In the world of cybersecurity there is always a threat lurking. Waiting in the shadows for the perfect moment to strike. You can sit back and relax and hope for the best and react when it’s too late… or before they even think about making a move you can take control and see everything coming from miles away. In this session, you’ll dive deep into the art of threat modeling—an essential skill that allows you to anticipate risks, identify vulnerabilities, and develop a proactive defense strategy.

Mike will guide you through the process and show you why threat modeling is an offer you simply can’t refuse. You’ll learn how to analyze threats with precision, build effective threat scenarios and develop a mindset that stays one step ahead of the attackers. Ultimately you won’t only understand threat modeling—you’ll lead it with confidence.

Join Mike in the family business, hone your expertise and become the Godfather of Threat Modeling. In this game only the wise and the prepared will survive.

### Overview ###

Have you ever thought of hacking web applications for fun and profit? How about playing with authentic, award-winning security bugs identified in some of the greatest companies? If that sounds interesting, join this unique 100% hands-on training!

I will discuss security bugs found in a number of bug bounty programs (including Google, Yahoo, Mozilla, Twitter and others). You will learn how bug hunters think and how to hunt for security bugs effectively.

To be successful in bug hunting, you need to go beyond automated scanners. If you are not afraid of going into detail and diving into full-stack exploitation, then this 100% hands-on training is for you. There is a lab exercise for each attack presented in this training + students can take the complete lab environment home after the training session.


### Key Learning Objectives ###

After completing this training, you will have learned about:

- REST API hacking
- AngularJS-based application hacking
- DOM-based exploitation
- bypassing Content Security Policy
- server-side request forgery
- browser-dependent exploitation
- DB truncation attack
- NoSQL injection
- type confusion vulnerability
- exploiting race conditions
- path-relative stylesheet import vulnerability
- reflected file download vulnerability
- hacking with wrappers
- subdomain takeover
- remote cookie tampering
- non-standard XSS attacks
- hijacking tokens via PDF
- XML attacks
- deserialization attacks
- HTTP parameter pollution
- bypassing XSS protection
- hacking with polyglot
- clickjacking attack
- window.opener tabnabbing attack
- RCE attacks
- and more…


### What Students Will Receive ###

Students will be handed in a VMware image with a specially prepared testing environment to play with all bugs presented in this training. When the training is over, students can take the complete lab environment home (after signing a non-disclosure agreement) to hack again at their own pace.


### Special Bonus ###

The ticket price includes FREE access to my 6 online courses:

- Start Hacking and Making Money Today at HackerOne
- Keep Hacking and Making Money at HackerOne
- Case Studies of Award-Winning XSS Attacks: Part 1
- Case Studies of Award-Winning XSS Attacks: Part 2
- DOUBLE Your Web Hacking Rewards with Fuzzing (aka Fuzzing with Burp Suite Intruder)
- How Web Hackers Make BIG MONEY: Remote Code Execution


### What Students Say About This Training ###

This training was attended by security specialists from Oracle, Adobe, ESET, ING, Red Hat, Trend Micro, Philips, government sector and it was very well-received. Recommendations are attached to my LinkedIn profile (https://www.linkedin.com/in/dawid-czagan-85ba3666/). They can also be found here (https://silesiasecuritylab.com/services/training/#opinions).


### What Students Should Know ###

To get the most of this training intermediate knowledge of web application security is needed. Students should be familiar with common web application vulnerabilities and have experience in using a proxy, such as Burp Suite Proxy, or similar, to analyze or modify the traffic.


### What Students Should Bring ###

Students will need a laptop with 64-bit operating system, at least 8 GB RAM, 35 GB free hard drive space, administrative access, ability to turn off AV/firewall and VMware Player/Fusion installed (64-bit version). Prior to the training, make sure there are no problems with running x86_64 VMs. Please also make sure that you have Internet Explorer 11 installed on your machine or bring an up-and-running VM with Internet Explorer 11.


### Instructor ###

Dawid Czagan is an internationally recognized security researcher and trainer. He is listed among top hackers at HackerOne. Dawid Czagan has found security bugs in Apple, Google, Mozilla, Microsoft and many others. Due to the severity of many bugs, he received numerous awards for his findings.

Dawid Czagan shares his offensive security experience in his hands-on trainings. He delivered trainings at key industry conferences such as DEF CON (Las Vegas), Hack In The Box (Amsterdam), CanSecWest (Vancouver), 44CON (London), Hack In Paris (Paris), NorthSec (Montreal), SINCON (Singapore), BruCON (Ghent) and for many corporate clients. His students include security specialists from Oracle, Adobe, ESET, ING, Red Hat, Trend Micro, Philips and government sector (references are attached to Dawid Czagan's LinkedIn profile (https://www.linkedin.com/in/dawid-czagan-85ba3666/). They can also be found here: https://silesiasecuritylab.com/services/training/#opinions).

Dawid Czagan is the founder and CEO at Silesia Security Lab. To find out about the latest in his work, you are invited to subscribe to his newsletter (https://silesiasecuritylab.com/newsletter) and follow him on Twitter (@dawidczagan), YouTube (https://www.youtube.com/channel/UCG-sIlaM1xXmetFtEfqtOqg), and LinkedIn (https://www.linkedin.com/in/dawid-czagan-85ba3666/).

Understanding eCrime is no longer optional. It is a mission-critical capability for any organization serious about anticipating, preventing, and neutralizing today’s most pervasive cyber threats. This intensive training provides a comprehensive exploration of the eCrime ecosystem, unpacking the full spectrum of adversarial tactics, techniques, and procedures used by financially motivated threat actors to exploit organizations of all sizes and sectors.

Blending traditional intelligence tradecraft with cutting-edge cyber security methodology, this course empowers cyber threat intelligence professionals, SOC analysts, CISOs, and forward-thinking defenders to operationalize threat intelligence, proactively reduce risk, and harden their defensive posture. Whether you are new to the world of eCrime or looking to refine your existing expertise, this course will give you the insight, confidence, and real-world skillset to outpace adversaries.

Through hands-on exercises, real case studies, and live tooling, participants will learn to track and attribute adversary infrastructure, analyze adversary tradecraft, uncover victimology, and confidently identify key players within organized eCrime operations. Attendees will explore the dark web, develop basic operational personas, collect intelligence from adversary-run forums and marketplaces, and learn how to infiltrate closed communities — all safely and effectively.

This is not theory. This is practical, tactical, and grounded in the reality of modern cyber threat operations. By the end of the training, attendees will walk away with the knowledge and tools needed to investigate, disrupt, and counter eCrime adversaries, all while supporting broader intelligence collection plans and strategic security initiatives within their organizations.

In this workshop, participants engage in a high-stakes cyber battle within a factory's OT systems. Divided into Red and Blue Teams, they alternate between offensive and defensive strategies in an interactive game. The workshop emphasizes real-world relevance, dynamic decision-making, and collaborative learning, providing practical cybersecurity insights in an industrial environment.
This workshop offers an interactive cybersecurity experience through a gamified scenario. Participants will be divided into two teams: Red & Blue Team. The game board is a demo factory, where the Red Team's objective is to inflict harm, while the Blue Team's mission is to defend it.
The games starts with an interactive setup phase. The Red Team will choose their tactics and techniques to be able to reach their objectives. The Blue Team will concentrate on understanding their environment and selecting appropriate initial defenses. Following the team introductions, the core of the workshop begins: the game loop, where each team alternates between planning and executing their actions. The Red Team will have different opportunities for their next actions aimed at breaching the Blue Team's defenses. The Blue Team will decide on their countermeasures to thwart the Red Team's efforts. Each round concludes with an evaluation phase, where the effectiveness of the actions taken by both teams is assessed. The workshop wraps up with a recap session, summarizing key learnings and discussing the outcomes of the game.
The workshop's interactive and gamified approach aims to enhance participants' understanding of cybersecurity dynamics with focus of OT environments. Participants will work alongside peers to develop and implement strategies, enhancing their understanding of both offensive and defensive cybersecurity measures. The workshop draws on the extensive experience of seasoned Red and Blue Team specialists to focus on real-world scenarios and case studies. It leverages the deep expertise of Nick and Nicholas, who are OT Blue Team specialists, and Sarah, a Senior Red Teamer with an OT specialization. Their combined knowledge ensures that the workshop addresses current industry challenges in both offensive and defensive OT cybersecurity.
Attendees will acquire a comprehensive understanding of both offensive and defensive cybersecurity strategies, along with enhanced teamwork and communication skills. Additionally, participants will learn to prioritize actions and strategies in emergency situations, gaining knowledge not only about specific tools and techniques but also the strategic approaches fundamental to Red and Blue Team operations in industrial environments.

Module 1
Introduction to IoT
1.1 Briefing of IIoT and Usage
• About us
• Course Overview
• Fundamentals of IoT Security
• Overview of Industrial Internet of Things (IIoT)
• Applications in various industries (manufacturing, healthcare, transportation)
• Benefits and challenges of IIoT adoption
1.2 Architecture
• Typical IoT architecture: sensors, connectivity, data processing, user interface
• Key components: devices, gateways, cloud services, and end-user applications
1.3 Framework/Platforms
• Common IoT platforms and frameworks (AWS IoT, Google Cloud IoT, Microsoft Azure IoT)
• Comparative analysis of features and use cases
1.4 Attack Surfaces
• Identifying potential vulnerabilities in IoT ecosystems
• Examples of common attack vectors (device vulnerabilities, network vulnerabilities, application vulnerabilities)
• Fcc.io information
• Tools of trade
• How to do visual analysis
• How to recon hardware
1.5 OWASP IoT Top 10 Vulnerabilities
• Detailed explanation of the OWASP IoT Top 10 vulnerabilities
• Real-world examples and case studies for each vulnerability

Module 2
MQTT
2.1 Introduction
• Overview of MQTT (Message Queuing Telemetry Transport)
• Use cases and importance in IoT communication
2.2 Protocol Details
• MQTT architecture and communication model
• Key components: clients, brokers, topics, and messages
2.3 Recon and Enumeration of Topics
• Techniques for discovering MQTT topics
• Tools and methodologies for topic enumeration
2.4 DOS Attack
• Understanding Denial of Service attacks on MQTT
• Methods and tools for conducting DOS attacks
2.5 Sensor based attack
• hacking with sensors and physics
• some cases

Module 3
Zigbee (802.15.4)
4.1 Introduction and Protocol Overview
• Overview of Zigbee protocol and its importance in IoT
• Zigbee network architecture and key components
4.2 Reconnaissance
• Techniques for discovering Zigbee networks and devices
• Tools and methodologies for network reconnaissance
4.3 Sniffing and Eavesdropping
• Methods for capturing Zigbee communication
• Tools for sniffing and analyzing Zigbee traffic
4.4 Replay Attacks
• Understanding replay attacks on Zigbee networks
• Methods and tools for conducting replay attacks
4.5 Packet Forging Attack
• Techniques for creating and injecting malicious Zigbee packets
• Tools and methodologies for packet forging
4.6 Jamming Attacks
• Understanding jamming attacks on Zigbee networks
• Methods and tools for conducting jamming attacks
4.7 Dissociation Attacks
• Techniques for disconnecting devices from Zigbee networks
• Tools and methodologies for dissociation attacks

Module 4
Bluetooth Low Energy (BLE)
5.1 Introduction and Protocol Overview
• Overview of BLE and its importance in IoT
• BLE architecture and key components
5.2 Reconnaissance (Active and Passive) with HCI Tools
• Techniques for discovering BLE devices
• Tools and methodologies for active and passive reconnaissance
5.3 GATT Service Enumeration
• Understanding the Generic Attribute (GATT) profile
• Techniques for enumerating GATT services and characteristics
5.4 Sniffing GATT Protocol Communication
• Methods for capturing BLE GATT communication
• Tools for sniffing and analyzing GATT traffic
5.5 Reversing GATT Protocol Communication
• Techniques for reverse engineering GATT communication
• Tools and methodologies for reversing GATT protocols
5.6 Read and Writing on GATT Protocol
• Understanding read and write operations in GATT
• Methods and tools for performing read and write attacks
5.7 Cracking Encryption
• Techniques for breaking BLE encryption
• Tools and methodologies for cracking BLE encryption

Module 5
LoRa
6.1 Introduction and Protocol Overview
• Overview of LoRa (Long Range) protocol and its importance in IoT
• LoRa network architecture and key components
6.2 Reconnaissance
• Techniques for discovering LoRa networks and devices
• Tools and methodologies for network reconnaissance
6.3 Sniffing of Over-the-Air Communication
• Methods for capturing LoRa communication
• Tools for sniffing and analyzing LoRa traffic
6.4 Reverse Engineering of Protocol
• Techniques for reverse engineering LoRa protocols
• Tools and methodologies for protocol analysis
6.5 Replay Attack
• Understanding replay attacks on LoRa networks
• Methods and tools for conducting replay attacks
6.6 Packet Forging Attack
• Techniques for creating and injecting malicious LoRa packets
• Tools and methodologies for packet forging

Module 6

Module 7
Sub-GHz RF
10.1 Introduction
• Overview of Sub-GHz RF technology and its importance in IoT
• Sub-GHz RF architecture and key components
10.2 Reconnaissance
• Techniques for discovering Sub-GHz RF networks and devices
• Tools and methodologies for network reconnaissance
10.3 Overview of Various Shift Keying
• Understanding different types of shift keying (FSK, ASK, PSK)
• Applications and vulnerabilities of each type
10.4 Reversing of RF
• Techniques for reverse engineering RF protocols
• Tools and methodologies for protocol analysis
10.5 Crafting RF Signals
• Techniques for creating and injecting malicious RF signals
• Tools and methodologies for signal crafting

Module 8
Hardware
11.1 Basics of Electronics
• Introduction to basic electronic concepts and components
• Understanding voltage, current, resistance, and power
11.2 Understanding Electronic Components
• Overview of common electronic components (resistors, capacitors, diodes, transistors)
• Identifying and using electronic components in IoT devices
11.3 PCB Reverse Engineering and Component Identification
• Techniques for reverse engineering printed circuit boards (PCBs)
• Tools and methodologies for identifying components on PCBs

Module 9
I2C
12.1 Introduction
• Overview of I2C (Inter-Integrated Circuit) protocol
• Importance of I2C in IoT communication
12.2 I2C Protocol
• Understanding I2C communication model and key components
• Data transfer methods and addressing
12.3 Interfacing with I2C
• Techniques for interfacing with I2C devices
• Tools and methodologies for I2C communication
12.4 Manipulating Data via I2C
• Techniques for manipulating data on I2C bus
• Tools and methodologies for data manipulation
12.5 Sniffing Run-Time I2C Communication
• Methods for capturing I2C communication
• Tools for sniffing and analyzing I2C traffic

Module 10
SPI
13.1 Introduction
• Overview of SPI (Serial Peripheral Interface) protocol
• Importance of SPI in IoT communication
13.2 SPI Protocol
• Understanding SPI communication model and key components
• Data transfer methods and addressing
13.3 Interfacing with SPI
• Techniques for interfacing with SPI devices
• Tools and methodologies for SPI communication
13.4 Manipulating Data via SPI
• Techniques for manipulating data on SPI bus
• Tools and methodologies for data manipulation
13.5 Sniffing Run-Time SPI Communication
• Methods for capturing SPI communication
• Tools for sniffing and analyzing SPI traffic

Module 11
UART
14.1 Introduction
• Overview of UART (Universal Asynchronous Receiver/Transmitter) protocol
• Importance of UART in IoT communication
14.2 Identifying UART
• Techniques for identifying UART interfaces
• Tools and methodologies for UART identification (automated and manual)
14.3 Debugging Over UART
• Methods for debugging IoT devices via UART
• Tools and methodologies for UART debugging

Module 12
JTAG/SWD
15.1 Introduction
• Overview of JTAG (Joint Test Action Group) and SWD (Serial Wire Debug) protocols
• Importance of JTAG/SWD in IoT communication and debugging
15.2 Identifying JTAG/SWD
• Techniques for identifying JTAG/SWD interfaces
• Tools and methodologies for JTAG/SWD identification (automated and manual)
15.3 Debugging Over JTAG/SWD
• Methods for debugging IoT devices via JTAG/SWD
• Tools and methodologies for JTAG/SWD debugging
15.4 Dumping Data and Manipulating Memory Address and Data
• Techniques for data extraction and memory manipulation via JTAG/SWD
• Tools and methodologies for memory analysis and modification

Module 13
Introduction of Automotive Industry
The automotive industry encompasses the design, development, manufacturing, marketing, and sale of motor vehicles. It is a complex ecosystem involving various stakeholders, including automakers, suppliers, dealerships, and aftermarket service providers.

Module 14
Vehicle External Communications
The Electrical/Electronic (EE) architecture of vehicles refers to the network of electronic control units (ECUs), sensors, actuators, and communication buses that control and monitor vehicle functions. It includes high-speed CAN (Controller Area Network), LIN (Local Interconnect Network), Ethernet, and FlexRay buses.

OBD2 (On-Board Diagnostics)
OBD2 is a standard protocol used for diagnostics and reporting of vehicle emissions and performance. It provides access to real-time data from ECUs, enabling vehicle maintenance and troubleshooting.

This intensive two-day course equips you with practical skills for identifying and exploiting vulnerabilities in mobile apps across both Android and iOS. You'll analyze a mix of real-world apps and custom training apps using tools like Frida, Burp Suite, jadx and other open-source tools.

By the end of the training, you’ll know how to:

- intercept and analyze any type of network traffic in mobile apps, even when SSL pinning is used,
- bypass protection mechanisms such as root/jailbreak detection,
- decompile APKs and perform manual source code reviews,
- reverse engineer Swift-based iOS applications and
- apply a thorough methodology based on the OWASP Mobile Application Security Testing Guide (MASTG).

The labs cover static and dynamic analysis, reverse engineering, and Software Composition Analysis (SCA), all through hands-on exercises.

No need to bring your own devices — each participant gets access to a cloud-based, rooted Android and jailbroken iOS environment via Corellium.

Whether you are a beginner wanting to learn mobile app testing from scratch, an experienced penetration tester or developer wanting to improve your mobile application security knowledge and skills, or someone looking to have some fun, this training will help you achieve your goals.

## Detailed outline

### Day 1 - Android

We begin with an overview of the Android platform and its security architecture, then move into a full day of hands-on labs covering:

- Setting up an Android testing environment with Corellium
- Using Android Debug Bridge (adb) effectively during app pentests
- Intercepting network traffic from apps built with frameworks like Flutter
- Analyzing network traffic, including non-HTTP protocols, with Burp Suite and Wireshark
- Reverse engineering a Kotlin app and exploiting a real-world deep link vulnerability through manual code review
- Scanning APKs for hardcoded secrets
- Getting started with Frida for dynamic instrumentation
- Analyzing Android app storage options (app-specific, shared storage, etc.)
- Using dynamic instrumentation with Frida to:
- Bypass root detection mechanisms
- Bypass Frida detection mechanisms
- Attacking a real world app and overcome it's protection mechanisms.

### Day 2 - iOS

On the second day, we shift to iOS app security, again focusing on hands-on labs:

- Static analysis of Swift code to identify vulnerabilities and eliminate false positives
- Software Composition Analysis (SCA) for iOS: scanning third-party libraries and mitigation strategies
- Setting up the iOS testing environment with Corellium
- Intercepting network traffic in iOS apps
- Bypassing different implementations of SSL pinning using Frida
- Frida crash course for dynamic instrumentation on iOS Apps
- Analyzing iOS app storage mechanisms
- Testing methodology using jailed (non-jailbroken) devices via Frida gadget injection
- Testing watchOS apps and understanding platform limitations
- Using Frida to bypass runtime protections:
- Anti-Jailbreaking mechanisms
- Frida's detection logic

We’ll wrap up the final day with a Capture the Flag (CTF), where you can apply your new skills and win a prize!

Upon completing the course, participants will:

- have a deeper understanding of mobile app security testing,
- know how to identify and exploit vulnerabilities,
- be able to recommend effective mitigation strategies to development teams, and
- follow a structured testing methodology based on the OWASP Mobile Application Security Testing Guide (MASTG).

### What students should bring

To follow all exercises and participate fully, students should have:

- A laptop (Windows or macOS) with at least 16 GB of RAM and 50 GB of free disk space
- Full administrative access to the system (e.g., ability to disable VPN or antivirus if needed)
- Virtualization software (e.g., VMware, VirtualBox, or UTM); a pre-configured virtual machine will be provided for both x86 and ARM architectures (including M1–M4 MacBooks), with all required tools preinstalled.
- Optional but recommended: A tablet for viewing the lab slides during hands-on sessions.

An iOS or Android device is **not** required. Each participant will receive access to a cloud-based Corellium instance, including a jailbroken iOS device and a rooted Android device, for use throughout the training.

### What students will receive

- PDF slide decks and lab instructions for both Android and iOS.
- All vulnerable training apps, provided as APK and IPA files.
- A Dockerfile containing the APIs with which the apps communicated.
- Detailed write-ups for all labs, which you can review at your own pace after the course.
- Access to a dedicated Slack channel for pre-course preparation, in-class support, and post-course Q&A.
- A certificate of completion.

### What prerequisites should students have before attending this training?

This course is designed for beginner to intermediate participants. Students should have:

- A basic understanding of mobile apps
- Basic experience using the Linux command line