Workshops 2024

From zero to hero: Pentesting and Red Team in AWS & GCP Environments Teachers: Carlos Polop & Ignacio Dominguez
Date: Thursday September 26: 09:00 - 18:30
Duration: 8h
Price: 95€
Classroom: 1 "A"
Language: 🇪🇸
Tags: pentesting, redteam, cloud
Description: 

This course begins by laying the foundation with an introduction to the AWS and GCP cloud platforms, focusing on their basic functionalities: How these clouds are organized, how permissions work, how access is granted... Next, we delve into an exploration into depth of several services widely used in both AWS and GCP, highlighting possible configuration errors and vulnerabilities that could lead to an attacker gaining access to the account, escalation of privileges, data exfiltration, maintaining persistence... The course progresses by covering both White Box and Black Box (Red Team) methodologies, equipping students with the knowledge and a good foundation to be able to carry out security audits and Red Team assessments in these cloud environments.

Emphasizing a practical approach, the course features a series of labs (using the infrastructure provided by https://training.hacktricks.xyz/) that the lecturer will solve, ensuring that students not only understand the theoretical aspects, but They also gain real-world experience in applying these concepts.

The course will focus 4 hours on each different cloud.
Estegomalware y APTs. Ocultación maliciosa usando esteganografía Teacher: Alfonso Muñoz
Date: Friday September 26: 14:30 - 18:30
Duration: 4h
Price: 50€
Classroom: N/A
Language: 🇪🇸
Tags: forensic, redteam, threat intelligence
Description: 

This eminently practical workshop will focus on the possibilities of using steganographic techniques in their use in malware and APTs. AV cancellation techniques and possible steganalysis techniques will be analyzed.
Bootcamp de Ciberseguridad Industrial. Fundamentos y laboratorios desde las trincheras.  Teacher:  Josué González
Date: Thursday & Friday September 26 - 27: 09:00 - 18:30
Duration: 16h
Price: 185€
Aula: 3 "G"
Language: 🇪🇸
Tags: industrial, ICS
Description: 

This is an introductory course to industrial cybersecurity with a very large practical component. The first day will take the student through the necessary theory to begin to understand and work in the cybersecurity of industrial systems, always from an applied and realistic point of view. On the second day the student will build a simulated industrial environment, which is a fundamental step, before moving on to carry out attacks on that same system. As an incentive, during the course there will be a more complex "model", with real elements, where you can carry out some of the practices. Check attached for itinerary details.
APIs attack and defense Teacher: Javier Espejo
Date: Thursday September 26: 14:30 - 18:30
Duration: 4h
Price: 50€
Aula: 4 "13"
Language: 🇪🇸
Tags: blueteam, redteam
Description: 

In this workshop I want to teach the main attacks on APIS and show examples that happen on a daily basis with my clients. The second part will be to teach how to set up an API gateway and bastion and improvements in these elements.


Mobile Reverse Engineering with r2Frida Teacher: Alex Soler
Date: Friday September 27: 09:00 - 18:30
Duration: 8h
Price: 95€
Aula: 1 "A"
Language: 🇪🇸
Tags: mobile, reversing
Description: 

Combining dynamic with static analysis is the key to quickly solving many challenges when performing binary analysis. Have you ever thought about combining Radare2 with Frida? This combination has given birth to "R2Frida", an IO plugin that allows you to put the power of Frida into Radare2 land.For beginners with Radare2, the workshop will cover the basics of Radare2 and Frida. During this practical training, we will walk you through how to use R2Frida to analyze Android and iOS mobile apps. Attendees will learn about offensive mobile security, e.g. in-memory string decryption, bypass jailbreak protections, SSL pinning, anti-debugging, or even Frida detections using Frida itself. The workshop consists of an 8-hour training to learn how to run a Dynamic analysis using r2Frida.  A solid foundation for mobile security will be given and then the learned topics will be applied through R2Frida. This workshop will include one practical exercise for Android and one for iOS.
Hacking RF con Python Teacher: Simón Roses
Date: Friday September 27: 09:00 - 13:00
Duration: 4h
Price: 50€
Aula: N/A
Language: 🇪🇸
Tags: RF, dev
Description: 

Scapy is a well-known Python library for creating networking tools; Less well known is the fact that it can also be used to create hacking tools for radio frequency (RF). This talk is an introduction to the development of Scapy and Bluez to create tools for WIFI, Bluetooth (BTLE: Bluetooth Low Energy) and other RF protocols. Learn how to create powerful scripts to analyze RF. Topics of this talk will include analyzing WIFI clients and APs, building your own WIFI scanner, WIFI deauith attacks, storing packets in PCAP format, Bluetooth scanning and analysis, BTLE sniffing, GATT extraction, printing advertising and more. With billions of RF enabled devices around the world, this skill is a must-have and fun one 😉 The world is full of signs.
Code Trek: exploring the unknown with CodeQL as your Voyager Teachers: Alvaro Muñoz and Tony Torralba
Date: Thursday  September 26: 09:00 - 13:00
Duration:  4h
Price: 50€
Aula: N/A
Language: 🇪🇸
Tags: vulnerability, research
Description: 

The universe of software development is vast and full of danger, with hidden threats lurking in every corner of our codebases. Since CodeQL makes a program's AST and dataflow graph queryable, it can take you where no developer has gone before, exploring deep into the heart of the source code to uncover security vulnerabilities and ensure the safe passage of your applications. This workshop will show you how to harness the power of Code Trekking using CodeQL's expressive language to effectively answer many of the general questions that commonly arise when auditing code, such as "what is the attack surface of the application?" or "which APIs are reached by user-controlled input?". We will focus on the practical auditing workflows we used to explore the Jenkins plugin ecosystem and uncover 30+ new vulnerabilities. Come join us on this exciting voyage of discovery, and let CodeQL be your trusted Voyager through the starry expanse of code analysis!
Hardware Hacking Basico desde 0 Teacher: David Reguera
Date: Thursday & Friday September 26 - 27: 09:00 - 18:30
Duration: 16h
Price: 185€ or 355€ (depending if you need hardware)
Aula: 2 "B"
Language: 🇪🇸
Tags: hardware hacking, iot, pentesting
Description: 

Aprende Hardware Hacking desde 0 de verdad
Persistencia en Windows con privilegios de usuario Teacher: Javier Ferrero
Date: Friday September 27: 09:00 - 13:00
Duration: 4h
Price: 50€
Aula: N/A
Language: 🇪🇸
Tags: red team, post-explotación, pentesting, malware
Description: 

Gain an understanding of persistence techniques executed during Red Team exercises in a Windows environment with user privileges. You will be able to learn OPSEC techniques to avoid the use of PowerShell, VBS scripts, or the use of Windows CMD, which are widely monitored by current security solutions. You will also acquire knowledge about the use of a C2 attack framework to carry out persistence and knowledge of Windows Internals for the compression of attacks.