Training


List of training sessions for Recon 2015:


2-Day training

Reversing telecom platforms for security: applied hacking on legacy monolithic MSC and HLR to modular ATCA's reversing

Learn about contemporary telecom and mobile system reverse engineering within the context of Telecom and Mobile Network operators and how core telecom infrastructure operates, down to the usage of these service by operators mobile apps and handset manufacturer's platforms.


We will see from the mobile handset (Android, apps, platform) to the enterprise applications (iPBX) up to the Core Network how are all these technologies meshed together and how to make sense of their protocols and applications.

click here for more details


Hardware hacking

This course teaches hardware hacking and reverse engineering techniques commonly used against electronic products and embedded systems. It is a combination of lecture and hands-on exercises covering the hardware hacking process, proper use of tools and test measurement equipment, circuit board analysis and modification, embedded security, and common hardware attack vectors. The course concludes with a final hardware hacking challenge in which students must apply what they've learned in the course to defeat the security mechanism of a custom circuit board. The main goal is to give students the resources and skills they need to confidently approach hardware hacking and to come up with creative solutions for their own particular projects or problems.

click here for more details


Exploit Laboratory: Advanced Browser Exploitation

Learn advanced browser exploitation techniques, DEP and ASLR bypass, ROP chaining and Use-After-Free bugs in this intermediate/advanced level exploit development training. Exploit Laboratory: Advanced Browser Exploitation is the next step for those who have already taken an introductory class in exploit development and want to take their red team skills to the next level. Our lab environment will be made available to all attendees to take with them and continue learning after the two days are complete! Can be combined with Exploit Lab: Master as a 4-day class.

click here for more details


Exploit Laboratory: Master

Take your exploit development skills to the max with this highly advanced level class. The Exploit Laboratory: Master class covers topics such as advanced ROP chains, an in-depth analysis of infoleak bugs, one-byte memory overwrite ownage, heap spraying on modern Javascript engines, server side heap spraying, kernel exploits and using ROP in kernel exploits. As an added bonus, we shall also cover and an introduction to 64-bit exploitation. Our lab environment will be made available to all attendees to take with them and continue learning after the two days are complete! Can be combined with Exploit Lab: Advanced Browser Exploitation as a 4-day class.

click here for more details


3-Day training

Security of BIOS/UEFI System Firmware from Attacker's and Defender's Perspective

A variety of attacks targeting system firmware have been discussed publicly, drawing attention to the pre-boot and firmware components of the platform such as BIOS and SMM, OS loaders and secure booting. This training will detail and organize objectives, attack vectors, vulnerabilities and exploits against various types of system firmware such as legacy BIOS, SMI handlers and UEFI based firmware, mitigations as well as tools and methods available to analyze security of such firmware components. It will also detail protections available in hardware and in firmware such as Secure Boot implemented by modern OSes against bootkits.


The training includes theoretical material describing a structured approach to system firmware security analysis and mitigations as well as many hands-on exercises to test system firmware for vulnerabilities. After the training you should have basic understanding of platform hardware components and various types of system firmware, security objectives and attacks against system firmware, mitigations available in hardware and firmware. You should be able to apply this knowledge in practice to identify vulnerabilities in BIOS and perform forensic analysis of the firmware.

click here for more details


4-Day training

Reverse Engineering Malware

Learn how to unpack and Reverse-Engineer malware in this 4-day class.


Covered Topics: Unpacking, Static and Dynamic Analysis, IDA Python and Targeted Attacks.

click here for more details


Windows Internals for Reverse Engineers

Learn the internals of the Windows NT kernel architecture, including Windows 10 and Server 2015, in order to learn how rootkits, PLA implants, NSA backdoors, and other kernel-mode malware exploit the various system functionalities, mechanisms and data structures to do their dirty work. Also learn how drivers operate and how they can be subject to attack from user-mode callers to elevate their privileges. Finally, learn how CPU architecture deeply ties into OS design, and how Intel, ARM and AMD's mistakes can lead to more pwnage.

click here for more details


Botnet Takeover Attacks for Reverse Engineers

Learn how to apply reverse-engineering to botnet takeover attacks. This 4-day training will teach the fundamentals of botnet command-and-control protocol reversing, identifying and breaking cryptography, as well as reconstructing botnet topologies and identifying weaknesses in their infrastructure. Students will learn to use this knowledge to design botnet takeover attacks and practice their skills in various hands-on exercises.

click here for more details


Windows Kernel Rootkits Techniques and Analysis

This class is tailored for malware analysts, system developers, forensic analysts, incident responders, or enthusiasts who want to analyze Windows kernel rootkits or develop software for similar tasks. It introduces the Windows architecture and how various kernel components work together at the lowest level. It discusses how rootkits leverage these kernel components to facilitate nefarious activities such as hiding processes, files, network connections, and other common objects. As part of the analytical process, we will delve into the kernel programming environment; we will implement some kernel-mode utilities to aid our understanding.


Needless to say, the class will contain many hands-on labs and exercises using real-world rootkits. There are no made-up examples in the class.

click here for more details


Utilizing Programmable Logic for Analyzing Hardware Targets

Hardware security analysis differs from software security analysis primarily in the tools and techniques required for the task at hand. However, many security researchers overestimate the learning curve required to begin successfully performing embedded hardware analysis. This training is specifically designed for security researchers who wish to improve their familiarity with hardware security and hardware implementations in particular. The training is built as a set of Capture the Flag (CTF) style assignments designed to familiarize students with common flaws in hardware implementations.


In this training, students will learn to develop custom hardware implementations utilizing programmable logic, i.e. Field-Programmable Gate Arrays (FPGAs) and Complex Programmable Logic Devices (CPLDs). Students will thoroughly understand the advantages of building tools based on programmable logic, understand how hardware implementations are realized and exploit several common hardware security flaws.

click here for more details


OS X Kernel Internals for Security Researchers

This brand new course introduces you to the low level internals of the OS X kernel from the perspective of a security researcher interested in vulnerability analysis, kernel rootkit/malware analysis/detection or kernel exploit development.


While this course is concentrating on OS X Mavericks and Yosemite on the x64 cpu architecture many of the topics are also relevant for the iOS kernel.

click here for more details