Free workshops on advanced infosec topics, July 2021
## 1/JUL Inside ARMX: EMULATING IoT FIRMWARE
#### NEW RELEASE - ARMX on DOCKER
This is the closest you will get to a VM for testing IoT devices.
The [ARMX IoT Firmware Emulation Framework](https://armx.exploitlab.net) is a tried-and-tested framework which has led to ~~four~~ several 0-days discovered on SoHo routers, IP cameras and VoIP telephones. The ARMX framework has been regularly updated since 4 years, and is used extensively in Saumil's popular ARM IoT Exploit Laboratory training.
In this workshop, we will talk about the internals of ARMX, demonstrate a few use cases and discuss future directions of IoT firmware emulation. The workshop shall conclude with a demonstration of the new dockerized version of ARMX and upcoming features.
Participants will get to download and try out the latest ARMX during this hands-on workshop.
#### Prerequisites
* Linux system with Docker installed
* Working comfortably with the Unix command line
**AUDIENCE** Beginner and Intermediate
**DURATION** 2 hours lecture/demo
**This workshop is a preview of what you can expect in Saumil's [ARM IoT Exploit Laboratory](https://ringzer0.training/arm-iot-exploitlab.html) training at #VirtualVegas 2021.**
Saumil is an internationally recognized conference speaker and instructor for over 20 years. He is also the co-developer of the wildly successful "Exploit Laboratory" courses and authored two books titled "Web Hacking: Attacks and Defense" and "The Anti-Virus Book".
Saumil holds an M.S. in Computer Science from Purdue University, USA and a B.E. in Computer Engineering from Gujarat University. He spends his leisure time playing Pacman, flying kites, traveling around the world and taking pictures.
## 9/JUL Hands-On Malware Analysis:
#### UNPACKING MALWARE USING REVERSING TOOLS AND DEBUGGERS
Malware authors use many forms of obfuscation to complicate the analysis of their code, as well as to aid in avoiding detection by security products. Packing is one such technique, in that the malicious program is hidden inside another program. To effectively analyze malware, the first step is to identify when packing is being employed and extract the hidden executable. Failure to do so can result in time wasted analyzing the unpacking logic or mis-identifying a malicious program.
In this hands-on workshop, you will learn how to identify signs of packing and obfuscation in native code formats (PE files) using a variety of free and open source tools. We will develop strategies for detecting both known and custom packers, as well as perform unpacking using reversing tools and debuggers such as IDA Pro, Ghidra and x64dbg. By the end of this workshop you will be equipped to recognize the signs of packing and the tools needed to tackle it head-on!
#### Pre-requisites
The primary requirement for this workshop is a desire to learn and the determination to tackle challenging problems. However, having some familiarization with the following topics will help students maximize their learning in this workshop:
* Basic malware analysis
* An understanding of programming languages such as control structures (IF statements, loops and functions), data structures (objects, structures, arrays) and variable usage
* Ability to read assembly for Intel 32 and 64 bit architectures
* Proficiency with a Windows-based debugger such as WinDbg, x64dbg or Immunity
**AUDIENCE** Intermediate
**DURATION** 2 hours lecture/demo, 15 minute break mid-session, 30 - 45 minutes QA. Total 3 hours
**Josh uses these techniques extensively in his full blown training [Advanced Malware Analysis and Reverse Engineering](https://ringzer0.training/advanced-malware-analysis.html) at #VirtualVegas 2021.**
Dr. Josh Stroschein is an Assistant Professor at Dakota State University where he teaches malware analysis, software exploitation, reverse engineering, and penetration testing. Josh also works as a malware analyst for Bromium, an end-point security company and is the Director of Training for the Open Information Security Foundation (OISF). Josh has spent years developing security-related courses and is passionate about sharing that knowledge with others all over the world. Josh lives in South Dakota with his wife Janice and three children.
## 16/JUL Hands-On Machine Learning for Automated Program Analysis
This workshop features a practical hands-on approach to automated program analysis using machine learning. Given the increasing pervasiveness of IoT devices and malware, there is a great need to perform automated reverse engineering at scale, especially since reverse engineering software and firmware can often be a manual, labor-intensive, and time-intensive process. This workshop is perfectly suited for students who are new to machine learning and want to learn how to use it to tackle cybersecurity problems and to automate their program analysis and reverse engineering efforts.
#### Prerequisites
* Knowledge of Python 3 programming
* Knowledge of computer architecture concepts
* Knowledge of an assembly language (e.g., x86/x64, ARM, etc.)
* Familiarity with navigating Linux environments and command line knowledge
**AUDIENCE** Beginner and Intermediate
**DURATION** 2 hours lecture/demo
**For the full version of this topic, check out Hahna's [Automated Program Analysis using Machine Learning](https://ringzer0.training/automated-program-analysis-ml.html) training at #VirtualVegas 2021.**
For the past 15 years of her engineering career, Hahna Kane Latonick has worked throughout the defense industry specializing in cybersecurity as a security researcher for the Department of Defense and other defense contracting companies. She has been featured as a cybersecurity subject matter expert on Fox Business News, ABC, U.S. News and World Report, and other national media outlets. She has led three tech startups, serving as CTO of two of them and Director of R&D. She has trained and developed security researchers at one of the top five aerospace and defense industry companies. Over the years, she has also taught at different conferences, such as Ringzer0 and Security BSides Orlando. In 2014, she became a DEFCON CTF finalist, placing in 6th and ranking in the top 1.5% of ethical hackers worldwide. She also holds a CISSP and CEH certification. Latonick attended Swarthmore College and Drexel University where she earned her B.S. and M.S. in Computer Engineering along with a Mathematics minor.
#### TRAINING SCHEDULE
| | |
|------------------|---------------------|
| AUG 23 Monday | Live Lecture (3h) |
| AUG 24 Tuesay | Live Lecture (3h) |
| AUG 25 Wednesday | Live Lecture (3h) |
| AUG 26 Thursday | Live Lecture (3h) |
| AUG 27 Friday | Live Lecture (3h) |
| AUG 28 Saturday | Live Lecture (3h) |
| AUG 29 Sunday | Live Lecture (3h) |
##### 3h Lecture Timings
| | |
|---------------|---------------------|
| 8 am - 11 am | US Pacific Time |
| 11 am - 2 pm | US Eastern Time |
| 4 pm - 7 pm | UK |
| 5 pm - 8 pm | CET |
Lecture Recordings
Recordings shall be made available
after each lecture, throughout the duration
of the course. ONLY FOR REGISTERED STUDENTS.
