In the world of cybersecurity there is always a threat lurking. Waiting in the shadows for the perfect moment to strike. You can sit back and relax and hope for the best and react when it’s too late… or before they even think about making a move you can take control and see everything coming from miles away. In this session, you’ll dive deep into the art of threat modeling—an essential skill that allows you to anticipate risks, identify vulnerabilities, and develop a proactive defense strategy.

Mike will guide you through the process and show you why threat modeling is an offer you simply can’t refuse. You’ll learn how to analyze threats with precision, build effective threat scenarios and develop a mindset that stays one step ahead of the attackers. Ultimately you won’t only understand threat modeling—you’ll lead it with confidence.

Join Mike in the family business, hone your expertise and become the Godfather of Threat Modeling. In this game only the wise and the prepared will survive.

### Overview ###

Have you ever thought of hacking web applications for fun and profit? How about playing with authentic, award-winning security bugs identified in some of the greatest companies? If that sounds interesting, join this unique 100% hands-on training!

I will discuss security bugs found in a number of bug bounty programs (including Google, Yahoo, Mozilla, Twitter and others). You will learn how bug hunters think and how to hunt for security bugs effectively.

To be successful in bug hunting, you need to go beyond automated scanners. If you are not afraid of going into detail and diving into full-stack exploitation, then this 100% hands-on training is for you. There is a lab exercise for each attack presented in this training + students can take the complete lab environment home after the training session.


### Key Learning Objectives ###

After completing this training, you will have learned about:

- REST API hacking
- AngularJS-based application hacking
- DOM-based exploitation
- bypassing Content Security Policy
- server-side request forgery
- browser-dependent exploitation
- DB truncation attack
- NoSQL injection
- type confusion vulnerability
- exploiting race conditions
- path-relative stylesheet import vulnerability
- reflected file download vulnerability
- hacking with wrappers
- subdomain takeover
- remote cookie tampering
- non-standard XSS attacks
- hijacking tokens via PDF
- XML attacks
- deserialization attacks
- HTTP parameter pollution
- bypassing XSS protection
- hacking with polyglot
- clickjacking attack
- window.opener tabnabbing attack
- RCE attacks
- and more…


### What Students Will Receive ###

Students will be handed in a VMware image with a specially prepared testing environment to play with all bugs presented in this training. When the training is over, students can take the complete lab environment home (after signing a non-disclosure agreement) to hack again at their own pace.


### Special Bonus ###

The ticket price includes FREE access to my 6 online courses:

- Start Hacking and Making Money Today at HackerOne
- Keep Hacking and Making Money at HackerOne
- Case Studies of Award-Winning XSS Attacks: Part 1
- Case Studies of Award-Winning XSS Attacks: Part 2
- DOUBLE Your Web Hacking Rewards with Fuzzing (aka Fuzzing with Burp Suite Intruder)
- How Web Hackers Make BIG MONEY: Remote Code Execution


### What Students Say About This Training ###

This training was attended by security specialists from Oracle, Adobe, ESET, ING, Red Hat, Trend Micro, Philips, government sector and it was very well-received. Recommendations are attached to my LinkedIn profile (https://www.linkedin.com/in/dawid-czagan-85ba3666/). They can also be found here (https://silesiasecuritylab.com/services/training/#opinions).


### What Students Should Know ###

To get the most of this training intermediate knowledge of web application security is needed. Students should be familiar with common web application vulnerabilities and have experience in using a proxy, such as Burp Suite Proxy, or similar, to analyze or modify the traffic.


### What Students Should Bring ###

Students will need a laptop with 64-bit operating system, at least 8 GB RAM, 35 GB free hard drive space, administrative access, ability to turn off AV/firewall and VMware Player/Fusion installed (64-bit version). Prior to the training, make sure there are no problems with running x86_64 VMs. Please also make sure that you have Internet Explorer 11 installed on your machine or bring an up-and-running VM with Internet Explorer 11.


### Instructor ###

Dawid Czagan is an internationally recognized security researcher and trainer. He is listed among top hackers at HackerOne. Dawid Czagan has found security bugs in Apple, Google, Mozilla, Microsoft and many others. Due to the severity of many bugs, he received numerous awards for his findings.

Dawid Czagan shares his offensive security experience in his hands-on trainings. He delivered trainings at key industry conferences such as DEF CON (Las Vegas), Hack In The Box (Amsterdam), CanSecWest (Vancouver), 44CON (London), Hack In Paris (Paris), NorthSec (Montreal), SINCON (Singapore), BruCON (Ghent) and for many corporate clients. His students include security specialists from Oracle, Adobe, ESET, ING, Red Hat, Trend Micro, Philips and government sector (references are attached to Dawid Czagan's LinkedIn profile (https://www.linkedin.com/in/dawid-czagan-85ba3666/). They can also be found here: https://silesiasecuritylab.com/services/training/#opinions).

Dawid Czagan is the founder and CEO at Silesia Security Lab. To find out about the latest in his work, you are invited to subscribe to his newsletter (https://silesiasecuritylab.com/newsletter) and follow him on Twitter (@dawidczagan), YouTube (https://www.youtube.com/channel/UCG-sIlaM1xXmetFtEfqtOqg), and LinkedIn (https://www.linkedin.com/in/dawid-czagan-85ba3666/).

Understanding eCrime is no longer optional. It is a mission-critical capability for any organization serious about anticipating, preventing, and neutralizing today’s most pervasive cyber threats. This intensive training provides a comprehensive exploration of the eCrime ecosystem, unpacking the full spectrum of adversarial tactics, techniques, and procedures used by financially motivated threat actors to exploit organizations of all sizes and sectors.

Blending traditional intelligence tradecraft with cutting-edge cyber security methodology, this course empowers cyber threat intelligence professionals, SOC analysts, CISOs, and forward-thinking defenders to operationalize threat intelligence, proactively reduce risk, and harden their defensive posture. Whether you are new to the world of eCrime or looking to refine your existing expertise, this course will give you the insight, confidence, and real-world skillset to outpace adversaries.

Through hands-on exercises, real case studies, and live tooling, participants will learn to track and attribute adversary infrastructure, analyze adversary tradecraft, uncover victimology, and confidently identify key players within organized eCrime operations. Attendees will explore the dark web, develop basic operational personas, collect intelligence from adversary-run forums and marketplaces, and learn how to infiltrate closed communities — all safely and effectively.

This is not theory. This is practical, tactical, and grounded in the reality of modern cyber threat operations. By the end of the training, attendees will walk away with the knowledge and tools needed to investigate, disrupt, and counter eCrime adversaries, all while supporting broader intelligence collection plans and strategic security initiatives within their organizations.

In this workshop, participants engage in a high-stakes cyber battle within a factory's OT systems. Divided into Red and Blue Teams, they alternate between offensive and defensive strategies in an interactive game. The workshop emphasizes real-world relevance, dynamic decision-making, and collaborative learning, providing practical cybersecurity insights in an industrial environment.
This workshop offers an interactive cybersecurity experience through a gamified scenario. Participants will be divided into two teams: Red & Blue Team. The game board is a demo factory, where the Red Team's objective is to inflict harm, while the Blue Team's mission is to defend it.
The games starts with an interactive setup phase. The Red Team will choose their tactics and techniques to be able to reach their objectives. The Blue Team will concentrate on understanding their environment and selecting appropriate initial defenses. Following the team introductions, the core of the workshop begins: the game loop, where each team alternates between planning and executing their actions. The Red Team will have different opportunities for their next actions aimed at breaching the Blue Team's defenses. The Blue Team will decide on their countermeasures to thwart the Red Team's efforts. Each round concludes with an evaluation phase, where the effectiveness of the actions taken by both teams is assessed. The workshop wraps up with a recap session, summarizing key learnings and discussing the outcomes of the game.
The workshop's interactive and gamified approach aims to enhance participants' understanding of cybersecurity dynamics with focus of OT environments. Participants will work alongside peers to develop and implement strategies, enhancing their understanding of both offensive and defensive cybersecurity measures. The workshop draws on the extensive experience of seasoned Red and Blue Team specialists to focus on real-world scenarios and case studies. It leverages the deep expertise of Nick and Nicholas, who are OT Blue Team specialists, and Sarah, a Senior Red Teamer with an OT specialization. Their combined knowledge ensures that the workshop addresses current industry challenges in both offensive and defensive OT cybersecurity.
Attendees will acquire a comprehensive understanding of both offensive and defensive cybersecurity strategies, along with enhanced teamwork and communication skills. Additionally, participants will learn to prioritize actions and strategies in emergency situations, gaining knowledge not only about specific tools and techniques but also the strategic approaches fundamental to Red and Blue Team operations in industrial environments.

Module 1
Introduction to IoT
1.1 Briefing of IIoT and Usage
• About us
• Course Overview
• Fundamentals of IoT Security
• Overview of Industrial Internet of Things (IIoT)
• Applications in various industries (manufacturing, healthcare, transportation)
• Benefits and challenges of IIoT adoption
1.2 Architecture
• Typical IoT architecture: sensors, connectivity, data processing, user interface
• Key components: devices, gateways, cloud services, and end-user applications
1.3 Framework/Platforms
• Common IoT platforms and frameworks (AWS IoT, Google Cloud IoT, Microsoft Azure IoT)
• Comparative analysis of features and use cases
1.4 Attack Surfaces
• Identifying potential vulnerabilities in IoT ecosystems
• Examples of common attack vectors (device vulnerabilities, network vulnerabilities, application vulnerabilities)
• Fcc.io information
• Tools of trade
• How to do visual analysis
• How to recon hardware
1.5 OWASP IoT Top 10 Vulnerabilities
• Detailed explanation of the OWASP IoT Top 10 vulnerabilities
• Real-world examples and case studies for each vulnerability

Module 2
MQTT
2.1 Introduction
• Overview of MQTT (Message Queuing Telemetry Transport)
• Use cases and importance in IoT communication
2.2 Protocol Details
• MQTT architecture and communication model
• Key components: clients, brokers, topics, and messages
2.3 Recon and Enumeration of Topics
• Techniques for discovering MQTT topics
• Tools and methodologies for topic enumeration
2.4 DOS Attack
• Understanding Denial of Service attacks on MQTT
• Methods and tools for conducting DOS attacks
2.5 Sensor based attack
• hacking with sensors and physics
• some cases

Module 3
CoAP
3.1 Introduction
• Overview of CoAP (Constrained Application Protocol)
• Use cases and importance in IoT communication
3.2 Protocol Details
• CoAP architecture and communication model
• Key components: clients, servers, resources, and messages
3.3 Recon and Enumeration
• Techniques for discovering CoAP resources
• Tools and methodologies for resource enumeration
3.4 CoAP Proxy Attacks
• Understanding CoAP proxy vulnerabilities
• Methods and tools for conducting proxy attacks

Module 4
Zigbee (802.15.4)
4.1 Introduction and Protocol Overview
• Overview of Zigbee protocol and its importance in IoT
• Zigbee network architecture and key components
4.2 Reconnaissance
• Techniques for discovering Zigbee networks and devices
• Tools and methodologies for network reconnaissance
4.3 Sniffing and Eavesdropping
• Methods for capturing Zigbee communication
• Tools for sniffing and analyzing Zigbee traffic
4.4 Replay Attacks
• Understanding replay attacks on Zigbee networks
• Methods and tools for conducting replay attacks
4.5 Packet Forging Attack
• Techniques for creating and injecting malicious Zigbee packets
• Tools and methodologies for packet forging
4.6 Jamming Attacks
• Understanding jamming attacks on Zigbee networks
• Methods and tools for conducting jamming attacks
4.7 Dissociation Attacks
• Techniques for disconnecting devices from Zigbee networks
• Tools and methodologies for dissociation attacks

Module 5
Bluetooth Low Energy (BLE)
5.1 Introduction and Protocol Overview
• Overview of BLE and its importance in IoT
• BLE architecture and key components
5.2 Reconnaissance (Active and Passive) with HCI Tools
• Techniques for discovering BLE devices
• Tools and methodologies for active and passive reconnaissance
5.3 GATT Service Enumeration
• Understanding the Generic Attribute (GATT) profile
• Techniques for enumerating GATT services and characteristics
5.4 Sniffing GATT Protocol Communication
• Methods for capturing BLE GATT communication
• Tools for sniffing and analyzing GATT traffic
5.5 Reversing GATT Protocol Communication
• Techniques for reverse engineering GATT communication
• Tools and methodologies for reversing GATT protocols
5.6 Read and Writing on GATT Protocol
• Understanding read and write operations in GATT
• Methods and tools for performing read and write attacks
5.7 Cracking Encryption
• Techniques for breaking BLE encryption
• Tools and methodologies for cracking BLE encryption

Module 6
LoRa
6.1 Introduction and Protocol Overview
• Overview of LoRa (Long Range) protocol and its importance in IoT
• LoRa network architecture and key components
6.2 Reconnaissance
• Techniques for discovering LoRa networks and devices
• Tools and methodologies for network reconnaissance
6.3 Sniffing of Over-the-Air Communication
• Methods for capturing LoRa communication
• Tools for sniffing and analyzing LoRa traffic
6.4 Reverse Engineering of Protocol
• Techniques for reverse engineering LoRa protocols
• Tools and methodologies for protocol analysis
6.5 Replay Attack
• Understanding replay attacks on LoRa networks
• Methods and tools for conducting replay attacks
6.6 Packet Forging Attack
• Techniques for creating and injecting malicious LoRa packets
• Tools and methodologies for packet forging

Module 7
RFID
7.1 Introduction and Protocol Overview
• Overview of RFID technology and its importance in IoT
• RFID architecture and key components
7.2 Types of RFID and Classes
• Different types of RFID systems (active, passive, semi-passive)
• Classification of RFID tags and readers
7.3 Sniffing of Over-the-Air Communication
• Methods for capturing RFID communication
• Tools for sniffing and analyzing RFID traffic
7.4 Cloning of Cards
• Techniques for cloning RFID cards
• Tools and methodologies for card cloning
7.5 Fuzzing on RFID Readers
• Understanding fuzz testing on RFID readers
• Methods and tools for conducting fuzzing attacks

Module 8
NFC
8.1 Introduction and Protocol Overview
• Overview of NFC (Near Field Communication) and its importance in IoT
• NFC architecture and key components
8.2 Types of NFC and Classes
• Different types of NFC systems (active, passive)
• Classification of NFC tags and readers
8.3 Sniffing of Over-the-Air Communication
• Methods for capturing NFC communication
• Tools for sniffing and analyzing NFC traffic
8.4 Cloning of NFC Cards
• Techniques for cloning NFC cards
• Tools and methodologies for card cloning

Module 9
GPS
9.1 Introduction
• Overview of GPS technology and its importance in IoT
• GPS architecture and key components
9.2 Attack Through Rogue GPS
• Understanding rogue GPS attacks
• Methods and tools for conducting rogue GPS attacks
9.3 Modify GPS Coordinates
• Techniques for modifying GPS coordinates
• Tools and methodologies for GPS manipulation
9.4 Manipulating Coordinates Through Relay Attack
• Understanding relay attacks on GPS
• Methods and tools for conducting relay attacks
9.5 GPS Spoofing Attack
• Techniques for spoofing GPS signals
• Tools and methodologies for GPS spoofing

Module 10
Sub-GHz RF
10.1 Introduction
• Overview of Sub-GHz RF technology and its importance in IoT
• Sub-GHz RF architecture and key components
10.2 Reconnaissance
• Techniques for discovering Sub-GHz RF networks and devices
• Tools and methodologies for network reconnaissance
10.3 Overview of Various Shift Keying
• Understanding different types of shift keying (FSK, ASK, PSK)
• Applications and vulnerabilities of each type
10.4 Reversing of RF
• Techniques for reverse engineering RF protocols
• Tools and methodologies for protocol analysis
10.5 Crafting RF Signals
• Techniques for creating and injecting malicious RF signals
• Tools and methodologies for signal crafting

Module 11
Hardware
11.1 Basics of Electronics
• Introduction to basic electronic concepts and components
• Understanding voltage, current, resistance, and power
11.2 Understanding Electronic Components
• Overview of common electronic components (resistors, capacitors, diodes, transistors)
• Identifying and using electronic components in IoT devices
11.3 PCB Reverse Engineering and Component Identification
• Techniques for reverse engineering printed circuit boards (PCBs)
• Tools and methodologies for identifying components on PCBs

Module 12
I2C
12.1 Introduction
• Overview of I2C (Inter-Integrated Circuit) protocol
• Importance of I2C in IoT communication
12.2 I2C Protocol
• Understanding I2C communication model and key components
• Data transfer methods and addressing
12.3 Interfacing with I2C
• Techniques for interfacing with I2C devices
• Tools and methodologies for I2C communication
12.4 Manipulating Data via I2C
• Techniques for manipulating data on I2C bus
• Tools and methodologies for data manipulation
12.5 Sniffing Run-Time I2C Communication
• Methods for capturing I2C communication
• Tools for sniffing and analyzing I2C traffic

Module 13
SPI
13.1 Introduction
• Overview of SPI (Serial Peripheral Interface) protocol
• Importance of SPI in IoT communication
13.2 SPI Protocol
• Understanding SPI communication model and key components
• Data transfer methods and addressing
13.3 Interfacing with SPI
• Techniques for interfacing with SPI devices
• Tools and methodologies for SPI communication
13.4 Manipulating Data via SPI
• Techniques for manipulating data on SPI bus
• Tools and methodologies for data manipulation
13.5 Sniffing Run-Time SPI Communication
• Methods for capturing SPI communication
• Tools for sniffing and analyzing SPI traffic

Module 14
UART
14.1 Introduction
• Overview of UART (Universal Asynchronous Receiver/Transmitter) protocol
• Importance of UART in IoT communication
14.2 Identifying UART
• Techniques for identifying UART interfaces
• Tools and methodologies for UART identification (automated and manual)
14.3 Debugging Over UART
• Methods for debugging IoT devices via UART
• Tools and methodologies for UART debugging

Module 15
JTAG/SWD
15.1 Introduction
• Overview of JTAG (Joint Test Action Group) and SWD (Serial Wire Debug) protocols
• Importance of JTAG/SWD in IoT communication and debugging
15.2 Identifying JTAG/SWD
• Techniques for identifying JTAG/SWD interfaces
• Tools and methodologies for JTAG/SWD identification (automated and manual)
15.3 Debugging Over JTAG/SWD
• Methods for debugging IoT devices via JTAG/SWD
• Tools and methodologies for JTAG/SWD debugging
15.4 Dumping Data and Manipulating Memory Address and Data
• Techniques for data extraction and memory manipulation via JTAG/SWD
• Tools and methodologies for memory analysis and modification

Module 16
Firmware Reversing
16.1 Identifying Compression and Types
• Techniques for identifying firmware compression methods and formats
• Tools and methodologies for firmware extraction
16.2 Firmware Analysis
• Understanding firmware structure and components
• Techniques for static and dynamic firmware analysis
16.3 Simulating Firmware
• Methods for simulating firmware in virtual environments
• Tools and methodologies for firmware simulation

Module 17
ARM
17.1 Architecture
• Overview of ARM architecture and its importance in IoT
• Key components and design principles of ARM processors
17.2 Instruction Set
• Understanding ARM instruction set and assembly language
• Techniques for writing and analyzing ARM assembly code
17.3 Procedure Call Convention
• Understanding ARM procedure call conventions
• Techniques for function calling and parameter passing in ARM
17.4 System Call Convention
• Understanding ARM system call conventions
• Techniques for interacting with operating systems in ARM
17.5 Reversing Techniques
• Techniques for reverse engineering ARM-based firmware and applications
• Tools and methodologies for ARM reverse engineering
17.6 Buffer Overflow Attacks
• Understanding buffer overflow vulnerabilities in ARM systems
• Techniques and tools for exploiting buffer overflow vulnerabilities
BONUS AUTOMOTIVE

Module 1
Introduction of Automotive Industry
The automotive industry encompasses the design, development, manufacturing, marketing, and sale of motor vehicles. It is a complex ecosystem involving various stakeholders, including automakers, suppliers, dealerships, and aftermarket service providers.

Module 2
Vehicle External Communications
The Electrical/Electronic (EE) architecture of vehicles refers to the network of electronic control units (ECUs), sensors, actuators, and communication buses that control and monitor vehicle functions. It includes high-speed CAN (Controller Area Network), LIN (Local Interconnect Network), Ethernet, and FlexRay buses.

Module 3
Briefing of ECU Groups/Domains
ECUs in vehicles are grouped into domains based on their functionalities:
• Powertrain: Controls engine, transmission, and drivetrain systems.
• Chassis: Manages steering, braking, suspension, and stability control.
• Body: Controls lighting, climate control, door locks, and windows.
• Infotainment: Manages multimedia, navigation, and connectivity features.
• Safety: Includes ECUs for airbag deployment, collision avoidance, and driver assistance systems (ADAS).

OBD2 (On-Board Diagnostics)
OBD2 is a standard protocol used for diagnostics and reporting of vehicle emissions and performance. It provides access to real-time data from ECUs, enabling vehicle maintenance and troubleshooting.