DeepSec 2024 Training: SAP Cyber Security 101 – Andreas Wiegenstein

Sanna/ November 4, 2024/ Conference, Training/ 0 comments

In many companies, we find that CISOs and security officers do not have any (in-depth) knowledge of SAP. Therefore the topic of SAP security often gets underestimated. Anyone interested in gaining insight into the important basics of SAP technologies can benefit from this highly compact crash course on SAP security. The session will give you an overview of security threats and ways to counter them. It is a sneak preview for a complete SAP security training. We asked Andreas a few more questions about his training. Please tell us the top 5 facts about your training. Delivers a general introduction to SAP technologies; no prior knowledge needed Provides a broad overview of SAP security features, mechanisms and architecture Discusses inherent SAP risks and weaknesses (no 0-Days !) Provides insights into typical SAP security challenges

Read More

DeepSec 2024 Training: The Mobile Playbook: Dissecting iOS and Android Apps – Sven Schleier

Sanna/ September 9, 2024/ Conference, Training/ 0 comments

This course teaches you how to analyse Android and iOS apps for security vulnerabilities, by going through the different phases of testing, including dynamic testing, static analysis and reverse engineering. Sven will share his experience and many small tips and tricks to attack mobile apps that he collected throughout his career and bug hunting adventures. We asked Sven a few more questions about his training. Please tell us the top 5 facts about your training. Focus: The course teaches penetration testing of Android and iOS apps using the OWASP Mobile Application Security Testing Guide (MASTG). The OWASP MASTG is an open-source documentation project that summarises techniques for penetration testing and reverse engineering of mobile apps. Hands-on Experience: We will go through many labs and real-world scenarios with customized apps. Many of the labs can

Read More

DeepSec 2024 Training: “Look What You Made Me Do”: The Psychology behind Social Engineering & Human Intelligence Operations – Christina Lekati

Sanna/ August 26, 2024/ Conference/ 0 comments

Social Engineering and Human Intelligence (HUMINT) operations both rely heavily on effectively navigating a person’s mind in order to steer their behavior. As simple as this sounds, “quick and dirty” influence tactics will not take an operator very far. Behavior engineering is a complex, multilayered process that requires a good understanding of human psychology and self-awareness. In this intensive masterclass, participants will get access to the underlying psychology responsible for the way people think, decide, and act. They will also learn to influence and reshape all three layers. What are people’s automatic triggers? How can you engineer predictable action-reaction responses that produce a desirable outcome? How do you cultivate a target into taking specific actions or divulging information? But also, what are the ethical boundaries and moral implications of this process? The class will

Read More

DeepSec 2024 Training: Hacking Modern Web & Desktop Apps: Master the Future of Attack Vectors – Abraham Aranguren

Sanna/ August 23, 2024/ Conference, Training/ 0 comments

This course is the culmination of years of experience gained via practical penetration testing of Modern Web and Desktop applications and countless hours spent doing research. We have structured this course around the OWASP Security Testing Guide. It covers the OWASP Top Ten and specific attack vectors against Modern Web and Desktop apps. Participants in this course can immediately apply actionable skills from day 1. Please note our courses are 100% hands-on. We do not lecture students with boring bullet points and theories, instead we give you practical challenges and help you solve them, teaching you how to troubleshoot common issues and get the most out of this training. The training then continues after the course through our frequently updated training portal, for which you keep lifetime access, as well as unlimited email support.

Read More

DeepSec 2024 Training: AI SecureOps: Attacking & Defending GenAI Applications and Services – Abhinav Singh

Sanna/ August 22, 2024/ Conference, Training/ 0 comments

Acquire hands-on experience in GenAI and LLM security through CTF-styled training, tailored to real-world attacks and defense scenarios. Dive into protecting both public and private GenAI & LLM solutions, crafting specialized models for distinct security challenges. Excel in red and blue team strategies, create robust LLM defenses, and enforce ethical AI standards across enterprise services. This training covers both “Securing GenAI” and “Using GenAI for security” for a well-rounded understanding of the complexities involved in AI-driven security landscapes. We asked Abhinav a few more questions about his training. Please tell us the top facts about your talk. It covers both aspects of AI security: 1. Using AI for security; 2: Security of AI. How did you come up with it? Was there something like an initial spark that set your mind on creating this

Read More

DeepSec 2024 Training: Attacking and Defending Private 5G Cores – Altaf Shaik

Sanna/ August 21, 2024/ Conference, Training/ 0 comments

Security is paramount in private 5G networks because of their tailored nature for enterprises. They handle sensitive data, connect mission-critical devices, and are integral to operations. This advanced 5G Core Security Training is a comprehensive program designed to equip security professionals with advanced skills and techniques to identify and mitigate potential security threats in private 5G networks. Participants will gain a deep understanding of 5G core security and protocols, and learn how to develop and use the latest 5G pen testing tools and techniques to perform vulnerability assessments and exploit development. The training will also cover the latest 5G security challenges and best practices, and provide participants with hands-on experience in simulating original attacks and defenses on a local zero-RF-transmitting 5G network. We asked Altaf a few more questions about his training. Please tell

Read More

DeepSec Training 2024: Software Reverse Engineering Training Course for Beginners – Balazs Bucsay

Sanna/ August 20, 2024/ Conference, Training/ 0 comments

The training course targets attendees who have little to no knowledge of reverse engineering but possess the ability to write simple programs in a programming language of their choice and also have a desire to learn reverse engineering of compiled applications. The course spans two days, during which low-level computing and the basics of architectures are explained. The primary target architectures of this course are Intel x86 and AMD x64, where we cover the fundamentals of computing and assembly language. Throughout the course, we will explore how to create basic programs in both C and assembly, and then explore the process of reverse engineering using disassembler, decompiler and debugger on Windows. Each day of the course emphasises hands-on labs, allowing participants to apply their newly gained knowledge in practical exercises. Theory alone quickly fades,

Read More

DeepSec 2023 Training: Terraform: Infrastructure as Remote Code Execution – Michael McCabe

Sanna/ October 2, 2023/ Conference

This workshop will focus on ways to abuse the use of Terraform to elevate privileges, expose data, and gain further footholds in environments from a developer’s perspective. We’ll cover the common uses of Terraform and how a malicious actor could abuse Terraform. This talk will include multiple demos. We asked Michael a few more questions about his training. Please tell us the top 5 facts about your training. It will be very hands-on and great for folks that aren’t familiar with Terraform or have some experience. People will start with basic Terraform implementations in the cloud (AWS) and move up to more complex scenarios. We’ll cover multiple ways to hack via Terraform pipelines. You’ll learn how to use tools to prevent these abuses. You’ll have access to the lab code and can continue working

Read More

DeepSec Training: Improve your Pen-Testing Skills for Mobile Devices

René Pfeiffer/ September 29, 2023/ Conference, Training

Mobile devices are a common tool for businesses and private users. We have become accustomed to carry Internet-enabled devices with us. How do you test if your device is secure? What is the best way to find security weaknesses? Mobile security testing requires different tools and different knowledge of the platform and the applications involved. DeepSec 2023 offers a training to get you started with pen-testing all things mobile. The focus is on Android and iOS apps. Sven Schleier will help you to analyse apps, intercept network traffic, and to identify weaknesses that can be turned into exploits. The course is a deep-dive into mobile technology. It also helps you when you need to bypass SSL pinning, Touch ID, Face ID, or similar barriers. Circumventing anti-jailbreaking technologies are covered, too. The skills are absolutely

Read More

DeepSec 2023 Training: Security Intelligence: Practical Social Engineering & Open-source Intelligence for Security Teams – Christina Lekati

Sanna/ August 25, 2023/ Conference, Interview, Training

Social engineering attacks remain at the top of the threat landscape and data breach reports. Reports tend to oversimplify breaches as just phishing attacks, but current research shows it’s more complex. Social engineering attacks have been evolving. Successful phishing emails are usually a result of a larger attack based on research and intelligence that identifies organizational vulnerabilities. But it doesn’t stop there. Weaponized psychology is still a powerful component of social engineering attacks. Security professionals and testers need to know how social engineering works and how to stop attacks. This class aims to provide participants with the necessary knowledge on open-source intelligence and social engineering, to help security teams build better protective measures (proactive & reactive) and to inform their security strategy. It also aims to help penetration testers improve their recommendations and provide

Read More

Training Teaser: Token Hijacking via PDF File – Video Tutorial

René Pfeiffer/ July 4, 2023/ Conference, Security, Training

Tokens make the world go around. Therefore, we want to share with you the next teaser about Dawid Czagan’s training at DeepSec 2023. PDF files are everywhere and they can be used to hack your web application. Imagine that the attacker prepares a malicious PDF file which steals sensitive data from a user. The PDF file is uploaded to the web application, the user reads this PDF file, and finally sensitive data is exfiltrated from the user’s browser. It’s scary, isn’t it? Dawid will show you in a free video step by step how this attack works and how you can check if your web application is vulnerable to this attack. Watch the video and consider joining Dawid Czagan’s training Full-Stack Pentesting Laboratory: 100% Hands-On + Lifetime LAB Access (14-15 November, DeepSec 2023).

DeepSec 2023 Training: Mobile Security Testing Guide Hands-On – Sven Schleier

Sanna/ June 5, 2023/ Training

Software cannot be tested by machines alone. In order to identify security weaknesses, you will need the right toolchain and expertise on how to use the tools. Therefore, we asked Sven Schleier to give you a two-day deep dive into mobile security testing. Embark on an exciting journey to master the art of hacking mobile apps! Join this course led by Sven Schleier, where you’ll learn how to analyze mobile apps for security vulnerabilities. With dynamic testing, static analysis, and reverse engineering techniques, you’ll uncover the secrets of app attacks. Dive into Android and iOS testing, using virtualized devices provided by Corellium. Each student will get a rooted Android and jail broken iOS instance for the duration of the training and the only pre-requisite is having a laptop with macOS, Windows, or Linux. Explore

Read More

DeepSec 2023 Workshop: Black Belt Pentesting / Bug Hunting Millionaire (100% Hands-On, Live Online Training, 24-25 October) – Dawid Czagan

Sanna/ June 1, 2023/ Conference, Training

Have you ever thought of hacking web applications for fun and profit? How about playing with authentic, award-winning security bugs identified in some of the greatest companies? If that sounds interesting, join this unique 100% hands-on training! I will discuss security bugs found by several bug bounty programs (including Google, Yahoo, Mozilla, Twitter and others). You will learn how bug hunters think and how to hunt for security bugs effectively. To be successful in bug hunting, you need to go beyond automated scanners. If you are not afraid of going into detail and diving into full-stack exploitation, then this 100% hands-on training is for you. There is a lab exercise for each attack presented in this training + students can take the complete lab environment home after the training session. Watch 3 exclusive videos

Read More

DeepSec 2023 Workshop: Web Hacking Expert: Full-Stack Exploitation Mastery [Video Training, Lifetime Access] – Dawid Czagan

Sanna/ May 30, 2023/ Conference, Training

Watch the trailer for your training! Modern web applications are complex and it’s all about full-stack nowadays. That’s why you need to dive into full-stack exploitation if you want to master web attacks. Say ‘No’ to classical web application hacking, join this unique video training, and take your professional pentesting career to the next level. Dawid Czagan has found security bugs in many companies, including Google, Yahoo, Mozilla, Twitter, and in this video training he will share his experience with you. You will dive deep into full-stack exploitation of modern web applications and you will learn how to hunt for security bugs effectively. Almost 5 hours of high-quality video courses with lots of recorded demos You will get lifetime access to these 5 video courses: Bypassing Content Security Policy in Modern Web Applications –

Read More

DeepSec Workshop 2023: Full-Stack Pentesting Laboratory: 100% Hands-On + Lifetime LAB Access – Dawid Czagan

Sanna/ May 26, 2023/ Conference, Training

Modern IT systems are complex and it’s all about full-stack nowadays. To become a pentesting expert, you need to dive into full-stack exploitation and gain a lot of practical skills. That’s why I created the Full-Stack Pentesting Laboratory. For each attack, vulnerability and technique presented in this training there is a lab exercise to help you master full-stack pentesting step by step. Also, when the training is over, you can take the complete lab environment home to hack again at your own pace. I found security bugs in many companies including Google, Yahoo, Mozilla, Twitter and in this training I’ll share my experience with you. The content of this training has been carefully selected to cover the topics most frequently requested by professional penetration testers. Key Learning Objectives After completing this training, you will

Read More