EUSKALHACK SECURITY CONGRESS II

June 20-22, 2017 | Donostia - San Sebastian

EN PRICE TABLE SCHEDULE TERMS REGISTER NOW

Bug hunting bootcamp | Discovering 0day - Eldar Marcussen

List of prices:

PERIOD	PRICE
From February 15th 2017 to April 15th 2017	2.500€
From April 16th 2017 to May 31th 2017	2.750€
From June 01st 2017 to June 12th 2017	3.000€

Coffee breaks and lunch included
Training materials
Free admission to EuskalHack Security Congress
Course will be cancelled if the minimum of 4 students do not enroll *

Schedule:

TIME	PLAN
08:30 - 08:55	Registration
09:00 - 11:00	Training
11:00 - 11:30	Coffee Break
11:30 - 14:00	Training
14:00 - 15:30	Lunch
15:30 - 17:00	Training
17:00 - 17:30	Tea Break
17:30 - 19:30	Training

The term zero day can be frightening to most in the IT and information security business, but for bug hunters it is just another bug where the vendor hasn't been notified yet, or future rewards from bug bounty programs. This intense three day lab based course will teach you how to find these bugs, evaluate root cause, assess impact and write exploit to prove zero day vulnerabilities in software. The course will cover both manual and automated vulnerability hunting in web applications, embedded devices and compiled binaries. Additionally we will cover how to chain bugs together to achieve unauthenticated remote code execution, vendor notification, vulnerability disclosure and how to obtain a CVE. The training prioritizes real world vulnerabilities across several languages.

Audience and prerequisites:
The course is aimed at beginners and security professionals alike, a variety of targets to practice bug hunting skills on the participant can find something suitable for their skill level.

Students are expected to be somewhat familiar with the Linux command line as well as OWASP Top 10 & CWE-25
Basic scripting knowledge is recommended, but not required.
Students must be able to run a VMWare virtual machine (vmware player or workstation) to complete this course.

Course duration, format and materials:
Three days training.

Students will take home the training slides and material as well as the lab virtual machine.
Upon completing this training, the student will have a good understanding of how and where to look for security flaws in software, using both automated and manual techniques.
The student will also be able to write exploits for the common bug classes covered by the training.
A certificate of completion of the training course.

Other considerations:

Coffee breaks and lunch included
Training language: English
Training materials
Students need to bring their own laptop
Free admission to EuskalHack Security Congress (Two days Coffee breaks and lunch included)
Please note: Course will be cancelled if the minimum of 4 students do not enroll

About the trainer:

Eldar is a penetration tester and security researcher with HackLabs where he performs redteaming, and other pentests. He is also an assessor for CREST Australia. He has worked closely with bugcrowd in the past and was a recipient of the first CVE 10K candidate numbers. In addition to finding vulnerabilities he contributes to and maintain several open source projects—in his spare time—aimed at web application security and penetration testing. These include graudit, doona, lbmap, dotdotpwn, nikto and more.

Detailed training course agenda:

DAY 1

Bug hunting approaches and theory
Choosing suitable targets
Static and dynamic analysis
Web application bugs and exploits

DAY 2

Chaining bugs
Web application bugs and exploits
Bug hunting in embedded devices

DAY 3

Binary bugs and exploits
Automation
Dealing with disclosure
Conclusion