Buenos Aires Trainings 2020

 The best place in Latin America to learn about IT security. Our trainings take place on the days previous to the conference and are dictated by the most well-known infosec leaders at a national and international level.

Most of these courses are not available elsewhere - You can't miss them!

#eko16 Trainings - Buenos Aires 2020



PLACE TBC     September 19-22 



INCLUDES 

   Trainings of 2,3 or 4 días     Certificate of assistance     2 coffee breaks and lunch    

 * MAIN TRAINING* 

HACKING FIRMWARE & HARDWARE LITE

This is an intensive hands-on course covering tools and methods for manipulating, modifying, debugging, reverse engineering, interacting with, and exploiting the software (firmware) and hardware of embedded systems. These embedded systems include COTS "IoT ("Internet Of Things") products (such as routers, webcams, etc.) and Industrial/Enterprise devices. Participants will gain hands-on experience with real-world devices and products, learning to interface with them on a low level. Participants will also be walked through the process of finding several of the 0-day found and disclosed by the instructors.
           

      2 days

 OFFENSIVE MOBILE REVERSING AND EXPLOITATION

Ever wondered how different attacking a Mobile application would be, from a traditional web  application? Gone are the days when knowledge of just SQL Injection or XSS could help you  land a lucrative high-paying infoSec job.  This course is designed to introduce beginners as well as advanced security enthusiasts to the  world of mobile security using a fast-paced learning approach through intensive hands-on labs.                           


BURP SUITE PRO, 100% HANDS-ON

This training isn’t about web hacking. Instead, it's for Web hackers who want to master their toolbox. Burp Suite Pro is the leading tool for auditing web applications at large, but also a complex beast where new features get added every few weeks.       



The DevSecOps Masterclass 

Managing comprehensive security for continuous delivery of applications across organizations continues to remain a serious bottleneck in the DevOps movement. The methodology involved in implementing effective security practices within delivery pipelines can be challenging. 

This training is designed to give a practical approach of implementing Security across Continuous Delivery Pipelines by leveraging the plethora of cloud offerings and is backed by a ton of hands-on labs, original research and real-world implementations of DevSecOps that work.


Attacking and Defending Containers, Kubernetes and Serverless

With Organizations rapidly moving towards micro-service style architecture for their applications, container and serverless technology seem to be taking over at a rapid rate. Leading container technologies like Docker have risen in popularity and have been widely used because they have helped package and deploy consistent-state applications. Serverless and Orchestration technologies like Kubernetes help scale such deployments to a massive scale which can potentially increase the overall attack-surface to a massive extent, if security is not given the attention required


Alice in Malwareland: Falling into the Threat Intelligence Rabbit Hole

Todo empieza cuando Alicia, analista de seguridad se encuentra sentada en su oficina aburrida leyendo un manual de referencia sobre la ISO 27001. Repentinamente, aparece Bad Rabbit en su sistema de monitoreo, vestido de ransomware corriendo para auto-distribuirse por la red interna de las compañía, mirando su wallet crecer. 

En esta segunda edición del curso vamos a develar las técnicas que Alicia, las dificultades que nos podemos encontrar en Malwareland y cómo resolverlas.


Programación Segura 101 


El entrenamiento ​PROGRAMACIÓN SEGURA 101​, es un curso intermedio en el cual los asistentes de una forma práctica podrán comprender y experimentar el uso del Application  Security Verification Standard de OWASP. El entrenamiento PROGRAMACIÓN SEGURA 101 le permite a los participantes desarrollar estrategias y entender los elementos para la  programación segura permitiendo mitigar los riesgos en proyectos personales o de sus organizaciones 


ADVANCED ICS HACKING

Industrial control systems (ICS) are often a sitting target for cybercriminals. The majority of these systems monitor complex industrial processes and critical infrastructures that deliver power, water, transport, manufacturing and other essential services. There are many vulnerabilities in ICS systems that could expose an installation to attacks. Downtime or infiltration of an ICS network  could result in massive outages, hundreds of thousands of impacted users and even national disaster. Penetration testing on ICS systems is a very specific that requires in-depth knowledge and hardware availability.

From Zero to Hero: Pentesting and Securing Docker, Swarm & Kubernetes Environments

Containerisation and orchestration have changed the way in which technologies  are deployed and managed today. Attack techniques and securitization  processes need to be reinvented, we are forced to learn new ways to audit and

protect this kind of environments.  This training is designed for RedTeam and BlueTeam professionals who are  looking for practical applied security knowledge on containerisation and  orchestration from an offensive and defensive point of view. Black Box, Grey Box  and White Box analysis are covered on Docker, Docker Swarm and Kubernetes.

 * MAIN TRAINING* 

PRACTICAL ANDROID EXPLOITATION LITE

The Practical Android Exploitation course from Xipiter is a comprehensive course aimed to teach all about Android security. Students get hands on experience with the Android SDK/NDK and related toolchains and use that knowledge to write and analyze exploits and malware on Android. In this course participants will exploit userland and kernel Android vulnerabilities as well as discuss jailbreaks and the various attack surface of Android applications. This class is aimed to an indispensable training for mobile developers, forensics investigators, software security professionals, pen-testers, and others. 
           

      2 days

ADVANCED INVESTIGATIONS, PRIVACY & OPEN SOURCE INTELLIGENCE TECHNIQUES 

This course not only covers the technical aspect, but goes beyond to analyze the human component, to provide greater knowledge when performing tasks in this area. Students will learn how to obtain information about users and assets of a company, using physical and logical techniques. For this, conventional and unconventional sites will be analyzed, which will allow for a more extensive and thorough investigation. 

Hacking & Hardening HumanOS
(INGENIERÍA SOCIAL) 

El objetivo de este training es el de capacitar a los asistentes en las  distintas técnicas y herramientas utilizadas dentro de la Ingeniería Social,  con el fin de poder incluirlas dentro de sus Pentest como así también,  habilitarlos a realizar distintas campañas de concientización que ayuden a  detectar este tipo de engaños y elevar así la seguridad de sus  organizaciones. 


ADVANCED FUZZING AND CRASH ANALYSIS 

This class is designed to introduce students to the best tools and technology available for automating vulnerability discovery and crash triage with a focus on delivering a practical approach to applying this technology in real deployments at any scale.



Vulnerability Research for Embedded Systems

This is a follow-on course to our Reverse-Engineering for Embedded Systems course. It is intended for engineers who need to perform assessments and then actually demonstrate vulnerabilities on embedded systems, IOT devices or similar systems. In this course, students learn how to find vulnerabilities, demonstrate them by writing exploits, and communicate the nature and severity of vulnerabilities to a non-technical audience.    

This is a majority hands-on course, with theory and lectures as needed. Exercises focus on embedded Linux and ARM but some other architectures are mixed in for perspective. This course balances application of skills with fundamental knowledge so no one is just “going through the steps” but rather is engaging in a creative problem-solving experience, just like in the real world.      


Stealing the Crown - Red Teaming Active Directory Environments 

En este entrenamiento explicaremos Técnicas, Tácticas y Procedimientos actuales para infiltrarse en las redes, mantener persistencia e ir escalando hasta conseguir los objetivos buscados en infraestructuras Active Directory.

Para aquellos dedicados al pentesting y que quieren acercarse al red teaming, permite conocer las técnicas tácticas y procedimientos (TTPs) utilizados por atacantes reales.

Para aquellos que se dedican a la defensa comprender como funcionan los ataques para idear y fortalecer la defensa de su infraestructura (conociendo al enemigo).


Cómo Ganar Dinero Hackeando Grandes Empresas con Programas de Bugbounty 


Un taller que te cuenta las realidades del BugBounty, una practica cada vez más popular entre las organizaciones, que busca utilizar el potencial de miles de hackers para conseguir que sus activos informáticos estén cada vez mas seguros.


Esta formación de 2 días busca acortar tu curva de aprendizaje si te planteas ganar dinero reportando problemas de seguridad en programas de BugBounty, no solamente cubriremos los conceptos necesarios, las herramientas, metodologías y los problemas de seguridad que se reportan más frecuentemente en este tipo de programas, sino que te contaremos eso que nadie te dice cuando decides dedicarte al BugBounty y algunas recomendaciones para que tu vida en esta área sea más llevadera.


Ingeniería Inversa Aplicada a Análisis de Malware


Curso introductorio de ingeniería inversa y análisis de código para personas que quieran incursionar en el análisis de malware. Está diseñado para que personas con poca o sin experiencia en ingeniería inversa y análisis de código puedan tener herramientas para entender rápidamente el funcionamiento de una amenaza, al concentrarse en los aspectos más prácticos del análisis. De esta manera, el curso se desarrollará primero presentando una base teórica para nivelar conceptos y luego analizando casos reales.


Introducción a la Explotación de aplicaciones en Android


Este training permitirá a los que lo cursen aprender técnicas de penetration testing de aplicaciones y métodos de explotación de vulnerabilidades en Android.

Se pone foco en la práctica de las técnicas explicadas durante el curso, para que el alumno incorpore no solo la teoría sino que también pueda incorporar experiencia en la explotación de las vulnerabilidades

 

More trainings on the way!