Network-based threat detection is crucial for developing a comprehensive security strategy, whether it is on-premise or in the cloud. In Advanced Deployment and Architecture for Network Traffic Analysis, you will learn how to maximize the visibility that Suricata can provide in your network. You will gain deep technical understanding and hands on experience with Suricata’s versatile arsenal of features and capabilities for a variety of deployment, usage and integration scenarios. Tuning and optimizing Suricata for threat/anomaly detection, file extraction, and/or protocol detection are critical for a successful deployment. You will also learn traditional and non-traditional tips, tricks and techniques to implement Suricata and its newest features, based on real-world deployment experiences to include cloud-based deployments. This class also offers a unique opportunity to bring in-depth use cases, questions, and challenges directly to the Suricata team. By the end of this course you will be able to successfully design, deploy, implement, optimize and hunt with your high-performance Suricata deployment.

This course is a 100% hands-on deep dive into the OWASP Security Testing
Guide and relevant items of the OWASP Application Security Verification
Standard (ASVS), so this course covers and goes beyond the OWASP Top Ten.
Long gone are the days since desktop apps were written in Delphi. What have
Microsoft Teams, Skype, Bitwarden, Slack and Discord in common? All of them are
written in Electron: JavaScript on the client.

Modern desktop apps share traditional attack vectors and also introduce new
opportunities to threat actors. This course will teach you how to review modern
desktop apps, showcasing Node.js and Electron but using techniques that will
also work with any other desktop app platform. Ideal for Penetration Testers,
Desktop App Developers as well as everybody interested in
JavaScript/Node.js/Electron app security.

Get a FREE taste for this training, including access to video recording, slides and vulnerable apps to play with: 1.5 hour workshop - https://7asecurity.com/free-workshop-desktop-apps

Single sign-on protocols are one of the most important Internet technologies and are used by countless applications. Security plays a critical role when using systems based on standards such as OAuth and OpenID Connect. Successful attacks allow hackers to bypass authentication or to access confidential user data. In this training, you will learn all security aspects relevant to single sign-on based on OAuth and OpenID Connect. You will learn which serious attacks exist and get the chance to try them yourself in our test environment. Finally, you will learn how to test and defend your own systems against these attacks.

This workshop describes basic functions and security shortcomings in mobile
networks, both in the core network and in radio network, for GSM, UMTS, LTE
and 5GNR. The material is intended for individuals in the areas of
journalism, international aid, corporate security, and the law, who have or
who work with people who have specific security concerns and want to
better understand what is really happening in their phones and in the
mobile networks that serve those phones.

The workshop will start with an overview of cellular technology in general
and types of security flaws common to all mobile networks, and then
proceed to specific examples for different network segments and technology
types. The workshop will include demonstrations of some security failures
and deeper analysis of specific events reported in the popular press. The
goal of the workshop is to give attendees a good grasp of key concepts in
mobile network operation and the security implications, while avoiding
unnecessary technical details. Questions and discussion are welcome and
encouraged.

This workshop covers the mobile network, handset baseband, and SIM only,
and does not address Android, iOS or application-layer security.

In this intense 2-day training, you will learn everything you need to start pentesting Industrial Control Networks. We will cover the basics to help you understand the most common ICS vulnerabilities. We will then spend some time learning and exploiting Windows & Active Directory weaknesses, as most ICS are controlled by Windows systems.
We will cover the most common ICS protocols (Modbus, S7, OPC…), analyze packet captures and learn how to use these protocols to talk to Programmable Logic Controllers (PLCs). You will learn how to program a PLC, to better understand how to exploit them.
The training will end with a challenging hands-on exercise: The first CTF in which you capture a real flag! Using your newly acquired skills, you will try to compromise a Windows Active Directory, pivot to an ICS setup to take control of a model train and robotic arms.
Moreover, the training doesn’t stop on the last day! Each participant will receive a 30-day access to an elearning portal, which allows to watch the training content on video, as well as to perform all the exercises on a cloud platform.

First released at Black Hat USA trainings 2021, we release our latest threat modeling training with a new threat modeling war game with red and blue threat modeling teams. Engaged in capture the flag style threat modeling challenges your team will battle for control over an offshore windmill park. Based on our experience in securing real-world Operational Technology (OT) infrastructure we released this war game in première at Black Hat USA 2021. Also, in this edition we enhanced the sections on agile and DevOps threat modeling, threat modeling and compliance, added a section on "threat modeling at scale" and all participants get our Threat Modeling Playbook plus one-year access to our online threat modeling coaching subscription.

As highly skilled professionals with years of experience under our belts, we know that there is a gap between academic knowledge of threat modeling and the real world. In order to minimize that gap, we have developed practical Use Cases, based on real-life projects. Each use case includes a description of the environment, together with questions and templates to build a threat model.

Using this methodology for our hands-on workshops we provide our students with a challenging training experience and the templates to incorporate threat modeling best practices into their daily work. Students will be challenged in groups of 3 to 4 people to perform the different stages of threat modeling on the following:
• Diagramming web and mobile applications, sharing the same REST backend
• Threat modeling an IoT gateway with a cloud-based update service
• Get into the defender's head – modeling points of attack against a nuclear facility
• Threat mitigations of OAuth scenarios for an HR application
• Privacy analysis of a new face recognition system in an airport
• Battle for control over "Zwarte Wind", an offshore windmill park

After each hands-on workshop, the results are discussed, and students receive a documented solution. Based on our successful trainings in the last years and the great and positive feedback, we released this updated advanced threat modeling training at Black Hat USA 2021.


 
Course topics

Threat modeling introduction
• Threat modeling in a secure development lifecycle
• What is threat modeling?
• Why perform threat modeling?
• Threat modeling stages
• Different threat modeling methodologies
• Document a threat model
Diagrams – what are you building?
• Understanding context
• Doomsday scenarios
• Data flow diagrams
• Trust boundaries
• Sequence and state diagrams
• Advanced diagrams
• Hands-on: diagramming web and mobile applications, sharing the same REST backend
Identifying threats – what can go wrong?
• STRIDE introduction
• Spoofing threats
• Tampering threats
• Repudiation threats
• Information disclosure threats
• Denial of service threats
• Elevation of privilege threats
• Attack trees
• Attack libraries
• Hands-on: STRIDE analysis of an Internet of Things (IoT) gateway and cloud update service
Addressing each threat
• Mitigation patterns
• Authentication: mitigating spoofing
• Integrity: mitigating tampering
• Non-repudiation: mitigating repudiation
• Confidentiality: mitigating information disclosure
• Availability: mitigating denial of service
• Authorization: mitigating elevation of privilege
• Specialist mitigations
• Hands-on: threat mitigations OAuth scenarios for web and mobile applications
Threat modeling and compliance
• How to marry threat modeling with compliance
• Mapping threat modeling on compliance frameworks
• GDPR and Privacy by design
• Privacy threats
• LINDUNN and Mitigating privacy threats
• Hands-on: privacy threat modeling of a face recognition system in an airport
Penetration testing based on offensive threat models
• Create pentest cases for threat mitigation features
• Pentest planning to exploit security design flaws
• Vulnerabilities as input to plan and scope security testing
• Prioritization of pentesting based on risk rating
• Hands-on: get into the defender's head – modeling points of attack of a nuclear facility.
Advanced threat modeling
• Typical steps and variations
• Validation threat models
• Effective threat model workshops
• Communicating threat models
• Agile and DevOps threat modeling
• Improving your practice with the Threat Modeling Playbook
• Scaling up threat modeling
• Threat models examples: automotive, industrial control systems, IoT and Cloud
Threat modeling resources
• Open-Source tools
• Commercial tools
• General tools
• Threat modeling tools compared
Battle for control over "Zwarte Wind", an offshore windmill park
In our 5th edition of Black Hat trainings, we release our latest threat modeling training with a new threat modeling war game with red and blue threat modeling teams. Engaged in capture the flag style threat modeling challenges your team will battle for control over an offshore windmill park. Based on our experience in securing real-world Operational Technology (OT) infrastructure we release this war game in première at Black Hat USA 2021.
Examination
• Hands-on examination
• Grading and certification