https://wiki.hope.net/api.php?action=feedcontributions&user=Ebiddlecome&feedformat=atomHOPE Wiki - User contributions [en]2024-03-29T09:08:32ZUser contributionsMediaWiki 1.34.0https://wiki.hope.net/index.php?title=Go_the_Wrong_Way_workshop&diff=548Go the Wrong Way workshop2020-07-23T21:58:44Z<p>Ebiddlecome: Go the Wrong Way</p>
<hr />
<div>Good developers study documentation carefully and thoroughly<br />
understand their language. However, some people just want to code<br />
fast, break into things, and skip over the details. This CTF is for<br />
them.<br />
<br />
Even if you've never programmed before, you can make simple attack<br />
tools in Go. We'll peform port scans, HTTP requests, brute-force<br />
logins, crack password hashes, and perform encryption using XOR and<br />
AES.<br />
<br />
The workshop is structured in a CTF format. Each participant works at<br />
their own pace. The techniques will be demonstrated, with complete<br />
step-by-step instructions to lead beginners through the easy<br />
challenges. There are also harder challenges for more experienced<br />
participants. We will help participants as needed, to ensure that<br />
everyone learns something new.<br />
<br />
Participants need a credit card (which won't be charged) to reserve a<br />
free Google Cloud server. All the tools we will use are freely<br />
available, and all the training materials will remain available to<br />
everyone after the workshop ends.<br />
<br />
Visit [https://samsclass.info/ samsclass.info] to access the workshop materials.</div>Ebiddlecomehttps://wiki.hope.net/index.php?title=COBOL_CTF_workshop&diff=547COBOL CTF workshop2020-07-23T21:56:45Z<p>Ebiddlecome: COBOL CTF</p>
<hr />
<div>The world runs on COBOL! 95% of ATM swipes rely on COBOL, but few<br />
people know how to use it. Let's fix that! Party like it's 1959!<br />
<br />
In this workshop, participants will learn basic COBOL programming and<br />
solve challenges including building HTTP requests, processing strings,<br />
file I/O, ASCII encoding, modular arithmetic and RSA encryption. We<br />
will use free Google cloud servers and a real public IBM mainframe.<br />
<br />
The workshop is structured in a CTF format. Each participant works at<br />
their own pace. The techniques will be demonstrated, with complete<br />
step-by-step instructions to lead beginners through the easy<br />
challenges. There are also harder challenges for more experienced<br />
participants. We will help participants as needed, to ensure that<br />
everyone learns something new.<br />
<br />
Participants need a credit card (which won't be charged) to reserve a<br />
free Google Cloud server. All the tools we will use are freely<br />
available, and all the training materials will remain available to<br />
everyone after the workshop ends.<br />
<br />
Visit [https://samsclass.info/ samsclass.info] to access the workshop materials.</div>Ebiddlecomehttps://wiki.hope.net/index.php?title=Intro_to_Attack_Techniques_workshop&diff=546Intro to Attack Techniques workshop2020-07-23T21:54:44Z<p>Ebiddlecome: Incident Response and the ATT&CK Matrix Workshop</p>
<hr />
<div>Learn how to take over Windows, Linux, and Android systems, and how to<br />
defend them. We begin with common tools: Nmap, Metasploit, and<br />
Armitage, and then go into buffer overflows, packet crafting, command<br />
injection, and SQL injection.<br />
<br />
No previous experience with programming or attacking is required.<br />
<br />
Participants need a credit card and a few dollars to rent Google Cloud<br />
servers. We will use Debian Linux and Windows Server 2016 systems. All<br />
the tools we will use are freely available, and all the training<br />
materials will remain available to everyone after the workshop ends.<br />
<br />
Visit [https://samsclass.info/ samsclass.info] to access the workshop materials.</div>Ebiddlecomehttps://wiki.hope.net/index.php?title=Securing_Web_Apps_workshop&diff=545Securing Web Apps workshop2020-07-23T21:52:41Z<p>Ebiddlecome: Created page with "Participants will attack Web applications with: command injection; SQL injection; Cross-Site Request Forgery; Cross-Site Scripting; cookie manipulation; and Server-Side Templa..."</p>
<hr />
<div>Participants will attack Web applications with: command injection; SQL<br />
injection; Cross-Site Request Forgery; Cross-Site Scripting; cookie<br />
manipulation; and Server-Side Template Injection. We will also exploit<br />
Drupal and SAML. We will then implement network defenses and<br />
monitoring agents. We will use Burp, Splunk, and Suricata.<br />
<br />
Prerequisites: participants should know basic security and networking.<br />
Experience with Web development is helpful but not necessary.<br />
<br />
The workshop is structured in a CTF format. Each participant works at<br />
their own pace. The techniques will be demonstrated, with complete<br />
step-by-step instructions to lead beginners through the easy<br />
challenges. There are also harder challenges for more experienced<br />
participants. We will help participants as needed, to ensure that<br />
everyone learns new techniques.<br />
<br />
Participants need a credit card (which won't be charged) to reserve a<br />
free Google Cloud server. All the tools we will use are freely<br />
available, and all the training materials will remain available to<br />
everyone after the workshop ends.<br />
<br />
Visit [https://samsclass.info/ samsclass.info] to access the workshop materials.</div>Ebiddlecomehttps://wiki.hope.net/index.php?title=Incident_Response_workshop&diff=544Incident Response workshop2020-07-23T21:49:29Z<p>Ebiddlecome: Incident Response and the ATT&CK Matrix Workshop</p>
<hr />
<div>Practice techniques to detect, analyze and respond to intrusions. We<br />
will construct targets and attackers on the Google cloud, and send<br />
attacks using Metasploit and Caldera to emulate APT attackers. We will<br />
monitor and analyze the attacks using Splunk, Suricata, Sysmon,<br />
Wireshark, Yara and online analysis tools including PacketTotal and<br />
VirusTotal.<br />
<br />
We will cover the ATT&CK Matrix in detail, which enumerates threat<br />
actors, tactics and techniques, so red and blue teams can better<br />
communicate and work together to secure networks.<br />
<br />
The workshop is structured in a CTF format. Each participant works at<br />
their own pace. The techniques will be demonstrated, with complete<br />
step-by-step instructions to lead beginners through the easy<br />
challenges. There are also harder challenges for more experienced<br />
participants. We will help participants as needed, to ensure that<br />
everyone learns new techniques.<br />
<br />
Participants need a credit card and a few dollars to rent Google Cloud<br />
servers. We will use Debian Linux and Windows Server 2016 systems. All<br />
the tools we will use are freely available, and all the training<br />
materials will remain available to everyone after the workshop ends.<br />
<br />
Visit [https://samsclass.info/ samsclass.info] to access the workshop materials.</div>Ebiddlecomehttps://wiki.hope.net/index.php?title=Incident_Response_workshop&diff=543Incident Response workshop2020-07-23T21:25:14Z<p>Ebiddlecome: Incident Response and the ATT&CK Matrix Workshop</p>
<hr />
<div>Practice techniques to detect, analyze and respond to intrusions. We<br />
will construct targets and attackers on the Google cloud, and send<br />
attacks using Metasploit and Caldera to emulate APT attackers. We will<br />
monitor and analyze the attacks using Splunk, Suricata, Sysmon,<br />
Wireshark, Yara and online analysis tools including PacketTotal and<br />
VirusTotal.<br />
<br />
We will cover the ATT&CK Matrix in detail, which enumerates threat<br />
actors, tactics and techniques, so red and blue teams can better<br />
communicate and work together to secure networks.<br />
<br />
The workshop is structured in a CTF format. Each participant works at<br />
their own pace. The techniques will be demonstrated, with complete<br />
step-by-step instructions to lead beginners through the easy<br />
challenges. There are also harder challenges for more experienced<br />
participants. We will help participants as needed, to ensure that<br />
everyone learns new techniques.<br />
<br />
Participants need a credit card and a few dollars to rent Google Cloud<br />
servers. We will use Debian Linux and Windows Server 2016 systems. All<br />
the tools we will use are freely available, and all the training<br />
materials will remain available to everyone after the workshop ends.</div>Ebiddlecome