This workshop gives the audience a detailed overview about blind, input based fuzzing, finding memory bugs, diving into topics such as:

Intro to Fuzzing: The fundamentals of fuzzing, understanding why fuzzing is needed and how to make the process of fuzzing efficient.

Smart Fuzzing: We will look at using american fuzzy lop (AFL), which demonstrates the process of compile time instrumentation. We will understand the color code in AFL, process timing, stages, findings, yields, path geometry and stability. We will integrate address sanitizer (ASAN/MSAN) which helps in identifying address and memory corruption bugs, making the process smarter.

Triage Analysis: We look at POC’s generated by AFL during the fuzzing process, attaching it to the actual binaries to see, how the input is handled by the binaries.

This workshop will take attendees’ Wireshark skills to the next level with a heavy emphasis on incident response, threat hunting, and identifying anomalous network traffic. This workshop will begin with a brief introduction to Wireshark and other Network Security Monitoring (NSM) tools/concepts. Throughout the workshop, we’ll examine what different attacks and malware look like while using Wireshark. Attendees will then have hands-on time in the lab to search for Indicators of Compromise (IOCs) and TTPs utilizing staged packet capture files. Labs start out easy and quickly progress in difficulty. There will be plenty of take-home labs for additional practice.

If you are the kind of person who enjoys workshops with practical information that you can immediately apply when you go back to work, this workshop is for you, all action, no fluff :)

Attendants will be provided with training portal access to practice some attack vectors, including multiple mobile app attack surface attacks, deeplinks and mobile app data exfiltration with XSS. This includes: Lifetime access to vulnerable apps to practice, guided exercise PDFs and video recording explaining how to solve the exercises.

Get FREE access to the slides, recording and vulnerable apps to practice with: https://7asecurity.com/free-workshop-mobile-practical

This workshop is a comprehensive review of interesting security flaws that we have discovered over the years in many Android and iOS mobile apps: An entirely practical walkthrough that covers anonymized juicy findings from reports that we could not make public, interesting vulnerabilities in open source apps with strong security requirements such as password vaults and privacy browsers, security issues in government-mandated apps with considerable media coverage such as Smart Sheriff, apps that report human right abuse where a security flaw could get somebody killed in the real world, and more.

This intro-level workshop covers topics present in Digital Forensics LifeCycle like Evidence Collection and Investigation of a Windows machine. Attendees will be provided with the necessary lab instructions and evidence files to perform forensic analysis practically and be confident and clear on how to apply the knowledge gained here to investigate some real-world scenarios.

Attendees will learn:

• Skills required for a Forensic Examiner
• Build their own forensics toolkit with free and open-source tools
• Evidence Collection –> On Live and Dead Machines, Do’s and Don’ts
• Investigation –> Windows Artifact analysis, Internet History & Application Analysis, Data Carving, Memory Analysis
• Opportunities and challenges in this field

Attendees will be provided with:

• Evidence Files
• Lab instructions to perform forensic analysis
• Windows Forensics Artifact Library
• Useful resources for further practice and exploration after this workshop

Lab Requirements:

• OS: Windows 7 and above [Win10 recommended]
  • If you are on Linux or Mac, Install Windows using VirtualBox
• RAM: Min. 4GB [8GB recommended]
• Disk Space: 50 GB

Note: Download links for the labs will be shared before the workshop

Pre-requisites

• Familiarity with Windows Operating System.
• Curiosity, Willingness, and of course, the Lab requirements too