• Workshop registration is $20 and will be conducted via our main Registration Page.
  • Workshops will be held in via a private Zoom link that will be sent via email prior to the workshop starting.
  • Workshop registration closed on Oct 5th @ 11:59PM PDT. There is no waitlist.
  • By registering for a workshop, you consent to have your email address shared with the instructor for the purpose of sending class materials.

All times are in Pacific Daylight Time (UTC-0700).

  • Track: Workshop: Friday 10/08 @ 0800-1200 PDT

This workshop gives the audience a detailed overview about blind, input based fuzzing, finding memory bugs, diving into topics such as:

Intro to Fuzzing: The fundamentals of fuzzing, understanding why fuzzing is needed and how to make the process of fuzzing efficient.

Smart Fuzzing: We will look at using american fuzzy lop (AFL), which demonstrates the process of compile time instrumentation. We will understand the color code in AFL, process timing, stages, findings, yields, path geometry and stability. We will integrate address sanitizer (ASAN/MSAN) which helps in identifying address and memory corruption bugs, making the process smarter.

Triage Analysis: We look at POC’s generated by AFL during the fuzzing process, attaching it to the actual binaries to see, how the input is handled by the binaries.

Read More

An active speaker who has discovered multiple zero-days in modern web browsers and an open-source contributor. He is a trainer at Blackhat, BruCON and presented in conferences such as Ekoparty, NorthSec, Hacktivity, PHDays & HITB.

Read More

twitter @RandomDhiraj website
  • Track: Workshop: Friday 10/08 @ 1300-1700 PDT

This workshop will take attendees’ Wireshark skills to the next level with a heavy emphasis on incident response, threat hunting, and identifying anomalous network traffic. This workshop will begin with a brief introduction to Wireshark and other Network Security Monitoring (NSM) tools/concepts. Throughout the workshop, we’ll examine what different attacks and malware look like while using Wireshark. Attendees will then have hands-on time in the lab to search for Indicators of Compromise (IOCs) and TTPs utilizing staged packet capture files. Labs start out easy and quickly progress in difficulty. There will be plenty of take-home labs for additional practice.

Read More

Michael Wylie, MBA, CISSP is the Sr. Manager of a threat hunting team. In his role, Michael is responsible for managing a global team of analysts hunting for hands-on keyboards activity within customer environments.

Read More

twitter @TheMikeWylie
  • Track: Workshop: Saturday 10/09 @ 0800-1200 PDT

If you are the kind of person who enjoys workshops with practical information that you can immediately apply when you go back to work, this workshop is for you, all action, no fluff :)

Attendants will be provided with training portal access to practice some attack vectors, including multiple mobile app attack surface attacks, deeplinks and mobile app data exfiltration with XSS. This includes: Lifetime access to vulnerable apps to practice, guided exercise PDFs and video recording explaining how to solve the exercises.

Get FREE access to the slides, recording and vulnerable apps to practice with:

This workshop is a comprehensive review of interesting security flaws that we have discovered over the years in many Android and iOS mobile apps: An entirely practical walkthrough that covers anonymized juicy findings from reports that we could not make public, interesting vulnerabilities in open source apps with strong security requirements such as password vaults and privacy browsers, security issues in government-mandated apps with considerable media coverage such as Smart Sheriff, apps that report human right abuse where a security flaw could get somebody killed in the real world, and more.

Read More

After 13 years in itsec and 20 in IT Abraham is now the CEO of 7ASecurity, a company specializing in penetration testing of web/mobile apps, infrastructure, code reviews and training. Security Trainer at Blackhat USA, HITB, OWASP Global AppSec and many other events.

Read More

twitter @7asecurity linkedin Abraham Aranguren github 7a
  • Track: Workshop: Saturday 10/09 @ 0800-1200 PDT

This intro-level workshop covers topics present in Digital Forensics LifeCycle like Evidence Collection and Investigation of a Windows machine. Attendees will be provided with the necessary lab instructions and evidence files to perform forensic analysis practically and be confident and clear on how to apply the knowledge gained here to investigate some real-world scenarios.

Attendees will learn:

  • Skills required for a Forensic Examiner
  • Build their own forensics toolkit with free and open-source tools
  • Evidence Collection –> On Live and Dead Machines, Do’s and Don’ts
  • Investigation –> Windows Artifact analysis, Internet History & Application Analysis, Data Carving, Memory Analysis
  • Opportunities and challenges in this field

Attendees will be provided with:

  • Evidence Files
  • Lab instructions to perform forensic analysis
  • Windows Forensics Artifact Library
  • Useful resources for further practice and exploration after this workshop

Lab Requirements:

  • OS: Windows 7 and above [Win10 recommended]
    • If you are on Linux or Mac, Install Windows using VirtualBox
  • RAM: Min. 4GB [8GB recommended]
  • Disk Space: 50 GB

Note: Download links for the labs will be shared before the workshop


  • Familiarity with Windows Operating System.
  • Curiosity, Willingness, and of course, the Lab requirements too
Read More

Surya is a Security Engineer with 5+ years of experience in performing both offensive and defensive activities. Engaging, understanding, and knowledgeable technical trainer, having expertise in training small and large groups across diverse industries.

Read More

twitter @surya4n6 linkedin Surya Teja Masanam

© 2023 ShellCon