Author: Nicolas Oberli (@baldanos) Language: French or English Number of participants: 2 to 10 Price: 800.- CHF Date: Nov. 1 - 8:00-17:30
Hardware hacking is a trending topic nowadays. With all new kinds of connected <you name it> and IoT gadgets, security researchers and hackers need different kind of skills to analyze those devices compared to, say, web applications.
This hands-on course aims to give all the basics one needs to know about electronic components and how to interact with them in order to explore how embedded systems work and analyze how they work.
Author: Pascal Junod (@cryptopathe) Language: French or English Number of participants: 6 to 18 Price: 750.- CHF Date and time: Nov. 1 - 8:00-17:30
This training is shaped as a one-day training around (mostly) practical aspects of the SSL/TLS protocol. As of today, SSL/TLS is securing a vast majority of Internet communications, like web, email, VPNs, etc. During the last years, SSL/TLS has known several cases of headlines in the news, being in terms of attacks (Heartbleed, Poodle, BEAST, etc.) or initiatives around it (Letsencrypt, etc.)....
Author: Nicolas Grégoire (@Agarri_FR) Language: French or English Number of participants: 5 to 15 Price: 750.- CHF Date and time: Nov. 1 - 8:00-17:30
This training is designed for Web penetration testers familiar with the Burp Suite Pro auditing tool. Based on the "Mastering Burp Suite Pro – 100% hands-on" class, this session is expected to go much faster, while covering interesting problems faced in everyday engagements and significantly enhancing your automation skills. The numerous elaborately designed challenges will guide trainees during this full day of intense-but-fun Burp Suite Pro practice.
Author: Jérémy Matos (@SecuringApps) Language: French or English Number of participants: 4 to 16 Price: 750.- CHF Date and time: Nov. 1 - 8:00-17:30
Providing a native Android application, whether it is for usability/performance/connectivity reasons, has far more security implications than it may seem. Very often the mobile integration moves logic from server to client side, but this code cannot be considered secret anymore.
We will see with the exploitation of real world Android application (app1) how it is possible to cause rather easily a loss of revenue. The techniques of static analysis (bytecode decompiling) and dynamic analysis (hooking) will be used in practice in a lab to get unlimited free coins in a game (app2). Bytecode patching will also be addressed to understand the threat of application repackaging.
OWASP Mobile Top 10 2016 will be presented, with clear examples from app1 and app2 of what not to do. Practical recommandations will be provided to fix the security of app1 and app2, in addition to an inventory of useful protection features provided by Android (e.g. SafetyNet)
Finally, another lab will use the Native Development Kit (NDK) to handle a cryptography use case.
Authors: Antoine Neuenschwander, Nicolas Heiniger, Giuseppe Scalzi Language: French Number of participants: Between 5 and 30 participants (number of trainers will vary to match number of students). Date: Nov. 1 - 8:00-17:30 Price: 300.- CHF / 350.- CHF (There is a special price in bundle with the conferences, see below)
This training is based on the Hacking-Lab.com platform, providing an online lab with several hundreds of different security challenges. Participants of this training will be granted access to several challenges in Hacking-Lab.com, where they can exercise their skills or learn with step-by-step instructions on how to exploit vulnerable web applications. After a common introduction, participants can select the desired difficulty level and solve the proposed challenges at their own pace, with the support of two trainers. A virtual machine, including all required tools, is provided as working environment. Participants are required to bring their own laptop with the provided virtual machine image installed.
This training is open to anyone interested in web application security (e.g. web application developers, system administrators, CISOs, etc). The technical level is pretty much open, the trainers provide individual support to the participants during the training. To work with the lab environment, participants are expected to have basic experience working with the linux command line and also have basic knowledge of the HTTP protocol.