www.blackhat.com
Open in
urlscan Pro
2606:4700::6811:b185
Public Scan
Submitted URL: https://d367gh04.eu1.hubspotlinks.com/Ctc/ZW+113/d367gh04/MX3bVWkLXztW4hYx8K5SRWsgW3Dl4Sm5c-1HlN5NMMmx3m2ndW8wLKSR6lZ3m8W3RWPqM97RyfKW...
Effective URL: https://www.blackhat.com/us-24/training/schedule/?utm_medium=email&_hsenc=p2ANqtz-_U04Qjo9FF4svy1Sc_4GflOUmN2m5cl1yOQA9Zb...
Submission: On April 16 via manual from US — Scanned from DE
Effective URL: https://www.blackhat.com/us-24/training/schedule/?utm_medium=email&_hsenc=p2ANqtz-_U04Qjo9FF4svy1Sc_4GflOUmN2m5cl1yOQA9Zb...
Submission: On April 16 via manual from US — Scanned from DE
Form analysis
1 forms found in the DOM<form class="filter_wrapper">
<div class="filters_wrapper" id="filters_wrapper">
<div class="format_type_wrapper">
<h3 id="filter_format_type" class="filter_header_background_shown filter_header">Format(s)</h3>
<div class="format_type_list">
<div class="select_clear_all_link"><a onclick="select_all_filter('format_type'); return false;" href="javascript:;" data-feathr-click-track="true" data-feathr-link-aids="65414312709dc1f319b80018">Select All</a> |
<a onclick="clear_all_filter('format_type'); return false;" href="javascript:;" data-feathr-click-track="true" data-feathr-link-aids="65414312709dc1f319b80018">Clear</a> </div>
<ul>
<li class="li2">
<div class="checkbox_wrapper"> <input type="checkbox" onclick="filterSchedule();" name="format_type_420-458_checkbox" id="format_type_420-458_checkbox" class="format_type_checkboxes"> </div>
<div class="checkbox_label_wrapper"><label for="format_type_420-458_checkbox" id="label_format_type_420-458" class="format_type_checkbox_label" href="#format/-day-trainings">
<div class="format_type_icon -day-trainings_icon"></div> <span>2 Day Trainings</span>
</label> </div>
<div class="clear"></div>
</li>
<li class="li2">
<div class="checkbox_wrapper"> <input type="checkbox" onclick="filterSchedule();" name="format_type_420-460_checkbox" id="format_type_420-460_checkbox" class="format_type_checkboxes"> </div>
<div class="checkbox_label_wrapper"><label for="format_type_420-460_checkbox" id="label_format_type_420-460" class="format_type_checkbox_label" href="#format/-day-trainings">
<div class="format_type_icon -day-trainings_icon"></div> <span>4 Day Trainings</span>
</label> </div>
<div class="clear"></div>
</li>
</ul>
</div>
</div>
<div class="track_type_wrapper">
<h3 id="filter_track_type" class="filter_header_background_shown filter_header">Track(s)</h3>
<div class="track_type_list">
<div class="select_clear_all_link"><a onclick="select_all_filter('track_type'); return false;" href="javascript:;" data-feathr-click-track="true" data-feathr-link-aids="65414312709dc1f319b80018">Select All</a> |
<a onclick="clear_all_filter('track_type'); return false;" href="javascript:;" data-feathr-click-track="true" data-feathr-link-aids="65414312709dc1f319b80018">Clear</a> </div>
<ul>
<li class="li2">
<div class="checkbox_wrapper"> <input type="checkbox" onclick="filterSchedule();" name="track_type_1879_checkbox" id="track_type_1879_checkbox" class="track_type_checkboxes"> </div>
<div class="checkbox_label_wrapper"><label for="track_type_1879_checkbox" id="label_track_type_1879" class="track_type_checkbox_label" href="#track/ai-ml--data-science">
<div class="track_type_icon ai-ml--data-science_icon"></div> <span>AI, ML, & Data Science</span>
</label> </div>
<div class="clear"></div>
</li>
<li class="li2">
<div class="checkbox_wrapper"> <input type="checkbox" onclick="filterSchedule();" name="track_type_1801_checkbox" id="track_type_1801_checkbox" class="track_type_checkboxes"> </div>
<div class="checkbox_label_wrapper"><label for="track_type_1801_checkbox" id="label_track_type_1801" class="track_type_checkbox_label" href="#track/appsec">
<div class="track_type_icon appsec_icon"></div> <span>AppSec</span>
</label> </div>
<div class="clear"></div>
</li>
<li class="li2">
<div class="checkbox_wrapper"> <input type="checkbox" onclick="filterSchedule();" name="track_type_1786_checkbox" id="track_type_1786_checkbox" class="track_type_checkboxes"> </div>
<div class="checkbox_label_wrapper"><label for="track_type_1786_checkbox" id="label_track_type_1786" class="track_type_checkbox_label" href="#track/crypto">
<div class="track_type_icon crypto_icon"></div> <span>Crypto</span>
</label> </div>
<div class="clear"></div>
</li>
<li class="li2">
<div class="checkbox_wrapper"> <input type="checkbox" onclick="filterSchedule();" name="track_type_1769_checkbox" id="track_type_1769_checkbox" class="track_type_checkboxes"> </div>
<div class="checkbox_label_wrapper"><label for="track_type_1769_checkbox" id="label_track_type_1769" class="track_type_checkbox_label" href="#track/defense">
<div class="track_type_icon defense_icon"></div> <span>Defense</span>
</label> </div>
<div class="clear"></div>
</li>
<li class="li2">
<div class="checkbox_wrapper"> <input type="checkbox" onclick="filterSchedule();" name="track_type_1787_checkbox" id="track_type_1787_checkbox" class="track_type_checkboxes"> </div>
<div class="checkbox_label_wrapper"><label for="track_type_1787_checkbox" id="label_track_type_1787" class="track_type_checkbox_label" href="#track/forensics">
<div class="track_type_icon forensics_icon"></div> <span>Forensics</span>
</label> </div>
<div class="clear"></div>
</li>
<li class="li2">
<div class="checkbox_wrapper"> <input type="checkbox" onclick="filterSchedule();" name="track_type_1788_checkbox" id="track_type_1788_checkbox" class="track_type_checkboxes"> </div>
<div class="checkbox_label_wrapper"><label for="track_type_1788_checkbox" id="label_track_type_1788" class="track_type_checkbox_label" href="#track/hardware">
<div class="track_type_icon hardware_icon"></div> <span>Hardware</span>
</label> </div>
<div class="clear"></div>
</li>
<li class="li2">
<div class="checkbox_wrapper"> <input type="checkbox" onclick="filterSchedule();" name="track_type_1789_checkbox" id="track_type_1789_checkbox" class="track_type_checkboxes"> </div>
<div class="checkbox_label_wrapper"><label for="track_type_1789_checkbox" id="label_track_type_1789" class="track_type_checkbox_label" href="#track/human">
<div class="track_type_icon human_icon"></div> <span>Human</span>
</label> </div>
<div class="clear"></div>
</li>
<li class="li2">
<div class="checkbox_wrapper"> <input type="checkbox" onclick="filterSchedule();" name="track_type_1790_checkbox" id="track_type_1790_checkbox" class="track_type_checkboxes"> </div>
<div class="checkbox_label_wrapper"><label for="track_type_1790_checkbox" id="label_track_type_1790" class="track_type_checkbox_label" href="#track/ics">
<div class="track_type_icon ics_icon"></div> <span>ICS</span>
</label> </div>
<div class="clear"></div>
</li>
<li class="li2">
<div class="checkbox_wrapper"> <input type="checkbox" onclick="filterSchedule();" name="track_type_1844_checkbox" id="track_type_1844_checkbox" class="track_type_checkboxes"> </div>
<div class="checkbox_label_wrapper"><label for="track_type_1844_checkbox" id="label_track_type_1844" class="track_type_checkbox_label" href="#track/iot">
<div class="track_type_icon iot_icon"></div> <span>IOT</span>
</label> </div>
<div class="clear"></div>
</li>
<li class="li2">
<div class="checkbox_wrapper"> <input type="checkbox" onclick="filterSchedule();" name="track_type_1802_checkbox" id="track_type_1802_checkbox" class="track_type_checkboxes"> </div>
<div class="checkbox_label_wrapper"><label for="track_type_1802_checkbox" id="label_track_type_1802" class="track_type_checkbox_label" href="#track/malware">
<div class="track_type_icon malware_icon"></div> <span>Malware</span>
</label> </div>
<div class="clear"></div>
</li>
<li class="li2">
<div class="checkbox_wrapper"> <input type="checkbox" onclick="filterSchedule();" name="track_type_17_checkbox" id="track_type_17_checkbox" class="track_type_checkboxes"> </div>
<div class="checkbox_label_wrapper"><label for="track_type_17_checkbox" id="label_track_type_17" class="track_type_checkbox_label" href="#track/mobile">
<div class="track_type_icon mobile_icon"></div> <span>Mobile</span>
</label> </div>
<div class="clear"></div>
</li>
<li class="li2">
<div class="checkbox_wrapper"> <input type="checkbox" onclick="filterSchedule();" name="track_type_1777_checkbox" id="track_type_1777_checkbox" class="track_type_checkboxes"> </div>
<div class="checkbox_label_wrapper"><label for="track_type_1777_checkbox" id="label_track_type_1777" class="track_type_checkbox_label" href="#track/network">
<div class="track_type_icon network_icon"></div> <span>Network</span>
</label> </div>
<div class="clear"></div>
</li>
<li class="li2">
<div class="checkbox_wrapper"> <input type="checkbox" onclick="filterSchedule();" name="track_type_1761_checkbox" id="track_type_1761_checkbox" class="track_type_checkboxes"> </div>
<div class="checkbox_label_wrapper"><label for="track_type_1761_checkbox" id="label_track_type_1761" class="track_type_checkbox_label" href="#track/pentesting">
<div class="track_type_icon pentesting_icon"></div> <span>PenTesting</span>
</label> </div>
<div class="clear"></div>
</li>
<li class="li2">
<div class="checkbox_wrapper"> <input type="checkbox" onclick="filterSchedule();" name="track_type_1791_checkbox" id="track_type_1791_checkbox" class="track_type_checkboxes"> </div>
<div class="checkbox_label_wrapper"><label for="track_type_1791_checkbox" id="label_track_type_1791" class="track_type_checkbox_label" href="#track/risk">
<div class="track_type_icon risk_icon"></div> <span>Risk</span>
</label> </div>
<div class="clear"></div>
</li>
<li class="li2">
<div class="checkbox_wrapper"> <input type="checkbox" onclick="filterSchedule();" name="track_type_1792_checkbox" id="track_type_1792_checkbox" class="track_type_checkboxes"> </div>
<div class="checkbox_label_wrapper"><label for="track_type_1792_checkbox" id="label_track_type_1792" class="track_type_checkbox_label" href="#track/wireless">
<div class="track_type_icon wireless_icon"></div> <span>Wireless</span>
</label> </div>
<div class="clear"></div>
</li>
</ul>
</div>
</div>
<div class="skill_level_wrapper">
<h3 id="filter_skill_level" class="filter_header_background_shown filter_header">Skill Level(s)</h3>
<div class="skill_level_list">
<div class="select_clear_all_link"><a onclick="select_all_filter('skill_level'); return false;" href="javascript:;" data-feathr-click-track="true" data-feathr-link-aids="65414312709dc1f319b80018">Select All</a> |
<a onclick="clear_all_filter('skill_level'); return false;" href="javascript:;" data-feathr-click-track="true" data-feathr-link-aids="65414312709dc1f319b80018">Clear</a> </div>
<ul>
<li class="li2">
<div class="checkbox_wrapper"> <input type="checkbox" onclick="filterSchedule();" name="skill_level_3_checkbox" id="skill_level_3_checkbox" class="skill_level_checkboxes"> </div>
<div class="checkbox_label_wrapper"><label for="skill_level_3_checkbox" id="label_skill_level_3" class="skill_level_checkbox_label" href="#skill/advanced">
<div class="skill_level_icon advanced_icon"></div> <span>Advanced</span>
</label> </div>
<div class="clear"></div>
</li>
<li class="li2">
<div class="checkbox_wrapper"> <input type="checkbox" onclick="filterSchedule();" name="skill_level_1_checkbox" id="skill_level_1_checkbox" class="skill_level_checkboxes"> </div>
<div class="checkbox_label_wrapper"><label for="skill_level_1_checkbox" id="label_skill_level_1" class="skill_level_checkbox_label" href="#skill/all">
<div class="skill_level_icon all_icon"></div> <span>All</span>
</label> </div>
<div class="clear"></div>
</li>
<li class="li2">
<div class="checkbox_wrapper"> <input type="checkbox" onclick="filterSchedule();" name="skill_level_5_checkbox" id="skill_level_5_checkbox" class="skill_level_checkboxes"> </div>
<div class="checkbox_label_wrapper"><label for="skill_level_5_checkbox" id="label_skill_level_5" class="skill_level_checkbox_label" href="#skill/beginner">
<div class="skill_level_icon beginner_icon"></div> <span>Beginner</span>
</label> </div>
<div class="clear"></div>
</li>
<li class="li2">
<div class="checkbox_wrapper"> <input type="checkbox" onclick="filterSchedule();" name="skill_level_6_checkbox" id="skill_level_6_checkbox" class="skill_level_checkboxes"> </div>
<div class="checkbox_label_wrapper"><label for="skill_level_6_checkbox" id="label_skill_level_6" class="skill_level_checkbox_label" href="#skill/beginnerintermediate">
<div class="skill_level_icon beginnerintermediate_icon"></div> <span>Beginner/Intermediate</span>
</label> </div>
<div class="clear"></div>
</li>
<li class="li2">
<div class="checkbox_wrapper"> <input type="checkbox" onclick="filterSchedule();" name="skill_level_2_checkbox" id="skill_level_2_checkbox" class="skill_level_checkboxes"> </div>
<div class="checkbox_label_wrapper"><label for="skill_level_2_checkbox" id="label_skill_level_2" class="skill_level_checkbox_label" href="#skill/intermediate">
<div class="skill_level_icon intermediate_icon"></div> <span>Intermediate</span>
</label> </div>
<div class="clear"></div>
</li>
<li class="li2">
<div class="checkbox_wrapper"> <input type="checkbox" onclick="filterSchedule();" name="skill_level_7_checkbox" id="skill_level_7_checkbox" class="skill_level_checkboxes"> </div>
<div class="checkbox_label_wrapper"><label for="skill_level_7_checkbox" id="label_skill_level_7" class="skill_level_checkbox_label" href="#skill/intermediateadvanced">
<div class="skill_level_icon intermediateadvanced_icon"></div> <span>Intermediate/Advanced</span>
</label> </div>
<div class="clear"></div>
</li>
</ul>
</div>
</div>
<div class="experience_type_wrapper">
<h3 id="filter_experience_type" class="filter_header_background_shown filter_header">Experience(s)</h3>
<div class="experience_type_list">
<div class="select_clear_all_link"><a onclick="select_all_filter('experience_type'); return false;" href="javascript:;" data-feathr-click-track="true" data-feathr-link-aids="65414312709dc1f319b80018">Select All</a> |
<a onclick="clear_all_filter('experience_type'); return false;" href="javascript:;" data-feathr-click-track="true" data-feathr-link-aids="65414312709dc1f319b80018">Clear</a> </div>
<ul>
<li class="li2">
<div class="checkbox_wrapper"> <input type="checkbox" onclick="filterSchedule();" name="experience_type_20_checkbox" id="experience_type_20_checkbox" class="experience_type_checkboxes"> </div>
<div class="checkbox_label_wrapper"><label for="experience_type_20_checkbox" id="label_experience_type_20" class="experience_type_checkbox_label" href="#experience/in-person">
<div class="experience_type_icon in-person_icon"></div> <span>In-Person</span>
</label> </div>
<div class="clear"></div>
</li>
<li class="li2">
<div class="checkbox_wrapper"> <input type="checkbox" onclick="filterSchedule();" name="experience_type_18_checkbox" id="experience_type_18_checkbox" class="experience_type_checkboxes"> </div>
<div class="checkbox_label_wrapper"><label for="experience_type_18_checkbox" id="label_experience_type_18" class="experience_type_checkbox_label" href="#experience/virtual">
<div class="experience_type_icon virtual_icon"></div> <span>Virtual</span>
</label> </div>
<div class="clear"></div>
</li>
</ul>
</div>
</div>
</div>
</form>
Text Content
Informa Black Hat is part of the Informa Tech Division of Informa PLC * Informa PLC * About us * Investor relations * Talent This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726. * * Events Black Hat AsiaBlack Hat USAUpcoming Events * Briefings BriefingsCall for PapersSecTor Briefings Call for PapersArchives * Trainings * Arsenal ArsenalResourcesCall for ToolsReview Board * Summits * Webinars WebinarsExecutive Interviews * Sponsorships Sponsorship OpportunitiesSponsor News * About About UsIn the NewsPress ReleasesBriefings Review BoardTraining Review BoardSecTor Review BoardBriefings Call for PapersSecTor Briefings Call for PapersCode of ConductContact UsSustainability PledgePrivacy USA 2024 Register Now August 3-8, 2024 -------------------------------------------------------------------------------- Mandalay Bay / Las Vegas Event Menu * AttendAttend Attendee RegistrationPass ComparisonMedia RegistrationAI SummitCISO SummitOmdia Analyst SummitScholarshipsDEF CON PassesTravelSustainabilityCode of Conduct * TrainingsTrainings Trainings ScheduleCertifications * BriefingsBriefings Overview & CPEsMicro Summits * ArsenalArsenal Overview * FeaturesFeatures Features OverviewCommunityDay ZeroNOCStartup Spotlight Competition * ScheduleSchedule ScheduleTraining Schedule * Business HallBusiness Hall Business Hall OverviewContestsSponsor Activities * SponsorsSponsors Become a SponsorEvent SponsorsSponsor News * ProposalsProposals Call for Papers - BriefingsCall for Tools - Arsenal All times are Pacific Time (GMT/UTC -7h) * All * 2 Day (Sat-Sun) * 2 Day (Mon-Tue) * 4 Day (Sat-Tue) * All * A-E * F-J * K-O * P-T * U-Z All TrainingsPresenters FORMAT(S) Select All | Clear * 2 Day Trainings * 4 Day Trainings TRACK(S) Select All | Clear * AI, ML, & Data Science * AppSec * Crypto * Defense * Forensics * Hardware * Human * ICS * IOT * Malware * Mobile * Network * PenTesting * Risk * Wireless SKILL LEVEL(S) Select All | Clear * Advanced * All * Beginner * Beginner/Intermediate * Intermediate * Intermediate/Advanced EXPERIENCE(S) Select All | Clear * In-Person * Virtual No sessions found * * 2 Day (Sat-Sun) * 360° Ransomware Response: Detection, Negotiation, Recovery, and Prevention Location: TBD lmg security (sherri davidoff and matt durrin) Tracks: Forensics, Defense Format: 2 Day Trainings Experience: In-Person Learn to respond to ransomware effectively and efficiently. In this hands-on boot camp, we'll show you a comprehensive approach to ransomware response, covering key aspects such as early detection, negotiation tactics, and decryption challenges. We'll analyze the latest ransomware strains and learn about evolving detection strategies. Then we'll delve into core elements of the initial response: triage, evidence preservation, scoping, containment and mitigation. We'll study the decryption process, including infected decryptors, double-encryption issues, and other common challenges. You'll learn practical ransom negotiation tactics and gain insights on the business impacts and communication strategies that will help you effectively support legal teams, public relations and more throughout the response. Hands-on labs are included throughout the class. Each student gets 90 days of free access to the Ransomware Virtual Laboratory. Along the way, we'll take students full circle and point out effective technical measures that block attackers and prevent ransomware deployment. Learn More EARLY $4,000 ENDS MAY 24 2024, A Space Hacking Odyssey Location: TBD final frontier security Tracks: PenTesting, ICS Format: 2 Day Trainings Skill Level: All Experience: In-Person Sure, maybe you've hacked the planet, but how about hacking off planet? The final frontier has been designated as critical infrastructure. Satellites and other space systems are an integral part of our daily lives from navigation to communications, financial transactions, and national security. Cybersecurity for these assets is environmentally and operationally constrained in ways unfamiliar to most practitioners. What better way to gain an appreciation for the challenges of cybersecurity in space and an understanding of how attackers will behave against this attack surface than exploiting it yourself? Learn More EARLY $3,800 ENDS MAY 24 A Basic Guide to Bug Hunting with Ghidra Location: TBD craig young Tracks: AppSec, PenTesting Format: 2 Day Trainings Skill Level: Intermediate Experience: In-Person Discover the art of uncovering vulnerabilities without the aid of source code or commercial tooling. This class is a deep-dive on how to use open source tools to shed light on closed source binaries. We will cover how bug hunters use free tools like Ghidra, AFL, QEMU, Frida, and GDB, to find exploitable bugs in modern software. Students will be introduced to each of these tools and more as we walk through exercises demonstrating their use. We will start with relatively simple techniques, like using Ghidra to identify and trace potentially insecure function calls, but by the end we will be looking at advanced techniques for stitching fuzzers together from compiled code. We'll also explore opportunities for using dynamic analysis to identify interesting code paths and reveal subtle bugs. Students in this class should be comfortable working with C code and have a basic understanding of memory safety vulnerabilities. Learn More EARLY $3,900 ENDS MAY 24 A Beginner's Guide To Threat Hunting: How to Shift Focus from IOCs to Behaviors and TTPs Location: TBD lee archinal (cyborg security) Tracks: Defense, Human Format: 2 Day Trainings This course is designed to provide the students with hands-on experience in behavioral threat hunting. This includes covering common models and how they relate to threat hunting, how to operationalize an intel report focusing on tactics, techniques, and procedures (TTPs), how to leverage intelligence to initiate and conduct a hunt, data pivoting from initial query to results, proper documentation techniques to compile and organize findings in a repeatable manner. The culmination of this process will be a series of simulated attack chains using real world adversary TTPs, broken down into two phases: crawling and walking. The crawl phase will provide students with the opportunity to go hands-on with the data in a step-by-step hunting tutorial. This practical session will allow students to experience threat hunting in a structured and controlled manner, and allow them to practice the topics that were covered. The walk phase will see students break off into small SOC teams for an activity that will put all of their practical knowledge to the test. Learn More EARLY $3,800 ENDS MAY 24 Accurate and Scalable: Web Application Bug Hunting Location: TBD michal kamensky, bounce security Tracks: AppSec, PenTesting Format: 2 Day Trainings Skill Level: Beginner/Intermediate Experience: In-Person Ever find yourself repeating manual searches while analyzing a massive codebase? Do you often manually perform the same tests over and over when reviewing a huge web application? In this course you will learn how to take all that knowledge and repetitive work and put it into custom checks and tailored scans that will do the work for you, across the whole application. You will practice performing scalable, assisted manual research, using free, open-source tools such as Semgrep and Nuclei whilst leveraging your familiarity with the application and its logic. Instead of generic vulnerability scans that barely find the obvious problems and flood you with false positives, you can develop tailor-made checks that find what is important. Through multiple hands-on examples and practical exercises, you'll learn how this approach of customization at scale enables you to look far beyond the low hanging fruit, with useful tools that spare you the trouble of reinventing the wheel each time around. Learn More EARLY $3,800 ENDS MAY 24 Active Directory Attacks for Red and Blue Teams – Advanced Edition (Virtual) Location: TBD altered security Tracks: PenTesting, Network Format: 2 Day Trainings Skill Level: Intermediate Experience: Virtual More than 95% of Fortune 500 companies use Active Directory! Enterprises are managed using Active Directory (AD) and it often forms the backbone of the complete network. To secure AD, you must understand different techniques and attacks used by adversaries against it. Often burdened with maintaining interoperability with a variety of products, AD lack ability to tackle latest threats. This training is aimed towards attacking modern AD using built-in tools, scripting and other trusted OS resources. Some of the techniques, used in the course: * Extensive AD Enumeration * Trust mapping and abuse * Privilege Escalation * Advanced Kerberos Attacks * Advanced cross forest trust abuse * Attacking Azure AD integration * Abusing trusts for MS products * Credentials Replay Attacks * Persistence * Defenses * Bypassing defenses Attendees will get free two-month access to an AD environment comprising of multiple domains and forests and a Certified Red Team Expert Exam (CRTE) certification attempt. Learn More EARLY $3,800 ENDS MAY 24 Active Directory Security Fundamentals Location: TBD specterops Tracks: PenTesting, Defense Format: 2 Day Trainings Experience: In-Person Stop being passive with your Active Directory! Kerberos, ADUC, Golden Tickets, Security Principals – have you come across these or similar words in penetration test reports or security bulletins and felt a little… lost? Active Directory comprises many components that fulfill complex architectural requirements but can also open cracks through which attackers may slip. Active Directory: Security Fundamentals demystifies the various Active Directory components and illustrates how these components can potentially introduce risks to your organization. This course empowers network defenders to directly look under the hood of their Active Directory architecture and understand their environment better than attackers. Instructors share their knowledge and personal experiences testing Active Directory in hundreds of environments to reveal not only common pitfalls in securing their environment but also how they commonly occur. Learn More EARLY $4,000 ENDS MAY 24 Adam Shostack's Threat Modeling Intensive Location: TBD adam shostack Tracks: AppSec, Defense Format: 2 Day Trainings Skill Level: All Experience: In-Person Threat modeling is the best way for security professionals to get a seat at the table and influence a project early. It's how we get systematic, structured and comprehensive about the products and services we deliver. This is a rare public opportunity to take a course from "the person who wrote the books." (Threat Modeling: Designing for Security and Threats: What Every Engineer Should Learn from Star Wars) Learn More EARLY $3,900 ENDS MAY 24 Advanced APT Threat Hunting & Incident Response Location: TBD xintra Tracks: Forensics, Defense Format: 2 Day Trainings Experience: Virtual APTs are constantly evolving their attack techniques putting pressure on responders and blue teamers to stay up-to-date on all the latest tactics, techniques and procedures. Depending on the nature of the organization, responders and blue teamers may have never responded to a nation-state level threat in their environment. This course is built to arm attendees with the ability to detect, respond and remediate an APT-level attack. Attendees will be challenged with practical labs built around a simulated APT intrusion covering each stage of the ATT&CK chain. Students will be exposed to endpoint forensics, log analysis and cloud forensics on up-to-date attack techniques leveraged by Russian, Chinese, North Korean and Iranian APT groups against organizations within the last two years. Learn More EARLY $3,800 ENDS MAY 24 Advanced Cloud Incident Response in Azure and Microsoft 365 Location: TBD korstiaan stam from invictus incident response b.v. Tracks: Forensics, Defense Format: 2 Day Trainings Skill Level: Intermediate/Advanced Experience: In-Person In this comprehensive two-day hands-on training, immerse yourself in the intricacies of forensics and incident response within the Microsoft cloud environment. This course delves into both Microsoft 365 and Microsoft Azure, providing practical insights into investigating cyber attacks and navigating relevant log artifacts. All concepts taught are directly applicable to real-life threats observed in the Microsoft cloud. Benefit from the expertise of a trainer with firsthand experience in cloud-based incident response and forensic investigations, sharing insights not found on conventional websites. By the end of this training, you will be well-equipped to confidently investigate any threat within the Microsoft cloud. Experience a highly interactive training with practical exercises, at the end of the course you will investigate two comprehensive attack scenarios in both Azure and M365 in the Capture The Flag (CTF) challenge. It is your task to solve as many puzzle pieces as possible. Learn More EARLY $3,800 ENDS MAY 24 Advanced Hacking and Securing Windows Infrastructure Location: TBD paula januszkiewicz, ceo and cybersecurity expert; dr. mike jankowski-lorek, director of consulting, cybersecurity expert Track: Defense Format: 2 Day Trainings Skill Level: Intermediate/Advanced Experience: In-Person Take your cybersecurity skills to the next level with our infrastructure services security course. Ideal for enterprise admins, security officers, and architects seeking to protect critical infrastructure, this course is taught by leading experts Paula Januszkiewicz and Mike Jankowski-Lorek, Ph.D. You'll gain practical knowledge from years of experience and successful projects, with a focus on critical penetration testing tasks to effectively safeguard your organization from cyberattacks. Learn efficient network mapping, vulnerability identification, and exploitation techniques, while mitigating the risk of attacks through secure measures. Learn More EARLY $3,800 ENDS MAY 24 Advanced Hardware Hacking: Power Analysis & Fault Injection with the ChipWhisperer Location: TBD newae technology inc. Tracks: Hardware, IOT Format: 2 Day Trainings Skill Level: Intermediate Experience: In-Person This course brings you up to speed on advanced hardware hacking topics such as power analysis and fault injection. The course is based around the open-source ChipWhisperer project, and students will use a variety of related tools in the course. This updated 2-day course includes more focused labs using a wide variety of ChipWhisperer tools setup in the classroom. Topics include power analysis for passwords & encryption algorithms, along with fault injection using voltage, clock, and electromagnetic fault injection. The course is structured so that students can work through a wide variety of additional ChipWhisperer tutorials after the course, focusing the course contents on the fundamentals along with how to apply the material in practical scenarios. Learn More EARLY $3,900 ENDS MAY 24 Advanced Threat Emulation: Active Directory Location: TBD bc security Tracks: PenTesting, Malware Format: 2 Day Trainings Skill Level: Intermediate/Advanced Experience: In-Person This training course covers various aspects of Active Directory and how to attack it. Students will learn about network poisoning and authentication protocols in Windows networks, the different kinds of Windows credential types, and how to use them. Students will also learn common attacks on NTLM and Kerberos, such as NTLM relay attacks, delegation attacks, and creating forged tickets. Students will become familiar with identifying and exploiting common Active Directory misconfigurations . Students will be able to conduct attacks from both Windows and Linux operating systems and learn the nuances between each platform for performing attacks. Students will learn where credentials are stored on a Windows system and how to extract credentials from LSASS, DPAPI, SAM, LSA, and the Kerberos ticket cache. Students will learn about the different domain trusts and how to perform multi-domain compromises. Learn More EARLY $3,800 ENDS MAY 24 Advanced Threat Emulation: Evasion Location: TBD bc security Tracks: PenTesting, Malware Format: 2 Day Trainings Skill Level: Intermediate/Advanced Experience: In-Person Windows presents a vast attack surface, providing the Blue Team with many detection opportunities. Students will learn about evading Blue Team hunters by first learning to build detections, then masking their signatures, and exploiting indicators to decrease detection probability. We will also explore the impact of migrating through different programming languages, such as C# and IronPython. By the end of the course, students will be equipped with the knowledge to obfuscate open-source tools without necessitating custom tooling for use across a diverse and dynamic operations environment. This class will explore the theory behind malware obfuscation, starting with the Theory of Code Obfuscation and how it applies to Tactics, Techniques, and Procedures (TTPs) implemented by modern Advanced Persistent Threats (APTs). We will examine everything from standard variable obfuscation to control flow manipulation to data procedurization. Students will apply obfuscation theory to practical applications in hands-on labs throughout the course. Learn More EARLY $3,800 ENDS MAY 24 Adversarial Approach - Combating Social Engineering Attacks through Situational Awareness Location: TBD jayson e. street Track: Human Format: 2 Day Trainings Skill Level: Beginner/Intermediate Experience: In-Person Fueled by advancements in social media and AI, the evolution of social engineering tactics has elevated cyber threats to unprecedented levels of sophistication. So, why has the approach to Security Awareness Training (SAT) stayed the same? This hands-on course will teach you how to go beyond best practices and use modern social engineering techniques to transform "security awareness" into "situational awareness." Course Features: * Apply AI for social engineering and other simulated nefarious purposes * Learn DuckyScript and use it to expose the risk to executives and coworkers * Participate in 6 Practical Hands-On Exercises in Recon, Phishing exploits, and Ways to Engage Your Employee Base * Help educate others become more situationally aware of threats * Take home a custom Hak5 field kit (consisting of Bash Bunny Mark II, O.MG Elite USB-C Cable, & O.MG Programmer) Traditional SAT programs cover password hygiene, recognizing phishing emails, securing physical workspaces, and understanding the importance of data privacy. This knowledge is essential but lacks the interactivity and real-world simulation needed to effectively prepare someone for the dynamic cyber threats of today. We will address that gap by teaching you: * How adversaries perform reconnaissance using the Open-Source Intelligence (OSINT) model * How to effectively use spear phishing and physical compromise demonstrations to showcase the direct impact of threats * How to enhance your SAT program with engaging content to develop security culture At the end of this course, you will have the knowledge and tools you need to demonstrate the impact of a social engineering attack. You will be able to defeat optimism bias and show anyone how they can be personally impacted by cybersecurity events. You'll also have strategies to secure leadership endorsement and apply your new abilities to modernize the SAT program in your organization. Once you have successfully instilled situational awareness into the personnel of your organization, you will have mobilized your organization's most effective defense in the fight against cybercrime. This course serves as a catalyst for transformative change, ensuring your organization's resilience in the face of modern cybersecurity challenges. Learn More EARLY $4,000 ENDS MAY 24 Agile Whiteboard Hacking – aka Hands-on Threat Modeling Location: TBD toreon Tracks: AppSec, Defense Format: 2 Day Trainings Skill Level: Beginner/Intermediate Experience: In-Person In this "Black Hat edition" training, we challenge you with hands-on threat modeling exercises based on real-world projects. You will get insight into our practical industry experience, helping you to become a Threat Modeling Practitioner. We included an exercise on MITRE ATT&CK, and we focus on embedding threat modeling in Agile and DevOps practices. And we introduce a new challenge on threat modeling a Machine Learning-Powered Chatbot. We levelled up the threat modeling war game. Engaged in CTF-style challenges, your team will battle for control over an offshore wind turbine park. All participants get our Threat Modeling Playbook to improve you threat modeling practice, one-year access to our online threat modeling learning platform, and one-hour personal coaching to refine your threat modeling. Our self-paced Threat Modeling Introduction training is included in this course. All participants get our Threat Modeling Playbook to improve you threat modeling practice, one-year access to our online threat modeling learning platform, and one-hour personal coaching to refine your threat modeling. Are you new to threat Modeling? Our self-paced Threat Modeling Introduction training is included in this course. Learn More EARLY $4,000 ENDS MAY 24 AI Red Teaming in Practice Location: TBD dr. amanda minnich. microsoft ai red team gary lopez. microsoft ai red team Tracks: AI, ML, & Data Science, AppSec Format: 2 Day Trainings Skill Level: Intermediate/Advanced Experience: In-Person There is so much more to red teaming AI systems than prompt injection. In this training, attendees will learn how to red team AI systems leveraging three pillars: traditional software vulnerabilities in AI systems, AI-specific vulnerabilities, and Responsible AI (RAI) vulnerabilities. By the end of the class, attendees should be able to probe comfortably any machine learning system for OWASP Top 10 LLM vulnerabilities. We will exclusively use open- source tools and frameworks such as Semantic Kernel, LangChain, NeMo Guardrails, Counterfit and the MITRE ATLAS to red team AI systems. The course is taught by Microsoft's AI Red Team, which was the first to combine RAI Red Teaming alongside security red teaming. In the last year, every high-risk AI system—including models and Copilots—was assessed by this team. We will use this real-world experience to upskill Black Hat attendees. Learn More EARLY $3,800 ENDS MAY 24 A Journey Into Mobile Application Hacking (iOS & Android) Location: TBD sensepost training | orange cyberdefense Tracks: Mobile, PenTesting Format: 2 Day Trainings Skill Level: Beginner/Intermediate Experience: In-Person The course is created by hackers for hackers looking to take over the mobile application hacking world! Through this course we will show you how to do mobile assessments from absolute scratch. We will show you all of the basic concepts and tools required to perform meaningful mobile assessments which will add value to your customer's mobile offerings. The course consists of two days of which 60% is practical. Designed, developed and delivered by the team behind one of the most commonly used mobile application hacking tools known as Objection. We will give you a solid foundation so you can build a castle if you wish to. We will cover Android and iOS with a playground of apps that you can hack to your hearts content. The course is structured to make use of emulators, so you don't even need physical devices to take part in the course. Key Take-Aways: * Form a base understanding of the mobile application hacking industry * Build up a solid methodology and skill-set to assess and break mobile applications built for iOS and Android * Understand the required testing environment and tools required to make mobile app hacking fun and exciting Join us and hack some mobile apps! Learn More EARLY $4,000 ENDS MAY 24 Android Userland & Kernel Fuzzing and Exploitation Location: TBD mobile hacking lab Tracks: Mobile, AppSec Format: 2 Day Trainings Skill Level: Intermediate Experience: In-Person Android Userland & Kernel Fuzzing and Exploitation Step into the realm of comprehensive Android security with our integrated "Android Userland and Kernel Fuzzing and Exploitation" course. Designed for both novices and seasoned professionals, this course offers an extensive curriculum that covers the spectrum of Android vulnerabilities and their exploitation. Starting with the Userland component, learners will grasp how to detect bugs in Android Userland Applications and exploit memory corruptions. The course provides a deep understanding of ARM assembly, reverse engineering, and the development of robust exploits, bypassing exploit mitigations like NX and ASLR. With 43 labs across 9 modules, students will employ advanced fuzzing techniques to pinpoint exploitable vulnerabilities. The journey continues as we pivot to the Android kernel on the second day, where the intricacies of kernel internals, such as memory allocators and driver programming, are unraveled. Students will learn to discover bugs using kernel fuzzing techniques, including the use of sanitizers and Syzkaller. The course will guide attendees through the construction of kernel exploits crucial for sandbox escape, examining real-world vulnerabilities and the art of kernel debugging. In culmination, the course integrates Userland and Kernel learnings to assemble a full-chain remote exploit against target devices. The hands-on approach is further enhanced by access to our state-of-the-art training platform, where course attendees can perform exercises and apply their knowledge in practical scenarios. Learn More EARLY $3,800 ENDS MAY 24 Applied Data Science and Machine Learning For Cybersecurity Location: TBD gtk cyber Tracks: AI, ML, & Data Science, Defense Format: 2 Day Trainings Experience: In-Person This interactive course will teach security professionals how to use data science and AI to quickly manipulate and analyze security data. The course will cover the entire data science process from data preparation, exploratory data analysis, data visualization, machine learning, model evaluation and finally, implementing at scale—all with a focus on security related problems. Learn More EARLY $4,000 ENDS MAY 24 Applied Hardware Attacks 1 – Embedded and IoT Systems Location: TBD joe fitzpatrick & the securinghardware.com team Tracks: Hardware, IOT Format: 2 Day Trainings Skill Level: Beginner Experience: In-Person This hands-on course will introduce you to the common interfaces on embedded systems and IoT devices, and how to exploit physical access to grant yourself software privilege via UART, JTAG, or SPI. Designed for newcomers to hardware, over 70% of our time will be hands-on with current off-the-shelf hardware, supported by lectures to fill in the background. This is why classes we developed have sold out at Black Hat every year. Learn More EARLY $4,000 ENDS MAY 24 Applied Hardware Attacks 3 – Rapid Prototyping Location: TBD joe fitzpatrick & the securinghardware.com team Tracks: Hardware, IOT Format: 2 Day Trainings Skill Level: Intermediate/Advanced Experience: In-Person This is a two-day crash course in rapid prototyping for hardware hacking. We'll spend most of our time working hands-on to meet the mechanical, electrical, and protocol requirements for interfacing with our target hardware. In the span of two days, you will: * Analyze an undocumented debug connector * Design and print an interface jig * Layout, fabricate and assemble a PCB interposer * Automate assembly of a small device * Safely make electrical connections * Bit-bang a custom hardware protocol in software This course emphasizes how to connect to hardware for those who are already familiar with the what and why. It's specifically geared towards attendees who have already completed an introductory hardware hacking course including some soldering experience. Learn More EARLY $4,000 ENDS MAY 24 A Practical Approach to Breaking & Pwning Kubernetes Clusters Location: TBD madhu akula Tracks: PenTesting, Risk Format: 2 Day Trainings Skill Level: Beginner/Intermediate Experience: In-Person The adoption of Kubernetes use in production has increased to 83% from a survey by CNCF. Still, most security teams struggle to understand these modern technologies. In this real-world scenario-based training, each participant will be learning Tactics, Techniques, and Procedures (TTPs) to attack and assess Kubernetes cluster environments at different layers like Supply chain, Infrastructure, Runtime, and many others. Some of the things you will be doing in this course: * Exploiting Misconfigurations and private Registries by performing simple Recon * Escaping out of containers to host systems and clusters to gain more access * Escalating privileges, DoS cluster resources, Lateral movement from container * Gaining unauthorized access to namespaces, microservices, data, and logs * Breaking the boundaries of NSP(Network Security Policy), RBAC, Profiles * Defense evasion techniques & Persistence in Cluster Environments * Bypassing the solutions like Policy Engines, Resource limits, and Controls * Evaluating the cluster security using CIS benchmarks and Cluster Audits to find all possible risks Also, the trainer will provide a step-by-step guide(Digital Book) with resources and references to further your learning. Learn More EARLY $3,800 ENDS MAY 24 Astute AWS/Azure/GCP Cloud Red Team: It's Raining Shells! - 2025 Edition (2 Day) Location: TBD ultraviolet cyber Tracks: PenTesting, Network Format: 2 Day Trainings Skill Level: Intermediate Experience: In-Person Stay frosty within AWS, Azure, & GCP environments with this fast-paced and hands-on course which teaches each participant the Tactics, Techniques, and Procedures (TTPs) needed to infiltrate and expand access within cloud platforms. In this course you will: * Exploit serverless (e.g. Lambda, Azure Functions) applications for initial access into targets. * Pivot between data and control planes to expand access (e.g. collecting secrets, snapshots) * Evade and disrupt cloud logging platforms (e.g. CloudTrail) to remain undetected. * Breach and backdoor boundaries (e.g. VPCs) to access hard-to-reach systems. * Expanding access within Kubernetes (K8s) envs (e.g. GCP bypass of metadata protections) Compete throughout the course in our hands-on Capture the Flag (CTF) tournament! Learn More EARLY $3,900 ENDS MAY 24 Attack and Defend Android Applications (Virtual) Location: TBD cyfinoid research Tracks: Mobile, Defense Format: 2 Day Trainings Experience: Virtual This course focuses on the Android application ecosystem covering both the offense & defense of the application development process. We start with attacks, covering various possible attacks on Android applications. Then we provide solutions to various challenges routinely encountered by Android security engineers and pen testers: * Traffic interception (HTTP/HTTPS/web socket/non-HTTP) * Root detection bypass * Static & dynamic analysis * Perform dynamic instrumentation (Frida / Magisk) * Analyzing non-Java/ Kotlin apps (React Native, Xamarin and Flutter) Next, we shift gears and focus on defending the applications, and major areas covered are: * Application Threat Modeling * Identifying weaknesses * Adding Security into CI / CD Pipeline for the application * Analysis of the results * Defense in Depth Design Techniques The aim is not to create a "zero to hero" experience, but to provide a methodical approach with which the participants could perform any Android application assessment. We provide students with access to learning portals, cloud VM's, a soft copy of slides, detailed answer sheets as well as AMI's to continue learning after class. Learn More EARLY $3,800 ENDS MAY 24 Attacking and Defending Private 5G Cores (Virtual) Location: TBD dr. altaf shaik Tracks: Network, Wireless Format: 2 Day Trainings Skill Level: Beginner/Intermediate Experience: Virtual Security is paramount in private 5G networks due to their tailored nature for enterprises. They handle sensitive data, connect mission-critical devices, and are integral to operations. This advanced 5G Core Security Training is a comprehensive program designed to equip security professionals with advanced skills and techniques to identify and mitigate potential security threats in private 5G networks. Participants will gain a deep understanding of 5G core security and protocols, and learn how to develop and use the latest 5G pentesting tools and techniques to perform vulnerability assessments and exploit development. The training will also cover the latest 5G security challenges and best practices, and provide participants with hands-on experience in simulating different attacks and defenses on a local zero-RF-transmitting 5G network. Learn More EARLY $3,800 ENDS MAY 24 Automating Security with Open Source Location: TBD threat intelligence pty ltd Tracks: Defense, Forensics Format: 2 Day Trainings Skill Level: Beginner/Intermediate Experience: In-Person The security industry is running fast towards security automation to increase the capability and capacity of security teams so they can effectively and efficiently stay on top of the constantly evolving threats, attacks, and security breaches that occur every day! Learn how to implement streamlined security operations and help prevent breaches through security automation, including: * Automated Intelligence Collection and Analysis * Automated Vulnerability Identification and Penetration Testing * Automated Security Monitoring and Incident Response * Automated Security Infrastructure Orchestration and Integration * Automated Chaining of Security Capabilities * Automated Security Notifications Get ahead of the hackers and start automating the protection of your organisation now! Register now to secure your spot! Learn More EARLY $3,800 ENDS MAY 24 Basic Infrastructure Hacking - 2 Day Location: TBD tom large / notsosecure Tracks: Network, PenTesting Format: 2 Day Trainings Experience: In-Person IT infrastructure is more complex and dynamic than it's ever been, demanding comprehensive, modern, and well-rehearsed security skills to match. Join this hands-on, 2-day course to develop a strong baseline in infrastructure hacking and widen your career prospects. Get your hands dirty with our popular virtual labs and learn from experienced, practicing penetration testers with a legacy of training at Black Hat. Learn More EARLY $3,800 ENDS MAY 24 Black Hat Cryptography: Attacks, Tools & Techniques for Security Professionals Location: TBD ruben gonzalez Tracks: PenTesting, Crypto Format: 2 Day Trainings Skill Level: Beginner/Intermediate Experience: In-Person Crypto-related vulnerabilities are super common! OWASP even ranks "Cryptographic Failure" as the second most common security vulnerability class in software. Yet, very often these vulnerabilities are overlooked by developers, code auditors, blue teamers, and penetration testers alike. Because, let's face it: Nobody knows how cryptography works. This course turns you into a powerful weapon. It will teach you how applied cryptography is commonly misused in the field and how this leads to exploitable bugs. Using case studies from our own pentesting and red teaming engagements, we'll introduce core concepts of applied cryptography and how they fail in practice. During the course you'll: * Understand how modern cryptography works * Find common crypto vulnerabilities in real software * Write crypto exploits for real software (and an IoT device) At the end of the course you'll be able to spot an exploitable crypto bug from miles away (and be able to avoid them yourself)! No prior knowledge required. Learn More EARLY $3,800 ENDS MAY 24 Black Hat Machine Learning Location: TBD nvidia Tracks: AI, ML, & Data Science, PenTesting Format: 2 Day Trainings Skill Level: Intermediate/Advanced Experience: In-Person Machine Learning technologies continue to improve and expand into new areas at a blistering pace: from driving cars to detecting cancer, defending networks to analyzing the human genome, writing code, generating synthetic artwork, flying drones, and more. With this success, ML is starting to receive scrutiny from regulators, security teams, and hackers across all industries. ML Systems represent a new attack surface and bring up genuine security concerns. In this training, students will explore the security risks and vulnerabilities that adopting machine learning might expose you to. This course will provide students with a realistic environment and methodology to explore the unique risks presented by the use of ML in today's environments. Students will leave equipped to assess the threat model, vulnerabilities, and attack surface of ML systems. Learn More EARLY $3,800 ENDS MAY 24 Cloud Security Hands-On (CCSK+) for AWS Location: TBD securosis Track: Defense Format: 2 Day Trainings Skill Level: Beginner Experience: In-Person This course provides a solid foundation in cloud security, including 50% of hands-on labs in AWS to apply the principles in practice. We cover all the material needed to pass the Cloud Security Alliance Certificate of Cloud Security Knowledge (CCSK) exam while adding a pragmatic approach to immediately kick-start your cloud security projects. This class has been updated to align with version 5 of the CSA Guidance. Learn More EARLY $4,000 ENDS MAY 24 Cognitive Security: Preparing for Cyber Deception Through Synthetic Media Attacks Location: TBD psyber labs, llc Tracks: Human, Defense Format: 2 Day Trainings Experience: In-Person Threat actors are rapidly moving beyond traditional cyber-attacks by leveraging generative AI and synthetic media to carry out cognitive warfare and cyber deception tactics against their victims. Extorting high net worth individuals in deepfake virtual kidnapping scams, disseminating disinformation by impersonating well-established brands, and spoofing the voices of executives to convince employees to transfer funds to illegitimate accounts; are just a few examples of tactics already observed in the wild. You will leave this course with the tools and training required to integrate deepfakes and synthetic media into your red team assessments, be able to conduct cyber threat assessments, and practice developing mitigation strategies to reduce potential harm from these attacks. By engaging with attacks from both the offensive and defensive perspectives you will gain a deep understanding of the critical factors that differentiate highly sophisticated attacks from mediocre attempts. Learn More EARLY $3,800 ENDS MAY 24 Defeating Microsoft's Default Bitlocker Implementation Location: TBD popp schweiz ag Tracks: Forensics, Hardware Format: 2 Day Trainings Skill Level: All Experience: In-Person This training guides you through the whole process involved for a successful BitLocker TPM bus sniffing attack. Within two days you will be given the necessary knowledge about micro soldering, notebook internals, TPM basics, logic analyzers, basic forensic data acquisition and some BitLocker theory. In the end you will not just be able to conduct the attack against a test notebook which you can take home, but also fully understand what you are actually doing and applying it to your devices. Learn More EARLY $3,800 ENDS MAY 24 Defending Enterprises - 2024 Edition Location: TBD in.security Tracks: Defense, PenTesting Format: 2 Day Trainings Experience: In-Person Updated for 2024, our immersive 2-day Defending Enterprises training is the natural counterpart to our popular Hacking Enterprises course. You'll play a SOC analyst in our Microsoft Sentinel cloud-based lab and try to rapidly locate IOA's and IOC's from a live enterprise breach executed by the trainers in real-time. Whether you're new to Kusto Query Language (KQL) or a seasoned pro, there's plenty for you in the 2-days! Yes, we're using Microsoft Sentinel, but the underlying threat detection theory, logic and threat hunting approach is transferable into your own environments, whatever your preferred platform. We look at the top 10+ methods we use in offensive engagements and show how these can be caught, along with numerous other examples and methods that go above and beyond these common TTPs! With 14 hands-on exercises you'll gain real-world experience in the following areas: * MITRE ATT&CK, CAR and D3fend frameworks * Introduction to Kusto Query Language (KQL) * Reviewing popular phishing attacks and living off the land techniques * Locating C2 traffic and beaconing activity * Digging into credential exploitation (Pass-the-Hash, Pass-the-Ticket, Kerberoasting, Azure Managed Service Accounts, DCSync) * Reviewing Active Directory Certificate Services (ADCS) attacks * Identifying lateral movement (WMIC, WinRM, MSSQL, SMB) * Catching data exfiltration attempts (ICMP, DNS) * Detecting persistence activities * + much more! We know 2 days isn't a lot of time, so you'll also get 14 days FREE lab time after class and Discord access for support. Learn More EARLY $3,900 ENDS MAY 24 DevSecOps Masterclass: AppSec Automation Edition Location: TBD appsecengineer Tracks: AppSec, Defense Format: 2 Day Trainings Experience: In-Person DevOps has changed the way we deliver apps. However, security remains a serious bottleneck, especially Application Security. This is largely due to the speed of innovation in DevOps, contrasted with the escalating attacks against Applications. The training is based on our 4.9/5 Rated DevSecOps Masterclass at Blackhat. The training is a hardcore hands-on journey into: Hands-on SAST for Apps and Infrastructure-as-Code, with a focus on Semgrep and CodeQL. Develop Custom SAST rules like a bawse! Supply-Chain Security Automation: SBOMs, Source Composition Analysis and Security Engineering techniques Assurance and Provenance for artifacts. Mastery over Cosign and SLSA for Supply-Chain Provenance DAST Automation and Security Regressions with ZAP and Nuclei. Policy-As-Code: Leverage Open Policy Agent (OPA) with use-cases from API Access Control to OS Policy Controls. Participants get 2 months of access to our online lab environment for DevSecOps training Learn More EARLY $4,000 ENDS MAY 24 Elite Web Application Hacking Location: TBD sensepost | orange cyberdefense Tracks: PenTesting, AppSec Format: 2 Day Trainings Skill Level: Intermediate/Advanced Experience: In-Person In an era where digital landscapes evolve, mastery of advanced web application security is imperative for seasoned developers, pentesters and red-teamers alike. This course builds upon existing knowledge, elevating your expertise in web application hacking through sophisticated attacks and hands-on challenges. As the digital ecosystem continues to advance, web applications become increasingly intricate, demanding a higher level of proficiency in securing them against sophisticated threats. This course is crafted to equip you with more advanced skills to identify, assess, and exploit web applications through complex vulnerabilities and approaches. Key Points: * Master complex web security concepts, building on foundational knowledge. * Engage in advanced hands-on exercises simulating real-world challenges. * Hone skills in conducting thorough risk assessments for strategic decision-making amid intricate security challenges. This course is tailored for individuals with a solid foundation in web application security. Whether you're an experienced cybersecurity practitioner seeking to enhance your skill set or a seasoned developer aiming to deepen your security expertise, this course provides a strategic and hands-on approach to mastering the nuances of advanced web application hacking. Learn More EARLY $4,100 ENDS MAY 24 Fundamentals of Industrial Control Systems (ICS) Security Location: TBD mandiant (now part of google cloud) Track: ICS Format: 2 Day Trainings Skill Level: Beginner Experience: In-Person This course provides IT security professionals and ICS/OT engineers interested in ICS/OT security with the fundamental knowledge and skills required to build and expand an ICS/OT security team. Learners will become familiar with ICS/OT security concepts, secure architecture, threat models and ICS/ OT security standards and best practices. The course will also discuss today's security trends and the current threat landscape. Throughout the course, exercises and demonstrations inspired by actual cases and incidents in the ICS world will enable learners to advance their knowledge in their day jobs. Learn More EARLY $4,000 ENDS MAY 24 Going beyond shells! - Hacking AWS, Google Cloud, DigitalOcean and Aliyun (Virtual) Location: TBD cyfinoid research Tracks: PenTesting, AppSec Format: 2 Day Trainings Experience: Virtual A fast paced, scenario driven hands-on training built on real world Detection, Identification and Exploitation of services and assets in AWS, Google Cloud, DigitalOcean and Alibaba Cloud. The training will take students through automated infrastructure creation, security configurations and their abuses that will allow them to go beyond the standard shells that attackers aim for. Learn More EARLY $3,800 ENDS MAY 24 Hacking Cybersecurity Leadership: An Interactive Training to Strengthen Skills for Leading Teams & Multi-Team Systems Location: TBD multiteam solutions Tracks: Human, Defense Format: 2 Day Trainings Experience: In-Person This 2-day, highly interactive course is designed for cybersecurity professionals currently in a role leading a team within a multi-team system (e.g., team lead) or leading an entire multi-team system (e.g., CISO). The training provides participants a chance to familiarize with and practice using 10 analog leadership tools designed to strengthen soft skills to support and motivate individuals, teams, and multi-team systems. The training, which acts as a sandbox, is built on social-behavioral research of CSIRTs and SOCs that was funded by the US and European governments, is assured by the UK NCSC, and will be delivered through expert-facilitated exercises. The exercises are not cybersecurity specific, which allows participants to disrupt their normal, routine ways of leading and open up to the possibilities for growth and change as leaders. The tools readily allow for the concrete transfer of knowledge and soft skills from the training back into the workplace. Learn More EARLY $3,800 ENDS MAY 24 Hacking Enterprises - 2024 Red Edition Location: TBD in.security Tracks: PenTesting, Network Format: 2 Day Trainings Experience: In-Person Updated for 2024, our Hacking Enterprises training is the natural counterpart to our popular Defending Enterprises course. In this multi-layered offensive engagement, you will fully compromise a simulated enterprise in this immersive hands-on course that covers a multitude of TTP's. Targeting modern operating systems including Windows 11, you'll use modern techniques and focus on exploiting configuration weaknesses rather than throwing traditional exploits. Logical thinking and creativity will definitely be put to the test! You will work to get initial access in a fictional organisation where multiple networks exist, some easily accessible, others not so. You'll implant and establish C2, but manual techniques will always be emphasised so you're equipped with the knowledge to work without reliance on frameworks. Course content has been designed to reflect real-world challenges and you'll perform numerous hands-on exercises including executing exploitative phishing campaigns against our simulated users for initial access, finding new networks that in turn bring new challenges including IPv6 exploitation, subverting AMSI and AWL, credential harvesting, passphrase cracking, pivoting, lateral movement, ADCS abuse, userland and privileged persistence via OOB channels and much more! With 14 hands-on exercises you'll gain real-world experience in the following areas: * IPv6 discovery, enumeration and exploitation * Pivoting, routing, tunnelling and SOCKS proxies * C2 infrastructure and beacon deployment * Exploitative phishing * Privilege escalation and credential harvesting * P@ssphras3 cracking * Bypassing AWL * Active Directory Certificate Services (AD CS) abuse * Lateral movement for domain trust exploitation * Out of Band (OOB) data exfiltration * + much more! We know 2 days isn't a lot of time, so you'll also get 14 days FREE lab time after class, Discord access for support and access to a post-training CTF containing hosts and networks not seen during training! Learn More EARLY $3,900 ENDS MAY 24 Hands-On Hacking Fundamentals - 2024 Edition Location: TBD sensepost training | orange cyberdefense Tracks: PenTesting, Network Format: 2 Day Trainings Skill Level: Beginner Experience: In-Person Start your journey into information security with a hands-on course that will expose you to the technical fundamentals of penetration testing and security practises in the realms of networking, infrastructure, web applications and wireless technologies. Key Points: * How to think like a hacker * Finding vulnerabilities and exploiting them * How to approach a pentesting methodology in real-world scenarios This is an introductory course for those starting the journey into penetration testing or those working in environments where understanding how hackers think and the tools, tactics and techniques they use are of the essence. Learn how to attack, and utilise the concepts to enhance your defensive understandings. The course presents the background information, technical skills, and basic concepts required to those desiring a foundation in the world of information security. By the end of the course, you will have a good grasp of how vulnerabilities and exploits work, how attackers think about networks and systems and have compromised several of them, from infrastructure, and web applications to Wi-Fi. This course aims to expose you to the methodologies used by active penetration testers on their day-to-day journey with clients and assessments. Join us and hack hard! Learn More EARLY $4,000 ENDS MAY 24 Implementation of Telco Networks for Pentesters: 2G, 4G and 5G Location: TBD ethon shield Tracks: Mobile, Network Format: 2 Day Trainings Skill Level: Intermediate/Advanced Experience: In-Person This course allows a pentester or researcher to learn how to implement on a single computer 2G, 4G and 5G SA and NSA mobile networks only with an Ettus SDR device. He will learn how to install the necessary SW, configure the tools, basic notions about the architecture and protocols of each technology, configure his programmable SIM card and finally connect a mobile device to these networks to perform tests such as traffic interception, analyze how to perform a downgrade attack, play with encryption or authentication algorithms. Do you want to go through this world with professionals who will help you to understand and implement these networks on your computer? Learn More EARLY $4,100 ENDS MAY 24 Information Operations: Influence, Exploit, And Counter Location: TBD kopidion Tracks: Human, Defense Format: 2 Day Trainings Skill Level: Intermediate/Advanced Experience: In-Person It is indeed all about the information - who controls it, how it propagates, and the effect it has on the receiver. With that knowledge and access comes great power. In this course, you will learn and practice how information operations (IO) are planned and executed. Perhaps more importantly, you will learn how to defend yourself, your employer, and your nation from information-based campaigns. This fast-paced course will include IO strategies, military IO doctrine and TTPs, psychological operations, deception and counter-deception, IO incident response, how to craft themes and messages, propagation techniques, and tactics for defending and countering information operations, among numerous other subjects. You'll leave the course with much deeper insight into how information operations are executed and how to defend against them. You'll also gain a heightened awareness and resistance to the manipulation that is taking place on a daily basis. Learn More EARLY $3,800 ENDS MAY 24 Introduction to Building and Reversing Digital Radios with SDR Location: TBD paul clark Tracks: Wireless, Hardware Format: 2 Day Trainings Skill Level: Intermediate Experience: In-Person Learn to build digital radios with SDR and GNU Radio, then apply those radio skills to reverse basic RF protocols! This is no lecture-based course, but one built on 23 different projects. Upon completion, you'll be able to build basic digital transmitters and receivers using OOK and FSK. You'll also understand the building blocks of digital signals: clocking, preambles, error-checking, and payload encodings. You'll spend the remainder of the course applying your digital SDR skills to reversing basic digital RF systems. Learn More EARLY $4,050 ENDS MAY 24 iOS Threat Hunting Location: TBD matthias frielingsdorf Tracks: Mobile, Malware Format: 2 Day Trainings Skill Level: Intermediate Experience: In-Person Since 2016 Pegasus is well known in the industry as the prime example for mercenary spyware targeting iOS devices. But did you know about Quadream's Reign, Cytrox's Predator, Tykelab's Hermit, Candiru or Operation Triangulation? This new and innovative training will enable you to detect a wide variety of iOS Malware. Our forensic-based approach will provide you with a deep understanding of the forensic artifacts left behind by these malware samples and how to detect them through various techniques. Through a combination of hands-on exercises and expert-led sessions, you will develop the skills and knowledge necessary to become a proficient iOS Threat Hunter. Join us in this unique training opportunity that has not been offered before and gain valuable insights into the world of iOS Malware detection and forensics. Learn More EARLY $3,800 ENDS MAY 24 IoT and Embedded Device Exploitation Location: TBD loudmouth security Tracks: IOT, Hardware Format: 2 Day Trainings Skill Level: Beginner/Intermediate Experience: In-Person In the rapidly evolving landscape of the Internet of Things (IoT), understanding the security vulnerabilities and exploitation techniques of IoT devices has become crucial for cybersecurity professionals. This course aims to equip participants with the skills and practical knowledge to find vulnerabilities in IoT devices. Participants will gain hands-on experience in IoT hardware debugging, memory extraction, firmware analysis and bug hunting using a custom-built IoT device and firmware based on real-world examples. In addition, this course will introduce participants to device emulation and wireless communications in IoT devices, with hands-on labs to put the knowledge into practice. This course bridges multiple disciplines within cybersecurity, including application security, operating system penetration testing, wireless signal analysis, and embedded hardware security. It is designed to empower professionals to perform penetration testing of IoT devices, ensuring they are equipped with the knowledge and experience to find and exploit vulnerabilities in them. Learn More EARLY $3,800 ENDS MAY 24 Malware Detection and Triage with Volatility 3 Location: TBD andrew case and dave lassalle Tracks: Forensics, Malware Format: 2 Day Trainings Skill Level: Intermediate Experience: In-Person Memory forensics—the analysis of volatile memory (RAM)—is an extremely powerful technique for detecting and triaging modern malware. Memory forensics is often a critical component of modern incident response due to the frequent use of memory-only payloads and rootkits that bypass modern EDRs, hide from live analysis tools, and often leave no file system artifacts. Memory analysis reconstructs system state without relying on operating system APIs, allowing it to both detect modern malware and provide automated triage results. In this course, a mix of lectures and hands-on labs provides students with the knowledge and experience necessary to perform real-world incident response using memory analysis for detection and hunting of sophisticated malware on Windows 10+ systems. The course is taught by two core developers of Volatility 3, the exciting new version of the world's most widely used memory analysis framework, and provides early access to upcoming capabilities. Learn More EARLY $3,800 ENDS MAY 24 Malware Detection in the AI Era: Attacks and Defenses on Machine Learning Classifiers Location: TBD dmitrijs trizna and luca demetrio Tracks: AI, ML, & Data Science, Malware Format: 2 Day Trainings Skill Level: Beginner/Intermediate Experience: In-Person Endpoint Detection and Response (EDR) systems and Antivirus (AV) solutions have incorporated machine learning (ML) as core components of their decision-making processes. However, the integration of ML has introduced new vulnerabilities, rendering these systems susceptible to specific types of attacks that can weaken their effectiveness. In this course, participants will first gain a comprehensive understanding of how machine learning models can perform the task of malware detection in both static and dynamic settings, and they will use techniques that explain their behavior. Furthermore, we will introduce the concepts of Adversarial Machine Learning, the field of science that formalizes the presence of an adversary whose intent is the exploitation of AI models. Attendees will first learn and then execute known adversarial strategies designed to compromise ML malware classifiers under different threat models. Lastly, we will show how these attacks can be limited, by discussing recent advancements in research of defensive mechanisms. Learn More EARLY $3,800 ENDS MAY 24 Malware Hunting & Digital Forensics Location: TBD paula januszkiewicz, ceo and cybersecurity expert; dr. mike jankowski-lorek, director of consulting and cybersecurity expert Track: Malware Format: 2 Day Trainings Experience: In-Person Are you tired of constantly reacting to malware attacks? Take control with our Advanced Malware Hunting course! In this deep-dive training, you'll learn the latest techniques and capabilities of malware, as well as practical methods for preventing, detecting, and responding to malicious code. Our expert instructors will guide you through real-world scenarios, showing you how to analyze malware, identify vulnerabilities, and build robust defenses that protect your organization's infrastructure. By the end of this course, you'll have a comprehensive understanding of malware and its behaviors, as well as a toolbox of proven techniques for securing your network, endpoints, and data. Whether you're an IT professional, security analyst, or malware researcher, this course will give you the skills and knowledge you need to stay one step ahead of the cybercriminals. Learn More EARLY $3,800 ENDS MAY 24 Offensive Hardware Hacking Training Location: TBD whid - we hack in disguise Tracks: Hardware, IOT Format: 2 Day Trainings Skill Level: Beginner/Intermediate Experience: In-Person The Offensive Hardware Hacking Training is a hands-on course designed to fulfill the skills gap that in the recent years emerged within the InfoSec scene in respect of the (I)IoT landscape. In it, students will be able to gather the needed theoretical knowledge and practical skills to engage with confidence hardware security audits involving those devices, that started to flood both consumer and corporate markets. The course is structured to be accessible to both junior and senior security personnel: it goes from a generic panoramic of the theory behind electronics, protocols, memories, microprocessors & tools-of-the-trade; then proceeds deeper into the topics by reviewing various TTPs. Moreover, the students' workbook contains more than 40 practical exercises involving real hardware devices and will allow each student to physically work on them during the training AND also to bring it at home together with their own first HW Hacking Lab Kit worth around 300 USD. For more info, check the following videos: 1. https://www.youtube.com/watch?v=zbUuBZJIHkE 2. https://www.youtube.com/watch?v=VpHBMELQmnk Learn More EARLY $3,900 ENDS MAY 24 Open Source Intelligence Tools & Techniques Location: TBD mandiant (now part of google cloud) Tracks: Defense, Risk Format: 2 Day Trainings Skill Level: Beginner Experience: In-Person This two-day foundational level course is designed to teach intelligence analysts the fundamentals of open source intelligence (OSINT) tools and techniques. Students will employ a 3 Phase Branching Model across a multitude of use cases to conduct investigations. They will also use popular tools such as Virus Total and Google to drive these investigations to completion. Learn More EARLY $4,000 ENDS MAY 24 Patch Diffing In The Dark: Binary Diffing For Vulnerability Researchers and Reverse Engineers Location: TBD john mcintosh Tracks: Forensics, AppSec Format: 2 Day Trainings Skill Level: All Experience: In-Person Every day, a new CVE or blog post is published detailing a critical vulnerability. Often, we know about a vulnerability but feel like we don't have the skills or time to understand its root cause. What if you could change that by learning a new skill that would guide you towards understanding modern vulnerabilities? The goal of this course is to teach participants how to use patch diffing techniques to analyze real-world vulnerabilities in Windows and Android. You will use open-source tools like the Ghidra SRE framework to reverse engineer the latest CVEs and discover that you already have the information and tools needed to get started. This course will help you develop the confidence and competence to tackle complex vulnerabilities. If you feel like you are always "in the dark" about the latest CVE and want to take a step towards the light (understanding), this course is for you. Learn More EARLY $3,800 ENDS MAY 24 Payment Systems: The Art of Analyzing Mag-stripe, Tokenization, NFC and EMV Technologies Location: TBD metabase q Tracks: PenTesting, Defense Format: 2 Day Trainings Skill Level: Beginner/Intermediate Experience: In-Person Payment Systems training offers a holistic approach to understanding and mastering the intricacies of various banking data formats such as EMV, NFC, Tokenized, and Magstripe. Instead of merely concentrating on specific tools, our emphasis is on the underlying methodologies and communication protocols. This approach ensures a more profound and enduring grasp of the subject matter. The training is meticulously structured around different technologies and their respective communication protocols. This division facilitates an easier and more comprehensive understanding, enabling participants to effectively conceptualize techniques. Our intensive hands-on sessions are designed to immerse students in real-world scenarios that center on EMV standards. This not only provides a practical perspective but also challenges them to discern how malicious entities might navigate, exploit, or bypass security mechanisms within payment systems. Furthermore, participants will gain insights into the countermeasures implemented across various technologies, ensuring that they are well-equipped to anticipate and address potential vulnerabilities. Learn More EARLY $3,800 ENDS MAY 24 Practical Mobile Application Exploitation iOS & Android - 2024 Edition (Virtual) Location: TBD 8ksec Tracks: AppSec, Mobile Format: 2 Day Trainings Skill Level: Beginner/Intermediate Experience: Virtual After running sold-out training at multiple conferences over the last few years, we are back with an updated version of our course which now covers ARM64, iOS & Android Internals, and detailed Mobile apps and operating system security. The class starts with a basic introduction to the ARM instruction set and calling conventions followed by some reverse engineering exercises. We then learn how to craft simple exploits for the ARM64 environment. The training will be based on exploiting Damn Vulnerable iOS app, Android-InsecureBankv2, InsecurePass and a wide range of real-world application vulnerabilities in order to give in-depth knowledge about the different kinds of vulnerabilities in Mobile applications. After the workshop, the students can successfully audit and secure applications running on iOS/Android operating systems, as well as get a better understanding of their Internals. Students will learn how to use Frida, a dynamic instrumentation framework, for doing vulnerability research. Slides, Custom scripts, Videos, VM and detailed documentation on the labs will be provided to the students for practice after the class. Corellium access will be provided to students during the training course. Students will be provided access to a Slack channel where the trainers will help prep them for the class, and the students can retain access to it for the foreseeable future. Slides, videos, and detailed documentation on the labs will be provided to the students for practice after the class. Corellium access will be provided to students during the training course. Learn More EARLY $3,800 ENDS MAY 24 Pragmatic API Exploration Location: TBD sensepost | orange cyberdefense Tracks: AppSec, Defense Format: 2 Day Trainings Skill Level: Beginner Experience: In-Person Embark on a learning journey to explore the art of attacking and securing Application Programming Interfaces (APIs) with our comprehensive API course. As API usage grows, so does the threat landscape for organisations. This practical-driven training will equip you to conduct impactful penetration tests on API implementations and further your understanding on how to mitigate the majority of vulnerabilities. Explore modules covering API fundamentals, engagement strategies, attack surface enumeration, and demystifying the OWASP Top 10 for APIs. Delve into additional focus areas such as logging, monitoring, injection attacks, and securing Azure API implementations. Gain practical experience in exploiting vulnerabilities on RESTful APIs and GraphQL, culminating in a thrilling Capture the Flag challenge. Join us, hack hard and make APIs safe Learn More EARLY $4,100 ENDS MAY 24 Python Hacker Bootcamp: Zero to Hero Location: TBD snowfensive Tracks: PenTesting, Defense Format: 2 Day Trainings Skill Level: All Experience: In-Person Scripting and automation have become standard requirements for cybersecurity professionals. However, learning how to program is challenging for many. Many people give up learning this skill because they may need to learn how to start, find programming books confusing, or the examples taught in online classes don't apply to their use cases. If you want to learn how to program Python to automate tasks, increase accuracy, and become more marketable in the workforce, this course is for you. This course was designed to follow a hacker's methodology of programming. Instead of learning formal programming practices that you'll never use (we're looking at you bubble sort), this course focuses on core concepts taught using information security-centric projects. The hands-on labs, which accompany the practical application lectures, focus on solving commonplace and real-world security challenges. The labs have been designed to apply to information security professionals. Join us for a fun, fast-paced bootcamp to take you from zero to hero! Learn More EARLY $4,000 ENDS MAY 24 Reverse Engineering Firmware with Ghidra Location: TBD eric evenchick & tetrel security Tracks: Hardware, IOT Format: 2 Day Trainings Skill Level: Intermediate Experience: In-Person This hands-on course teaches the concepts, tools, and techniques required to reverse engineer firmware and assess embedded devices. To ensure the tools taught are available to all, we will make use of Ghidra, a powerful open-source reverse engineering tool developed by the National Security Agency. Within the two days, you will: Learn general techniques for binary reverse engineering Identify, unpack, load, and analyze various types of firmware into Ghidra Use reverse engineering techniques to find exploitable vulnerabilities in an embedded Linux device Map device vector tables, peripheral memory, and system calls to find exploitable vulnerabilities in a bare-metal device Identify remotely exploitable vulnerabilities in a Bluetooth Low Energy device Learn to use a debugger to assist in reverse engineering Labs attacking an embedded Linux system and a bare-metal Bluetooth Low Energy device will be used to deliver a hands-on experience. You can expect to leave this course with the skills to reverse firmware for a variety of embedded targets. Learn More EARLY $3,800 ENDS MAY 24 Reversing and Exploiting RF with Software-Defined Radio Bootcamp Location: TBD sébastien dudek @ penthertz Tracks: Wireless, Hardware Format: 2 Day Trainings Skill Level: Beginner/Intermediate Experience: In-Person Unleash the power of the impossible with Software-Defined Radio! Numerous wireless devices utilize simple radio protocols for communication. With the appropriate tools, it becomes feasible to intercept, decode, and even replicate or inject these transmissions. Such analysis can unveil critical security vulnerabilities, regardless of whether the device in question is a simple toy, a garage door opener, a wireless intercom, or a sophisticated IoT device. However, before we can uncover these vulnerabilities, it is essential to gain a comprehensive understanding of the data transmission process, including aspects such as modulation, encoding, encryption, and various other mechanisms, but also making the right choices about the hardware to use. This course offers perfect hands-on training for individuals eager to embark on a journey into the realm of Wireless Communication Reverse Engineering. It provides practical examples and invaluable tips to initiate and pursue the field, enabling students to delve into Signal Intelligence (SIGINT), reverse even the most exotic communication protocols, and practice attacking them using the capabilities of Software-Defined Radio. Learn More EARLY $3,800 ENDS MAY 24 Securing the Four C's of A Software Product: AWS Edition Location: TBD rohit salecha Tracks: Defense, AppSec Format: 2 Day Trainings Skill Level: Intermediate/Advanced Experience: In-Person Following a successful MVP demonstration, a startup recently obtained significant funding. The next step involves a soft launch where security poses a crucial challenge. The initial PoC lacks basic security standards needed for customer trust and compliance for ex: secrets are strewn all across the code, everyone is having admin privileges to AWS and Kubernetes, Compute infrastructure is non-compliant and only a basic web application pentest was conducted with very few findings. This scenario inspired creation of 'Securing 4C's of Software Product,' a specialized training program tailored to secure the core pillars of product security: Code, Container, Cluster & Cloud. This training delves deep into key security domains such as Authentication and Authorization in AWS and Kubernetes, Secrets Management & Detection, Supply Chain Security, Container Security, and Static Application Security. It equips attendees with the necessary knowledge to establish robust security protocols, ensuring deployments carry a high level of security assurance. Learn More EARLY $3,800 ENDS MAY 24 Video Preview » Tactical Recon for Pentesters - 2024 Edition Location: TBD redhunt labs Track: PenTesting Format: 2 Day Trainings Skill Level: Beginner/Intermediate Experience: In-Person This 2024 Edition of our Tactical Recon for Pentesting training program not ONLY focuses on OSINT but also focuses on in-depth attack tactics using the information collected in the earlier phases. This course will focus on a wide range of tools and techniques for performing real-world reconnaissance in order to launch targeted attacks against modern and dynamic infrastructures. We will take a deep dive into various modern methodologies for extracting useful information from the internet. Furthermore, we will cover how this extracted information can be used in attack scenarios to get an initial foothold in multiple ways within an organization's network beyond the firewall and further exploit it to gain and maintain elevated access. The course will cover topics like: * Mapping the Modern Attack Surface * Comprehensive Subdomain Enumeration * Exploring Dark Web * Hunting 3rd Party SaaS Apps * Hunting & Attacking API Endpoints * Supply Chain Enumeration & SBOM * Template Based Scanning * Attacks using Recon from Docker Image, EBS volumes, etc. * Exploring Mobile Applications for Attack Chaining * Practical Social Engineering, etc. This 2-day course takes a hands-on approach to indulge the participants in real-world scenarios, simulated lab environments, and case studies to get proficient in techniques and methodologies. Each participant will also be provided ONE MONTH FREE ACCESS to our Hybrid-Cloud Based Private Lab mimicking the modern age infrastructure, as well as decoy accounts and the organization's social presence, where they can practice the skills learned during the course. Learn More EARLY $3,800 ENDS MAY 24 The Shellcode Lab Location: TBD threat intelligence pty ltd Tracks: PenTesting, Malware Format: 2 Day Trainings Skill Level: Intermediate Experience: In-Person The Shellcode Lab is back for its 14th consecutive year Black Hat USA! With feedback like "By far the best course I've taken at Black Hat", this is the training that takes your penetration testing and low-level technical skills to the next level! With 17 multi-part hands-on labs and over 150 slides of hard-core technical content, students start with basic knowledge, and by the end of the first day write their own macOS 64-bit Port Bind shellcode from scratch to remotely compromise a server. In this exciting and hands-on training, you will: * Create custom payloads for: * Linux 32-bit * macOS 64-bit * Windows 32-bit * Windows 64-bit * Make payloads small to fit into more exploits * Implement techniques to avoid bad characters * Integrate your payloads into public exploits * Create a Metasploit Payload Module using your payloads * Compromise machines using your payloads We take your security skills to the next level - fast! Seats go fast. Register now to secure your spot! Learn More EARLY $3,800 ENDS MAY 24 Windows Enterprise Incident Response Location: TBD mandiant (now part of google cloud) Tracks: Forensics, Defense Format: 2 Day Trainings Skill Level: Beginner/Intermediate Experience: In-Person Windows Enterprise Incident Response is an intensive two-day course designed to teach the fundamental investigative techniques and digital forensics skills needed to respond to complex intrusions by motivated and persistent attackers. The class is built upon a series of hands-on labs that highlight the phases of a targeted attack, key sources of evidence, and the forensic analysis know-how required to analyze them. Created and taught by consultants who do this work daily, this class is based on first-hand experience responding to incidents all around the world for major organizations. At Mandiant, we investigate the incidents that matter, and we're bringing that knowledge to the students of this class. Learn More EARLY $4,000 ENDS MAY 24 * 2 Day (Mon-Tue) * 360° Ransomware Response: Detection, Negotiation, Recovery, and Prevention Location: TBD lmg security (sherri davidoff and matt durrin) Tracks: Forensics, Defense Format: 2 Day Trainings Experience: In-Person Learn to respond to ransomware effectively and efficiently. In this hands-on boot camp, we'll show you a comprehensive approach to ransomware response, covering key aspects such as early detection, negotiation tactics, and decryption challenges. We'll analyze the latest ransomware strains and learn about evolving detection strategies. Then we'll delve into core elements of the initial response: triage, evidence preservation, scoping, containment and mitigation. We'll study the decryption process, including infected decryptors, double-encryption issues, and other common challenges. You'll learn practical ransom negotiation tactics and gain insights on the business impacts and communication strategies that will help you effectively support legal teams, public relations and more throughout the response. Hands-on labs are included throughout the class. Each student gets 90 days of free access to the Ransomware Virtual Laboratory. Along the way, we'll take students full circle and point out effective technical measures that block attackers and prevent ransomware deployment. Learn More EARLY $4,000 ENDS MAY 24 2024, A Space Hacking Odyssey Location: TBD final frontier security Tracks: PenTesting, ICS Format: 2 Day Trainings Skill Level: All Experience: In-Person Sure, maybe you've hacked the planet, but how about hacking off planet? The final frontier has been designated as critical infrastructure. Satellites and other space systems are an integral part of our daily lives from navigation to communications, financial transactions, and national security. Cybersecurity for these assets is environmentally and operationally constrained in ways unfamiliar to most practitioners. What better way to gain an appreciation for the challenges of cybersecurity in space and an understanding of how attackers will behave against this attack surface than exploiting it yourself? Learn More EARLY $3,800 ENDS MAY 24 A Basic Guide to Bug Hunting with Ghidra Location: TBD craig young Tracks: AppSec, PenTesting Format: 2 Day Trainings Skill Level: Intermediate Experience: In-Person Discover the art of uncovering vulnerabilities without the aid of source code or commercial tooling. This class is a deep-dive on how to use open source tools to shed light on closed source binaries. We will cover how bug hunters use free tools like Ghidra, AFL, QEMU, Frida, and GDB, to find exploitable bugs in modern software. Students will be introduced to each of these tools and more as we walk through exercises demonstrating their use. We will start with relatively simple techniques, like using Ghidra to identify and trace potentially insecure function calls, but by the end we will be looking at advanced techniques for stitching fuzzers together from compiled code. We'll also explore opportunities for using dynamic analysis to identify interesting code paths and reveal subtle bugs. Students in this class should be comfortable working with C code and have a basic understanding of memory safety vulnerabilities. Learn More EARLY $3,900 ENDS MAY 24 A Beginner's Guide To Threat Hunting: How to Shift Focus from IOCs to Behaviors and TTPs Location: TBD lee archinal (cyborg security) Tracks: Defense, Human Format: 2 Day Trainings This course is designed to provide the students with hands-on experience in behavioral threat hunting. This includes covering common models and how they relate to threat hunting, how to operationalize an intel report focusing on tactics, techniques, and procedures (TTPs), how to leverage intelligence to initiate and conduct a hunt, data pivoting from initial query to results, proper documentation techniques to compile and organize findings in a repeatable manner. The culmination of this process will be a series of simulated attack chains using real world adversary TTPs, broken down into two phases: crawling and walking. The crawl phase will provide students with the opportunity to go hands-on with the data in a step-by-step hunting tutorial. This practical session will allow students to experience threat hunting in a structured and controlled manner, and allow them to practice the topics that were covered. The walk phase will see students break off into small SOC teams for an activity that will put all of their practical knowledge to the test. Learn More EARLY $3,800 ENDS MAY 24 Accelerated AppSec – Hacking your Product Security Programme for Velocity and Value (Virtual) Location: TBD josh grossman, bounce security Tracks: AppSec, Defense Format: 2 Day Trainings Skill Level: Beginner/Intermediate Experience: Virtual Software is a key part of the organization's "perimeter" but to many security people the engineering / development team can feel like a "black box". At the same time, product security is a complex, constantly changing and high-risk area for which the traditional security team is still considered responsible. In this one-of-a-kind course, exclusive to Black Hat, you will learn: * How to bridge the gap with engineering by getting leadership buy-in * How to build security processes which meet developers where they are * How to use scanning tools to accelerate your efforts without causing developer fatigue To bring the course to life and let you apply what you learn, you will work in teams (or individually if you prefer) on table-top exercises which simulate real challenges and situations which you might come across when building a software security programme. These exercises are based on our highly successful model from previous courses and give you the opportunity to plan your approach (using our in-house developed templates and tools) and then explain and justify your decisions to simulated stakeholders. Be ready to leave the course with clear strategies and ideas on how to build a valuable product security programme with strong engineering support. Learn More EARLY $3,800 ENDS MAY 24 Video Preview » Accurate and Scalable: Web Application Bug Hunting Location: TBD michal kamensky, bounce security Tracks: AppSec, PenTesting Format: 2 Day Trainings Skill Level: Beginner/Intermediate Experience: In-Person Ever find yourself repeating manual searches while analyzing a massive codebase? Do you often manually perform the same tests over and over when reviewing a huge web application? In this course you will learn how to take all that knowledge and repetitive work and put it into custom checks and tailored scans that will do the work for you, across the whole application. You will practice performing scalable, assisted manual research, using free, open-source tools such as Semgrep and Nuclei whilst leveraging your familiarity with the application and its logic. Instead of generic vulnerability scans that barely find the obvious problems and flood you with false positives, you can develop tailor-made checks that find what is important. Through multiple hands-on examples and practical exercises, you'll learn how this approach of customization at scale enables you to look far beyond the low hanging fruit, with useful tools that spare you the trouble of reinventing the wheel each time around. Learn More EARLY $3,800 ENDS MAY 24 Active Directory Attacks for Red and Blue Teams – Advanced Edition (Virtual) Location: TBD altered security Tracks: PenTesting, Network Format: 2 Day Trainings Skill Level: Intermediate Experience: Virtual More than 95% of Fortune 500 companies use Active Directory! Enterprises are managed using Active Directory (AD) and it often forms the backbone of the complete network. To secure AD, you must understand different techniques and attacks used by adversaries against it. Often burdened with maintaining interoperability with a variety of products, AD lack ability to tackle latest threats. This training is aimed towards attacking modern AD using built-in tools, scripting and other trusted OS resources. Some of the techniques, used in the course: * Extensive AD Enumeration * Trust mapping and abuse * Privilege Escalation * Advanced Kerberos Attacks * Advanced cross forest trust abuse * Attacking Azure AD integration * Abusing trusts for MS products * Credentials Replay Attacks * Persistence * Defenses * Bypassing defenses Attendees will get free two-month access to an AD environment comprising of multiple domains and forests and a Certified Red Team Expert Exam (CRTE) certification attempt. Learn More EARLY $3,800 ENDS MAY 24 Active Directory Security Fundamentals Location: TBD specterops Tracks: PenTesting, Defense Format: 2 Day Trainings Experience: In-Person Stop being passive with your Active Directory! Kerberos, ADUC, Golden Tickets, Security Principals – have you come across these or similar words in penetration test reports or security bulletins and felt a little… lost? Active Directory comprises many components that fulfill complex architectural requirements but can also open cracks through which attackers may slip. Active Directory: Security Fundamentals demystifies the various Active Directory components and illustrates how these components can potentially introduce risks to your organization. This course empowers network defenders to directly look under the hood of their Active Directory architecture and understand their environment better than attackers. Instructors share their knowledge and personal experiences testing Active Directory in hundreds of environments to reveal not only common pitfalls in securing their environment but also how they commonly occur. Learn More EARLY $4,000 ENDS MAY 24 Adam Shostack's Threat Modeling Intensive Location: TBD adam shostack Tracks: AppSec, Defense Format: 2 Day Trainings Skill Level: All Experience: In-Person Threat modeling is the best way for security professionals to get a seat at the table and influence a project early. It's how we get systematic, structured and comprehensive about the products and services we deliver. This is a rare public opportunity to take a course from "the person who wrote the books." (Threat Modeling: Designing for Security and Threats: What Every Engineer Should Learn from Star Wars) Learn More EARLY $3,900 ENDS MAY 24 Advanced APT Threat Hunting & Incident Response Location: TBD xintra Tracks: Forensics, Defense Format: 2 Day Trainings Experience: Virtual APTs are constantly evolving their attack techniques putting pressure on responders and blue teamers to stay up-to-date on all the latest tactics, techniques and procedures. Depending on the nature of the organization, responders and blue teamers may have never responded to a nation-state level threat in their environment. This course is built to arm attendees with the ability to detect, respond and remediate an APT-level attack. Attendees will be challenged with practical labs built around a simulated APT intrusion covering each stage of the ATT&CK chain. Students will be exposed to endpoint forensics, log analysis and cloud forensics on up-to-date attack techniques leveraged by Russian, Chinese, North Korean and Iranian APT groups against organizations within the last two years. Learn More EARLY $3,800 ENDS MAY 24 Advanced Cloud Incident Response in Azure and Microsoft 365 Location: TBD korstiaan stam from invictus incident response b.v. Tracks: Forensics, Defense Format: 2 Day Trainings Skill Level: Intermediate/Advanced Experience: In-Person In this comprehensive two-day hands-on training, immerse yourself in the intricacies of forensics and incident response within the Microsoft cloud environment. This course delves into both Microsoft 365 and Microsoft Azure, providing practical insights into investigating cyber attacks and navigating relevant log artifacts. All concepts taught are directly applicable to real-life threats observed in the Microsoft cloud. Benefit from the expertise of a trainer with firsthand experience in cloud-based incident response and forensic investigations, sharing insights not found on conventional websites. By the end of this training, you will be well-equipped to confidently investigate any threat within the Microsoft cloud. Experience a highly interactive training with practical exercises, at the end of the course you will investigate two comprehensive attack scenarios in both Azure and M365 in the Capture The Flag (CTF) challenge. It is your task to solve as many puzzle pieces as possible. Learn More EARLY $3,800 ENDS MAY 24 Advanced Hacking and Securing Windows Infrastructure Location: TBD paula januszkiewicz, ceo and cybersecurity expert; dr. mike jankowski-lorek, director of consulting, cybersecurity expert Track: Defense Format: 2 Day Trainings Skill Level: Intermediate/Advanced Experience: In-Person Take your cybersecurity skills to the next level with our infrastructure services security course. Ideal for enterprise admins, security officers, and architects seeking to protect critical infrastructure, this course is taught by leading experts Paula Januszkiewicz and Mike Jankowski-Lorek, Ph.D. You'll gain practical knowledge from years of experience and successful projects, with a focus on critical penetration testing tasks to effectively safeguard your organization from cyberattacks. Learn efficient network mapping, vulnerability identification, and exploitation techniques, while mitigating the risk of attacks through secure measures. Learn More EARLY $3,800 ENDS MAY 24 Advanced Hardware Hacking: Power Analysis & Fault Injection with the ChipWhisperer Location: TBD newae technology inc. Tracks: Hardware, IOT Format: 2 Day Trainings Skill Level: Intermediate Experience: In-Person This course brings you up to speed on advanced hardware hacking topics such as power analysis and fault injection. The course is based around the open-source ChipWhisperer project, and students will use a variety of related tools in the course. This updated 2-day course includes more focused labs using a wide variety of ChipWhisperer tools setup in the classroom. Topics include power analysis for passwords & encryption algorithms, along with fault injection using voltage, clock, and electromagnetic fault injection. The course is structured so that students can work through a wide variety of additional ChipWhisperer tutorials after the course, focusing the course contents on the fundamentals along with how to apply the material in practical scenarios. Learn More EARLY $3,900 ENDS MAY 24 Advanced Malware Traffic Analysis: Adaptive Defence. 2024 Edition Location: TBD veronica valeros, sebastian garcia Tracks: Network, Defense Format: 2 Day Trainings Skill Level: Intermediate/Advanced Experience: In-Person This intensive hands-on training provides students with the essential know-how to analyze malware traffic and advanced attacks, gaining a deep understanding of malware behaviors within a network. Through practical exercises, participants gain proficiency in identifying malicious connections and learn to differentiate between normal and malicious behaviors while effectively handling very large traffic captures. The most important lesson of the training is: that it is not about how to use a tool. The goal is to transmit the experience of recognizing malicious actions within the network. This includes understanding how malware hides, how to track it, and how to analyze traffic patterns to discard false positive connections. Students actively engage in executing their own malware, exploiting active services, capturing its traffic, and conducting comprehensive analysis, with a particular focus on real-life scenarios. It also explores and incorporates the application of machine learning models for detection. Learn More EARLY $3,900 ENDS MAY 24 Advanced Threat Emulation: Active Directory Location: TBD bc security Tracks: PenTesting, Malware Format: 2 Day Trainings Skill Level: Intermediate/Advanced Experience: In-Person This training course covers various aspects of Active Directory and how to attack it. Students will learn about network poisoning and authentication protocols in Windows networks, the different kinds of Windows credential types, and how to use them. Students will also learn common attacks on NTLM and Kerberos, such as NTLM relay attacks, delegation attacks, and creating forged tickets. Students will become familiar with identifying and exploiting common Active Directory misconfigurations . Students will be able to conduct attacks from both Windows and Linux operating systems and learn the nuances between each platform for performing attacks. Students will learn where credentials are stored on a Windows system and how to extract credentials from LSASS, DPAPI, SAM, LSA, and the Kerberos ticket cache. Students will learn about the different domain trusts and how to perform multi-domain compromises. Learn More EARLY $3,800 ENDS MAY 24 Advanced Threat Emulation: Evasion Location: TBD bc security Tracks: PenTesting, Malware Format: 2 Day Trainings Skill Level: Intermediate/Advanced Experience: In-Person Windows presents a vast attack surface, providing the Blue Team with many detection opportunities. Students will learn about evading Blue Team hunters by first learning to build detections, then masking their signatures, and exploiting indicators to decrease detection probability. We will also explore the impact of migrating through different programming languages, such as C# and IronPython. By the end of the course, students will be equipped with the knowledge to obfuscate open-source tools without necessitating custom tooling for use across a diverse and dynamic operations environment. This class will explore the theory behind malware obfuscation, starting with the Theory of Code Obfuscation and how it applies to Tactics, Techniques, and Procedures (TTPs) implemented by modern Advanced Persistent Threats (APTs). We will examine everything from standard variable obfuscation to control flow manipulation to data procedurization. Students will apply obfuscation theory to practical applications in hands-on labs throughout the course. Learn More EARLY $3,800 ENDS MAY 24 Adversarial Approach - Combating Social Engineering Attacks through Situational Awareness Location: TBD jayson e. street Track: Human Format: 2 Day Trainings Skill Level: Beginner/Intermediate Experience: In-Person Fueled by advancements in social media and AI, the evolution of social engineering tactics has elevated cyber threats to unprecedented levels of sophistication. So, why has the approach to Security Awareness Training (SAT) stayed the same? This hands-on course will teach you how to go beyond best practices and use modern social engineering techniques to transform "security awareness" into "situational awareness." Course Features: * Apply AI for social engineering and other simulated nefarious purposes * Learn DuckyScript and use it to expose the risk to executives and coworkers * Participate in 6 Practical Hands-On Exercises in Recon, Phishing exploits, and Ways to Engage Your Employee Base * Help educate others become more situationally aware of threats * Take home a custom Hak5 field kit (consisting of Bash Bunny Mark II, O.MG Elite USB-C Cable, & O.MG Programmer) Traditional SAT programs cover password hygiene, recognizing phishing emails, securing physical workspaces, and understanding the importance of data privacy. This knowledge is essential but lacks the interactivity and real-world simulation needed to effectively prepare someone for the dynamic cyber threats of today. We will address that gap by teaching you: * How adversaries perform reconnaissance using the Open-Source Intelligence (OSINT) model * How to effectively use spear phishing and physical compromise demonstrations to showcase the direct impact of threats * How to enhance your SAT program with engaging content to develop security culture At the end of this course, you will have the knowledge and tools you need to demonstrate the impact of a social engineering attack. You will be able to defeat optimism bias and show anyone how they can be personally impacted by cybersecurity events. You'll also have strategies to secure leadership endorsement and apply your new abilities to modernize the SAT program in your organization. Once you have successfully instilled situational awareness into the personnel of your organization, you will have mobilized your organization's most effective defense in the fight against cybercrime. This course serves as a catalyst for transformative change, ensuring your organization's resilience in the face of modern cybersecurity challenges. Learn More EARLY $4,000 ENDS MAY 24 Adversarial Cloud Incident Response Location: TBD securosis Tracks: Defense, PenTesting Format: 2 Day Trainings Experience: In-Person Spend two days immersed in pragmatic techniques to detect and respond to the latest cloud attacks, filled with live-fire exercises and opportunities to play the adversary and try to break into your fellow students' lab environments. This hands-on training starts with preparation and ends with response as students learn how to instrument accounts, build detectors, lay traps with canary tokens, analyze logs, and hunt cloud threats. They will then learn the top cloud attacks and take a quick spin through some pen test tooling. The training then finishes with a series of simulated attacks run by the instructors before the classroom divides up and teams get to play attack and defense with their new knowledge. Learn More EARLY $4,000 ENDS MAY 24 Agile Whiteboard Hacking – aka Hands-on Threat Modeling Location: TBD toreon Tracks: AppSec, Defense Format: 2 Day Trainings Skill Level: Beginner/Intermediate Experience: In-Person In this "Black Hat edition" training, we challenge you with hands-on threat modeling exercises based on real-world projects. You will get insight into our practical industry experience, helping you to become a Threat Modeling Practitioner. We included an exercise on MITRE ATT&CK, and we focus on embedding threat modeling in Agile and DevOps practices. And we introduce a new challenge on threat modeling a Machine Learning-Powered Chatbot. We levelled up the threat modeling war game. Engaged in CTF-style challenges, your team will battle for control over an offshore wind turbine park. All participants get our Threat Modeling Playbook to improve you threat modeling practice, one-year access to our online threat modeling learning platform, and one-hour personal coaching to refine your threat modeling. Our self-paced Threat Modeling Introduction training is included in this course. All participants get our Threat Modeling Playbook to improve you threat modeling practice, one-year access to our online threat modeling learning platform, and one-hour personal coaching to refine your threat modeling. Are you new to threat Modeling? Our self-paced Threat Modeling Introduction training is included in this course. Learn More EARLY $4,000 ENDS MAY 24 AI Red Teaming in Practice Location: TBD dr. amanda minnich. microsoft ai red team gary lopez. microsoft ai red team Tracks: AI, ML, & Data Science, AppSec Format: 2 Day Trainings Skill Level: Intermediate/Advanced Experience: In-Person There is so much more to red teaming AI systems than prompt injection. In this training, attendees will learn how to red team AI systems leveraging three pillars: traditional software vulnerabilities in AI systems, AI-specific vulnerabilities, and Responsible AI (RAI) vulnerabilities. By the end of the class, attendees should be able to probe comfortably any machine learning system for OWASP Top 10 LLM vulnerabilities. We will exclusively use open- source tools and frameworks such as Semantic Kernel, LangChain, NeMo Guardrails, Counterfit and the MITRE ATLAS to red team AI systems. The course is taught by Microsoft's AI Red Team, which was the first to combine RAI Red Teaming alongside security red teaming. In the last year, every high-risk AI system—including models and Copilots—was assessed by this team. We will use this real-world experience to upskill Black Hat attendees. Learn More EARLY $3,800 ENDS MAY 24 A Journey Into Mobile Application Hacking (iOS & Android) Location: TBD sensepost training | orange cyberdefense Tracks: Mobile, PenTesting Format: 2 Day Trainings Skill Level: Beginner/Intermediate Experience: In-Person The course is created by hackers for hackers looking to take over the mobile application hacking world! Through this course we will show you how to do mobile assessments from absolute scratch. We will show you all of the basic concepts and tools required to perform meaningful mobile assessments which will add value to your customer's mobile offerings. The course consists of two days of which 60% is practical. Designed, developed and delivered by the team behind one of the most commonly used mobile application hacking tools known as Objection. We will give you a solid foundation so you can build a castle if you wish to. We will cover Android and iOS with a playground of apps that you can hack to your hearts content. The course is structured to make use of emulators, so you don't even need physical devices to take part in the course. Key Take-Aways: * Form a base understanding of the mobile application hacking industry * Build up a solid methodology and skill-set to assess and break mobile applications built for iOS and Android * Understand the required testing environment and tools required to make mobile app hacking fun and exciting Join us and hack some mobile apps! Learn More EARLY $4,000 ENDS MAY 24 Applied Data Science and Machine Learning For Cybersecurity Location: TBD gtk cyber Tracks: AI, ML, & Data Science, Defense Format: 2 Day Trainings Experience: In-Person This interactive course will teach security professionals how to use data science and AI to quickly manipulate and analyze security data. The course will cover the entire data science process from data preparation, exploratory data analysis, data visualization, machine learning, model evaluation and finally, implementing at scale—all with a focus on security related problems. Learn More EARLY $4,000 ENDS MAY 24 Applied Hardware Attacks 2 - Hardware Pentesting Location: TBD joe fitzpatrick & the securinghardware.com team listed on black hat event website Tracks: Hardware, PenTesting Format: 2 Day Trainings Skill Level: Intermediate Experience: In-Person You've learned about JTAG, UART, and SPI in your introductory IOT hacking class, but how does this apply to real world devices you encounter on actual engagements? This course distills the art of hardware hacking the into the science of a standardized penetration testing procedure. We'll analyze how and why hardware hacks belong in scope of certain pen tests, and what that means to threat modeling and deliverables. We'll build upon your basic skills and see how more advanced hardware and firmware analysis tells us more about the software vulnerabilities in a system. We'll prototype some hardware exploits into compelling demos or helpful red-team tools. Learn More EARLY $4,000 ENDS MAY 24 Applied Hardware Attacks 4 – Hardware Implants Location: TBD joe fitzpatrick & the securinghardware.com team Tracks: Hardware, IOT Format: 2 Day Trainings Skill Level: Intermediate/Advanced Experience: In-Person They may not be as small as a grain of rice, but in this two-day course you'll combine hardware hacking with rapid prototyping to build real custom hardware implants. In the span of two days, you will design, build, and program: A hardware man-in-the-middle device A wireless 'tap' for a wired hardware protocol A standalone hardware protocol payload delivery device In order to fit all of that in two days, we'll rely on existing open-source hardware and software that we can customize to fit our needs. We'll bring our portable lab of rapid prototyping mills and printers so that you can assemble and test the devices you design. Learn More EARLY $4,000 ENDS MAY 24 A Practical Approach to Breaking & Pwning Kubernetes Clusters Location: TBD madhu akula Tracks: PenTesting, Risk Format: 2 Day Trainings Skill Level: Beginner/Intermediate Experience: In-Person The adoption of Kubernetes use in production has increased to 83% from a survey by CNCF. Still, most security teams struggle to understand these modern technologies. In this real-world scenario-based training, each participant will be learning Tactics, Techniques, and Procedures (TTPs) to attack and assess Kubernetes cluster environments at different layers like Supply chain, Infrastructure, Runtime, and many others. Some of the things you will be doing in this course: * Exploiting Misconfigurations and private Registries by performing simple Recon * Escaping out of containers to host systems and clusters to gain more access * Escalating privileges, DoS cluster resources, Lateral movement from container * Gaining unauthorized access to namespaces, microservices, data, and logs * Breaking the boundaries of NSP(Network Security Policy), RBAC, Profiles * Defense evasion techniques & Persistence in Cluster Environments * Bypassing the solutions like Policy Engines, Resource limits, and Controls * Evaluating the cluster security using CIS benchmarks and Cluster Audits to find all possible risks Also, the trainer will provide a step-by-step guide(Digital Book) with resources and references to further your learning. Learn More EARLY $3,800 ENDS MAY 24 Astute AWS/Azure/GCP Cloud Red Team: It's Raining Shells! - 2025 Edition (2 Day) Location: TBD ultraviolet cyber Tracks: PenTesting, Network Format: 2 Day Trainings Skill Level: Intermediate Experience: In-Person Stay frosty within AWS, Azure, & GCP environments with this fast-paced and hands-on course which teaches each participant the Tactics, Techniques, and Procedures (TTPs) needed to infiltrate and expand access within cloud platforms. In this course you will: * Exploit serverless (e.g. Lambda, Azure Functions) applications for initial access into targets. * Pivot between data and control planes to expand access (e.g. collecting secrets, snapshots) * Evade and disrupt cloud logging platforms (e.g. CloudTrail) to remain undetected. * Breach and backdoor boundaries (e.g. VPCs) to access hard-to-reach systems. * Expanding access within Kubernetes (K8s) envs (e.g. GCP bypass of metadata protections) Compete throughout the course in our hands-on Capture the Flag (CTF) tournament! Learn More EARLY $3,900 ENDS MAY 24 Attack and Defend Android Applications (Virtual) Location: TBD cyfinoid research Tracks: Mobile, Defense Format: 2 Day Trainings Experience: Virtual This course focuses on the Android application ecosystem covering both the offense & defense of the application development process. We start with attacks, covering various possible attacks on Android applications. Then we provide solutions to various challenges routinely encountered by Android security engineers and pen testers: * Traffic interception (HTTP/HTTPS/web socket/non-HTTP) * Root detection bypass * Static & dynamic analysis * Perform dynamic instrumentation (Frida / Magisk) * Analyzing non-Java/ Kotlin apps (React Native, Xamarin and Flutter) Next, we shift gears and focus on defending the applications, and major areas covered are: * Application Threat Modeling * Identifying weaknesses * Adding Security into CI / CD Pipeline for the application * Analysis of the results * Defense in Depth Design Techniques The aim is not to create a "zero to hero" experience, but to provide a methodical approach with which the participants could perform any Android application assessment. We provide students with access to learning portals, cloud VM's, a soft copy of slides, detailed answer sheets as well as AMI's to continue learning after class. Learn More EARLY $3,800 ENDS MAY 24 Automating Security with Open Source Location: TBD threat intelligence pty ltd Tracks: Defense, Forensics Format: 2 Day Trainings Skill Level: Beginner/Intermediate Experience: In-Person The security industry is running fast towards security automation to increase the capability and capacity of security teams so they can effectively and efficiently stay on top of the constantly evolving threats, attacks, and security breaches that occur every day! Learn how to implement streamlined security operations and help prevent breaches through security automation, including: * Automated Intelligence Collection and Analysis * Automated Vulnerability Identification and Penetration Testing * Automated Security Monitoring and Incident Response * Automated Security Infrastructure Orchestration and Integration * Automated Chaining of Security Capabilities * Automated Security Notifications Get ahead of the hackers and start automating the protection of your organisation now! Register now to secure your spot! Learn More EARLY $3,800 ENDS MAY 24 Basic Web Hacking - 2 Day Location: TBD tom large / notsosecure Tracks: AppSec, PenTesting Format: 2 Day Trainings Experience: In-Person This is an entry-level web application security testing course and a recommended pre-requisite course before enrolling for our "Web Hacking Black Belt Edition" course. This foundation course of "Web Hacking" familiarizes the attendees with the basics of web application and web application security concerns. Several tools and techniques, backed up by a systematic approach on the various phases of hacking will be discussed during this 2-day course. If you would like to step into a career of Ethical Hacking / Pen Testing with the right amount of knowledge, this is the right course for you. This course familiarizes the attendees with a wealth of tools and techniques required to breach and compromise the security of web applications. The course starts by discussing the very basics of web application concepts, and gradually builds up to a level where attendees can not only use the tools and techniques to hack various components involved in a web application, but also walk away with a solid understanding of the concepts on which these tools are based. The course will also talk about industry standards such as OWASP Top 10 and PCI DSS, which form a critical part of web application security. Numerous real-life examples will be discussed during the course to help the attendees understand the true impact of these vulnerabilities. Learn More EARLY $3,800 ENDS MAY 24 Black Hat Cryptography: Attacks, Tools & Techniques for Security Professionals Location: TBD ruben gonzalez Tracks: PenTesting, Crypto Format: 2 Day Trainings Skill Level: Beginner/Intermediate Experience: In-Person Crypto-related vulnerabilities are super common! OWASP even ranks "Cryptographic Failure" as the second most common security vulnerability class in software. Yet, very often these vulnerabilities are overlooked by developers, code auditors, blue teamers, and penetration testers alike. Because, let's face it: Nobody knows how cryptography works. This course turns you into a powerful weapon. It will teach you how applied cryptography is commonly misused in the field and how this leads to exploitable bugs. Using case studies from our own pentesting and red teaming engagements, we'll introduce core concepts of applied cryptography and how they fail in practice. During the course you'll: * Understand how modern cryptography works * Find common crypto vulnerabilities in real software * Write crypto exploits for real software (and an IoT device) At the end of the course you'll be able to spot an exploitable crypto bug from miles away (and be able to avoid them yourself)! No prior knowledge required. Learn More EARLY $3,800 ENDS MAY 24 Black Hat Machine Learning Location: TBD nvidia Tracks: AI, ML, & Data Science, PenTesting Format: 2 Day Trainings Skill Level: Intermediate/Advanced Experience: In-Person Machine Learning technologies continue to improve and expand into new areas at a blistering pace: from driving cars to detecting cancer, defending networks to analyzing the human genome, writing code, generating synthetic artwork, flying drones, and more. With this success, ML is starting to receive scrutiny from regulators, security teams, and hackers across all industries. ML Systems represent a new attack surface and bring up genuine security concerns. In this training, students will explore the security risks and vulnerabilities that adopting machine learning might expose you to. This course will provide students with a realistic environment and methodology to explore the unique risks presented by the use of ML in today's environments. Students will leave equipped to assess the threat model, vulnerabilities, and attack surface of ML systems. Learn More EARLY $3,800 ENDS MAY 24 Cloud Security Hands-On (CCSK+) for Azure Location: TBD securosis Track: Defense Format: 2 Day Trainings Skill Level: Beginner Experience: In-Person This course provides a solid foundation in cloud security, including 50% of hands-on labs in AWS to apply the principles in practice. We cover all the material needed to pass the Cloud Security Alliance Certificate of Cloud Security Knowledge (CCSK) exam while adding a pragmatic approach to immediately kick-start your cloud security projects. This class has been updated to align with version 5 of the CSA Guidance. Learn More EARLY $4,000 ENDS MAY 24 Cognitive Security: Preparing for Cyber Deception Through Synthetic Media Attacks Location: TBD psyber labs, llc Tracks: Human, Defense Format: 2 Day Trainings Experience: In-Person Threat actors are rapidly moving beyond traditional cyber-attacks by leveraging generative AI and synthetic media to carry out cognitive warfare and cyber deception tactics against their victims. Extorting high net worth individuals in deepfake virtual kidnapping scams, disseminating disinformation by impersonating well-established brands, and spoofing the voices of executives to convince employees to transfer funds to illegitimate accounts; are just a few examples of tactics already observed in the wild. You will leave this course with the tools and training required to integrate deepfakes and synthetic media into your red team assessments, be able to conduct cyber threat assessments, and practice developing mitigation strategies to reduce potential harm from these attacks. By engaging with attacks from both the offensive and defensive perspectives you will gain a deep understanding of the critical factors that differentiate highly sophisticated attacks from mediocre attempts. Learn More EARLY $3,800 ENDS MAY 24 Defeating Microsoft's Default Bitlocker Implementation Location: TBD popp schweiz ag Tracks: Forensics, Hardware Format: 2 Day Trainings Skill Level: All Experience: In-Person This training guides you through the whole process involved for a successful BitLocker TPM bus sniffing attack. Within two days you will be given the necessary knowledge about micro soldering, notebook internals, TPM basics, logic analyzers, basic forensic data acquisition and some BitLocker theory. In the end you will not just be able to conduct the attack against a test notebook which you can take home, but also fully understand what you are actually doing and applying it to your devices. Learn More EARLY $3,800 ENDS MAY 24 Defending Enterprises - 2024 Edition Location: TBD in.security Tracks: Defense, PenTesting Format: 2 Day Trainings Experience: In-Person Updated for 2024, our immersive 2-day Defending Enterprises training is the natural counterpart to our popular Hacking Enterprises course. You'll play a SOC analyst in our Microsoft Sentinel cloud-based lab and try to rapidly locate IOA's and IOC's from a live enterprise breach executed by the trainers in real-time. Whether you're new to Kusto Query Language (KQL) or a seasoned pro, there's plenty for you in the 2-days! Yes, we're using Microsoft Sentinel, but the underlying threat detection theory, logic and threat hunting approach is transferable into your own environments, whatever your preferred platform. We look at the top 10+ methods we use in offensive engagements and show how these can be caught, along with numerous other examples and methods that go above and beyond these common TTPs! With 14 hands-on exercises you'll gain real-world experience in the following areas: * MITRE ATT&CK, CAR and D3fend frameworks * Introduction to Kusto Query Language (KQL) * Reviewing popular phishing attacks and living off the land techniques * Locating C2 traffic and beaconing activity * Digging into credential exploitation (Pass-the-Hash, Pass-the-Ticket, Kerberoasting, Azure Managed Service Accounts, DCSync) * Reviewing Active Directory Certificate Services (ADCS) attacks * Identifying lateral movement (WMIC, WinRM, MSSQL, SMB) * Catching data exfiltration attempts (ICMP, DNS) * Detecting persistence activities * + much more! We know 2 days isn't a lot of time, so you'll also get 14 days FREE lab time after class and Discord access for support. Learn More EARLY $3,900 ENDS MAY 24 DevSecOps Masterclass: AppSec Automation Edition Location: TBD appsecengineer Tracks: AppSec, Defense Format: 2 Day Trainings Experience: In-Person DevOps has changed the way we deliver apps. However, security remains a serious bottleneck, especially Application Security. This is largely due to the speed of innovation in DevOps, contrasted with the escalating attacks against Applications. The training is based on our 4.9/5 Rated DevSecOps Masterclass at Blackhat. The training is a hardcore hands-on journey into: Hands-on SAST for Apps and Infrastructure-as-Code, with a focus on Semgrep and CodeQL. Develop Custom SAST rules like a bawse! Supply-Chain Security Automation: SBOMs, Source Composition Analysis and Security Engineering techniques Assurance and Provenance for artifacts. Mastery over Cosign and SLSA for Supply-Chain Provenance DAST Automation and Security Regressions with ZAP and Nuclei. Policy-As-Code: Leverage Open Policy Agent (OPA) with use-cases from API Access Control to OS Policy Controls. Participants get 2 months of access to our online lab environment for DevSecOps training Learn More EARLY $4,000 ENDS MAY 24 Elite Web Application Hacking Location: TBD sensepost | orange cyberdefense Tracks: PenTesting, AppSec Format: 2 Day Trainings Skill Level: Intermediate/Advanced Experience: In-Person In an era where digital landscapes evolve, mastery of advanced web application security is imperative for seasoned developers, pentesters and red-teamers alike. This course builds upon existing knowledge, elevating your expertise in web application hacking through sophisticated attacks and hands-on challenges. As the digital ecosystem continues to advance, web applications become increasingly intricate, demanding a higher level of proficiency in securing them against sophisticated threats. This course is crafted to equip you with more advanced skills to identify, assess, and exploit web applications through complex vulnerabilities and approaches. Key Points: * Master complex web security concepts, building on foundational knowledge. * Engage in advanced hands-on exercises simulating real-world challenges. * Hone skills in conducting thorough risk assessments for strategic decision-making amid intricate security challenges. This course is tailored for individuals with a solid foundation in web application security. Whether you're an experienced cybersecurity practitioner seeking to enhance your skill set or a seasoned developer aiming to deepen your security expertise, this course provides a strategic and hands-on approach to mastering the nuances of advanced web application hacking. Learn More EARLY $4,100 ENDS MAY 24 Fundamentals of Industrial Control Systems (ICS) Security Location: TBD mandiant (now part of google cloud) Track: ICS Format: 2 Day Trainings Skill Level: Beginner Experience: In-Person This course provides IT security professionals and ICS/OT engineers interested in ICS/OT security with the fundamental knowledge and skills required to build and expand an ICS/OT security team. Learners will become familiar with ICS/OT security concepts, secure architecture, threat models and ICS/ OT security standards and best practices. The course will also discuss today's security trends and the current threat landscape. Throughout the course, exercises and demonstrations inspired by actual cases and incidents in the ICS world will enable learners to advance their knowledge in their day jobs. Learn More EARLY $4,000 ENDS MAY 24 Going beyond shells! - Hacking AWS, Google Cloud, DigitalOcean and Aliyun (Virtual) Location: TBD cyfinoid research Tracks: PenTesting, AppSec Format: 2 Day Trainings Experience: Virtual A fast paced, scenario driven hands-on training built on real world Detection, Identification and Exploitation of services and assets in AWS, Google Cloud, DigitalOcean and Alibaba Cloud. The training will take students through automated infrastructure creation, security configurations and their abuses that will allow them to go beyond the standard shells that attackers aim for. Learn More EARLY $3,800 ENDS MAY 24 Hacking Bureaucracy Location: TBD kopidion Track: Human Format: 2 Day Trainings Skill Level: Intermediate Experience: In-Person Bureaucracies didn't start out as soul-crushing obstructions to innovation and agility, but you can't escape them today. Whether you're in government, industry, school, or an independent practitioner, you face relentless bureaucracies that impede progress, destroy morale, and frustrate security. Not taught in schools or other institutional learning facilities, this course plays to the puzzle-solving superpowers of the hacker mindset. Come learn how to achieve your personal and organizational goals effectively and legally, by hacking the system. Learn More EARLY $3,800 ENDS MAY 24 Hacking Cybersecurity Leadership: An Interactive Training to Strengthen Skills for Leading Teams & Multi-Team Systems Location: TBD multiteam solutions Tracks: Human, Defense Format: 2 Day Trainings Experience: In-Person This 2-day, highly interactive course is designed for cybersecurity professionals currently in a role leading a team within a multi-team system (e.g., team lead) or leading an entire multi-team system (e.g., CISO). The training provides participants a chance to familiarize with and practice using 10 analog leadership tools designed to strengthen soft skills to support and motivate individuals, teams, and multi-team systems. The training, which acts as a sandbox, is built on social-behavioral research of CSIRTs and SOCs that was funded by the US and European governments, is assured by the UK NCSC, and will be delivered through expert-facilitated exercises. The exercises are not cybersecurity specific, which allows participants to disrupt their normal, routine ways of leading and open up to the possibilities for growth and change as leaders. The tools readily allow for the concrete transfer of knowledge and soft skills from the training back into the workplace. Learn More EARLY $3,800 ENDS MAY 24 Hacking Enterprises - 2024 Red Edition Location: TBD in.security Tracks: PenTesting, Network Format: 2 Day Trainings Experience: In-Person Updated for 2024, our Hacking Enterprises training is the natural counterpart to our popular Defending Enterprises course. In this multi-layered offensive engagement, you will fully compromise a simulated enterprise in this immersive hands-on course that covers a multitude of TTP's. Targeting modern operating systems including Windows 11, you'll use modern techniques and focus on exploiting configuration weaknesses rather than throwing traditional exploits. Logical thinking and creativity will definitely be put to the test! You will work to get initial access in a fictional organisation where multiple networks exist, some easily accessible, others not so. You'll implant and establish C2, but manual techniques will always be emphasised so you're equipped with the knowledge to work without reliance on frameworks. Course content has been designed to reflect real-world challenges and you'll perform numerous hands-on exercises including executing exploitative phishing campaigns against our simulated users for initial access, finding new networks that in turn bring new challenges including IPv6 exploitation, subverting AMSI and AWL, credential harvesting, passphrase cracking, pivoting, lateral movement, ADCS abuse, userland and privileged persistence via OOB channels and much more! With 14 hands-on exercises you'll gain real-world experience in the following areas: * IPv6 discovery, enumeration and exploitation * Pivoting, routing, tunnelling and SOCKS proxies * C2 infrastructure and beacon deployment * Exploitative phishing * Privilege escalation and credential harvesting * P@ssphras3 cracking * Bypassing AWL * Active Directory Certificate Services (AD CS) abuse * Lateral movement for domain trust exploitation * Out of Band (OOB) data exfiltration * + much more! We know 2 days isn't a lot of time, so you'll also get 14 days FREE lab time after class, Discord access for support and access to a post-training CTF containing hosts and networks not seen during training! Learn More EARLY $3,900 ENDS MAY 24 Hack in the Block: Down and Dirty Location: TBD nadir akhtar and anto joseph Tracks: AppSec, Crypto Format: 2 Day Trainings Experience: In-Person Blockchains are both a blessing and a curse for the same reason: immutability. The permanence of change means that any mistake cannot be undone. Thus, writing code that lives on a blockchain requires deep knowledge and rigorous examination to protect against critical failures. This course builds upon the previous Beginner class to teach advanced exploitation techniques for mission-critical blockchain applications, such as Dapps, by teaching you the newest and deepest parts of blockchains and smart contracts. We will dive into a number of specialized blockchain verticals, such as zero knowledge (ZK) cryptography, MEV, formal verification, scaling architectures like Optimistic and ZK rollups, and advanced smart contract architectures. We'll provide and walk through a number of in-depth labs, drawing directly from real-life hacks that have impacted users for hundreds of millions of dollars, to demonstrate how to detect, exploit, and prevent these attack scenarios. Learn More EARLY $4,000 ENDS MAY 24 Hands-On Hacking Fundamentals - 2024 Edition Location: TBD sensepost training | orange cyberdefense Tracks: PenTesting, Network Format: 2 Day Trainings Skill Level: Beginner Experience: In-Person Start your journey into information security with a hands-on course that will expose you to the technical fundamentals of penetration testing and security practises in the realms of networking, infrastructure, web applications and wireless technologies. Key Points: * How to think like a hacker * Finding vulnerabilities and exploiting them * How to approach a pentesting methodology in real-world scenarios This is an introductory course for those starting the journey into penetration testing or those working in environments where understanding how hackers think and the tools, tactics and techniques they use are of the essence. Learn how to attack, and utilise the concepts to enhance your defensive understandings. The course presents the background information, technical skills, and basic concepts required to those desiring a foundation in the world of information security. By the end of the course, you will have a good grasp of how vulnerabilities and exploits work, how attackers think about networks and systems and have compromised several of them, from infrastructure, and web applications to Wi-Fi. This course aims to expose you to the methodologies used by active penetration testers on their day-to-day journey with clients and assessments. Join us and hack hard! Learn More EARLY $4,000 ENDS MAY 24 Implementation of Telco Networks for Pentesters: 2G, 4G and 5G Location: TBD ethon shield Tracks: Mobile, Network Format: 2 Day Trainings Skill Level: Intermediate/Advanced Experience: In-Person This course allows a pentester or researcher to learn how to implement on a single computer 2G, 4G and 5G SA and NSA mobile networks only with an Ettus SDR device. He will learn how to install the necessary SW, configure the tools, basic notions about the architecture and protocols of each technology, configure his programmable SIM card and finally connect a mobile device to these networks to perform tests such as traffic interception, analyze how to perform a downgrade attack, play with encryption or authentication algorithms. Do you want to go through this world with professionals who will help you to understand and implement these networks on your computer? Learn More EARLY $4,100 ENDS MAY 24 IntelTechniques 2-Day OSINT Training Location: TBD inteltechniques Tracks: Human, PenTesting Format: 2 Day Trainings Skill Level: All Experience: In-Person The IntelTechniques open source intelligence course provides the tactics, tools, and workflow necessary for developing actionable intelligence from various online data sources and social media platforms. The curriculum is built around developing an efficient process that consistently produces a professional intelligence product. Instructors will demonstrate the latest methods for triage, research, capture, analysis, documentation, and presentation. The class will be provided with custom tools, scripts, and a series of practical exercises. Learn the most current tactics by watching experienced investigators work through live scenarios, with a focus on workflow and methodology. Included in this course: * 25 modules taking you from beginner to advanced OSINT tactics * 60-day access to 100+ hours of IntelTechniques video training content * 700+ page digital handbook and over a dozen report templates * Custom OSINT toolset * Build a custom OSINT virtual machine * New tactics for leak/breach/stealer-log data acquisition, analysis, and implementation * 200+ practical exercises in an online CTF format Learn More EARLY $4,000 ENDS MAY 24 Intermediate RF Reverse Engineering with SDR Location: TBD paul clark Tracks: Wireless, IOT Format: 2 Day Trainings Skill Level: Intermediate Experience: In-Person Learn to build more powerful digital radios, controlled by a combination of GNU Radio and Python. Then use these tools to reverse engineer digital radios with SDR! This is no lecture-based course, but one built on 19 different RF reverse engineering projects. You'll practice on a mix of simple systems, which you'll fully reverse, and on individual steps of more complex reversing projects. When you're done you'll understand how to identify unknown modulation schemes, determine signal timing, use statistical methods to identify bit functions, and reverse error checking. We'll also cover a number of reversing best practices along the way. Learn More EARLY $3,800 ENDS MAY 24 iOS Threat Hunting Location: TBD matthias frielingsdorf Tracks: Mobile, Malware Format: 2 Day Trainings Skill Level: Intermediate Experience: In-Person Since 2016 Pegasus is well known in the industry as the prime example for mercenary spyware targeting iOS devices. But did you know about Quadream's Reign, Cytrox's Predator, Tykelab's Hermit, Candiru or Operation Triangulation? This new and innovative training will enable you to detect a wide variety of iOS Malware. Our forensic-based approach will provide you with a deep understanding of the forensic artifacts left behind by these malware samples and how to detect them through various techniques. Through a combination of hands-on exercises and expert-led sessions, you will develop the skills and knowledge necessary to become a proficient iOS Threat Hunter. Join us in this unique training opportunity that has not been offered before and gain valuable insights into the world of iOS Malware detection and forensics. Learn More EARLY $3,800 ENDS MAY 24 IoT and Embedded Device Exploitation Location: TBD loudmouth security Tracks: IOT, Hardware Format: 2 Day Trainings Skill Level: Beginner/Intermediate Experience: In-Person In the rapidly evolving landscape of the Internet of Things (IoT), understanding the security vulnerabilities and exploitation techniques of IoT devices has become crucial for cybersecurity professionals. This course aims to equip participants with the skills and practical knowledge to find vulnerabilities in IoT devices. Participants will gain hands-on experience in IoT hardware debugging, memory extraction, firmware analysis and bug hunting using a custom-built IoT device and firmware based on real-world examples. In addition, this course will introduce participants to device emulation and wireless communications in IoT devices, with hands-on labs to put the knowledge into practice. This course bridges multiple disciplines within cybersecurity, including application security, operating system penetration testing, wireless signal analysis, and embedded hardware security. It is designed to empower professionals to perform penetration testing of IoT devices, ensuring they are equipped with the knowledge and experience to find and exploit vulnerabilities in them. Learn More EARLY $3,800 ENDS MAY 24 Malware Detection and Triage with Volatility 3 Location: TBD andrew case and dave lassalle Tracks: Forensics, Malware Format: 2 Day Trainings Skill Level: Intermediate Experience: In-Person Memory forensics—the analysis of volatile memory (RAM)—is an extremely powerful technique for detecting and triaging modern malware. Memory forensics is often a critical component of modern incident response due to the frequent use of memory-only payloads and rootkits that bypass modern EDRs, hide from live analysis tools, and often leave no file system artifacts. Memory analysis reconstructs system state without relying on operating system APIs, allowing it to both detect modern malware and provide automated triage results. In this course, a mix of lectures and hands-on labs provides students with the knowledge and experience necessary to perform real-world incident response using memory analysis for detection and hunting of sophisticated malware on Windows 10+ systems. The course is taught by two core developers of Volatility 3, the exciting new version of the world's most widely used memory analysis framework, and provides early access to upcoming capabilities. Learn More EARLY $3,800 ENDS MAY 24 Malware Detection in the AI Era: Attacks and Defenses on Machine Learning Classifiers Location: TBD dmitrijs trizna and luca demetrio Tracks: AI, ML, & Data Science, Malware Format: 2 Day Trainings Skill Level: Beginner/Intermediate Experience: In-Person Endpoint Detection and Response (EDR) systems and Antivirus (AV) solutions have incorporated machine learning (ML) as core components of their decision-making processes. However, the integration of ML has introduced new vulnerabilities, rendering these systems susceptible to specific types of attacks that can weaken their effectiveness. In this course, participants will first gain a comprehensive understanding of how machine learning models can perform the task of malware detection in both static and dynamic settings, and they will use techniques that explain their behavior. Furthermore, we will introduce the concepts of Adversarial Machine Learning, the field of science that formalizes the presence of an adversary whose intent is the exploitation of AI models. Attendees will first learn and then execute known adversarial strategies designed to compromise ML malware classifiers under different threat models. Lastly, we will show how these attacks can be limited, by discussing recent advancements in research of defensive mechanisms. Learn More EARLY $3,800 ENDS MAY 24 Malware Hunting & Digital Forensics Location: TBD paula januszkiewicz, ceo and cybersecurity expert; dr. mike jankowski-lorek, director of consulting and cybersecurity expert Track: Malware Format: 2 Day Trainings Experience: In-Person Are you tired of constantly reacting to malware attacks? Take control with our Advanced Malware Hunting course! In this deep-dive training, you'll learn the latest techniques and capabilities of malware, as well as practical methods for preventing, detecting, and responding to malicious code. Our expert instructors will guide you through real-world scenarios, showing you how to analyze malware, identify vulnerabilities, and build robust defenses that protect your organization's infrastructure. By the end of this course, you'll have a comprehensive understanding of malware and its behaviors, as well as a toolbox of proven techniques for securing your network, endpoints, and data. Whether you're an IT professional, security analyst, or malware researcher, this course will give you the skills and knowledge you need to stay one step ahead of the cybercriminals. Learn More EARLY $3,800 ENDS MAY 24 Military Strategy and Tactics for Cybersecurity Location: TBD kopidion Tracks: Defense, Human Format: 2 Day Trainings Skill Level: Intermediate/Advanced Experience: In-Person Air, sea, land, space, and now cyber. Cyberspace has been named an operational domain by the U.S. Department of Defense. This designation and subsequent application of U.S. doctrine to cyberspace operations has shed light on new tactics and techniques for network defense based on military doctrine developed over millennia; techniques you can use now to improve the defense of your network. This course will introduce you to the intricacies of this complex new landscape through discussion and hands-on exercises developed by career Army officers with a combined 50+ years of experience. Learn More EARLY $3,800 ENDS MAY 24 Offensive AI for Red Team Operations Location: TBD invokesec Tracks: AI, ML, & Data Science, PenTesting Format: 2 Day Trainings Skill Level: All Experience: In-Person You're stuck. Traditional offensive methodology has led to failure or detection. Your red team is at a stand-still. Offensive AI for Red Team Operations is a cutting-edge course built for hands-on offensive security engineers looking to operationalize AI for more efficient, stealthy, and fast-paced operations. Proactive defenders will also feel right at home as they build AI-enhanced cyber-operation tool chains and pipelines. The course kicks off with a technical primer on AI, tailored for offensive cybersecurity applications. Participants will dive into the mechanics of AI models and how they can be repurposed for cyber-attack methodologies. Moving beyond the basics, the course delves into advanced AI-driven attack vectors. It provides in-depth coverage of techniques such as AI-powered phishing, AI model exploitation, as well as the customization of AI models to facilitate more effective operations. Course content is designed to provide hands-on experience and tooling to drive the future of AI-enhanced operations. Learn More EARLY $3,900 ENDS MAY 24 Offensive Hardware Hacking Training Location: TBD whid - we hack in disguise Tracks: Hardware, IOT Format: 2 Day Trainings Skill Level: Beginner/Intermediate Experience: In-Person The Offensive Hardware Hacking Training is a hands-on course designed to fulfill the skills gap that in the recent years emerged within the InfoSec scene in respect of the (I)IoT landscape. In it, students will be able to gather the needed theoretical knowledge and practical skills to engage with confidence hardware security audits involving those devices, that started to flood both consumer and corporate markets. The course is structured to be accessible to both junior and senior security personnel: it goes from a generic panoramic of the theory behind electronics, protocols, memories, microprocessors & tools-of-the-trade; then proceeds deeper into the topics by reviewing various TTPs. Moreover, the students' workbook contains more than 40 practical exercises involving real hardware devices and will allow each student to physically work on them during the training AND also to bring it at home together with their own first HW Hacking Lab Kit worth around 300 USD. For more info, check the following videos: 1. https://www.youtube.com/watch?v=zbUuBZJIHkE 2. https://www.youtube.com/watch?v=VpHBMELQmnk Learn More EARLY $3,900 ENDS MAY 24 Open Source Intelligence Tools & Techniques Location: TBD mandiant (now part of google cloud) Tracks: Defense, Risk Format: 2 Day Trainings Skill Level: Beginner Experience: In-Person This two-day foundational level course is designed to teach intelligence analysts the fundamentals of open source intelligence (OSINT) tools and techniques. Students will employ a 3 Phase Branching Model across a multitude of use cases to conduct investigations. They will also use popular tools such as Virus Total and Google to drive these investigations to completion. Learn More EARLY $4,000 ENDS MAY 24 Patch Diffing In The Dark: Binary Diffing For Vulnerability Researchers and Reverse Engineers Location: TBD john mcintosh Tracks: Forensics, AppSec Format: 2 Day Trainings Skill Level: All Experience: In-Person Every day, a new CVE or blog post is published detailing a critical vulnerability. Often, we know about a vulnerability but feel like we don't have the skills or time to understand its root cause. What if you could change that by learning a new skill that would guide you towards understanding modern vulnerabilities? The goal of this course is to teach participants how to use patch diffing techniques to analyze real-world vulnerabilities in Windows and Android. You will use open-source tools like the Ghidra SRE framework to reverse engineer the latest CVEs and discover that you already have the information and tools needed to get started. This course will help you develop the confidence and competence to tackle complex vulnerabilities. If you feel like you are always "in the dark" about the latest CVE and want to take a step towards the light (understanding), this course is for you. Learn More EARLY $3,800 ENDS MAY 24 Payment Systems: The Art of Analyzing Mag-stripe, Tokenization, NFC and EMV Technologies Location: TBD metabase q Tracks: PenTesting, Defense Format: 2 Day Trainings Skill Level: Beginner/Intermediate Experience: In-Person Payment Systems training offers a holistic approach to understanding and mastering the intricacies of various banking data formats such as EMV, NFC, Tokenized, and Magstripe. Instead of merely concentrating on specific tools, our emphasis is on the underlying methodologies and communication protocols. This approach ensures a more profound and enduring grasp of the subject matter. The training is meticulously structured around different technologies and their respective communication protocols. This division facilitates an easier and more comprehensive understanding, enabling participants to effectively conceptualize techniques. Our intensive hands-on sessions are designed to immerse students in real-world scenarios that center on EMV standards. This not only provides a practical perspective but also challenges them to discern how malicious entities might navigate, exploit, or bypass security mechanisms within payment systems. Furthermore, participants will gain insights into the countermeasures implemented across various technologies, ensuring that they are well-equipped to anticipate and address potential vulnerabilities. Learn More EARLY $3,800 ENDS MAY 24 Pentesting SAP Applications Location: TBD yvan genuer Tracks: PenTesting, AppSec Format: 2 Day Trainings Skill Level: Intermediate Experience: In-Person This highly-practical course will teach attendees not only the fundamentals on how to pentest SAP systems, but also the latest techniques and procedures. Students will be guided through a variety of scenarios designed to walk them through all the phases involved in an SAP penetration testing: * Landscape discovery * System mapping * Vulnerability assessment * System exploitation * Privilege escalation * Lateral movement Attendees will start from a black-box perspective and end up digging in the heart of the system learning how to spot and leverage most common misconfigurations and vulnerabilities. Common attack patterns and high impact vulnerabilities will be analyzed, along with brand new techniques to escalate privileges, establish persistence and move laterally across the landscape. No previous SAP experience required. Learn More EARLY $3,800 ENDS MAY 24 Practical Drone Hacking - Zero to Hero (Intensive) Location: TBD captain kelvin and boris so (pilot owl) Tracks: Hardware, Wireless Format: 2 Day Trainings Experience: In-Person Advancements in UAV technology are opening new opportunities and applications in various fields of life. However, these advancements are also causing new challenges in terms of security, adaptability, and consistency. Especially the small drones are even suffering from architectural issues and the definition of security and safety issues. In this course, a programable small drone will be provided to learn the common drone attack vectors and hacking skills. Learn More EARLY $3,800 ENDS MAY 24 Practical Mobile Application Exploitation iOS & Android - 2024 Edition (Virtual) Location: TBD 8ksec Tracks: AppSec, Mobile Format: 2 Day Trainings Skill Level: Beginner/Intermediate Experience: Virtual After running sold-out training at multiple conferences over the last few years, we are back with an updated version of our course which now covers ARM64, iOS & Android Internals, and detailed Mobile apps and operating system security. The class starts with a basic introduction to the ARM instruction set and calling conventions followed by some reverse engineering exercises. We then learn how to craft simple exploits for the ARM64 environment. The training will be based on exploiting Damn Vulnerable iOS app, Android-InsecureBankv2, InsecurePass and a wide range of real-world application vulnerabilities in order to give in-depth knowledge about the different kinds of vulnerabilities in Mobile applications. After the workshop, the students can successfully audit and secure applications running on iOS/Android operating systems, as well as get a better understanding of their Internals. Students will learn how to use Frida, a dynamic instrumentation framework, for doing vulnerability research. Slides, Custom scripts, Videos, VM and detailed documentation on the labs will be provided to the students for practice after the class. Corellium access will be provided to students during the training course. Students will be provided access to a Slack channel where the trainers will help prep them for the class, and the students can retain access to it for the foreseeable future. Slides, videos, and detailed documentation on the labs will be provided to the students for practice after the class. Corellium access will be provided to students during the training course. Learn More EARLY $3,800 ENDS MAY 24 Pragmatic API Exploration Location: TBD sensepost | orange cyberdefense Tracks: AppSec, Defense Format: 2 Day Trainings Skill Level: Beginner Experience: In-Person Embark on a learning journey to explore the art of attacking and securing Application Programming Interfaces (APIs) with our comprehensive API course. As API usage grows, so does the threat landscape for organisations. This practical-driven training will equip you to conduct impactful penetration tests on API implementations and further your understanding on how to mitigate the majority of vulnerabilities. Explore modules covering API fundamentals, engagement strategies, attack surface enumeration, and demystifying the OWASP Top 10 for APIs. Delve into additional focus areas such as logging, monitoring, injection attacks, and securing Azure API implementations. Gain practical experience in exploiting vulnerabilities on RESTful APIs and GraphQL, culminating in a thrilling Capture the Flag challenge. Join us, hack hard and make APIs safe Learn More EARLY $4,100 ENDS MAY 24 Python Hacker Bootcamp: Zero to Hero Location: TBD snowfensive Tracks: PenTesting, Defense Format: 2 Day Trainings Skill Level: All Experience: In-Person Scripting and automation have become standard requirements for cybersecurity professionals. However, learning how to program is challenging for many. Many people give up learning this skill because they may need to learn how to start, find programming books confusing, or the examples taught in online classes don't apply to their use cases. If you want to learn how to program Python to automate tasks, increase accuracy, and become more marketable in the workforce, this course is for you. This course was designed to follow a hacker's methodology of programming. Instead of learning formal programming practices that you'll never use (we're looking at you bubble sort), this course focuses on core concepts taught using information security-centric projects. The hands-on labs, which accompany the practical application lectures, focus on solving commonplace and real-world security challenges. The labs have been designed to apply to information security professionals. Join us for a fun, fast-paced bootcamp to take you from zero to hero! Learn More EARLY $4,000 ENDS MAY 24 Reverse Engineering Firmware with Ghidra Location: TBD eric evenchick & tetrel security Tracks: Hardware, IOT Format: 2 Day Trainings Skill Level: Intermediate Experience: In-Person This hands-on course teaches the concepts, tools, and techniques required to reverse engineer firmware and assess embedded devices. To ensure the tools taught are available to all, we will make use of Ghidra, a powerful open-source reverse engineering tool developed by the National Security Agency. Within the two days, you will: Learn general techniques for binary reverse engineering Identify, unpack, load, and analyze various types of firmware into Ghidra Use reverse engineering techniques to find exploitable vulnerabilities in an embedded Linux device Map device vector tables, peripheral memory, and system calls to find exploitable vulnerabilities in a bare-metal device Identify remotely exploitable vulnerabilities in a Bluetooth Low Energy device Learn to use a debugger to assist in reverse engineering Labs attacking an embedded Linux system and a bare-metal Bluetooth Low Energy device will be used to deliver a hands-on experience. You can expect to leave this course with the skills to reverse firmware for a variety of embedded targets. Learn More EARLY $3,800 ENDS MAY 24 Reversing and Exploiting RF with Software-Defined Radio Bootcamp Location: TBD sébastien dudek @ penthertz Tracks: Wireless, Hardware Format: 2 Day Trainings Skill Level: Beginner/Intermediate Experience: In-Person Unleash the power of the impossible with Software-Defined Radio! Numerous wireless devices utilize simple radio protocols for communication. With the appropriate tools, it becomes feasible to intercept, decode, and even replicate or inject these transmissions. Such analysis can unveil critical security vulnerabilities, regardless of whether the device in question is a simple toy, a garage door opener, a wireless intercom, or a sophisticated IoT device. However, before we can uncover these vulnerabilities, it is essential to gain a comprehensive understanding of the data transmission process, including aspects such as modulation, encoding, encryption, and various other mechanisms, but also making the right choices about the hardware to use. This course offers perfect hands-on training for individuals eager to embark on a journey into the realm of Wireless Communication Reverse Engineering. It provides practical examples and invaluable tips to initiate and pursue the field, enabling students to delve into Signal Intelligence (SIGINT), reverse even the most exotic communication protocols, and practice attacking them using the capabilities of Software-Defined Radio. Learn More EARLY $3,800 ENDS MAY 24 Securing the Four C's of A Software Product: AWS Edition Location: TBD rohit salecha Tracks: Defense, AppSec Format: 2 Day Trainings Skill Level: Intermediate/Advanced Experience: In-Person Following a successful MVP demonstration, a startup recently obtained significant funding. The next step involves a soft launch where security poses a crucial challenge. The initial PoC lacks basic security standards needed for customer trust and compliance for ex: secrets are strewn all across the code, everyone is having admin privileges to AWS and Kubernetes, Compute infrastructure is non-compliant and only a basic web application pentest was conducted with very few findings. This scenario inspired creation of 'Securing 4C's of Software Product,' a specialized training program tailored to secure the core pillars of product security: Code, Container, Cluster & Cloud. This training delves deep into key security domains such as Authentication and Authorization in AWS and Kubernetes, Secrets Management & Detection, Supply Chain Security, Container Security, and Static Application Security. It equips attendees with the necessary knowledge to establish robust security protocols, ensuring deployments carry a high level of security assurance. Learn More EARLY $3,800 ENDS MAY 24 Video Preview » Tactical Recon for Pentesters - 2024 Edition Location: TBD redhunt labs Track: PenTesting Format: 2 Day Trainings Skill Level: Beginner/Intermediate Experience: In-Person This 2024 Edition of our Tactical Recon for Pentesting training program not ONLY focuses on OSINT but also focuses on in-depth attack tactics using the information collected in the earlier phases. This course will focus on a wide range of tools and techniques for performing real-world reconnaissance in order to launch targeted attacks against modern and dynamic infrastructures. We will take a deep dive into various modern methodologies for extracting useful information from the internet. Furthermore, we will cover how this extracted information can be used in attack scenarios to get an initial foothold in multiple ways within an organization's network beyond the firewall and further exploit it to gain and maintain elevated access. The course will cover topics like: * Mapping the Modern Attack Surface * Comprehensive Subdomain Enumeration * Exploring Dark Web * Hunting 3rd Party SaaS Apps * Hunting & Attacking API Endpoints * Supply Chain Enumeration & SBOM * Template Based Scanning * Attacks using Recon from Docker Image, EBS volumes, etc. * Exploring Mobile Applications for Attack Chaining * Practical Social Engineering, etc. This 2-day course takes a hands-on approach to indulge the participants in real-world scenarios, simulated lab environments, and case studies to get proficient in techniques and methodologies. Each participant will also be provided ONE MONTH FREE ACCESS to our Hybrid-Cloud Based Private Lab mimicking the modern age infrastructure, as well as decoy accounts and the organization's social presence, where they can practice the skills learned during the course. Learn More EARLY $3,800 ENDS MAY 24 The Shellcode Lab Location: TBD threat intelligence pty ltd Tracks: PenTesting, Malware Format: 2 Day Trainings Skill Level: Intermediate Experience: In-Person The Shellcode Lab is back for its 14th consecutive year Black Hat USA! With feedback like "By far the best course I've taken at Black Hat", this is the training that takes your penetration testing and low-level technical skills to the next level! With 17 multi-part hands-on labs and over 150 slides of hard-core technical content, students start with basic knowledge, and by the end of the first day write their own macOS 64-bit Port Bind shellcode from scratch to remotely compromise a server. In this exciting and hands-on training, you will: * Create custom payloads for: * Linux 32-bit * macOS 64-bit * Windows 32-bit * Windows 64-bit * Make payloads small to fit into more exploits * Implement techniques to avoid bad characters * Integrate your payloads into public exploits * Create a Metasploit Payload Module using your payloads * Compromise machines using your payloads We take your security skills to the next level - fast! Seats go fast. Register now to secure your spot! Learn More EARLY $3,800 ENDS MAY 24 Windows Enterprise Incident Response Location: TBD mandiant (now part of google cloud) Tracks: Forensics, Defense Format: 2 Day Trainings Skill Level: Beginner/Intermediate Experience: In-Person Windows Enterprise Incident Response is an intensive two-day course designed to teach the fundamental investigative techniques and digital forensics skills needed to respond to complex intrusions by motivated and persistent attackers. The class is built upon a series of hands-on labs that highlight the phases of a targeted attack, key sources of evidence, and the forensic analysis know-how required to analyze them. Created and taught by consultants who do this work daily, this class is based on first-hand experience responding to incidents all around the world for major organizations. At Mandiant, we investigate the incidents that matter, and we're bringing that knowledge to the students of this class. Learn More EARLY $4,000 ENDS MAY 24 Windows Instrumentation With Frida Location: TBD ruben boonen Tracks: Forensics, PenTesting Format: 2 Day Trainings Skill Level: All Experience: In-Person Binary instrumentation is an invaluable skill across all platforms, yet it is often under-appreciated on Windows specifically. In this course you will learn how to use the Frida framework on Windows. You will master function hooking and binary instrumentation and apply those skills in a wide variety of scenarios. You'll gain the ability to discover Black Box application functionality using static and dynamic techniques. These learnings will empower you to understand what an application is doing, modify its functionality and augment its operation. This expertise is invaluable in Defence, Offense, and Research. Whether you're aiming to develop a novel detection method, assess the viability of a post-exploitation strategy, or do Windows internals research, this course is designed to equip you with the necessary, real-world, practical, skills. We start from the ground up, assuming no prior knowledge, allowing you to build your capabilities step-by-step. You'll solidify your understanding and gradually refine your skill set, gaining experience that will seamlessly integrate into your professional workflow. Although the primary focus is on native code applications for Windows, the techniques and skills you'll learn are equally applicable to native code applications on other platforms. Moreover, this course also includes some specials learnings and benefits. You will receive a Binary Ninja personal license and will become familiar with the use of Binary Ninja for static analysis. Other domain specific tools are also used extensively, like API Monitor. Learn More EARLY $3,800 ENDS MAY 24 * 4 Day (Sat-Tue) * 802.11 Unplugged: Modern Wi-Fi Hacking Location: TBD sensepost | orange cyberdefense Tracks: Wireless, PenTesting Format: 4 Day Trainings Experience: In-Person If you want to learn how to understand and compromise Wi-Fi networks, this is your course. Key Points: * Foundations of wireless network technologies * How to approach wireless network exploitation when facing obstacles * New approaches and tooling in the Wi-Fi hacking field If you want to really understand what's going on and master Wi-Fi attacks in such a way that you can vary them when you encounter real-world complexities, this course will teach you what you need to know. This course is highly practical, with concepts taught through theory delivered while your hands are on the keyboard, and semi-self-directed practicals at the end of each section to reinforce the learning. The course is hosted in a "Wi-Fi in the cloud" environment we invented several years ago, which means no more fiddling with faulty hardware or turning the classroom into a microwave. Designed, developed and delivered by the team behind some of the most commonly used Wi-Fi hacking tools such as hostapd-mana, berate_ap and wpa_sycophant. This course aims to expose you to the Wi-Fi hacking methodologies used by active penetration testers on their day-to-day journey with clients and assessments. Learn More EARLY $5,100 ENDS MAY 24 Ability Driven Red Teaming Location: TBD egypt & mubix Tracks: PenTesting, Network Format: 4 Day Trainings Skill Level: Intermediate/Advanced Experience: In-Person What sets this course apart is that we focus on explaining the "WHY". Choosing one C2 or technique over another often comes with tradeoffs that might not be obvious at first glance. After a combined 35 years of experience in red teaming and offensive security, egypt and mubix distill their TTPs in everything from building binaries for avoiding antivirus to building your own company for taking over another. Our labs aren't trying to teach you any particular OS, tool, or technique, but rather how to think about those same OSs, tools and techniques, when to use them, and how to assess new ones as the field of infosec changes. Want to learn how to make your tools work overtime for you? This is the place to be. In this course, we will walk you through how we * Build Red Team Infrastructure * Use OSINT to Get Initial Access * Attack Active Directory, including Kerberos, Azure, and SMB * Find Common DevOps vulns * Use Web App attacks that give you shells * Extend Metasploit and other frameworks to do your bidding * Escalate privileges, move laterally (pivoting), & persist on Windows, OSX, and Linux * Avoid common detections for all of the above We'll do the above in a custom-built CTF where you'll pwn a variety of boxes in a variety of environments. Learn More EARLY $5,000 ENDS MAY 24 Abusing and Protecting Kubernetes, Linux, and Containers Location: TBD jay beale, inguardians Tracks: PenTesting, Defense Format: 4 Day Trainings Skill Level: Intermediate/Advanced Experience: In-Person Learn how to attack and defend Kubernetes, Linux and containers from Jay Beale, the creator of Bastille Linux and two Kubernetes security tools: the Peirates attack tool and the Bust-a-Kube CTF cluster. In this fully hands-on course, you'll get a computer to keep, filled with capture-the-flag (CTF) containers and Kubernetes clusters, which you will attack and defend. You'll also get access to our cloud environment, allowing you to attack cloud-based Kubernetes clusters. Every single topic in the class has an attack exercise, where you use Kali Linux to compromise a system or a Kubernetes cluster scenario. Most have a matching defense exercise, where you will use new skills to break that attack, confident that it will break other attacks. This Kubernetes, Linux, and Containers training focuses on giving you practical attack skills from real penetration tests, coupled with solid defenses to break attacks. Includes a free laptop! Learn More EARLY $5,300 ENDS MAY 24 A Complete Practical Approach to Malware Analysis and Memory Forensics - 2024 Edition Location: TBD monnappa k a & sajan shetty Tracks: Malware, Forensics Format: 4 Day Trainings Skill Level: All Experience: In-Person This 4-day hands-on training teaches the concepts, tools, and techniques to analyze, investigate, and hunt malwares by combining two powerful techniques malware analysis and memory forensics. This course will introduce attendees to the basics of malware analysis, reverse engineering, Windows internals, and memory forensics. It then gradually progresses deep into more advanced concepts of malware analysis & memory forensics. Attendees will learn to perform static, dynamic, code, and memory analysis. To make the training completely practical, it consists of scenario-based hands-on labs after each module, which involves analyzing real-world malware samples and investigating malware infected memory images (crimeware, APT malware, Fileless malware, Rootkits, etc.). This hands-on training is designed to help attendees gain a better understanding of the subject in a short span of time. Throughout the course, the attendees will learn the latest techniques used by the adversaries to compromise and persist on the system. In addition to that, it also covers various code injection, hooking, and rootkit techniques used by the adversaries to bypass forensic tools and security products. During the training, you will also gain an understanding of how to integrate malware analysis and memory forensics techniques into a custom sandbox to automate the analysis of malicious code. After taking this course, attendees will be better equipped with the skills to analyze, investigate, hunt, and respond to malware-related incidents. Whether you are a beginner interested in learning malware analysis and memory forensics from scratch or an experienced professional who would like to enhance your existing skills to perform a forensic investigation or threat hunting, this training will help you accomplish your goals. Note: Students will be provided with malware samples, malware infected memory images, course material, lab solution manual, video demos, custom scripts, and Linux VM. Learn More EARLY $4,900 ENDS MAY 24 Video Preview » A DFIR Masterclass with Offensive and Defensive Techniques on Windows 11 and Server 2022 Location: TBD internet initiative japan inc. Tracks: Forensics, Malware Format: 4 Day Trainings Skill Level: Intermediate/Advanced Experience: In-Person This is a hands-on course for learning attack, detection and DFIR techniques on Windows environment. You will first attack a Windows domain network with in-the-wild targeted attack malware and post-exploitation tools using the same techniques as attackers, such as: * NTLM Relay Attack * Golden/Silver/Diamond/Sapphire Ticket Attack * DCSync/DCShadow * Credential Harvesting * Remote Command Execution/Logon * Domain Persistence * Delegation Attack Then, you will acquire artifacts from the environment and analyze them with the DFIR techniques such as: * Memory Forensics * Persistence Analysis * Program Execution Artifacts Analysis * Event Log Analysis * Timeline Analysis * Triage Collection Since you will learn attack *AND* defense, including detection and DFIR, techniques, you will have a better understanding of both. Then, even if new attacks emerge, you will already know how to test and detect them yourself after completing this course. We will be waiting for you with numerous exercises! Learn More EARLY $4,900 ENDS MAY 24 Advanced Detection Engineering in the Enterprise Location: TBD olaf hartong / falconforce Tracks: Defense, Risk Format: 4 Day Trainings Skill Level: Intermediate/Advanced Experience: In-Person Building resilient and automated detection capabilities require a detailed understanding of attackers and their known or expected behavior. By thinking like an attacker, understanding the different techniques and procedures used by attackers and what indicators can be extracted, better detection capabilities can be developed. The training covers a full, realistic attacker scenario in an enterprise environment: from the endpoint, through the Active Directory and into the cloud environment. This training focuses on the entire methodology of a detection engineering cycle. We guide participants in defining a scope, researching the relevant (sub-)techniques, building the detection analytic, investigating which logs can be utilized, and validating the resilience of the analytic against evasion. Maintenance, testing and improvement is part of proper engineering. The training is highly interactive and retains a good balance between theory and a lot of hands-on exercises, in which the students execute all attacks themselves in a dedicated lab environment. Learn More EARLY $5,100 ENDS MAY 24 Advanced Infrastructure Hacking - 4 Day Location: TBD tiago carvalho / notsosecure Tracks: Network, PenTesting Format: 4 Day Trainings Experience: In-Person Whether you are penetration testing, Red Teaming or trying to get a better understanding of managing vulnerabilities in your environment, understanding advanced hacking techniques is critical. This course covers a wide variety of neat, new and ridiculous techniques to compromise modern Operating Systems and networking devices. While prior pentest experience is not a strict requirement, familiarity with both Linux and Windows command line syntax will be greatly beneficial. The 2024 edition of our best-selling class, brings more new, neat and ridiculous network hacks. From old-school misconfiguration issues to the very latest cutting-edge techniques and exploits against the modern network platforms, we have got it all covered. The course will cover advanced penetration techniques to achieve exploitation against these platforms: * Modern Operating systems (Windows, Linux) * New Attack Chain * ADCS * Resource-Based Constrained Delegation * Web and Application servers * Switches/Routers * Docker * VLANs * Kubernetes * AWS/Azure/GCP specific attacks * IaaS, PaaS, CaaS, SaaS and Serverless exploitation * Logging and Monitoring Network Attacks Note: Students will have access to a state-of-the-art Hacklab with a wide variety of vulnerabilities to practice exploitation and will receive a FREE 1-month subscription after the class to allow more practice time. Learn More EARLY $5,400 ENDS MAY 24 Advanced Security Operations and Threat Hunting Location: TBD digital defense institute Tracks: Defense, Forensics Format: 4 Day Trainings Skill Level: Intermediate/Advanced Experience: In-Person Advanced Security Operations & Threat Hunting is a meticulously crafted course designed for cybersecurity defenders focusing on detection engineering, threat hunting, adversary detection, and incident response. Over an intensive four-day program, participants will delve deep into the strategies and techniques essential for identifying, tracking, and neutralizing sophisticated cyber threats. The course begins with exploring detection engineering principles, teaching attendees how to create robust detection systems. It then transitions into advanced threat-hunting methods, enabling participants to proactively seek out and identify potential or active threats. The segment on adversary detection covers the latest tactics used by cyber attackers, providing insights into their methodologies. Finally, the course culminates with practical incident response exercises, equipping attendees with the skills to respond to and mitigate cyber incidents effectively. Designed for immediate application, this course empowers professionals to enhance the security posture of their organizations through advanced operational techniques and threat intelligence. Learn More EARLY $4,900 ENDS MAY 24 Advanced Windows Exploitation Location: TBD offsec powered by applied technology academy Track: PenTesting Format: 4 Day Trainings Skill Level: Advanced Experience: In-Person EXP-401: Advanced Windows Exploitation is OffSec's most intense course, featuring a sophisticated hands-on computer lab environment challenging learners to bring out their best penetration testing skills. Modern exploits for Windows-based platforms require modern bypass methods to circumvent Microsoft's defenses. In EXP-401, OffSec challenges learners to develop creative solutions that work in today's increasingly difficult exploitation environment. The case studies in AWE are large, well-known applications that are widely deployed in enterprise networks. The course dives deep into topics ranging from security mitigation bypass techniques to complex heap manipulations and 64-bit kernel exploitation. EXP-401 is a particularly demanding penetration testing course. It requires a significant amount of learner-instructor interaction. Therefore, we limit these courses to a live, hands-on environment at one of our live training at the Black Hat conference. This course can qualify learners for 40 (ISC)2 CPE Credits at the end of the training course or after passing the certification challenge. Learners who complete EXP-401 and pass the exam will earn the Offensive Security Exploitation Expert (OSEE) certification. Benefits: * Put your team's skills to the test with intense in-person training * Enrich your team's penetration testing learning journey with advanced exploit development skills * Improve your team's preparedness for the OSEE certification exam * Benchmark your team's skill level for increased confidence around securing your IT infrastructure through industry-recognized certifications Learn: * Bypass and evasion of user mode security mitigations such as DEP, ASLR, CFG, ACG and CET * Advanced heap manipulations to obtain code execution along with guest-to-host and sandbox escapes * Disarming WDEG mitigations and creating version independence for weaponization * 64-Bit Windows Kernel Driver reverse engineering and vulnerability discovery * Bypass of kernel mode security mitigations such as kASLR, NX, SMEP, SMAP, kCFG and HVCI Learn More EARLY $8,000 ENDS MAY 24 Adversary Simulation and Capability Development Location: TBD mdsec Track: PenTesting Format: 4 Day Trainings Experience: In-Person During this training, you will be equipped with the necessary knowledge provided by recognised industry red team experts to plan, manage and perform an advanced red team operation. These steps include the essential knowledge to perform efficient and targeted opensource intelligence, design and automate the deployment of operation infrastructure, gain initial access to a target using sophisticated payloads with defensive evasion techniques, perform host triage, persistence and privilege escalation and move laterally whilst exploiting common Active Directory misconfigurations. At the end of the training students will walk away equipped to target even the most mature environments and budding with knowledge about the indicators they didn't know their tools were emitting, but the blue team did! Learn More EARLY $4,900 ENDS MAY 24 Adversary Tactics: Detection Location: TBD specterops Tracks: Defense, Network Format: 4 Day Trainings Experience: In-Person You bought all the latest detection tools, but somehow still can't seem to detect mimikatz. IT is screaming about the resource consumption from the multitude of security tools on the endpoints, analysts are barely staying afloat in the oceans of data your toolsets have created, and the latest red team report detailed how response actions were ineffective again. If this sounds familiar for your organization, this is the course for you. We'll walk you through starting with a detection engineering strategy first and then focusing on methodologies to build robust alerting, with the end result of improving detection and response capabilities throughout security operations. This course will provide you the understanding and ability to build robust detections, starting with the why and going all the way to the technical implementation of detecting threat actor activity. You will learn how to apply the methodologies and technical approaches practiced, regardless of the security toolsets deployed in your organization. In this course, you will: * Learn how to best integrate different components of a detection program for maximum effect * Integrate "threat hunting" activity into current detection programs to drive meaningful detection engineering * Understand different threat hunting campaign approaches * Perform data sensor and data source analysis * Understand various MITRE TTPs and Threat Intelligence * Practice standardized processes for developing technical detections * Document detection research into standardized formats for use in security operations * In technical labs, practice data aggregation & analysis at scale to detect threat actor activity Learn More EARLY $5,400 ENDS MAY 24 Adversary Tactics: Red Team Operations Location: TBD specterops Tracks: PenTesting, Network Format: 4 Day Trainings Experience: In-Person Upgrade your red team tradecraft with cutting-edge Tactics, Techniques, and Procedures (TTPs) used by attackers in real-world breaches. This course will teach students how to infiltrate networks, gather intelligence, and covertly persist to simulate advanced adversaries. Students will use the skillsets taught in this course to go up against live incident responders in an enterprise lab environment designed to mimic an enterprise network and learn to adapt and overcome active response operations through collaborative feedback as the course progresses. Topics covered include: * Design and deploy sophisticated, resilient covert attack infrastructure * Gain an initial access foothold on systems using client-side attacks in real-world scenarios * Utilize advanced Active Directory attack techniques to execute domain enumeration, escalation, and persistence * Perform sophisticated post-exploitation actions, including sophisticated data mining, going beyond just achieving "Domain Admin" * Use cutting-edge lateral movement methods to move through the enterprise * Practice "offense-in-depth" by utilizing a variety of tools and techniques in response to defender actions and technical defenses * Effectively train network defenders to better protect themselves against advanced, persistent adversaries Learn More EARLY $5,400 ENDS MAY 24 Adversary Tactics: Tradecraft Analysis Location: TBD specterops Tracks: Defense, PenTesting Format: 4 Day Trainings Experience: In-Person Your organization has just implemented the leading detection and response products. Are they configured with default configuration? How much faith should you have in your ability to detect sophisticated attacks? How would you simulate attacks to ensure robust detections are in place? This course will teach the importance of understanding the inner workings of attack techniques and telemetry availability and provide a workflow for developing robust detection analytics or data driven evasion decisions. Focusing on various Windows components and attacker TTPs, you will dive deep into how software abstracts underlying capabilities and how attackers can interact with deeper layers to bypass superficial detection capabilities. Learn More EARLY $5,400 ENDS MAY 24 Applied Network Security Location: TBD matt pawloski Tracks: Network, Defense Format: 4 Day Trainings Skill Level: Beginner/Intermediate Experience: In-Person This course is a hands-on lesson in networking fundamentals that are critical to cyber security. Curriculum will start from layer 1 of the OSI model, working up to the most critical layer 7 protocols for modern network communication. These protocols underpin local area networks (LANs), IoT devices, and critical infrastructure. Security implications at each layer and protocol will be discussed and demonstrated through hands-on lab exercises. Lab exercises include traffic modification and redirection methods, building an open-source Linux router and unified threat management (UTM) appliance, proxying and modifying HTTP/S traffic with Squid and Burp, and advanced uses for SSH. Solid foundational knowledge, gained in this class, will allow students to easily understand more advanced topics. The technical confidence students will gain in this class will enable them to quickly tackle technical hurdles in their day-to-day work. Attendees with all levels of technical backgrounds will benefit from this class. Learn More EARLY $4,900 ENDS MAY 24 Applied Threat Hunting and Detection Engineering Location: TBD trustedsec Tracks: Defense, PenTesting Format: 4 Day Trainings Skill Level: All Experience: In-Person Finding attacker behavior and patterns is vital to an organization's security posture. The Applied Threat Hunting and Detection Engineering class will equip the student with the knowledge of attacker methodologies and highlight the most popular attacks by APT groups. Students will then experience live threat hunts for attacker behavior and work through the detection engineering process to build high-fidelity detections. This class is designed for security professionals of all levels and will give real-world examples of attacks and practical skills to improve an organization's ability to detect attacker behavior. Learn More EARLY $5,300 ENDS MAY 24 Assessing and Exploiting Control Systems and IIoT Location: TBD justin searle / inguardians Tracks: ICS, PenTesting Format: 4 Day Trainings Skill Level: Intermediate Experience: In-Person This is not your traditional SCADA/ICS/IIoT security course! How many courses send you home with lifetime access to course updates and a $500 kit including your own PLC and a set of hardware/RF hacking tools?!? This course teaches hands-on penetration testing techniques used to test individual components of industrial control systems. The first day of the course teaches how to perform safe assessments of commissioned components in production without negatively affecting reliability and safety of the systems. The remaining bulk of the course will then focus on performing deeper component-level penetration testing in lab settings, attempting to discover and address 0-day vulnerabilities before those components are commissioned in production environments. Learn More EARLY $5,400 ENDS MAY 24 Attacking and Defending AWS, Azure, and GCP Cloud Applications: 2024 Edition Location: TBD appsecengineer Tracks: AppSec, Defense Format: 4 Day Trainings Skill Level: Beginner/Intermediate Experience: In-Person Applications on the cloud present some unique opportunities and challenges in terms of security. In this training, we're going to explore Application Security on the cloud with three popular cloud providers, AWS, Azure, and GCP. The aim of this training is to take the participant through a journey of highly practical, scalable, and granular knowledge of AWS, Azure, and GCP offense, defense, and detection engineering. Our No.1 objective is that participants can apply skills learned from this class nearly immediately at their workplaces. This class is an intense, deep-dive experience in attacking and defending applications on AWS, Azure, and GCP. We would take participants through our ADD (Attack-Detect-Defend) labs in all these areas to give them a 360°perspective of attacking and defending applications of various stacks deployed on the cloud Participants will walk away with 2 months of access to our online training portal and labs Learn More EARLY $4,900 ENDS MAY 24 Attacking and Defending the Application Supply-Chain Location: TBD appsecengineer Tracks: AppSec, Defense Format: 4 Day Trainings Skill Level: Intermediate Experience: In-Person Supply-chain security is a hot-button issue that companies are struggling with. The sheer size and scope of the problem is overwhelming to security and engineering teams, the world over. This hands-on training immerses participants in real-world scenarios, exploring both offensive and defensive strategies within CI systems, build environments, container infrastructure, and cloud-native platforms like Kubernetes, AWS, and Azure. This training is an attack and defend version of our famous "Attacking the Application Supply-Chain" Training that we've delivered at BlackHat over the past 3 years Through stories and red-blue team approaches this renowned, practical, and hands-on training takes the participants through a journey of attacking and defending application supply chains from development through deployment and beyond. Participants will walk away with long-term access to our online training portal and labs Learn More EARLY $5,000 ENDS MAY 24 Attacking Mobile Applications: Practical Security Testing for Android and iOS Location: TBD mandiant (now part of google cloud) Tracks: Mobile, AppSec Format: 4 Day Trainings Skill Level: Beginner/Intermediate Experience: In-Person The Attacking Mobile Applications course is a hands-on 4-day journey into the world of mobile application penetration testing. The course has 19 labs, each based on Mandiant's first-hand experience assessing mobile applications. Students will gain experience building a test environment, understanding application packages, analyzing Swift/Objective-C assembly and Dalvik bytecode, performing dynamic instrumentation to bypass jailbreak or root detection, intercepting network communications, and testing modern cross-platform applications (Xamarin, ReactJS, Flutter, etc.). Students will receive USB devices loaded with training materials: A self-contained Linux virtual machine with the labs and tools used in the course, a PDF collection of the course slides, multiple cheat sheets, and sample source code. Virtual Android and iOS devices will be supplied for attendees for use during the course. Learn More EARLY $5,000 ENDS MAY 24 Automating Reverse Engineering Processes with AI/ML, NLP, and LLMs Location: TBD malachi jones, phd Tracks: AI, ML, & Data Science, Malware Format: 4 Day Trainings Skill Level: Advanced Experience: In-Person This course enhances reverse engineering (RE) processes through automation, focusing on efficiency and scalability in malware and firmware analysis by integrating Neural Networks (NN), Natural Language Processing (NLP), and Large Language Models (LLMs). It introduces Blackfyre, an open-source system combining a Ghidra plugin and Python library, essential for binary analysis and applying NN/NLP/LLM techniques in RE. The curriculum covers NN and NLP in malware analysis for threat classification and anomaly detection, and in firmware analysis for predicting function/binary names and detecting similarities. It also introduces BinaryRank, inspired by PageRank, but more efficient with linear complexity, for static analysis, improving NLP's effectiveness in binaries data representations. Advanced topics include LLMs for function and binary summarization, and malware analysis for signature and report generation. Designed for those with a foundational understanding of RE, Python object-oriented programming skills, and basic mathematical knowledge, the course aims to bolster NN/NLP/LLM capabilities in automating RE processes. Learn More EARLY $4,900 ENDS MAY 24 Blue Team Arsenal: Python and Generative AI for Threat Intelligence Location: TBD roberto rodriguez, thomas roccia Tracks: AI, ML, & Data Science, Defense Format: 4 Day Trainings Skill Level: Beginner/Intermediate Experience: In-Person In the fast-paced world of cyber security, threat intelligence plays a critical role in an organization's defense strategy, empowering defenders with deep understanding of adversary tradecraft and their threat landscape. For a threat intelligence analyst, the abilities to collect and connect information from a wide variety of data sources and dive deep into malicious software are essential. Imagine streamlining these processes by building your own tools leveraging artificial intelligence. In this 4-day class, you will learn to use Python to collect and analyze threat data, handle malware, build your own custom tools, and integrate the power for Generative AI to transform your technical approach to threat intelligence. We will combine theory with practical, hands-on exercises, giving you the opportunity to apply all these concepts in real-world scenarios. By the end of this course, you will have the necessary skills and tools to unlock new capabilities into your threat intelligence cycle. Learn More EARLY $5,000 ENDS MAY 24 DevSecOps Masterclass: 2024 Edition Location: TBD appsecengineer Tracks: AppSec, Defense Format: 4 Day Trainings Experience: In-Person DevOps has become a pervasive force within organizations globally, driving the continuous delivery of applications. Despite its success, security remains a significant challenge for DevOps. Organizations need help including security in continuous delivery processes. This training is a comprehensive, focused, and practical approach to implementing Security for your Continuous Delivery Pipeline. Backed by tons of hands-on labs, original research, and real-world implementations of DevSecOps, this training offers a comprehensive and practical guide for professionals seeking to enhance their skills and implement robust security measures in the ever-evolving landscape of continuous delivery and application development. The training starts with Application Security Automation for SAST, DAST, SCA, IAST, and RASP, apart from Vulnerability Management and Correlation. Subsequently, the training focuses on Cloud Security and automating security processes in cloud and cloud-native environments. Next, the training closes with a deep dive into DevSecOps Practices for Kubernetes and Containers, providing detailed perspectives on implementing scalable security for these deployments. In anticipation of Cloud-focused DevSecOps requirements, this training arms the learners with a plethora of cloud-native options that will serve as drop-in replacements for their on-prem pipeline components. Practical learnings picked up throughout the class are brought to AWS Codepipeline and Azure Pipelines along with a handbook of best practices and blueprints to prepare the students for the changed landscape. Participants receive a free (OSS) toolkit for DevSecOps Implementations and 2 months of access to our hands-on labs, engaging challenges, and recorded classes for this DevSecOps training. Learn More EARLY $5,000 ENDS MAY 24 Digging Deeper With Velociraptor Location: TBD mike cohen, digital paleontologist, rapid7 Tracks: Forensics, Defense Format: 4 Day Trainings Skill Level: All Experience: In-Person The old way of performing in-depth forensic analysis and incident response with your existing tools is clearly not adequate or scalable to many endpoints. It is just too time consuming to analyze many machines, acquire large disk images, and memory, let alone actively hunt for indicators of compromise across your entire network. This course covers all you need to know to use Velociraptor as a power user! Learn how to weird this powerful tool to respond to incidents, detect attacks and shut down attackers in their tracks. Learn More EARLY $4,900 ENDS MAY 24 Foundational Security Operations and Defensive Analysis Location: TBD offsec powered by applied technology academy Track: Risk Format: 4 Day Trainings Skill Level: Intermediate Experience: In-Person The student receives a 1 Year OffSec Learn Unlimited license. OffSec Learn Unlimited - A $5,400 Value! * Provides access to the Proving Grounds (Play and Practice) * All 100, 200 and 300-level training materials and labs * Unlimited exam attempts to the corresponding courses (OSCP, OSDA, OSWA, OSWP, KLCP, OSWE, OSEP, OSED & OSMR) A skilled security operations team is crucial for any organization's cybersecurity readiness and ability to effectively detect cyber threats. With OffSec's SOC-200: Foundational Security Operations and Defensive Analysis course, employers worldwide are upskilling their teams with hands-on learning on detecting and assessing security incidents. This foundational course teaches learners how to uncover the consequences of common attacks from a defensive perspective, recognize methodologies for end-to-end attack chaining, use a SIEM to identify and access cyber attacks, and conduct guided audits of compromised systems across multiple OSs. Learners who complete the SOC-200 course and pass the associated exam earn the Offensive Security Defense Analyst (OSDA) certification. A certified OSDA candidate is prepared to join and participate in a Security Operations Center (SOC) as a Junior Analyst. Benefits: * Upskill talent to roles such as SOC Analysts and Jr. roles in Threat Hunting and Digital Forensics and Incident Response * Ensure your team can preempt threats and detect vulnerabilities before they're exploited * Fortify your organization's cybersecurity defense and maintain your security posture * Recognized certifications demonstrate a high-performing team * Train your team to detect threats using the only dedicated lab framework built to execute live attacks against a network for defensive purposes * Learners can use the SOC-200 Challenge Labs to learn how to review logs and identify attackers and their methods in real-time Learn More EARLY $6,000 ENDS MAY 24 Full Scope Social Engineering and Physical Security Location: TBD snowfensive Tracks: Human, PenTesting Format: 4 Day Trainings Skill Level: All Experience: In-Person Full Scope Social Engineering is designed for students who want to learn all aspects of Social Engineering in one course. No prior experience is needed, students will start by learning core techniques and Open-Source Intelligence (OSINT) gathering. Students will take these fundamental concepts into the next three phases by applying them to craft robust and captivating Vishing (voice-phishing), Phishing, and Physical Security campaigns. Each phase includes multiple labs and challenges. FSSE is extremely hands-on and student participation is highly encouraged. Upon completion, students will feel confident performing OSINT, choosing targets, developing pretexts, and performing effective Social Engineering engagements. FSSE provides considerable value to pentesters and red teamers as clients frequently request this type of testing. Defenders can also benefit from this training and leverage these skills to defend against attacks and provide awareness training. Learn More EARLY $4,900 ENDS MAY 24 Hacking and Securing Cloud Infrastructure - 4 Day Location: TBD manish rohilla / notsosecure Tracks: Network, PenTesting Format: 4 Day Trainings Experience: In-Person With the rapid adoption of cloud infrastructure and the prevalence of hybrid cloud environments among organizations, the need to address cloud misconfigurations has become paramount. This course offers a holistic approach to understanding and mitigating misconfigurations in AWS, Azure, and GCP. From building and migrating to managing and innovating in the cloud, organizations face increasing pressure to secure their cloud infrastructure effectively. To achieve this, a deep understanding of cloud attack architecture and hands-on experience with relevant tools and techniques are essential. This comprehensive 4-day course immerses participants in the attacker's mindset, providing the opportunity to deploy over 25 novel attacks through state-of-the-art labs. The training is delivered by seasoned penetration testers with extensive experience in cloud hacking, gained through real-world engagements. By the end of the course, participants will be well-equipped to confidently identify vulnerabilities within cloud deployments. Additionally, the training covers cloud detection and response strategies, empowering participants to proactively address weaknesses and monitor their cloud environment for potential attacks. This course is a crucial step toward enhancing cloud security in an ever-evolving threat landscape. Learn More EARLY $5,400 ENDS MAY 24 Industrial Control Systems: Build, Break, Secure Location: TBD arnaud soullie Tracks: ICS, PenTesting Format: 4 Day Trainings Skill Level: Beginner/Intermediate Experience: In-Person Discover the world of Industrial Control Systems with an attack mindset! We will follow a hands-on approach, growing from a very simple local process to a realistic ICS environment with 3 words in mind: * Build: how does it work? * Break: what are the weaknesses and how to exploit it? * Secure: what can we do to fix it? Day 1 & 2 will allow you to discover and understand ICS and its components, by creating your own training environment and programming it. We'll spend day 3 attacking a realistic ICS environment, and on day 4 we'll learn how to secure it. Moreover, the training doesn't stop on the last day! Each participant will receive 30-day access to our "ICS cybersecurity academy" e-learning portal, which allows them to watch the training content in video, as well as perform all the exercises on a cloud platform. Learn More EARLY $4,900 ENDS MAY 24 Offensive Mobile Reversing and Exploitation (iOS & Android) - 2024 Edition Location: TBD 8ksec Tracks: Mobile, AppSec Format: 4 Day Trainings Skill Level: Intermediate/Advanced Experience: In-Person After running sold-out trainings at multiple conferences over the last few years, we are back with an updated version of our course which now covers ARM64, mobile browser security, and detailed Mobile apps and operating system security. The class starts with a basic introduction to the ARM instruction set and calling conventions followed by some reverse engineering exercises. We then learn how to craft simple exploits for the ARM64 environment. Next, we move to Mobile browser security and understand some of the browser mitigations followed by writing some simple exploits for the mobile browser. We then cover iOS and Android internals in further detail. We then discuss some of the exploitation techniques using real-world vulnerabilities (e.g., voucher_swap, checkm8, etc) followed by a walkthrough of how jailbreaks are written. We also discuss some of the common vulnerability types (Heap Overflows, Use-after-free, Uninitialized Stack variables, Race conditions). The training then moves on to application security based on exploiting the Damn Vulnerable iOS app, Android-InsecureBankv2, and InsecurePass application written by the authors of this course in addition to a broad range of other real-world applications. We also cover a variety of mitigations deployed in real-world apps and discuss how to bypass them. The course then covers the kernel exploitation and details for both Android and iOS platforms along with steps for breaking into Mobile Kernel exploitation. Slides, videos, and detailed documentation on the labs will be provided to the students for practice after the class. Corellium access will be provided to students during the duration of the training course. Summary * Fully updated for iOS 17 and Android 14 * Get 30 Days of Lab Access to our VMs * Virtual Devices on iOS and Android using Corellium * Get Certified as Mobile Security Expert * Learn Reverse Engineering Mobile Apps from Scratch * Learn Malware Reversing for iOS and Android * Learn the internals of iOS and Android Kernel and their mitigations * Learn Penetration Testing of iOS and Android apps * Get an understanding of ARM64 architecture * Learn Advanced Binary Instrumentation techniques using Frida * Learn how to set up your own Mobile Research Environment Learn More EARLY $5,000 ENDS MAY 24 Penetration Testing with Kali Linux Location: TBD offsec powered by applied technology academy Track: PenTesting Format: 4 Day Trainings Skill Level: Intermediate Experience: In-Person The student receives a 1 Year OffSec Learn Unlimited license. OffSec Learn Unlimited - A $5,400 Value! * Provides access to the Proving Grounds (Play and Practice) * All 100, 200 and 300-level training materials and labs * Unlimited exam attempts to the corresponding courses (OSCP, OSDA, OSWA, OSWP, KLCP, OSWE, OSEP, OSED & OSMR) Penetration Testing with Kali Linux is a unique online penetration testing course that introduces learners to the latest pentesting methodologies, tools, and techniques via hands-on experience. PEN-200 simulates a full penetration test from start to finish by immersing the learners into a target-rich and vulnerable network environment. This foundational-level course is designed for security and other technology professionals who want to take a meaningful step into the world of professional pentesting, as well as seasoned pentesters seeking to sharpen their skills and earn one of the most coveted pentesting certifications. As one of the most respected cybersecurity courses, PEN-200 is considered more technical than other similar courses – it requires evidence of practical pentesting skills, ensuring real-world and job-ready skills. With this focus on the practical application of real-world pentesting skills, this course goes one step further by teaching learners the "Try Harder" mindset – a true exercise of grit and will that is crucial for any pentester. Learners who complete the PEN-200 course and the associated exam earn the Offensive Security Certified Professional (OSCP) certification. Benefits: * In-depth training from infosec experts * Improved security posture with a team skilled in the latest pentesting tools and techniques * Higher employee retention rates with an engaging and industry-recognized learning plan * Have complete visibility and data on your team's progression as they work through a variety of network security skills Learn More EARLY $7,000 ENDS MAY 24 Physical Penetration, RFID Hacking, & Electronic Access Control Systems Location: TBD red team alliance Tracks: PenTesting, Hardware Format: 4 Day Trainings Skill Level: Beginner/Intermediate Experience: In-Person Beyond firewalls and network hardening, government and enterprise alike must consider how security infrastructure safeguards digital, material, and human assets. Physical security is foundational to the ability to resist unauthorized access or malicious threat. In this training, students will be immersed in the world of mechanical locking systems, door hardware, manipulation and bypassing techniques, PACS tokens, RFID credentials, alarm contacts, tamper switches, door controllers, and backhaul protocols that underpin Physical Access Control Systems (PACS) across the globe. Red Team members and penetration testers will gain a practical understanding of what physical security looks like in the field, and how to manipulate, bypass, intercept, clone, downgrade, replay, and bypass one's way through such defenses. Blue Team members including SOC staff, defenders, designers, and directors will come with away with best practices and techniques that will resist attacks. Those who attend this course will leave with a full awareness of how to best protect buildings and grounds from unauthorized access, as well as how to compromise most existing physical security in order to gain access themselves. Learn More EARLY $5,400 ENDS MAY 24 Practical Car Hacking - A Hands-On Approach Location: TBD willem melching Track: Hardware Format: 4 Day Trainings Skill Level: Beginner/Intermediate Experience: In-Person This course will cover a variety of topics related to automotive security. The most common networks used in modern vehicles will be discussed, and we will cover a variety of attacks on these communication networks found in cars, such as spoofing, DoS and MITM. We will look at a variety of diagnostics protocols to talk to ECUs and extract their firmware, such as UDS, CCP and XCP. Other methods of obtaining firmware such as extracting proprietary update files, JTAG and Fault Injection will be shown. After firmware is obtained you will learn how to quickly identify the relevant part of an ECUs firmware and reverse engineer it. Finally we will consider the wireless attack surface of a vehicle, such as TPMS, key fobs and EV charging. Learn More EARLY $5,000 ENDS MAY 24 Practical Linux Attack Paths and Hunting for Red and Blue Team Location: TBD leszek mis@defensive-security Tracks: Defense, PenTesting Format: 4 Day Trainings Experience: In-Person Dive into the world of Linux attack paths, local and remote exploitation, process injection, process hiding, tunneling, network pivoting, and syscall hooking techniques. See hands-on how Linux malware, userspace, and kernel space rootkits work in well-prepared Detection PurpleLabs Cyber Range, analyze and modify the source codes, find interesting behavior patterns in binaries and logs, learn what telemetry is needed to catch modern Linux threat actors, and find how to proactively validate and improve detection coverage with step-by-step Linux adversary emulations. On top of that, run your VMs RAM acquisition 'on click' and analyze memory images at any stage of the course. Learn More EARLY $5,000 ENDS MAY 24 Tactical Hacking Essentials - 2024 Edition Location: TBD sensepost | orange cyberdefense Tracks: PenTesting, Network Format: 4 Day Trainings Skill Level: Beginner/Intermediate Experience: In-Person Are you looking to leap into a penetration testing career and gain essential practical hacking skills? Then this course is for you! This extremely hands-on course is designed to provide you with a complete overview and methodology to start a career in penetration testing. Our core methodologies are instilled throughout this course. You'll be taken on an immersive journey into the day-to-day tactical operations of a penetration tester. Key Points: * Complete methodologies to conduct penetration tests * Deep dive into the complete attack path of a real-world attacker * Fundamentals to continue a career in the security testing/ethical hacking field The course starts off with fundamental security knowledge to provide you with a solid technical base to build upon. The attack model starts from an external perspective with the main objective of taking over an organisation. You'll be exposed to open-source intelligence gathering techniques, external and web application hacking skills, and working your way into an organisation, ending with advanced internal network compromises and objective completion. Throughout the course, you will gain actual attacker skills and knowledge to apply in real-world scenarios. This course is highly practical and will provide you with tools and techniques to achieve objectives through the course in our immersive online lab environment. Join us and learn to hack hard! Learn More EARLY $5,100 ENDS MAY 24 The Art of Hacking - 4 Day Location: TBD tom large / notsosecure Tracks: PenTesting, AppSec Format: 4 Day Trainings Skill Level: Beginner Experience: In-Person This is our entry-level security testing course that covers approaches for both web application security and infrastructure security, the course is also a pre-requisite course before enrolling for either our "Web Hacking Black Belt Edition" or "Advanced Infrastructure Hacking" courses. This foundation course familiarises the attendees with the basics of penetration testing by demonstrating a number of tools and techniques to find and exploit vulnerabilities, backed up by discussing a systematic approach on the various phases of a penetration test. If you would like to step into Ethical Hacking/Penetration Testing with the right amount of knowledge, this is the right course for you. Learn More EARLY $5,100 ENDS MAY 24 Theory and Practice: Machine Learning Introduction with Threats and Vulnerabilities Location: TBD include security Tracks: AI, ML, & Data Science, AppSec Format: 4 Day Trainings Experience: In-Person This 4-day course provides a comprehensive yet concise overview of AI/ML models (kNN, Linear Models, Decision Trees, Random Forest, Neural Networks and Transformer based LLMs) as well as the attacks on those models. The goal is to give security professionals a quick introduction to AI/ML models and how they work in addition to providing the foundational security skills to identify and understand the risks associated with AI/ML/LLM applications. With this knowledge attendees will be able to understand how ML works and assess the threats against AI/ML systems to better understand how to protect against AI/ML specific security threats. This course is primarily focused on offensive techniques however some defensive techniques will be briefly mentioned as well. Learn More EARLY $5,000 ENDS MAY 24 Web Hacking Black Belt Edition - 4 day Location: TBD sanjay gondaliya / notsosecure Tracks: AppSec, PenTesting Format: 4 Day Trainings Experience: In-Person This course uses a Defence by Offence methodology based on real-world engagements and offensive research (not theory). That means everything we teach has been tried and tested on live environments and in our labs, so you can put it into practice as soon as the training is over. By the end of the course, you'll know: * How to think and behave like an advanced, real-world threat actor * How to identify commonly used vulnerabilities known to have caused damage and disruption in recent months * How to deploy the latest and most common web application hacks (including many novel techniques that can't be detected by scanners) * How to analyse vulnerabilities within your own organisation and customise your hacking techniques in response Join this hands-on, 4-day course to push your web hacking to the next level and widen your career prospects. Get your hands dirty with our popular labs and learn from experienced, practicing penetration testers with a legacy of training at Black Hat. Learn More EARLY $5,400 ENDS MAY 24 Windows Kernel Rootkit Techniques Location: TBD t.roy, codemachine Tracks: Malware, PenTesting Format: 4 Day Trainings Skill Level: Advanced Experience: In-Person To achieve maximum stealth and obtain unabated access to the system, rootkits execute in kernel mode. This advanced course provides a comprehensive end-to-end view of the modus-operandi of rootkits by taking an in-depth look at behind the scenes working of the Windows kernel and how these mechanisms are exploited by malware through hands-on labs and real-world case studies. Kernel security enhancements that have been progressively added to Windows including ones that depend on Virtualized Based Security (VBS) are discussed along with some circumvention techniques. Attendees will study key techniques used by rootkits to understand the real-world applicability of these concepts for offensive and defensive purposes. This course has been updated for Windows 11 23H2. The training consists of theory, instructor-led demos, code walkthroughs, and most importantly, hands-on labs where students use Visual Studio 2022 and Windows Driver Kit (WDK), to implement rootkit functionality and use WinDBG to detect, identify, and analyze rootkit behavior on Windows 11 64-bit. Learn More EARLY $5,000 ENDS MAY 24 * Back to Trainings ON THIS PAGE * Pricing * Overview * Key Takeaways * Who Should Take this Course * Student Requirements * What Students Should Bring * What Students Will Be Provided With ADVANCED INFRASTRUCTURE HACKING - 4 DAY TIAGO CARVALHO / NOTSOSECURE | AUGUST 3-6 -------------------------------------------------------------------------------- Early $5,400 ENDS MAY 24 Regular $5,700 ENDS JULY 19 Late $5,900 ENDS AUGUST 2 On-Site $6,000 ENDS AUGUST 8 -------------------------------------------------------------------------------- EXPERIENCE In-Person -------------------------------------------------------------------------------- OVERVIEW Overview Whether you are penetration testing, Red Teaming or trying to get a better understanding of managing vulnerabilities in your environment, understanding advanced hacking techniques is critical. This course covers a wide variety of neat, new and ridiculous techniques to compromise modern Operating Systems and networking devices. While prior pentest experience is not a strict requirement, familiarity with both Linux and Windows command line syntax will be greatly beneficial. The following is the syllabus for the class: Day 1: * IPv4/IPv6 Basics * IPv6 service discovery & enumeration * MiTM attacks * Exploiting systems/services over IPv6 * Host Discovery & Enumeration * Advanced OSINT & Asset Discovery * Exploiting DVCS and CI-CD Server -Change in training flow (Attack chain -DVCS-Ubuntu-Container) Windows Exploitation * Windows Enumeration and Configuration Issues * Windows Desktop 'Breakout' and AppLocker Bypass Techniques (Win 10) * Local Privilege Escalation * Offensive PowerShell/ Offsec Development * AMSI Bypass Techniques * AV Evasion Techniques * Post Exploitation Tips, Tools, and Methodology Day 2: Active Directory Attacks * Active Directory Delegation Reviews and Pwnage (Win 2019 server) * Pass the Hash/Ticket (Revamp) * ADCS Misconfiguration * Resource-Based Constrained Delegation * Cross Domain and Forest attacks * Pivoting, Port Forwarding, and Lateral Movement Techniques * Persistence and backdooring techniques (Golden and Diamond Ticket) * Command and Control (C2) Frameworks (Revamp) Day 3: * Linux Vulnerabilities and Configuration Issues * Treasure hunting via enumeration * Kerberos authentication (Revamp) * File Share/SSH Hacks * Restricted Shells Breakouts * Breaking Hardened Web Servers * Local Privilege Escalation * MongoDB exploitation * TTY hacks, Pivoting * Gaining root via misconfigurations * Kernel Exploitation (Revamp) * Post Exploitation * Persistence Techniques (Linux Capabilities) Day 4: * Breaking and abusing Docker (Revamp) * Kubernetes environments * Breaking out of Kubernetes containers * AWS/Azure/GCP specific attacks * Storage Misconfigurations * Credentials, API's and token Abuse * IaaS, PaaS, SaaS, CaaS and Serverless exploitation * Azure AD attacks * VLAN Hopping Attacks * B33r 101 KEY TAKEAWAYS * Learn the latest and cutting-edge attack techniques against modern Operating system * The free 30-day lab access provides attendee surplus time to learn advanced topics in their own time and at their own pace. * All our trainers are hands-on practitioners and they share real-world stories to help attendees put vulnerabilities into real-world perspectives. WHO SHOULD TAKE THIS COURSE System Administrators, SOC analysts, Penetration testers, network engineers, security enthusiasts, and anyone who wants to take their skills to the next level. While prior pentest experience is not a strict requirement, familiarity with both Linux and Windows command line syntax will be greatly beneficial. Hands-on experience with common hacking tools such as Metasploit and familiarity with scripting language will also be beneficial, although less advanced users can work their way up during the 30 days of complimentary lab access provided as part of the class. AUDIENCE SKILL LEVEL Intermediate/Advanced STUDENT REQUIREMENTS The only requirement for this class is that you must bring your own laptop and have admin/root access on it. During the class, we will give you VPN access to our state-of-art hacklab which is hosted in our data-center in the UK. Once you are connected to the lab, you will find all the relevant tools/VMs there. We also provide a dedicated Kali VM to each attendee on the hacklab. So, you don't need to bring any VMs with you. All you need is admin access to install the VPN client and once connected, you are good to go! WHAT STUDENTS SHOULD BRING See student requirement WHAT STUDENTS WILL BE PROVIDED WITH Access to a hacking lab not just during the course but for 30 days after the class too. This gives them plenty of time to practice the concepts taught in the class. The lab contains a wide variety of challenges from local privilege escalation to VLAN hopping etc. Numerous scripts and tools will also be provided during the training, along with student handouts. Our courses also come with detailed answer sheets. That is a step-by-step walkthrough of how every exercise within the class needs to be solved. These answer sheets are also provided to students at the end of the class. Why Should People Attend Your Course? We have been running this course at BlackHat since 2015 and have been updating it every year by 25% to keep up with the latest tech and trends. This course includes a full hands-on lab environment replicating a near real-world setup to practise the attacks. The lab contains exercises for all the modules discussed during the course as well as additional challenges to be explored during the 30-day complementary lab period. Students are provided with very detailed documentation for each and every topic including slides, answer sheets, and command cheat sheets. The latest update includes CTF competition to increase student interactivity. The lab is hosted on a VPN environment which students will be provided access to. It also includes a dedicated attack machine for every student, enabling them to practice on isolated machines. This helps reduce the resource requirements towards attendee systems. -------------------------------------------------------------------------------- KEY TAKEAWAYS * Learn the latest and cutting-edge attack techniques against a modern operating system * The free 30-day lab access provides attendee surplus time to learn advanced topics in their own time and at their own pace. * All our trainers are hands-on practitioners and they share real-world stories to help attendees put vulnerabilities into real-world perspectives. -------------------------------------------------------------------------------- WHO SHOULD TAKE THIS COURSE System Administrators, SOC analysts, Penetration testers, network engineers, security enthusiasts and anyone who wants to take their skills to the next level. While prior pentest experience is not a strict requirement, familiarity with both Linux and Windows command line syntax will be greatly beneficial. Hands-on experience with common hacking tools such as Metasploit and familiarity with scripting language will also be beneficial, although less advanced users can work their way up during the 30 days of complimentary lab access provided as part of the class. -------------------------------------------------------------------------------- STUDENT REQUIREMENTS The only requirement for this class is that you must bring your own laptop and have admin/root access on it. During the class, we will give you VPN access to our state-of-art hacklab which is hosted in our data-center in the UK. Once you are connected to the lab, you will find all the relevant tools/VMs there. We also provide a dedicated Kali VM to each attendee on the hacklab. So, you don't need to bring any VMs with you. All you need is admin access to install the VPN client and once connected, you are good to go! -------------------------------------------------------------------------------- WHAT STUDENTS SHOULD BRING The only requirement for this class is that you must bring your own laptop and have admin/root access on it. -------------------------------------------------------------------------------- WHAT STUDENTS WILL BE PROVIDED WITH Access to a hacking lab not just during the course but for 30 days after the class too. This gives them plenty of time to practice the concepts taught in the class. The lab contains a wide variety of challenges from local privilege escalation to VLAN hopping etc. Numerous scripts and tools will also be provided during the training, along with student handouts. Our courses also come with detailed answer sheets. That is a step by step walkthrough of how every exercise within the class needs to be solved. These answer sheets are also provided to students at the end of the class. -------------------------------------------------------------------------------- TRAINERS Tiago discovered computer programming at a very young age with ZX Spectrum in Basic programming, with his curiosity driving him to learn more about computers and how they work. He holds two professional degrees in Electronics level III from the Portuguese Navy (as a civilian) where he also undertook an internship and a qualification in Computer Networks Level IV from ATEC. He began his career in 2006 as a network administrator, however his passion for coding and cybersecurity led him to switch to programming in 2009 and various roles, including: a developer in Java-based real time, integration and source code analysis applications for the telecommunications and banking sectors; a member of an application development management team; and a security advisor. His career in Information Security began in 2013 when he gained a number of cybersecurity certifications and work in Penetration Testing. Course content contributor and trainer for NotSoSecure's Advanced Infrastructure, Tiago has delivered training at Black Hat and other leading global Security conferences. Discover more from Informa Tech * Dark Reading * SecTor * Black Hat Trainings * Omdia Working With Us * About Us * Code of Conduct * Contact us * Upcoming Events Follow on Social * * * * * * * Cookie * CCPA: Do not sell my personal info * Privacy * Terms Copyright © 2024 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and head office is 5 Howick Place, London, SW1P 1WG. × > This site uses cookies to provide you with the best user experience possible. By continuing to use this site, you accept our use of cookies. I Agree