Hola Kukulcan84. Bienvenido al foro. Gracias por compartir el video.
Les recuerdo que si quieren embedir videos de Youtube es solo cuestion que usen el BBCode [html]. Si quieren un video de como hacerlo se los dejo aquí. Esta un poco largo el video, en realidad solo es copiar el codigo de Youtube y pegarlo entre tags de [html] ... [/html]
"Getting Started With ATT&CK" es un Ebook (PDF) que contiene un compilado de publicaciones de MITRE sobre como utilizar correctamente el framework.
...during summer 2019 we decided to write a series of blog posts around getting started with ATT&CK. The posts, inspired by Katie Nickels’ Sp4rkcon talk “Putting MITRE ATT&CK into Action with What You Have, Where You Are,” were written by members of the ATT&CK team and focused on what we consider ATT&CK’s four primary use cases. For each use case, the authors laid out advice on how an organization could get started with ATT&CK based on available resources and overall maturity. This publication pulls together their collective wisdom, originally posted on Medium, into a single package. We hope you read it and get some new ideas on getting started with ATT&CK. Let us know what you think—we’d love to hear your feedback.
Adam Pennington Principal Cybersecurity Engineer ATT&CK Blog Editor in Chief MITRE
Black Hat is the most technical and relevant information security event series in the world. For more than 20 years, Black Hat Briefings have provided attendees with the very latest in information security research, development, and trends in a strictly vendor-neutral environment. These high-profile global events and Trainings are driven by the needs of the security community, striving to bring together the best minds in the industry. Black Hat inspires professionals at all career levels, encouraging growth and collaboration among academia, world-class researchers, and leaders in the public and private sectors.
From its inception in 1997, Black Hat has grown from a single annual conference in Las Vegas to the most respected information security event series internationally. Today, Black Hat Briefings and Trainings are held annually in the United States, Europe and Asia, providing a premier venue for elite security researchers and trainers to find their audience.
WHAT WE DO Briefings Black Hat Briefings were created more than 20 years ago to provide security professionals a place to learn the very latest in information security risks, research and trends. Each year, internationally leading security researchers take the stage to share their latest work and exploits in a friendly, vendor-neutral environment. Vulnerabilities are often exposed that impact everything from popular consumer devices to critical international infrastructure and everything in between. Black Hat seeks groundbreaking research to fill both 25 and 50-minute speaking slots for each annual show.
Trainings Black Hat Trainings offer attendees individual technical courses on topics ranging from the latest in penetration testing to exploiting web applications and even defending and building SCADA systems. Often designed exclusively for Black Hat, these hands-on attack and defense courses are taught by industry and subject matter experts from all over the world with the goal of defining and defending tomorrow's information security landscape.
Review Board + Content Selection The Black Hat Review Board is comprised of over 24 of the industry's most credible and distinguished security professionals and thought leaders throughout various areas of the information security community. The Review Board advises Black Hat on its strategic direction, reviewing and programming conference content and providing unparalleled insight into the research community. You can find more information on the Review Board here: www.blackhat.com/review-board.html.
Black Hat strives to deliver one of the most empirical content selection processes in the industry. All submissions are vetted thoroughly by the Black Hat Review Board. Each submission is reviewed for uniqueness, overall content expertise and accuracy before any selections are made. Through the course of this dynamic review process, the Black Hat Review Board members will frequently ask researchers for clarity on any areas of question in their submissions – whether it be about the uniqueness or audacity of claims made. The best submissions come with academic-grade papers, proof-of-concept code and/or video demonstrations of the work done. Of note, Black Hat does not support pay-for-play Briefings. The Black Hat Briefings are and always have been independently selected based on quality of content and area of expertise rather than sponsorship.
Attracting Top Talent and Research Black Hat is proud of the level of research and vulnerability disclosures that happen onsite each year. We also strongly support and encourage responsible disclosure. To this end, Black Hat has a strong partnership with the Electronic Frontier Foundation (EFF) to provide pro-bono legal consultations to security researchers on the legality of any research or data they plan to present at the annual shows. Black Hat and EFF are dedicated to defending free speech and privacy rights to facilitate the boundary–pushing research and vulnerability disclosure that attendees have come to know and love at each annual show.
WHO SHOULD ATTEND Security Practitioners (IT Specialists, Security Analysts, Risk Managers, Security Architects/Engineers, Penetration Testers, Security Software Developers, Cryptographers, Programmers, Government Employees and many more) Hone your skills with the latest tools and techniques being used in the industry through Black Hat's intensely technical and relevant Briefings and Trainings. Explore challenges and successes others in the field are experiencing, while collaborating on uses for emerging platforms, development models and best practices.
Security Executives, Business Developers and Venture Capitalists (CISOs, CEOs, Presidents, Directors, VPs, Consultants) Take advantage of a multi-billion-dollar industry by networking with other top information security executives, practitioners and potential investors. Gain knowledge of opportunities in the constantly growing information security industry while engaging with the community that is molding the future of the field and trailblazing new ventures. The Black Hat CISO Summit, an exclusive gathering of 200 top industry executives and security industry leaders, ignites open conversations and "think tank" style breakout sessions. This full day of discussions is unique to Black Hat and provides unmatched opportunities for networking and learning.
Vendor Companies and Sponsors (Hardware, Software, Middleware, Services, More) Black Hat attracts more than 17,000 of the world's most renowned security experts, executives and attendees, creating the industry's most dynamic and concentrated information security community. Engage this audience over the course of two days by showcasing your latest and greatest innovations, expertise, services and products.
The Business Hall is the epicenter of where business happens at Black Hat, featuring more than 150 of the industry's top solution providers and start-ups showcasing the latest tools, technologies and services supporting the security community.
Career Seekers and Recruiters (Seasoned Veterans, Students, Schools, Expanding Companies) Black Hat provides an opportunity for you to get your name out to the best new and seasoned talent in the industry. Meet face-to-face with the top international talent committed to defining and defending the future of security. Job seekers, meet with the most influential companies and recruiters who are hiring now. Bring your resumes and business cards and make game-changing connections.
Academia (Professors, Students Aged 18+) Black Hat provides students with the opportunity to interact with and learn from top industry professionals through conference sessions, networking activities, Business Hall Sessions, and more. There is an academic rate for students and full-time university professors interested in attending.
WHAT REcon is a computer security conference with a focus on reverse engineering and advanced exploitation techniques. It is held annually in Montreal, Canada. It offers a single track of presentations over the span of three days with a focus on reverse engineering and advanced exploitation techniques.
For more information, including pricing and hotel reservation details, head over to the conference page.
WHEN Conference: June 28 - 30, 2019
Training: June 24 - 27, 2019
Training: July 1 - 4, 2019
WHERE REcon will be held in downtown Montreal, Canada at the Hilton Double Tree.
Some training will be held at Monville a block away from Hilton Double Tree. Training location will be annouced when registration open
Important Note: As of last year many foreign travelers to Canada will require an Electronic Travel Authorization (eTA) prior to entering the country. Please check the following website to find out if this applies to you: http://www.cic.gc.ca/english/visit/visas.asp
The second round of talks have been accepted We’d like to congratulate the submitters who have been selected for the second phase of the CFP!
Attacking Hexagon: Security Analysis of Qualcomm's ADSP by Dimitrios Tatsis Automating the exploit primitive discovery process in embedded devices by Christopher Roberts Automation Techniques in C++ Reverse Engineering by Rolf Rolles Burned in Ashes: Baseband Fairy Tale Stories by Guy Defeating APT10 Compiler-level Obfuscations by Takahiro Haruyama MINimum Failure - Stealing Bitcoins with Electromagnetic Fault Injection by Colin O'Flynn Mining Disputed Territories: Studying Attacker Signatures for Improved Situational Awareness by Juan Andres Guerrero-Saade Open-Source Ghidra: The First Few Months by emteere and ghidracadabra Reversing and Exploiting Broadcom Bluetooth by Dennis Mantz and jiska Seeing Inside the Encrypted Envelope by Natalie Silvanovich Snow Crashing Virtual Reality, 2019 Edition by Alex Radocea The (Long) Journey To A Multi-Architecture Disassembler by Joan Calvet The Backdoor Foundry: A Toolchain for Building Application Specific Implants by Evan Jensen The Last Generic Win32k KASLR Defeat in Windows 10 by Alex Ionescu The Path to the Payload: Android Edition by Maddie Stone The ROM matrix revolutions: Unscrambling bits by Chris Gerlinsky The road to Qualcomm TrustZone apps fuzzing by Slava Makkaveev Unveiling the underground world of Anti-Cheats by Joel Noguera Using WPP and TraceLogging Tracing to Facilitate Dynamic and Static Windows RE by Matt Graeber Vectorized Emulation: Putting it all together by Brandon Falk April 23, 2019 The first round of talks have been accepted We’d like to congratulate the submitters who have been selected for the first phase of the CFP!
Burned in Ashes: Baseband Fairy Tale Stories by Guy (@shiftreduce) The ROM matrix revolutions: Unscrambling bits by Chris Gerlinsky Unveiling the underground world of Anti-Cheats by Joel Noguera The Backdoor Foundry: A Toolchain for Building Application Specific Implants by Evan Jensen The Path to the Payload: Android Edition by Maddie Stone MINimum Failure - Stealing Bitcoins with Electromagnetic Fault Injection by Colin O'Flynn Seeing Inside the Encrypted Envelope by Natalie Silvanovich Open-Source Ghidra: The First Few Months by emteere and ghidracadabra Attacking Hexagon: Security Analysis of Qualcomm's ADSP by Dimitrios Tatsis
MAY 18-20, 2020 AT THE HYATT REGENCY, SAN FRANCISCO, CA
41st IEEE Symposium on Security and Privacy
Sponsored by the IEEE Computer Society Technical Committee on Security and Privacy in cooperation with the International Association for Cryptologic Research
Since 1980, the IEEE Symposium on Security and Privacy has been the premier forum for presenting developments in computer security and electronic privacy, and for bringing together researchers and practitioners in the field. The 2020 Symposium will mark the 41st annual meeting of this flagship conference.
The Symposium will be held on May 18-20, 2020, and the Security and Privacy Workshops will be held on May 21, 2020. Both events will be in San Francisco, CA at the Hyatt Regency.
Training May 10-11-12-13, 2020 Training High-quality training sessions, given by the absolute best experts in their field. We strive to provide the highest level of exclusive content, giving you a unique opportunity to improve your applied security knowledge.
Conference May 14-15, 2020 Conference Subjects covered will be as diverse as pentesting, network security, software and/or hardware exploitation, web hacking, reverse engineering, malware and cryptography.
Competition (CTF) May 15-17, 2020 Competition (CTF) Our applied security contest (also called "Capture The Flag") opposes 75 teams of 8 people trying to obtain the most points by capturing flags.
NorthSec is pleased to announce its high-quality training sessions, given by the absolute best experts in their field. We strive to provide you with the highest level of exclusive content, giving you a unique opportunity to improve your applied security knowledge during NorthSec.
Training Sessions include Full ticket to the NorthSec Conference Full ticket to the NorthSec Conference Coffee, refreshments, snacks and lunch Coffee, refreshments, snacks and lunch Special Networking Event Special Networking Event 2020 Sessions
Crypto Attacks and Defenses JP Aumasson Teserakt Philipp Jovanovic EPFL DEDIS Lab May 12, 13th This training familiarizes developers and security professionals of any level with modern cryptography concepts and best practices. It covers basic notions, including randomness generation, authenticated encryption, and elliptic curves, as well as applications like TLS 1.3, password security protocols, libraries and APIs, and software side-channel attacks. Finally, our training offers an overview of advanced topics including post-quantum cryptography. More information
Mastering Burp Suite Pro 100% Hands-On Nicolas Gregoire Agarri May 11, 12 and 13th Burp Suite Pro is the leading tool for auditing Web applications at large. Mastering it allows users to get the most out of the tool, optimizing time spent. Work will be faster, more effective and more efficient. What’s more, advanced automation techniques allow detection of additional vulnerabilities whether complex or subtle. Attendees will also learn to measure the quality of their attacks, a crucial skill in real-life engagements. More information
Advanced Web Hacking Dhruv Shah NotSoSecure May 11, 12 and 13th Advanced Web Hacking class talks about a wealth of hacking techniques to compromise web applications, APIs and associated end-points. This class focuses on specific areas of app-sec and on advanced vulnerability identification and exploitation techniques (especially server side flaws). This hands-on class covers neat, new and ridiculous hacks which affected real life products and have found a mention in real bug-bounty programs. In this class vulnerabilities selected are ones that typically go undetected by modern scanners or the exploitation techniques are not so well known. More information
Mastering Container Security Rory McCune NCC Group May 12, 13th Containers and container orchestration platforms such as Kubernetes are on the rise throughout the IT world, but how do they really work and how can you attack or secure them? This course takes a deep dive into the world of Linux containers, covering fundamental technologies and practical approaches to attacking and defending container-based systems such as Docker and Kubernetes. In the 2020 version of the course we'll be focusing more on Kubernetes as it emerges as the dominant core of cloud native systems and looking at the wider ecosystem of products which are used in conjunction with Kubernetes. More information
Dark Side Ops: Malware Dev SilentBreak Security May 10, 11th Dark Side Ops: Malware Dev focuses on the goals, challenges, architecture, and operations of advanced persistent threat (APT) tooling. Participants will dive deep into source code to gain a strong understanding of execution vectors, payload generation, automation, staging, command and control, and exfiltration. More information
Adversary Tactics: Detection SpecterOps May 10, 11, 12 and 13th Enterprise networks are under constant attack from adversaries of all skill levels. Blue teamers are facing a losing battle; as the attacker only needs to be successful once to gain access. This course builds on standard network defense and incident response (which target flagging known malware) by focusing on abnormal behaviors and the use of attacker Tactics, Techniques, and Procedures (TTPs). We will teach you how to create threat hunting hypotheses based on attacker TTPs to perform threat hunting operations and detect attacker activity. In addition, you will use free and open source data collection and analysis tools (Sysmon, ELK and Automated Collection and Enrichment Platform) to gather and analyze large amounts of host information to detect malicious activity. You will use these techniques and toolsets to create threat hunting hypotheses and perform threat hunting in a simulated enterprise network undergoing active compromise from various types of threat actors. More information
Adversary Tactics: Red Team Ops SpecterOps May 10, 11, 12 and 13th Upgrade your Red Team engagements with bleeding-edge Tactics, Techniques, and Procedures (TTPs) used by attackers in real-world breaches. This course will teach students how to infiltrate networks, gather intelligence, and covertly persist in a network like an advanced adversary. Students will use the skillsets taught in Adversary Tactics: Red Team Ops to go up against live incident responders in an enterprise lab environment designed to mimic a mature real-world network. Students will learn to adapt and overcome Blue Team response through collaborative feedback as the course progresses. More information
Fine print Dates Training sessions take place right before the conference from Sunday til Wednesday. Dates vary by individual training, make sure to check. Training sessions start at 9am and finish at 5pm. Trainers can lengthen the schedule if they want to.
Included Full ticket to the NorthSec Conference (Thursday and Friday) Coffee, refreshments, snacks and lunch Access to a special networking event with drinks on May 12th If you already purchased your conference ticket, write us un email at registration@nsec.io to get a refund. Note that we reserve the right to cancel a training if a minimum number of participants isn’t met.
Pricing See individual training pages for pricing.
Early bird until December 31st: 20% off* Not-so Early bird until February 29th: 10% off* Student pricing (50% off) is available upon request and on selected training. Contact us for details. Prices are in $CAD before taxes and eventbrite fees * NEW: There is a 5 ticket per training limit on the number of early bird and not-so early bird tickets. The next early bird pricing will be automatically available when the previous one is sold out.
Venue The training sessions will be hosted at the Downtown Holiday Inn Hotel this year. See our Venue page for details.
Continuing Professional Education (CPE) Credits We can emit proof of CPE credits for those who are certified through (ISC)2 upon request.
16 CPE credits for a two-day training session 24 CPE credits for a three-day training session 32 CPE credits for a four-day training session
Where: TOP_SECRET (no joke!) / совершенно секретно / 絕密
Tickets: SOLD OUT!
Call For Papers/Villages: CLOSED! Subscribe to our mailing list:
Email Address
B3 S0c14l: Twitter * IRC/freenode/#THOTCON THOTCON is a hacking conference based in Chicago IL, USA. This is a non-pro fit, non-commercial event looking to provide the best conference possible o n a limited budget.
Once you attend a THOTCON event, you will have experienced one of the best information security conferences in the world combined with a uniquely casu al and social experience.
THOTCON 0xB is the eleventh incarnation of this event and will be held on a Friday and Saturday, May 8th and 9th, 2020.
The conference will be held at a location only to be disclosed to attendees and speakers during the week before the event. For more information, explor e this site or contact us at info@thotcon.org.
Выпить все бухло, взломать все вещи!
THOTCON is produced by THOTCON Infinity NFP, a tax-exempt 501(c)(3) nonprof it organization. Make a tax deductible donation to help create a sustainable THOTCON!
We value inclusion and diversity at our events and strictly enforce our Code of Conduct.
*** THOTCON Future Hacker Scholarship ***
This is a unique, one-time $5,000.00 USD award designed to help a future ha cker with their higher education ambitions.
For more information please visit our Scholarship page. ***END THOTCON TRANSMISSION************************************************ ***************************************************************************
Learn how to prevent, detect and respond to today’s cyber threats with cyber security training in Orlando SANS provides practical training that addresses the challenges you face daily as a cyber security professional. Join us in Orlando at SANS 2020 (April 3-10), and experience relevant training that will help you sharpen your skills and become more effective at your job. Choose from more than 50 courses!
Please check the schedule for course dates. Courses may begin and end on different days during the week of training.
Two-Day Courses Begin: Friday, April 3 Welcome Reception & Early Check-In: Saturday, April 4 Four-, Five- and Six-Day Courses Begin: Sunday, April 5 NetWars: Wednesday, April 8 and Thursday, April 9 Don't miss this opportunity to strengthen your information security skillset with cutting-edge training from SANS in Orlando! Choose your course and register now.
What attendees say about their SANS training experience: “Top-notch, up-to-date security training taught by industry leaders.” - Randy Jackson, Amazon
“I left SANS with a deeper understanding of each topic we covered, and new long-term career goals. I've attended a 5-day training course with a different organization in the past, and the quality of teaching and content doesn't begin to compare to SANS.” - Nicholas Marquez CenterState Bank
Nothing beats the SANS live training experience but if you are unable to attend learn how you can attend remotely.
CanSecWest, the world's most advanced conference focusing on applied digital security, is about bringing the industry luminaries together in a relaxed environment which promotes collaboration and social networking. The conference lasts for three days and features a single track of thought provoking presentations, each prepared by an experienced professional and talented educator who is at the cutting edge of his or her field. We give preference to new and innovative material, highlighting important, emergent technologies, techniques, or best industry practices.
The conference is single track, with one hour presentations over the duration beginning at 9:00 a.m. The registration fee includes the catered meals, and there will be a vendor display and lounge/eating area, where wireless internet access will be available (as well as in the speaking theater).
8:30am Welcome to WWHF 9:00am URL HackingKeynote - Time Travel and GPS F*ckery 10:00am Airplane Mode: Cybersecurity @ 30,000+ FeetHow to Build a High-Performing Red Team 11:00am S1/E3.1 1:00pm Casting with the Pros: Tips and Tricks for Effective PhishingTBD 2:00pm Adversarial Emulation with The C2 MatrixTBD 3:00pm Labours of Hercules: Be Like PhilWhoops. I accidentally helped start the offensive intel branch of a foreign intel service 4:00pm : Breaking Through the Boundaries of Cyber Security Job Search ChallengesHacking Humans: Using OSINT to put together Social Engineering Scenarios that Actually Work 5:00pm Not Just Evil: Hacking Mainframes with Network Job Entry
Friday, March 13
9:00am Credential Stuffing: Identifying and fixing your exposure 10:00am Inherit Cellular Insecurities in our Critical Infrastructure 11:00am Breaking into Banks Like a BossURL Hacking 1:00pm Avionics Primer for HackersHunting Software Vulnerabilities without Reversing 2:00pm : I really wanna hear you say… ‘I threat hunt thaaat way.’”CitiZen Cyber SkillZ for Public Service. And Great Justice… 3:00pm Security is Not a Game, the Game
TROOPERS20 Facts Two days of high end trainings and hands on experience on Monday and Tuesday. Two-day three-track conference on Wednesday and Thursday. Our famous TROOPERS Roundtables on Friday. A lot of fun!
TROOPERS Trainings On Monday and Tuesday during the TROOPERS Week we host our premium selection of the TROOPERS Trainings. There are only two-day trainings. Trainings will be instructed by leading experts in their topics and you will mostly only find these trainings during TROOPERS!
TROOPERS20 Student Motivational Letters and Technical Challenge This year we will continue with our tradition for current Highschool, Bachelor and Master degree students, where you have to submit a Motivational Letter and (try to) solve a technical challenge.
What needs to be included in your motivational letter
Tell us about yourself! Why are you interested in IT-Security? Why do you want to come to TROOPERS? What will you contribute to TROOPERS as an attendee? A little of feedback on the letters from the previous years. The people who received tickets clearly spent much time thinking about their answers to our questions. They did not give generic answers such as "IT is cool yo", but really gave us insight into themselves and their vision for their future within the IT Security community.
Give the technical challenge your best try. No one's submission will be disqualified from consideration if they cannot complete the challenge as long as the Motivational Letter and the proof of student status have also been submitted.
TROOPERS20 Student tickets include free entry to our Main TROOPERS conference on Wednesday and Thursday, and our Roundtable discussions on Friday. While we do not provide travel assistance, please refer to our travel page for information regarding where to stay and how to get here. If you have questions or need assistance you can always write us at info@troopers.de
SecureWorld conferences provide more content and facilitate more professional connections than any other event in the cybersecurity industry. Join your fellow security professionals for affordable, high-quality training and education. Attend featured keynotes, panel discussions, and breakout sessions—all while networking with local peers. Earn 12-16 CPE credits through 60+ educational elements, learning from nationally recognized industry leaders.
For over 18 years, we’ve stayed on top of global IT security issues and shared the critical knowledge and tools needed to protect against ever-evolving threats. Through our network of industry experts, thought leaders, practitioners, and solution providers, we collaborate to produce leading-edge, relevant content and educational opportunities.
We host 17 annual conferences across North America, web conferences every three weeks, a weekly podcast, and online training courses, and serve as a hub for cybersecurity news and resources. We hope you'll consider becoming part of our security community!
