Sponsored by: Hacker House

Hacker House Penetration Testing workshop aimed for entry-level technicians looking to develop offensive skills. Are you seeking to better understand cyber security topics and gain practical experience? Interested in bug bounties and expanding your career but wondering where to begin? Hacker House will provide an introduction to penetration testing in a hands-on format, taking the student through the steps necessary to conduct a security assessment against Internet technologies. Our course requires a knowledge of Linux, TCP/IP basics, familiarity with a command line and any laptop capable of running a VM. Hacker House will provide a lecture and practical demos on penetration testing for attending students.

Sponsored by: SANS Institute

This training session will have a sneak preview of SANS’ new Security 699: Advanced Threat Emulation and Attack Simulation.

After a brief introductory lecture on the scenario, it will be primarily hands-on attack emulation and testing of defensive controls. This scenario is based off observed Tactics, Techniques, and Procedures (TTPs) attributed to the group known as APT-30. We will simulate a selection of these TTPs against an environment that includes Azure AD and third-party Active Directory integrations. This session will have participants testing defenses against real-world attacks. Participants need to bring a laptop with VMware or Virtualbox to run a single VM (provided) that interacts with the target environment (also provided).

Attack Highlights:

• Modern Spearphishing with PDFs
• Lateral Movement in the enterprise
• Malware driven Command and Control

Sponsored by: SANS Institute

This training session will have a sneak preview of SANS’ new Security 699: Advanced Threat Emulation and Attack Simulation.

After a brief introductory lecture on the scenario, it will be primarily hands-on attack emulation and testing of defensive controls. This scenario is based off observed Tactics, Techniques, and Procedures (TTPs) attributed to the group known as APT-30. We will simulate a selection of these TTPs against an environment that includes Azure AD and third-party Active Directory integrations. This session will have participants testing defenses against real-world attacks. Participants need to bring a laptop with VMware or Virtualbox to run a single VM (provided) that interacts with the target environment (also provided).

Attack Highlights:

• Modern Spearphishing with PDFs
• Lateral Movement in the enterprise
• Malware driven Command and Control

Brief presentations about training, higher education, and employment around the ShellCon community. We are interested in spreading the word about things like career opportunities, internships, scholarships, and training discounts. If you would like to present in this event, send a request to RaiseMe@shellcon.io

Scheduled Talks:

• The Coastline College CCAP Program
  • Dr. Brandon R. Brown (ProBro)
• Webster University’s Yellow Ribbon Program
  • Malia Mason
• Remote Job Opportunities at Tanium
  • Merissa Villalobos

The Infosec industry is an eccentric field, and you may have found that following standard job placement advice has you in a stall. Whether you’re a security professional looking for a new situation, or just trying to break in, we’ll work with you in real time on your resume language and your job hunting situation, and you’ll get group feedback and support. We’ll also tell you about the job hunting dogma you need to avoid. Some of the people who have met in these groups stay in contact with each other long after the event is over, and return to give us good news about progress in their careers.

Many candidates have come to us frustrated by the number of interviews they’ve attended without getting any job offers. Or because they need help getting over interview anxiety. Also, often times candidates don’t realize that when they receive an offer, they are expected to negotiate. A well-understood negotiation is essential in order to settle on a set of compensation parameters and working conditions that will make them happy, and commit to the company for the long run. This training is in a group environment to offer maximum support and feedback.

Sponsored by: Vertical Sysadmin, Inc.

Integrating security with the development and deployment process begins with a fundamental understanding of the tools DevOps uses. This competence is highly desired by companies, but often missing in the Information Security discipline. Get your DevOps down with this LPI DevOps Tool Engineer lead by Aleksey Tsalolikhin, Vertical Sysadmin, Inc..

This content is for infosec engineers working in a DevOps environment with Software Engineering, Container Deployment, Configuration Management and Monitoring. Even attendees who aren’t exam bound will appreciate learning about Blue Team tools like Docker, Vagrant, Ansible, Puppet, Git, and Jenkins.

Aleksey will field technical questions and help prepare attendees for taking the exam. He will explain the importance of understanding the objectives, the test structure, and how obtaining the certification is professionally beneficial. Bring your questions!

Exam Objectives

Sponsored by: Vertical Sysadmin, Inc.

We’ve all heard of the shell, and we’ve all used it at least a little bit. But what IS a shell, really? What makes shell scripting fundamentally different from any other programming language? What really happens when you type a command into your shell–and how does this relate to the mistake found in over 50% of production shell scripts? Attend this talk, demystify the shell and learn to use it right!

This presentation will give particular attention to security, such as dangers of globbing and dangers of unquoted variables. The instructor will also take questions- adjusting to the skill level of attendees, each class can go deep and will be unique.