Building an AWS and Azure security training platform

This is a guest post by one of our trainers, Paul Schwarzenberger. Paul is running the fantastic Cloud Security and Devops training course this June. He also has a blog where he talks about AWS, Cloud Security and DevOps. This is part of a series on how he’s built a platform to make things easier for those attending his training. Thanks, Paul!

Part 1 – Proof of Concept

The Cloud Security and DevSecOps training course I’m delivering for 44CON in June includes AWS, Azure and GitHub accounts which the students use so they don’t need to create their own.

Wouldn’t it be great if students could turn up with any laptop, or even an iPad, and do the course. And the time spent on the labs would be used to learn about cloud security and DevSecOps, not debugging software installation issues.

Continue reading “Building an AWS and Azure security training platform”

Win CRESTCon 2019 Tickets!

We’ve teamed up with CREST to give everyone the opportunity to win one of 5 (count ’em) CRESTCon 2019 tickets, worth £175 each. If you’ve never been, now’s your chance. If you’ve been before but don’t have a ticket, now’s your chance too!

CRESTCon is a one-day event organised by CREST, the international certification body for the technical information security market. This year’s CRESTCon is on March 14th at the Royal College of Physicians. If you’re on our 44CON training courses in the same week and/or are coming to 44CONnect, then this is a competition worth taking part in.

To win a CRESTCon ticket, all you need to do is make sure you’re signed up to our mailing list, and email from the address you’ve registered. To shamelessly stack the cards in favour of training attendees and early bird ticket holders, we’ve sliced our 5 ticket allocation the following way:

Some of the talks we’re most looking forward to at this year’s CRESTCon include:

  • Matt Lorentzen – Sheepl – Automating people for Red and Blue Team Tradecraft
  • Thomas V. Fischer – Building a Personal Data Focused Incident Response Plan to Address Breach Notification
  • Martin Jordan – Austerbury: Iranian cyber threat briefing

Winners will be chosen at random over the course of February. Get your entry in quick because like our early bird tickets, once they’re gone, they’re gone!

44CONnect – A 1-day invite-only event in March 2019

44CONnect is a 1-day invite-only event taking place on the 13th of March, somewhere in London. The purpose of the day is to bring together people doing 44CON training, so they can connect with trainers and people on different courses. It’s our way of giving people who’ve attended our courses the chance to get a taste of upcoming training, and the opportunity to get some extra credit to take back to the office.

To qualify for an invite, you need to have done one of the following:

There are 20 tickets available, so make sure you qualify!

Our trainers from the last two days of training will deliver talks, as well as some of those delivering courses later this year. All of our training course delegates are invited, for whom lunch will be included. Early bird ticket holders invited to the event will have to buy their own lunch, as we can’t book it for them in advance.

There’ll be a special round of lightning talks for training delegates to deliver a short talk about something they learned on their course. Those speaking will get a small certificate of thanks that they can take back to the office.

Drinks have been organised for the evening, but we need to be in bed early for CRESTCon the next day.

*Early-bird ticket holders will be chosen at random throughout February, although unsubstantiated rumours abound that asking for an invite on your ticket order may drastically improve your chances…

Network Forensics: A blog post by Erik Hjelmvik

I have learned a lot about how to track malware and attackers in network traffic while developing and improving the network forensics tool NetworkMiner throughout the past  10 years. The primary purpose of NetworkMiner has always been to help incident responders and forensic investigators to do their job more efficiently. Even though NetworkMiner is my favourite tool for analysing PCAP files I’m still a regular user of other tools such as  Wireshark, tshark, tcpdump, Argus, ngrep, tcpflow and of course CapLoader. However, incident response and forensic work is much more than just knowing what tools to use. It is more about knowing what data to analyze and why.

I will teach several of my favourite techniques for analysing intrusions, tracking criminals and doing threat hunting at the Network Forensics Training at 44CON. The participants will learn how to investigate intrusions and find forensic artefacts in a dataset of several gigabytes of captured network traffic. The training primarily focuses on practical analysis techniques for finding and tracing malicious actors, which involves a great deal of hands-on practice with finding evil in PCAP data.

The first day of training focuses on analysis using only open source tools. The second day primarily covers training on the commercial software from Netresec, i.e. NetworkMiner Professional and CapLoader. All students enrolling in the class will get a full 6 month license for both these commercial tools. This training is not only a unique opportunity to learn how to use NetworkMiner and CapLoader directly from the guy who develops them, it is also a great excuse to spend two full days playing around with PCAP files.

You can find more details about the training here.

Tickets for 44CON 2016 are on sale

44CON 2016 tickets are now on sale in our shop go and get yours now!

We also have 4 great training courses by Saumil Shah, Dawid Czagan, Joe FitzPatrick, Dominic Chell and Marcus Pinto, go check them out and book your place early to avoid disappointment as courses will be cancelled if minimum numbers are not reached 3 weeks before the conference.

44CON is the UK’s premier annual technical security conference and training event. 44CON 2016 will be taking place from the evening of the 14th September until the 16th September at the ILEC Conference Centre, you can expect a jam packed few days of awesome talks, food and of course alcohol. 

Our CFP closes tonight (Friday 10th June) so if you have something awesome to share get it in now before it’s too late.

Finally, check this great day out at the Farnborough International Air Show from our friends at Suits & Spooks on 14th July, Counterespionage: the need for speed, and use the code 44CON for a 5% discount on both package options.

Dawid Czagan’s training course is still going ahead

Have you ever thought of hacking web applications for fun and profit? How about playing with authentic, award-winning security bugs identified in some of the greatest companies? If that sounds interesting, join Dawid Czagan‘s training course, Hacking web applications – case studies of award-winning bugs in Google, Yahoo, Mozilla and more, on the 27th and 28th April 2016. It will take place at the ILEC Conference Centre.

Do check it out!

Training course at 44CON Cyber Security 2016

Have you ever thought of hacking web applications for fun and profit? How about playing with authentic, award-winning security bugs identified in some of the greatest companies? If that sounds interesting, join Dawid Czagan‘s training course, Hacking web applications – case studies of award-winning bugs in Google, Yahoo, Mozilla and more, which we will be running after 44CON Cyber Security 2016, on the 27th and 28th April 2016. It will hopefully take place at the same venue as the conference.

Do check it out!