The best place in Latin America to learn about IT security. Our trainings take place on the days previous to the conference and are dictated by the most well-known infosec leaders at a national and international level.

Most of these courses are not available elsewhere - You can't miss them!

#Eko2020 Trainings

These trainings take place on the days prior to the conference and have limited seats. Some are dictated in other international conferences at higher prices, and some are Ekoparty exclusive. Don't miss your chance! 


ONLINE     September 20-23 



INCLUDES 

   Trainings of 2, 3 & 4 days     Certificate of attendance      

 OFFENSIVE MOBILE REVERSING AND EXPLOITATION

Ever wondered how different attacking a Mobile application would be, from a traditional web  application? Gone are the days when knowledge of just SQL Injection or XSS could help you  land a lucrative high-paying infoSec job.  This course is designed to introduce beginners as well as advanced security enthusiasts to the  world of mobile security using a fast-paced learning approach through intensive hands-on labs.                           



THE DEVSECOPS MASTERCLASS 

Managing comprehensive security for continuous delivery of applications across organizations continues to remain a serious bottleneck in the DevOps movement. The methodology involved in implementing effective security practices within delivery pipelines can be challenging. 

This training is designed to give a practical approach of implementing Security across Continuous Delivery Pipelines by leveraging the plethora of cloud offerings and is backed by a ton of hands-on labs, original research and real-world implementations of DevSecOps that work.


ATTACKING AND DEFENDING CONTAINERS, KUBERNETES AND SERVERLESS

With Organizations rapidly moving towards micro-service style architecture for their applications, container and serverless technology seem to be taking over at a rapid rate. Leading container technologies like Docker have risen in popularity and have been widely used because they have helped package and deploy consistent-state applications. Serverless and Orchestration technologies like Kubernetes help scale such deployments to a massive scale which can potentially increase the overall attack-surface to a massive extent, if security is not given the attention required


SECURE PROGRAMMING 101 


This is an intermediate hands-on course in which attendees will understand and experience the use of the OWASP Application Security Verification Standard. In this way, they will learn to develop strategies and understand the elements for secure programming, allowing to mitigate risks in personal or work-related projects.

FROM ZERO TO HERO: PENTESTING AND SECURING DOCKER, SWARM & KUBERNETES ENVIRONMENTS

Containerization and orchestration have changed the way in which technologies  are deployed and managed today. Attack techniques and securitization processes need to be reinvented, we are forced to learn new ways to audit and protect this kind of environment. This training is designed for RedTeam and BlueTeam professionals who are looking for practical applied security knowledge on containerization and orchestration from an offensive and defensive point of view. Black Box, Grey Box and White Box analysis are covered on Docker, Docker Swarm and Kubernetes.

ADVANCED ICS HACKING

Industrial control systems (ICS) are often a sitting target for cybercriminals. The majority of these systems monitor complex industrial processes and critical infrastructures that deliver power, water, transport, manufacturing and other essential services. There are many vulnerabilities in ICS systems that could expose an installation to attacks. Downtime or     infiltration of an ICS network could result in massive outages, hundreds of thousands of impacted users and even national disaster. Penetration testing on ICS systems is very specific and requires in-depth knowledge and hardware availability.


    REVERSE ENGINEERING APPLIED TO
MALWARE ANALYSIS


This is an introductory course on reverse engineering and malware analysis. It is designed so that people with little or no experience on these topics can attain the tools to quickly understand how a threat works, by focusing on the more practical aspects of analysis.

 * MAIN TRAINING* 

PRACTICAL ANDROID EXPLOITATION LITE

The Practical Android Exploitation course from Xipiter is a comprehensive course aimed to teach all about Android security. Students get hands on experience with the Android SDK/NDK and related toolchains and use that knowledge to write and analyze exploits and malware on Android. In this course participants will exploit userland and kernel Android vulnerabilities as well as discuss jailbreaks and the various attack surface of Android applications. This class is aimed to an indispensable training for mobile developers, forensics investigators, software security professionals, pen-testers, and others. 
           

      2 days

ADVANCED INVESTIGATIONS, PRIVACY & OPEN SOURCE INTELLIGENCE TECHNIQUES 

This course not only covers the technical aspect, but goes beyond to analyze the human component, to provide greater knowledge when performing tasks in this area. Students will learn how to obtain information about users and assets of a company, using physical and logical techniques. For this, conventional and unconventional sites will be analyzed, which will allow for a more extensive and thorough investigation. 

HACKING & HARDENING HUMAN OS
(SOCIAL ENGINEERING) 

The goal of this training is to teach attendees the different techniques and tools used for Social Engineering, so they can be included in pentests. With this knowledge, attendees will be able to craft awareness campaigns to help detect these types of scams, thus elevating security at organizations. 


    STEALING THE CROWN - RED TEAMING ACTIVE DIRECTORY ENVIRONMENTS 

In this training we will explain current Techniques, Tactics and Procedures for infiltrating networks, maintaining persistence and scaling until reaching the targets in Active Directory infrastructures.

For those who work on pentesting and want to get closer to network teaming, it will give a better understanding of the tactical techniques and procedures (TTPs) used by real attackers.

For those who work on defense, it will help understand how attacks work to devise and strengthen the defense of their infrastructure.


INTRODUCTION TO ANDROID APP EXPLOTATION 

This training will allow students to learn application penetration testing techniques and methods of exploiting vulnerabilities in Android.

The focus is on practicing the techniques explained during the course, so that the student not only incorporates 
the theory, but also the experience in exploiting vulnerabilities. The course dynamic will be the theoretical presentation of each of the modules and a set of applications or situations in which that knowledge must be applied.


    HOW TO MAKE MONEY BY HACKING BIG COMPANIES WITH BUG BOUNTY PROGRAMS

This 2-day training seeks to shorten your learning curve if you are interested in earning money by reporting security flaws in Bug Bounty programs. Not only will we cover the necessary concepts, tools, methodologies and security problems that are most frequently reported in this type of program, but we will tell you what nobody tells you when you decide to immerse yourself in Bug Bounty, along with some recommendations.


More trainings on the way!