 All You Can Learn Buffet
by Xeno Kovah
-
Heap Exploitation
by Maxwell Dulin and Zachary Minneker
-
Machine Learning for Program Analysis
by Hahna Kane Latonick
-
C/C++ Implementation Vulnerabilities
by Xeno Kovah
-
Evil Mainframe Hacking
by Phil Young
-
Cognitive Security
by Sara-Jayne Terp and Pablo Breuer
-
Assessing and Exploiting Control Systems and IIoT
by Justin Searle
-
Reproducing Zero-Days with Mayhem
by Nathan Jackson
-
Introduction to Reverse Engineering with Ghidra
by Kara Nance
-
Black Belt Pentesting/Bug Hunting Millionaire: Mastering Web Attacks with Full-Stack Exploitation
by Dawid Czagan
-
Advanced Penetration Testing: Mastering Web Attacks with Full-Stack Exploitation
by Dawid Czagan
-
Web Hacking Secrets: How to Hack Legally and Earn Thousands of Dollars at HackerOne
by Dawid Czagan
-
Windows Kernel Exploitation Foundation
by Ashfaq Ansari
-
Windows Kernel Exploitation Advanced
by Ashfaq Ansari
-
Hacking JavaScript Desktop Apps: Master the Future of Attack Vectors
by Abraham Aranguren and Anirudh Anand
-
Hacking Android and iOS Apps by Example
by Abraham Aranguren, Abhishek J M, Anirudh Anand and Juan Urbano Stordeur
Web Hacking Secrets: How to Hack Legally and Earn Thousands of Dollars at HackerOne
HackerOne is your big opportunity. This is the platform where you can hack legally and at the same time you can make money. You can hack many different companies like Twitter, Yahoo, Uber, Coinbase, and a lot more. And you can get paid for your findings, for example $100, $1,000, or even $10,000 per one bug. It’s just amazing. All you need is Internet connection and knowledge. Yes – you need knowledge to go from zero to thousands of dollars at HackerOne, and in this online training I’m going to share my knowledge with you.
I’m one of the top hackers at HackerOne and I know quite a lot about hacking and making money that way. In this online training I’ll present many award-winning bugs. The more you play with award-winning-bugs the more knowledge you get and the more knowledge you have, the more money you can make. I’ll also discuss a successful bug hunting strategy that I have been using in the recent years. What’s more, I’ll present a lot of demos, because I want you to see how all these things work in practice.
Advanced Penetration Testing: Mastering Web Attacks with Full-Stack Exploitation
Advanced penetration testing is all about mastering the art of full-stack exploitation. If you want to become a full-stack exploitation master and take your professional penetration testing career to the next level, then this virtual hands-on training is for you.
I found security bugs in many companies including Google, Yahoo, Mozilla, Twitter and in this training I will share my experience with you. You will dive deep into full-stack exploitation of modern web applications and you will learn how to hunt for security bugs effectively (there is a lab exercise for each attack presented in this training).
Reproducing Zero-Days with Mayhem
In this course we will introduce you to fuzzing with Mayhem, ForAllSecure’s Dynamic Application Security
Testing (DAST) tool. You will learn the techniques that underpin fuzzing, and how to incorporate those techniques into your organization with Mayhem.
Heap Exploitation
As exploit mitigations, such as Nx and stack canaries, have made binary exploitation more difficult, modern exploit development has moved to the heap. However, heap exploitation is a major wall in the binary exploitation journey because of its complexity and its context dependent nature. To conquer this difficultly, the training tackles the complexity head on by diving into the weeds of the allocator directly, taking on many hands-on exercises and teaching a variety of techniques to exploit the heap in any situation. After taking this training you will understand the internals of the GLibC Malloc allocator, be able to discover heap specific vulnerability classes, and pwn the heap with a variety of techniques, as demonstrated by the exploitation of a custom HTTP server stack as the final challenge.
Evil Mainframe: Mainframe Hacking for Penetration Testers
This course will expose attendees to a live mainframe environment with hands-on lab experience. The areas explored in this course include VTAM, CICS, TSO, and Unix.
Black Belt Pentesting / Bug Hunting Millionaire: Mastering Web Attacks with Full-Stack Exploitation
HackerOne bug hunters have earned over $100 million in bug bounties so far. Some of HackerOne customers include the United States Department of Defense, General Motors, Uber, Twitter, and Yahoo. It clearly shows where the challenges and opportunities are for you in the upcoming years. What you need is a solid technical training by one of the Top 10 HackerOne bug hunters.
Modern web applications are complex and it’s all about full-stack nowadays. That’s why you need to dive into full-stack exploitation if you want to master web attacks and maximize your payouts. Say ‘No’ to classical web application hacking. Join this unique virtual hands-on training and become a full‑stack exploitation master.
Watch 3 exclusive videos to feel the taste of this training:
Exploiting Race Conditions: https://www.youtube.com/watch?v=lLd9Y1r2dhM
Token Hijacking via PDF File: https://www.youtube.com/watch?v=AWplef1CyQs
Bypassing Content Security Policy: https://www.youtube.com/watch?v=tTK4SZXB734
Windows Kernel Exploitation Advanced
We will look into how we can bypass kASLR, kLFH, and do hands-on exploitation using data-only attack, which effectively bypasses SMEP and other exploit mitigations.
Introduction to Reverse Engineering with Ghidra
This course provides a hands-on introduction to using Ghidra for software reverse engineering, taught by co-author of The Ghidra Book: The Definitive Guide. Learn how to use and customize Ghidra to fit your SRE workflow, all presented with hands-on examples and challenges. Whether you are new to the field of reverse engineering or just new to Ghidra, this course provides you with the opportunity to explore the capabilities of this powerful open-source reverse engineering tool suite to understand how it can enhance your reverse engineering process with a focus on malware analysis. Hands-on labs will provide flexibility for student to choose between basic and challenge assignments to ensure that everyone has something interesting to explore in context. Our philosophy is “hands-on over hand-outs” so come prepared to actively participate in the action.
Assessing and Exploiting Control Systems and IIoT
This is not your traditional SCADA/ICS/IIoT security course! How many courses send you home with lifetime access to course updates and a $500 kit including your own PLC and a set of hardware/RF hacking tools?!? This course teaches hands-on penetration testing techniques used to test individual components of a control system, including embedded electronic field devices, network protocols, RF communications, Human Machine Interfaces (HMIs), and various forms of master servers and their ICS applications.
C/C++ Implementation Vulnerabilities
Dual-purpose class:
This class teaches developers how to avoid writing implementation flaws, or detect ones that are already in their code...but it also teaches vulnerability-hunters how to find the flaws as well! So it's an epic battle between contentious developers and devious vulnerability hunters! Who will win?! Whoever most takes the lessons of this class to heart!
Over three-dozen CVE writeups!
This class serves as a prerequisite for a future class that will add examples on uninitialized data access, race conditions, use-after-free, type confusion, and information disclosure vulnerabilities.
Windows Kernel Exploitation Foundations
In this course, we will use Windows 10 RS6 x64 for all the labs and has a CTF that runs throughout the training. This course starts with the basics of Windows & driver internals, different memory corruption classes, and fuzzing of kernel mode drivers.
Hacking JavaScript Desktop apps: Master the Future of Attack Vectors
All action, no fluff, come to this 100% hands-on Electron & JS Desktop apps course with us and get: Lifetime access to all course materials, unlimited access to future updates, step-by-step video recordings, unlimited email/slack support from course instructors, interesting apps and more :)
Hacking Android, iOS and IoT Apps by Example
All action, no fluff, come to this 100% hands-on Android & iOS hacking course with us and get: Lifetime access to all course materials, unlimited access to future updates, step-by-step video recordings, unlimited email/slack support from course instructors, Interesting apps and more :)
x86-64 Intel Firmware Attack and Defence
This class is designed to give you all the background you need to understand how x86-64 firmware (aka UEFI BIOS) works, and what the most common security misconfigurations are.
x86-64 Assembly
This class teaches you how to disassemble binaries, read x86-64 assembly language, and debug black-box binaries in WinDbg and GDB.
x86-64 OS Internals
This class teaches you about the fundamental hardware mechanisms which all operating systems, virtualization systems, and firmware *must* interact with in order to run successfully on x86 hardware.
x86-64 All You Can Learn Buffet!
This is the combination class that lets you take all the material(!) from the x86-64 Assembly, x86-64 OS Internals, and x86-64 Intel Firmware Attack & Defense classes at your own pace, but with full instructor support.
Automated Program Analysis Using Machine Learning
This 4-day online course features a practical hands-on approach to automated program analysis using machine learning.
Cognitive Security: Misinformation, Disinformation, and Influence Operations
This course starts with the ways that users and groups are influenced online, from user experience, marketing, adtech and online political campaigns through to astroturfing, online psyops, disinformation campaigns. We’ll look at the techniques and tactics used to create influence, the tools, methods and design patterns being created to detect, counter and mitigate against it, the emerging discipline of cognitive security and how it meshes with other work including information security, machine learning and geopolitics.