Available trainings - November 18th 2022 (9 AM PST - 6 PM PST)

- Open Source Intelligence Training by Sandra Stibbards - REGISTER

- Enterprise Penetration Testing Methods by Rod Soto -REGISTER

- An introduction to PenTesting and Hacking Wi-Fi by Phil Morgan -REGISTER

- Practical Cloud Security for AWS Infrastructure by Jayesh Singh Chauhan -REGISTER

Open Source Intelligence Training by Sandra Stibbards

Open-source intelligence is more than just an ability to use the Internet. Special databases and offline sources are among the many rich veins of information that go unknown and untapped by the financial industry, intelligence analysts, business researchers, law enforcement, investigators, security personnel, EP teams, legal professionals, pharmaceutical industry, software intel units, FIUs, and financial researchers. You will learn various essential investigative skills:

- The Thought Process that will change the way you obtain information and open your mind!
- How to Protect your Identity while searching and maneuvering covertly
- Direct your Searches to obtain results quickly for Best Due Diligence!
- Find unexpected items such as Confidential and Financial Information!
- Use Social Networks and Media as an Investigative Tool!
- How to dive deep for Business Information!
- Learn to KYC (Know Your Customer) and KYCC (Know your Customer’s Customer)!
- How to conduct Vulnerability Assessments using Open Sources!
- Learn proper Security of your network and computers!

You will conduct your Backgrounds, Due Diligence Investigations, Locates, Asset Investigations, Vulnerability Assessments, Brand Protection/IP Investigations, Risk Assessments, Corporate Investigations, and all searches more thoroughly once you have attended this Open Source Intelligence Training!

Minimum Course Requirements: Bring a Laptop.

Target Audience: 

This course is geared to law enforcement professionals or information security professionals seeking special training in OSINT.

Sandra Stibbards began her investigative career training and worked extensively with one of the oldest and best-known private investigation agencies in California.
Ms. Stibbards specializes in Financial Fraud Investigations, Competitive Intelligence, Counterintelligence, Business, and Corporate Espionage, Physical Penetration Tests, Online Vulnerability Assessments, Brand Protection / Counterfeiting Investigations, Corporate Due Diligence, and Internet Investigations. Social Engineering and Elicitation are specialized skills that she has developed and refined during her years as an investigator. She has included “Internet profiling” and online investigations within her work. Ms. Stibbards has conducted investigations internationally in five continents. For more information please visit



Enterprise Penetration Testing Methods By Rod Soto

During this comprehensive course, tools and methodologies that are used during penetration tests in enterprise network/application environments will be detailed.
The course will utilize a lab environment for a hands-on instruction of manual penetration testing methods, in addition to training for use of exploitation frameworks, such as Metasploit, Empire and others.

The focus will be geared towards methodology, processes, vectors, tools, and techniques used for exploitation in areas such as infrastructure, web & cloud. By the end of the course, the student will have an in-depth understanding of the underlying principles of network/application exploitation and will have gained experience in the successful execution of attacks.

Minimum Course Requirements:
Bring a Laptop with: 8GB of RAM with the ability to Run Virtual Machines Understanding of Basic Networking Concepts and Basic Linux Comprehension

Target Audience: This seminar is geared toward those seeking to enter the information security industry while also enriching those who seek to develop the skills and experience necessary to succeed as a penetration tester(for fun and for-profit).

Rod Soto has over 15 years of experience in information technology and security. He has spoken at ISSA, ISC2, OWASP, RSA, DerbyCon,BlackHat, DEFCON, Hackmiami, Bsides and also been featured in Rolling Stone Magazine, Pentest Magazine, Univision, VICE and CNN. Rod Soto was the winner of the 2012 BlackHat Las vegas CTF competition and is the founder and lead developer of the Kommand && KonTroll/ NOQRTRCTF competitive hacking Tournament series


An introduction to PenTesting and Hacking Wi-Fi

Wi-Fi is ubiquitous today. You can find it everywhere. At Starbucks, at the hotel, at the airport, on the plane, everywhere.Contrary to what most people think, Wi-Fi is incredibly safe, if configured properly. That’s the catch, most companies do not configure it correctly.
In this training session we will cover how to break into Wi-Fi, and therefore, how to make it more secure.

Subjects to include:

So why is WEP bad?

WPA2 is completely safe, right?

Why you should or shouldn’t use PSK.

Why you should or shouldn’t use Enterprise Secure Wi-Fi.

So I use Enterprise, how did they break in?

Why should I upgrade to WPA3?

What’s wrong with Open networks, and how can I fix it?

"I’m ok, we run WPA3, however, because of older clients, we need to use transition mode. Wait... how did we get hacked?"

What’s a WIPS, and why do I need one?

How do I fix all the above issues?

You will see demonstrations of Wi-Fi attacks, and perform attacks yourself. You will learn how to better defend your wireless networks.

Minimum Course Requirements: 

- Bring a Laptop

- Bring a working copy of Kali Linux (VM, or on a Raspberry Pi 3 or 4).

- Get two of these:

Target Audience: 

This course is for anyone interested in Wi-Fi security (and we really should be!) Whilst no experience with Wi-Fi (other than connecting to a network) is needed, any Wi-Fi experience will benefit. 
Ability to use and work with Kali Linux.


Phil Morgan is a senior Wireless engineer holding several certifications in networks and Wi-Fi. He is CCIE #5224, CWNE #322, and CWISE #4.
Phil has worked with Wi-Fi since 1998, is a member of the IEEE, and has been involved in the development of IEEE protocols and standards.


Practical Cloud Security for AWS Infrastructure by Jayesh Singh Chauhan 
With the rapid adoption of cloud-hosted infrastructure, there is an innate need for skilled personnel to persistently defend organizations against threats. While AWS onboarding is relatively streamlined, the continuous security of AWS infrastructure and its services is an entirely different ball game.

Course Description

The massive adoption of cloud services with ever-growing numbers of AWS services has left the security team with the lion’s share of work to identify, analyze and secure an organization’s assets across cloud infrastructure. Multiple cloud accounts have added more stress to the whole equation of securing cloud infrastructures. The security team has to cater to the growth and adoption of different services in the cloud and make sure that there is no hole left to get into the infrastructure and do the lateral movement.

This training approaches cloud security with a multi-layer approach by understanding the perimeter of assets/services, implementing cloud-native security services, and getting into the detailed security of the important resources.
While we are performing secure implementation of AWS resources/services, the hardening of OS, CI/CD, Containers, and Kubernetes clusters also become an integral part of the security team’s realm.

“As many services” is directly proportional to “As many avenues to abuse”!

While cloud-native security solutions are relatively easier to implement and are optimized as per their respective environments, the training doesn’t limit the security to cloud-native solutions. This training gives an equal amount of open-source options to implement a similar or better security posture without depending on cloud-native security services and enables the organization to have more granular control over the security of its infrastructure.

Course Topics:

●  Introduction to AWS and its services
●  Roles vs Policy
●  Auditing cloud resources
●  AWS Trusted Advisor
●  AWS Guard Duty
●  AWS Inspector
●  Setting up AWS WAF and understanding its limitations
●  WAF testing
●  Subdomain takeover detection
●  Setting up a SIEM
●  Hardening OS
●  Secret/Sensitive Key Detection in code
●  Docker Security
●  Kubernetes Security
Why is this class needed?

●  While the industry has aggressively adopted AWS infrastructures, the security up-skilling hasn’t happened at the same pace. This training is aimed at bridging this gap.
●  The training focuses more on practical and hands-on exercises where participants can play around and acquire the skill set required to successfully manage cloud security for their organizations.

Key Takeaways

●  Security posture management of AWS
●  Cloud attack vectors and their implications
●  Leveraging open sources for granular control of security

Audience Skill level - Beginner/Intermediate

Target Audience

Security Analysts, System Administrators, Pen Testers, Cloud Engineers, DevOps Engineers, or anyone interested in securing AWS
The class is designed for folks who are beginners or at an intermediate state in their cloud security skills

What You’ll Need to Bring to the Class

●  Basic understanding of linux, SSH, SCP, and git
●  A working personal AWS account, with a credit card attached to it
●  A laptop with unfiltered internet access and administrative privileges (to install tools), with a minimum of 4GB RAM

What You’ll Receive as Part of the Class

●  AMIs
●  Practice Materials
●  Cheat Sheets for securing AWS infrastructure
Jayesh Singh Chauhan is a security professional with 11 years of experience in the security space and he is the founder of Cloud Village at DEF CON. In the past, he has been part of the security teams of PayPal, PwC, and was the Director of Product Security at Sprinklr Inc.
He has been a trainer at conferences like Blackhat USA, AppSec NZ, nullcon, and has trained defense forces. He has also authored Cloud Security Suite, OWASP Skanda, RFID_Cloner, and has presented his work in BlackHat Arsenal(USA, EU Asia), DEF CON DemoLabs, HackMiami, c0c0n, OWASP Global, and OffZone Moscow.