Newsletter

WORKSHOP - Security PWNing Conference 2019

NETWARS MASTERCLASS

NOVEMBER 12-13, Warszawa
Number of tickets is limited!

Have you ever wondered how nation-state actors gain access to target networks? Do you recall ShadowBrokers leak containing logs from a successful compromise of one of the Swift network providers in the Middle East? Or many other cases of telecoms’ compromises?

A lot of training courses available today provide only few basic tips and techniques on how to perform simple network attacks (ie. ARP spoofing). This means you as a penetration tester or a red teamer miss a lot of vulnerable space to exploit and control. Imagine yourself gaining administrative access to every router and switch on the network, taking control over any traffic stream flowing through the organization. You could potentially sniff, blackhole, redirect or even modify the bits and bytes of your interest. This is a very powerful stance only few are able to achieve.

We, as former network engineers, have combined decades of experience in managing various network infrastructures. We’ve  noticed that there’s a lack of advanced network offensive course and we want to fill this gap. The training is especially aimed at red teamers, pentesters, network administrators. It’s advanced, in-depth, hands on and it is not suitable for beginners, unless you have strong understanding of networking concepts.

Prerequisites

- TCP/IP networking basics (https://www.youtube.com/watch?v=vrh0epPAC5w)
– Understanding of routing and switching
– Scripting/programming skills (Python/bash preferable)
– Linux/Windows basics
– Prior experience with packets’ captures (tools like tcpdump, tshark, wireshark or similar)
– Modern laptop with administrative access to host OS
– 8 GB of RAM
– 40 GB of free disk space
– RJ45 Ethernet port in a laptop
– VirtualBox installed
– Strong will to learn and have fun

Scientific Program

Day 1: Gaining Foothold
9:00
Networking basics:
ISO/OSI model, L2/L3 attacks, Traffic analysis, network reverse engineering (looking glass, IP RR, whois, etc.)
SNMP:
protocol, attacks
13:30-14:00
Lunch
VPNs:
theory, setup, abuse
-17:00
Routing refresher:
switching vs routing, distance vector vs link-state, interior vs exterior
Day 2: Folks-in-the-Middle
9:00
EIGRP:
protocol, modus operandi, exploitation
OSPF:
protocol, modus operandi, exploitation
13:30-14:00
Lunch
Lady-in-the-Middle:
protocol, vulnerability, exploitation
Tacacs+:
modus operandi, AAA, attack
-17:00
HOT TIPS:
suggestions/tips/cheatsheets

Speakers

Dorota Kulas
She has 8 years of experience as red teamer in large, world-wide corporation. Before that, she worked briefly as IT systems admin (mostly Li... more
Dorota Kulas
She has 8 years of experience as red teamer in large, world-wide corporation. Before that, she worked briefly as IT systems admin (mostly Linux systems) and 9 years as a network engineer. She was responsible for designing and setting up infrastructure in multiple global projects around the world and acted as last level support for internal customers. She earned MSc in Computer Science / Computer Networks from Gdansk University of Technology. She's one of x33fcon founders :) Dorota was a speaker at many conferences, including NoVA Hackers, Hack in Paris, Security BSides Warsaw, Security PWNing Conference and others. Apart from being a network hacker ;), Dorota's additional area of focus is social engineering. In her free time she reads a lot of books, mostly crime and spy stories, and some sci-fi (especially when reenz0h recommends something good). She's a fan of science, very interested in neuroscience and social psychology. She likes biking and hiking.
Reenz0h
IT security professional. MSc graduated from Gdansk University of Technology, IT Department. His professional career in IT started over 20 y... more
Reenz0h
IT security professional. MSc graduated from Gdansk University of Technology, IT Department. His professional career in IT started over 20 years ago. For almost a decade he’s been working in global Red Team simulating threat actors targeting IT infrastructure across various industries (financial, technology, industrial, energy, aviation) in Poland and abroad. Speaker at HackCon, Security PWNing, Sec-T, T2, DeepSec and in Naval Academy, also conducted guest lectures at his Alma Mater. x33fcon conference founder and organizer.

Place and date

NOVEMBER 12-13, Warszawa
Golden Floor Plaza
Warszawa, Aleje Jerozolimskie 123a