Trainings

The following presentations are locked in to be presented at SAINTCON 2021.  More content is being added every day as we review and approve them for the conference.  Check back frequently for updates.

Privacy Workshop

Seth Johnson

BEGINNER

New and improved privacy workshop with learnings post-COVID

Python for Scriptkiddies

Seth Manesse

BEGINNER

Want to learn hacky Python? In this workshop, you’ll learn just enough to Google your way to success in various scripting capacities. From HTTP requests to multithreading, this workshop focuses on Python concepts that are dead useful in the infosec day-to-day. Whether you need to scrape a site, generate a super-custom wordlist, or customize a web directory bruteforcer, Python has the tools you need to get by. This workshop is geared towards beginners, but we won’t spend time covering all the ins and outs of Python – just enough to get you started on your next scripting adventure.

Printing Cookies (for Yum and Profit)

Kevin Lustic

Intermediate

After revelations about the Solarwinds breach went public, the interwebs exploded with investigations and incidents featuring the same attackers. In a blog post, Volexity reported the Solarwinds attackers had targeted a think tank and were regularly visiting the victim’s Outlook Web Access (OWA) server to siphon email. Interestingly, despite the OWA server having Duo 2Factor protections in place, the attackers only provided a username and password to log in, completely skipping the 2Factor step! In this hands-on workshop intended for beginner-to-intermediate hackers, participants will discover how such an attack might be carried out and will learn the stealthy power of cookie forgery attacks.

A Day of Python Part 1

Michael Fischer

Intermediate

The purpose of this training is to go from 0-60 with Python within a day. We have about 7 hours to cover a lot of material. Your typical conference information through a fire hose reminiscent of any Hollywood movie depicting chow time during boot camp.
Although not not strictly tied to the morning session we will cover the following:

This is a lofty goal so there are some sacrifice that need to be made. We won’t have time to talk about the fundamentals of computer science or algorithm design – but if there is need for that let us know!
Completion of the material in this course will provide you with a basic foundation in Python programming and a collection of recipes to help you start completing your own productive projects in python.
Already know Python or want to dig into some more advanced topics. Check out Seth Manesse’s Python for Scriptkiddies.

A Day of Python Part 2

Michael Fischer

Intermediate

The purpose of this training is to go from 0-60 with Python within a day. We have about 7 hours to cover a lot of material. Your typical conference information through a fire hose reminiscent of any Hollywood movie depicting chow time during boot camp.
Although not not strictly tied to the afternoon session we will cover the following:

This is a lofty goal so there are some sacrifice that need to be made. We won’t have time to talk about the fundamentals of computer science or algorithm design – but if there is need for that let us know!
Completion of the material in this course will provide you with a basic foundation in Python programming and a collection of recipes to help you start completing your own productive projects in python.
Already know Python or want to dig into some more advanced topics. Check out Seth Manesse’s Python for Scriptkiddies.

Active Directory: Elevate your Domain Security – Offense

Jim Shakespear

Intermediate

Training Part 1: Students will participate in a dedicated Active Directory network to penetrate the domain. During this session, students will use red team tools like Mimikatz, techniques such as Kerberoast and DCSync, and go through the steps of a penetration assessment. All tools will be run through a Windows VM. To wrap up the assessment, students will help report on issues found in the environment that can be addressed in part 2.

Active Directory: Elevate your Domain Security – Defense

Jim Shakespear

Intermediate

Training Part 2: Students will participate in a dedicated Active Directory network that has undergone a recent penetration assessment. Based on the results of the assessment, students will implement improvements to the Active Directory domain and test if their actions improve their domain security. Most improvements will be deployed using Group Policy. Some additional tools for assessing/improving security of the domain will include PingCastle and Sysmon.

Metasploit 101

Santiago Gimenez Ocano

Intermediate

Metasploit is a network application that allows an easy way to develop and execute exploits. In this training we will cover basic concepts of Metasploit like searching and running exploits, as well as intermediate concepts like payload generation and analyzing and developing an exploits. Concepts explained during the training will be enforced with examples and hands-on exercises. Basic knowledge of networking and Linux commands is recommended but not required. Participants are encouraged to bring their laptop with two virtual machines: Kali Linux and Metasploitable.

Easy Serverless Apps for Automating Red Teaming on AWS

Bryce Kunz

BEGINNER

Join us for this hands-on training, where we will walk you through how to easily build your first serverless applications using various AWS services including: Lambda for Processing Data, API Gateway for Communicating with Users S3 for Storage of Data CloudFormation for Automating the Deployment Cloud9 for creating software via the Integrated Development Environment (IDE) And More! 🙂 We will be using AWS’s Serverless Application Model (SAM) to build some incredibly easy to create serverless applications, which will also save you countless hours when executing a red team, penetration testing, and/or purple teaming engagement! This course assumes the student already has some IT experience and would like to learn more about how to apply serverless technologies to automate various workflows. Students should be comfortable with: Basic networking concepts and services (e.g. TCP/IP, DNS, DHCP, etc) Students will benefit from having: Some experience interacting with AWS is recommended, but not required. Some python scripting knowledge is recommended, but not required. Some basic penetration testing experience is recommended, but not required. Students will need to bring to the class: The Laptop needs to be able to join a wireless network with a web browser able to access AWS services. Students do NOT need to have their own accounts with AWS during the course, but having an AWS account will enable the student to continue to work on the course content after the course has concluded for the day.

Basic Buffer Overflow for OCSP

Seth Manesse

BEGINNER

Want an easy 25 points on your OSCP exam? Come learn everything you need to know about buffer overflow to pass the buffer overflow portion of the OSCP exam in under an hour. We’ll go over all the steps necessary to get from basic fuzzing to a reverse shell.
We’ll be using a lab on TryHackMe – come prepared with an account and having joined the room below (it’s free):
https://www.tryhackme.com/room/bufferoverflowprep
It is also strongly recommended to come with a Kali Linux VM, as we’ll be using tools like python* and msfvenom.
Note that this course will NOT cover topics such as ASLR, stack canaries, or other buffer overflow protections – we will focus on the bare essentials and theory of stack-based buffer overflow.
*no scripting knowledge necessary

Basic Bug Bounty with Burpsuite

Nathan Smith

BEGINNER

This training will help those with no skills using burpsuite to be able to start looking for a variety of vulnerabilities in bug bounty platforms or even help their own organization (with permission of course).

Wireshark: A Beginners Introduction

Kyle Feuz

BEGINNER

Have you heard your friends or colleagues talk about “sniffing” network traffic? Do you want to know if that new “smart”-X device is actually just a way for companies to “steal” more of your private information. Find out what is really happening on your networks with this introduction to Wireshark, one of the most popular tools used in industry for network analysis. No prior knowledge is necessary. We will start with a brief introduction to Wireshark, its capabilities and uses. Next, we will discuss where and how to monitor your network with Wireshark and what factors affect those decisions. At this point we are now ready to start applying capture filters, display filters, and custom colorization rules to highlight the information we are interested in seeing. We will focus on understanding several popular network protocols including ARP, IP, ICMP, TCP, UDP, HTTP and others. The entire workshop will be very hands on with many different sample captures to work from as we identify both normal and abnormal traffic. We will not be doing any live captures.

regex: find (and replace) on steroids

Eldon Koyle

BEGINNER

A reduced pain, increased interest introduction to regular expressions. You know you need to learn this, and friends don’t let friends regex alone. We will be using a linux app to walk through the basics of regular expression pattern matching (find) and substitution (replace). Bring your linux (vm is fine) or share with a neighbor.

Mini-Badging 101 with CompukidMike

Michael Whiteley

BEGINNER

Back by popular demand, CompukidMike will show you how to make a minibadge step-by-step. Please install KiCad on your laptop prior to the workshop.
https://www.kicad.org/download/

Mini-Badging 102 with CompukidMike

Michael Whiteley

BEGINNER

It can be daunting to find the proper parts for a minibadge design.You’ll learn how to navigate distributor’s websites and some tricks to find the parts you need to make your minibadge.

Mini-Badging 201

Mike Julander

Intermediate

Time to learn more about mini badging. Learn how to use the mini badge debugger to make your custom mini badges more awesome. 

SAINTCON is a production of the UtahSAINT Organization which is a 501(c)(6) non-profit.
Copyright © 2021 - All Rights Reserved