Training

Available trainings - November 18th 2022 (9 AM PST - 6 PM PST)
MORE TRAINING OPTIONS TO BE ANNOUNCED 

- Open Source Intelligence Training by Sandra Stibbards - REGISTER

- Enterprise Penetration Testing Methods by Rod Soto -REGISTER

- An introduction to PenTesting and Hacking Wi-Fi by Phil Morgan -REGISTER

- Practical Cloud Security for AWS Infrastructure by Jayesh Singh Chauhan -REGISTER

- Attacking & Defending Kubernetes by Rajesh Kanumuru REGISTER





Open Source Intelligence Training by Sandra Stibbards

Open-source intelligence is more than just an ability to use the Internet. Special databases and offline sources are among the many rich veins of information that go unknown and untapped by the financial industry, intelligence analysts, business researchers, law enforcement, investigators, security personnel, EP teams, legal professionals, pharmaceutical industry, software intel units, FIUs, and financial researchers. You will learn various essential investigative skills:

- The Thought Process that will change the way you obtain information and open your mind!
- How to Protect your Identity while searching and maneuvering covertly
- Direct your Searches to obtain results quickly for Best Due Diligence!
- Find unexpected items such as Confidential and Financial Information!
- Use Social Networks and Media as an Investigative Tool!
- How to dive deep for Business Information!
- Learn to KYC (Know Your Customer) and KYCC (Know your Customer’s Customer)!
- How to conduct Vulnerability Assessments using Open Sources!
- Learn proper Security of your network and computers!

You will conduct your Backgrounds, Due Diligence Investigations, Locates, Asset Investigations, Vulnerability Assessments, Brand Protection/IP Investigations, Risk Assessments, Corporate Investigations, and all searches more thoroughly once you have attended this Open Source Intelligence Training!

Minimum Course Requirements: Bring a Laptop.

Target Audience: 

This course is geared to law enforcement professionals or information security professionals seeking special training in OSINT.

Bio:
Sandra Stibbards began her investigative career training and worked extensively with one of the oldest and best-known private investigation agencies in California.
Ms. Stibbards specializes in Financial Fraud Investigations, Competitive Intelligence, Counterintelligence, Business, and Corporate Espionage, Physical Penetration Tests, Online Vulnerability Assessments, Brand Protection / Counterfeiting Investigations, Corporate Due Diligence, and Internet Investigations. Social Engineering and Elicitation are specialized skills that she has developed and refined during her years as an investigator. She has included “Internet profiling” and online investigations within her work. Ms. Stibbards has conducted investigations internationally in five continents. For more information please visit www.CamelotInvestigations.com
  

REGISTER FOR TRAINING



 

Enterprise Penetration Testing Methods By Rod Soto

During this comprehensive course, tools and methodologies that are used during penetration tests in enterprise network/application environments will be detailed.
The course will utilize a lab environment for a hands-on instruction of manual penetration testing methods, in addition to training for use of exploitation frameworks, such as Metasploit, Empire and others.

The focus will be geared towards methodology, processes, vectors, tools, and techniques used for exploitation in areas such as infrastructure, web & cloud. By the end of the course, the student will have an in-depth understanding of the underlying principles of network/application exploitation and will have gained experience in the successful execution of attacks.

Minimum Course Requirements:
Bring a Laptop with: 8GB of RAM with the ability to Run Virtual Machines Understanding of Basic Networking Concepts and Basic Linux Comprehension

Target Audience: This seminar is geared toward those seeking to enter the information security industry while also enriching those who seek to develop the skills and experience necessary to succeed as a penetration tester(for fun and for-profit).

Bio
Rod Soto has over 15 years of experience in information technology and security. He has spoken at ISSA, ISC2, OWASP, RSA, DerbyCon,BlackHat, DEFCON, Hackmiami, Bsides and also been featured in Rolling Stone Magazine, Pentest Magazine, Univision, VICE and CNN. Rod Soto was the winner of the 2012 BlackHat Las vegas CTF competition and is the founder and lead developer of the Kommand && KonTroll/ NOQRTRCTF competitive hacking Tournament series

REGISTER FOR TRAINING






An introduction to PenTesting and Hacking Wi-Fi


Wi-Fi is ubiquitous today. You can find it everywhere. At Starbucks, at the hotel, at the airport, on the plane, everywhere.Contrary to what most people think, Wi-Fi is incredibly safe, if configured properly. That’s the catch, most companies do not configure it correctly.
In this training session we will cover how to break into Wi-Fi, and therefore, how to make it more secure.


Subjects to include:

So why is WEP bad?

WPA2 is completely safe, right?

Why you should or shouldn’t use PSK.

Why you should or shouldn’t use Enterprise Secure Wi-Fi.

So I use Enterprise, how did they break in?

Why should I upgrade to WPA3?

What’s wrong with Open networks, and how can I fix it?

"I’m ok, we run WPA3, however, because of older clients, we need to use transition mode. Wait... how did we get hacked?"

What’s a WIPS, and why do I need one?

How do I fix all the above issues?


You will see demonstrations of Wi-Fi attacks, and perform attacks yourself. You will learn how to better defend your wireless networks.


Minimum Course Requirements: 

- Bring a Laptop

- Bring a working copy of Kali Linux (VM, or on a Raspberry Pi 3 or 4).

- Get two of these:

https://www.amazon.com/gp/product/B00762YNMG/ref=ppx_yo_dt_b_search_asin_title?ie=UTF8&psc=1


Target Audience: 

This course is for anyone interested in Wi-Fi security (and we really should be!) Whilst no experience with Wi-Fi (other than connecting to a network) is needed, any Wi-Fi experience will benefit. 
Ability to use and work with Kali Linux.

Bio:

Phil Morgan is a senior Wireless engineer holding several certifications in networks and Wi-Fi. He is CCIE #5224, CWNE #322, and CWISE #4.
Phil has worked with Wi-Fi since 1998, is a member of the IEEE, and has been involved in the development of IEEE protocols and standards.


REGISTER FOR TRAINING






Practical Cloud Security for AWS Infrastructure by Jayesh Singh Chauhan 

With the rapid adoption of cloud-hosted infrastructure, there is an innate need for skilled personnel to persistently defend organizations against threats. While AWS onboarding is relatively streamlined, the continuous security of AWS infrastructure and its services is an entirely different ball game.

Course Description

The massive adoption of cloud services with ever-growing numbers of AWS services has left the security team with the lion’s share of work to identify, analyze and secure an organization’s assets across cloud infrastructure. Multiple cloud accounts have added more stress to the whole equation of securing cloud infrastructures. The security team has to cater to the growth and adoption of different services in the cloud and make sure that there is no hole left to get into the infrastructure and do the lateral movement.

This training approaches cloud security with a multi-layer approach by understanding the perimeter of assets/services, implementing cloud-native security services, and getting into the detailed security of the important resources.
While we are performing secure implementation of AWS resources/services, the hardening of OS, CI/CD, Containers, and Kubernetes clusters also become an integral part of the security team’s realm.

“As many services” is directly proportional to “As many avenues to abuse”!

While cloud-native security solutions are relatively easier to implement and are optimized as per their respective environments, the training doesn’t limit the security to cloud-native solutions. This training gives an equal amount of open-source options to implement a similar or better security posture without depending on cloud-native security services and enables the organization to have more granular control over the security of its infrastructure.

Course Topics:

●  Introduction to AWS and its services
●  Roles vs Policy
●  Auditing cloud resources
●  AWS Trusted Advisor
●  AWS Guard Duty
●  AWS Inspector
●  Setting up AWS WAF and understanding its limitations
●  WAF testing
●  Subdomain takeover detection
●  Setting up a SIEM
●  Hardening OS
●  Secret/Sensitive Key Detection in code
●  Docker Security
●  Kubernetes Security
Why is this class needed?

●  While the industry has aggressively adopted AWS infrastructures, the security up-skilling hasn’t happened at the same pace. This training is aimed at bridging this gap.
●  The training focuses more on practical and hands-on exercises where participants can play around and acquire the skill set required to successfully manage cloud security for their organizations.

Key Takeaways

●  Security posture management of AWS
●  Cloud attack vectors and their implications
●  Leveraging open sources for granular control of security

Audience Skill level - Beginner/Intermediate

Target Audience

Security Analysts, System Administrators, Pen Testers, Cloud Engineers, DevOps Engineers, or anyone interested in securing AWS
The class is designed for folks who are beginners or at an intermediate state in their cloud security skills

What You’ll Need to Bring to the Class

●  Basic understanding of linux, SSH, SCP, and git
●  A working personal AWS account, with a credit card attached to it
●  A laptop with unfiltered internet access and administrative privileges (to install tools), with a minimum of 4GB RAM

What You’ll Receive as Part of the Class

●  AMIs
●  Practice Materials
●  Cheat Sheets for securing AWS infrastructure
Bio
Jayesh Singh Chauhan is a security professional with 11 years of experience in the security space and he is the founder of Cloud Village at DEF CON. In the past, he has been part of the security teams of PayPal, PwC, and was the Director of Product Security at Sprinklr Inc.
He has been a trainer at conferences like Blackhat USA, AppSec NZ, nullcon, and has trained defense forces. He has also authored Cloud Security Suite, OWASP Skanda, RFID_Cloner, and has presented his work in BlackHat Arsenal(USA, EU Asia), DEF CON DemoLabs, HackMiami, c0c0n, OWASP Global, and OffZone Moscow.
REGISTER FOR TRAINING

 

 


Attacking & Defending Kubernetes by  Rajesh Kanumuru



Kubernetes has emerged as the leading container orchestration and management platform for on-prem and cloud environments. However, Kubernetes is a multi-headed beast with several minutes and nuanced security configuration parameters. In addition, attackers take advantage of these insecurely configured and designed Kubernetes deployments and perform deep incursions into the organization’s assets. 

This training is a hard-core hands-on view of Kubernetes Security from an Attack and Defense perspective. We’ll be exploring Kubernetes Attacks with hands-on labs and to support the potential vulnerabilities and misconfigurations, we’ll be exploring multiple key aspects of Kubernetes Security and Security configuration to prevent attacks on a Kubernetes Cluster based on its workloads and applications

Key takeaways 


  • A practical and in-depth view of both attacking (Red Team) and defending Kubernetes Clusters. Gives participants a deep insight into security configuration, implementation, challenges, and limitations of Kubernetes Security
  • Covers some of the unconventional areas of Kubernetes Security in terms of supply chain attacks and attacking and defending the Kubernetes components itself
  • Holistic coverage of defense techniques for Kubernetes with detailed coverage of Kubernetes Defense and Vulnerability Assessment



Target Audience


AppSec Engineers and Professionals
DevOps Professionals
Senior Security Managers overseeing cloud and DevSecOps initiatives

Penetration Tester
Cloud Engineers

Student Requirements 

Working knowledge of the Linux command line

Basic knowledge of some (any) programming language

Working knowledge of Docker or any container run time

Basic knowledge of Kubernetes 


Minimun requirements 

A laptop or a tablet(with a keyboard) with a browser installed

What students will get


Instructions for the Labs

Slides for the entire session + Speaker notes

Access to we45 cloud labs

Code snippets used and the setup files to configure the lab environment post-training

2 months of access to our online platform to learn more about Container Security, AppSec, and Kubernetes Security concepts.

Bio Rajesh Kanumuru

Rajesh Kanumuru works at we45 as a Cloud Security Lead. Rajesh is a builder and breaker of Cloud applications. He has created some pioneering works in the area of Cloud Security. He is actively researching the effects of emerging technologies on cloud security. Since 2020, Rajesh has mostly been involved with research, development, and building solutions around the training offerings and consults with organizations to help them implement Cloud Security successfully. Rajesh has co-authored and trained a course on Purple Team AWS and Kubernetes Security that was delivered by we45 at Blackhat USA


REGISTER FOR TRAINING