Whenever I conduct a workshop, I ensure to provide step-by-step instructions within a PDF file that facilitate running through the entire workshop at any time. Should you be interested in going through any of my previously published workshops, simply grab the workshop’s PDF from GitHub. You’ll be able to follow them from start to finish by reading through the slide notes.
Understanding and Analyzing Weaponized Carrier Files
Originally held @ DefCon 27 (2019) and CactusCon 8 (2019)
GitHub repo: https://github.com/rj-chap/CFWorkshop
Exploit Kit Shenanigans: They’re Cheeky!
Originally held @ BSides San Francisco (2015)
GitHub repo: https://github.com/rj-chap/EKWorkshop
The “Exploit Kit Shenanigans: They’re Cheeky!” workshop will consist of attendees pulling apart a few exploit kits to understand how they work at a low level. This will be an intermediate-level workshop, developed for people familiar with running Linux commands (we’ll be using REMnux) and those whom can learn new tools quickly (we’ll be using a bevy of tools, including the likes of Immunity Debugger). I LOVE analyzing exploit kits, and I cannot wait to show others how to review an exploit kit’s real intent. We would begin by grabbing some samples off VirusTotal (pre-selected of course), work to deobfuscate the threats, cover how the actual exploits work, and then analyze the relevant shellcode in a debugger.
Network Forensics Workshop Deux: Long Live Packet Pillaging
Originally held @ CactusCon 5 (2016)
GitHub repo: https://github.com/rj-chap/NFWorkshop16
In the workshop, I will walk attendees through how our team took 1st place in LMG Security’s Network Forensics Puzzle Contest (NFPC) at DefCon 23 (2015). This was a repeat win for us, and we enjoyed every minute that we have spent on these challenges. LMG holds an awesome annual contest, and we are proud to show the tech that we used to complete the most recent challenge. Keep in mind that this is a “WE” thing. I put together the workshop, but OUR TEAM wins these things. I am honored to work with such awesome people.
To solve the sucker, we used tools such as Wireshark, NetworkMiner, bash, volatility, Python, and others. I cover how we put together some scripts and commands in order to streamline our methodology. My goal: Show off some cool network forensics tech and garner interest for yet another NFPC. We want some top-notch competition, so check out what we have to offer and be sure to get your game on at DefCon 24 in 2016!
Network Forensics Workshop: Packet Pillaging Done Right, SON!
Originally held @ CactusCon 4 (2015) & BSides San Francisco (2015)
GitHub repo: https://github.com/rj-chap/NFWorkshop
In the workshop, I walked attendees through how our team took 1st place in LMG Security’s Network Forensics Puzzle Contest (NFPC) at DefCon 22 (2014). Each year, LMG holds an awesome contest, and we are proud to show the tech that we used to complete last year’s challenge.
To solve the sucker, we used tools such as Wireshark, tshark, tcpflow, bash, perl (regex one-liners baby!), Python (w/various modules), and others. I cover how we put together some scripts and commands in order to streamline our methodology. My goal: Show off some cool network forensics tech and garner interest for this year’s NFPC. We want some top-notch competition, so check out what we have to offer and be sure to get your game on at DefCon 23 in 2015!