RINGZER0 HANDS-ON WORKSHOPS

Free workshops on advanced infosec topics

## 11-DEC Hands-On Machine Learning for Automated Program Analysis This workshop features a practical hands-on approach to automated program analysis using machine learning. Given the increasing pervasiveness of IoT devices and malware, there is a great need to perform automated reverse engineering at scale, especially since reverse engineering software and firmware can often be a manual, labor-intensive, and time-intensive process. This workshop is perfectly suited for students who are new to machine learning and want to learn how to use it to tackle cybersecurity problems and to automate their program analysis and reverse engineering efforts. #### Prerequisites * Knowledge of Python 3 programming * Knowledge of computer architecture concepts * Knowledge of an assembly language (e.g., x86/x64, ARM, etc.) * Familiarity with navigating Linux environments and command line knowledge **AUDIENCE** Beginner and Intermediate **DURATION** 2 hours lecture/demo **For the full version of this topic, check out Hahna's [Automated Program Analysis using Machine Learning](https://ringzer0.training/automated-program-analysis-ml.html) training at #CATCH2022.**

Watch the Video

Workshop Instructor

Hahna Kane Latonick

11 DECEMBER 2021
8 am - 10 am Pacific Time
Hahna Kane Latonick
For the past 15 years of her engineering career, Hahna Kane Latonick has worked throughout the defense industry specializing in cybersecurity as a security researcher for the Department of Defense and other defense contracting companies. She has been featured as a cybersecurity subject matter expert on Fox Business News, ABC, U.S. News and World Report, and other national media outlets. She has led three tech startups, serving as CTO of two of them and Director of R&D. She has trained and developed security researchers at one of the top five aerospace and defense industry companies. Over the years, she has also taught at different conferences, such as Ringzer0 and Security BSides Orlando. In 2014, she became a DEFCON CTF finalist, placing in 6th and ranking in the top 1.5% of ethical hackers worldwide. She also holds a CISSP and CEH certification. Latonick attended Swarthmore College and Drexel University where she earned her B.S. and M.S. in Computer Engineering along with a Mathematics minor.



## 12-DEC Modern Malware – Discovering and Triaging Unknown Threats From phishing kits to command & control panels, web shells and directories full of malware, open directories can provide a wealth of information into threat actor operations. But how can we discover open directories associated with malicious activity? And once we discover them, what are the next steps for identifying interesting content? In this workshop, we’ll explore my approach for hunting open directories, the tools and methodology I use and look at some of the most significant findings. Open directories can provide insight into the structure, tools and malware being used by many threat actors. Open directories are simply folders that are viewable on a public web server that provides direct links to all the content. While open directories can be utilized to legitimately share files, such as images and documents, they are often overlooked by threat actors. This oversight can provide a glimpse into the tools they’ve placed on a server, such as open webshells used by QBot and source code for prevalent C2 panels such as Azorult, Pony and AgentTesla. This can not only lead to a deeper understanding of how they operate, but also to help disrupt current campaigns. In this workshop, I will present the tools and techniques I developed for discovering open directories and identifying interesting content. We’ll look at my approach for finding open directories using publicly available threat feeds, the tools I used to automate the process, and explore the most significant content that I discovered. We will also discuss techniques for fingerprinting known tools and how to leverage this information to sift through thousands of malicious URLs more effectively. #### Prerequisites The primary requirement for this workshop is a desire to learn and the determination to tackle challenging problems. However, having some familiarization with the following topics will help maximize learning in this workshop: * Basic malware analysis * An understanding of programming languages such as control structures (IF statements, loops and functions), data structures (objects, structures, arrays) and variable usage **AUDIENCE** Beginner and Intermediate **DURATION** 3 hours lecture/demo **Josh uses these techniques extensively in his full blown training [Modern Malware for Threat Hunters](https://ringzer0.training/modern-malware-threathunters.html) at #CATCH2022.**

Watch the Video

Workshop Instructor

JOSH STROSCHEIN

12 DECEMBER 2021
8 am - 10 am Pacific Time
Josh Stroschein
Dr. Josh Stroschein is an Assistant Professor at Dakota State University where he teaches malware analysis, software exploitation, reverse engineering, and penetration testing. Josh also works as a malware analyst for Bromium, an end-point security company and is the Director of Training for the Open Information Security Foundation (OISF). Josh has spent years developing security-related courses and is passionate about sharing that knowledge with others all over the world. Josh lives in South Dakota with his wife Janice and three children.



## 17-DEC RISC-V Shellcode #### AND OTHER EXPLOIT DEV FUN RISC-V is a new and exciting open source architecture developed by the RISC-V Foundation. The Foundation has released the Instruction Set Architecture open to the public, and a Privilege Architecture Model that defines how general purpose operating systems can be implemented. To compromise a RISC-V application or kernel in the traditional memory corruption manner, one must understand both the ISA and the calling convention for the architecture. In this workshop Don Bailey who currently chairs the RISC-V Security Response Team, takes you into the brave new world of RISC-V shellcoding and exploit development. **AUDIENCE** Beginner and Intermediate **DURATION** 1.5 hours lecture/demo **This workshop is a preview of what you can expect in Don's [Inside RISC-V: Analysis and Exploitation](https://ringzer0.training/riscv.html) training at #CATCH2022.**

Watch the Video

Workshop Instructor

Don Andrew Bailey

17 DECEMBER 2021
8 am - 9:30 am Pacific Time
Don Andrew Bailey
Don A. Bailey is an 18 year veteran of the information security space. His groundbreaking research has shaped information security and has been featured in news agencies from NPR and Reuters, to Fox News and CNN. Don was the first to break Apple's MFi security architecture, demonstrate car hacking, to remotely compromise GPS systems, "broke the Internet" with a critical and wide-spread compression algorithm exploit, and the first to find and develop a working exploit for the RISC-V privilege model security flaw, among other firsts. Previously the Director of Research at the prestigious iSEC Partners think tank, Don founded his own consulting firm in 2012 with a research grant from DARPA. Don went on to help shape the vulnerability, exploit acquisitions, and response ecosystem, becoming a "top 10 hacker" at HackerOne and a Bugcrowd affiliate. During this time, Mr. Bailey consulted with startups on building secure technology from the ground up, and assisted corporations on integrating vulnerability response programs into their engineering process. Don currently leads a startup, Lab Mouse Inc., focused on using secure RISC-V technology to solve social problems in underfunded communities. Mr. Bailey is currently the Chair of the RISC-V Security Response Team, which coordinates vulnerability disclosure between researchers and the RISC-V Foundation.



## 18-DEC Reversing with Ghidra: 2-hour Workshop In this short hands-on workshop, we go over the major features of Ghidra, strengths and weakness, and how it compares to similar tools. We provide exercises that run on Mac, Windows, and Linux so bring whatever environment you got. If you’ve been waiting to take a look at Ghidra, now’s the time! #### Prerequisites * No reverse-engineering experience needed * Basic knowledge of programming **AUDIENCE** Beginner and Intermediate **DURATION** 2 hours lecture/demo **Jeremy's training on Ghidra is one of the best there is. If you enjoyed this workshop, join his training [Reverse Engineering with Ghidra](https://ringzer0.training/reverse-engineering-with-ghidra.html) training at #CATCH2022.**

Watch the Video

Workshop Instructor

Jeremy Blackthorne

18 DECEMBER 2021
8 am - 10 am Pacific Time
Jeremy Blackthorne
Jeremy Blackthorne [@0xJeremy](https://twitter.com/0xJeremy) is a co-founder and instructor at the Boston Cybernetics Institute (BCI). Before BCI, he was a researcher in the Cyber System Assessments group at MIT Lincoln Laboratory. He was the co-creator and instructor for the Rensselaer Polytechnic Institute courses: Modern Binary Exploitation and Malware Analysis. Jeremy has published research at various academic and industry conferences. He served in the U.S. Marine Corps with three tours in Iraq and is an alumnus of RPISEC.



## 19-DEC Unveiling EMUX #### ARM AND MIPS IoT FIRMWARE EMULATION After 4 years, ARMX is changing its call sign. [EMUX](https://emux.exploitlab.net) now features both ARM and MIPS device emulation, in a unified framework! Join us as we unveil EMUX and take you into the inner workings of emulating both ARM and MIPS IoT devices. We will be releasing a new Docker image featuring a MIPS CTF challenge to test your MIPS exploit development skills. The EMUX (previously known as ARMX) framework has been regularly updated since 5 years, and is used extensively in Saumil's popular ARM IoT Exploit Laboratory training. Participants will get to download and try out the latest EMUX during this hands-on workshop. #### Prerequisites * Linux system with Docker installed * Working comfortably with the Unix command line **AUDIENCE** Beginner and Intermediate **DURATION** 2 hours lecture/demo

Watch the Video

Workshop Instructor

Saumil Shah

19 DECEMBER 2021
8 am - 10 am Pacific Time
Saumil Shah
Saumil is an internationally recognized conference speaker and instructor for over 20 years. He is also the co-developer of the wildly successful "Exploit Laboratory" courses and authored two books titled "Web Hacking: Attacks and Defense" and "The Anti-Virus Book". Saumil holds an M.S. in Computer Science from Purdue University, USA and a B.E. in Computer Engineering from Gujarat University. He spends his leisure time playing Pacman, flying kites, traveling around the world and taking pictures.



Videos of Past Workshops

Watch the Videos