Click the button below and claim your free ticket to one or both trainings/workshops.
Please Note: You will must have a general conference ticket to attend.
Trace Labs Director, Tom Hocker, will be onsite giving a 4-hour People OSINT workshop. Tom has volunteered with Trace Labs since 2019 and is currently a Senior Security Engineer on Kroger’s Threat Operations team. This isn’t your typical workshop and will cover a wide range of topics. Tom will be covering:
This workshop will serve as a great primer for the CTF taking place at BSides Bloomington or just great for anyone looking to learn more about the exciting field of Open Source Intelligence.
Laptop is required to fully participate in Workshop.
The objective of this Capture-the-Flag style one-day class is to take students with existing networks or systems administration experience and teach them how to: 1. Perform a comprehensive penetration test against Active Directory environments. 2. Spot differences between good and bad penetration tests. We understand that not everyone taking a pen test class will want to be a penetration tester. Hence, we have organized this class to be a well-rounded experience, allowing both aspiring red teamers and blue teamers to get the most out of it. This class will provide students with hands-on experience with all phases of a penetration test, from information gathering to reporting.
Class Schedule:
• What does a good pen test look like?
• Pre-assessment activities
• Passive and active information gathering
• Vulnerability analysis in an Active Directory environment
• Exploitation
• Post exploitation
• Lateral movement
• Domain privilege escalation
• Reporting
A Note to Prospective Students: An introductory penetration testing class like this will only be beneficial to students who intimately know computer networking and have Active Directory administration experience. Existing experience with Windows command line, Linux administration, and Active Directory is highly recommended. For example, students should know how a packet traverses from point A to point B on the OSI model, and what HTTP GET and POST requests look like. Students should have hands-on experience creating domain users in Active Directory and/or setting up a domain controller. Students should be comfortable with the Linux command line as our primary attack host will be Linux-based. Students should bring a laptop capable of running a Kali Linux VM and connecting to a wireless network. A VirtualBox image of customized Kali Linux will be provided a week before the class begins. Instructors will not provide support for VMWare, Parallels, Hyper-V, or other virtualization platforms.
Requirements
We strongly recommend using a personal device for training. While we will do everything from a Virtual Machine to avoid leaving any malicious tools on your host, corporate devices tend to block access to or the use malicious tools/sites (for a good reason). Please ensure that the device you bring meets the following requirements:
This is not an entry-level IT/Tech class. Penetration testing is a specialization within technology fields. You are expected to be comfortable with Linux and Windows to do well in this class. We will be using Kali Linux as our primary attack platform. You will be navigating the filesystem using the command line, installing software using apt-get and Python-pip, cloning GitHub repositories using git, etc. On the Windows side, you will be attacking an Active Directory environment and exploiting configurations, not missing patches. So, it will help to be familiar with Active Directory user and device management. Should you need some resources to help you prepare, please let me know, and I will be happy to recommend them. I generally find https://tryhackme.com/ has valuable resources around preparing for a penetration testing class or role. I specifically like the following:
Get help polishing your resume by seasoned professionals and possibly finding your next or first role in cybersecurity.