Training Courses

Welcome to the DerbyCon 2015 Training page. From here you will see a breakdown of all of the training events that you can register for. Training costs $1,000 per course (unless there are hardware costs for the course and may be slightly more due to hardware) and also includes the ticket admission.

Training will be two full days running from the morning on the September 23rd to the 24th. Training is before the actual conference so you will not miss anything as far as the actual conference goes. Training costs $1,000 and includes admission to the conference. Note that there are some classes that have physical hardware requirements that you get to keep. Some courses with this requirement may be more than the $1,000 charge – this is up to the trainers.

To purchase training, select the course you would like below:

Jump to the training you want to view:

Hands-On Hardware Hacking & Reverse Engineering with Joe Grand ($1,100) (SOLD OUT)

Advanced OSINT For Social Engineers with Chris Hadnagy (Hugs4Hornsby) ($1,000)

PenTesting with PowerShell with Adam Crompton and Mick Douglas ($1,000)

Advanced PowerShell for Blue and Red Teams with Carlos Perez Jose Quiñones ($1,000) (SOLD OUT)

Penetration Testing 101 with Larry Spohn and Paul Koblitz ($1,000)

Corelan “Advanced” with corelanc0d3r ($1,000)

Corelan Foundations with Lincoln $(1,000) (SOLD OUT)

Practical Mobile Penetration Testing with Olie Brown and Chris Bellows ($1,100)

WiFi Penetration Testing with Thomas d’Otreppe de Bouvette aka “Mister X” (Aircrack-ng) ($1,000) (SOLD OUT)

Building Network Scout with Shawn Jordan @ph_shawn and Aedan Somerville @acsomerville ($1,100)

Introduction to Malware Analysis with Tyler Hudak ($1,000)

Intro to Web Application Security by Example with Scott White and Tristan Jones ($1,000)

Android Hacking Basics with Joshua “jduck” Drake and Zach “quine” Lanier – TEAM JOCH 2.0 ($1,000)

Pwning and Responding to SCADA Devices and Networks with Kyle Wilhoit @lowcalspam Stephen Hilt @tothehilt ($1,000) (SOLD OUT)

Practical Web Application Penetration Testing (PWAPT) with Tim (@lanmaster53) Tomes ($1,000)

Below is a list of training available training and descriptions.

Course Name: Hands-On Hardware Hacking & Reverse Engineering ($1,100)

Trainers: Joe Grand
Course Description:

This course teaches hardware hacking and reverse engineering techniques commonly used against electronic products and embedded systems. It is a combination of lecture and hands-on exercises covering the hardware hacking process, proper use of tools and test measurement equipment, circuit board analysis and modification, embedded security, and common hardware attack vectors. The course concludes with a final hardware hacking challenge in which students must apply what they’ve learned in the course to defeat the security mechanism of a custom circuit board. The main goal is to give students the resources and skills they need to confidently approach hardware exploitation and to come up with creative solutions for their own particular projects or problems.

Course Outline:
A. Hardware Hacking Overview

1. Methodology
2. Key goals
3. Common themes

B. Information Gathering

C. Product Teardown

1. Opening housings
2. Anti-tamper mechanisms
2.1. Defeating encapsulation
2.2. Hands-on exercise: Epoxy removal
3. Component identification
3.1. Basic components
3.2. Microcontrollers
3.3. Identifying ICs (Integrated Circuits)
3.4. Data sheets
4. Schematics
5. PCBs (Printed Circuit Boards)
5.1. Fabrication/features
5.2. Deconstruction techniques
5.3. Hands-on exercise: PCB modifications

D. Soldering and Desoldering

1. Techniques/tips
2. Hands-on exercise: Soldering
3. Hands-on exercise: Desoldering
4. Difficult package types

E. Buses and Interfaces

1. Identifying interfaces
2. Determining pin function
2.1. Hands-on exercise: Initial probing w/ multimeter
3. Signal monitoring/analysis
3.1. Hands-on exercise: Signal monitoring w/ logic analyzer
3.2. Serial/UART
3.3. Hands-on exercise: Digital signal decoding w/ logic analyzer
3.4. Wireless/RF
4. Debug interfaces
4.1. JTAG (IEEE 1149.1)
5. Hands-on exercise: Create a block diagram/schematic

F. Memory and Firmware

1. Memory types/technologies
2. Security considerations
3. Extracting firmware
4. Firmware analysis/disassembly
5. Hands-on exercise: Data extraction/modification

G. Signal Manipulation and Side Channels

1. Tools/techniques
1.1. Glitching
2. Side channel attacks
2.1. Electromagnetic/RF
2.2. Power
2.3. Timing
2.4. Other

H. Chip-Level Hacking

1. IC decapsulation
2. Die analysis/modification

I. Best Practices and Resources

J. Hardware Hacking Challenge


Student Requirements:

Students should bring their own laptop running Windows (or equivalent virtual machine) and containing a functional USB interface. The laptop will be used for online research and to control test equipment. Software and drivers will need to be installed. No prior electronics experience is required.



Joe Grand (@joegrand), also known as Kingpin, is a computer engineer, hardware hacker, product designer, runner, daddy, honorary doctor, TV host, member of L0pht Heavy Industries, and the proprietor of Grand Idea Studio (

Purchase Hands-On Hardware Hacking below

Course Name: Advanced OSINT For Social Engineers

Trainers: Chris Hadnagy, Mike Hadnagy
Course Description:

Information is the lifeblood of the social engineer. But there is now so much information available that it can be overwhelming. How can we dial in and narrow your focus in ways that will enhance your social engineering abilities? This course will show you the techniques, tricks, and tips used by the professional social engineering penetration testers of Social-Engineer, Inc.

Course Outline:
This two-day course is not a laundry list of tools. We will also share the methodology, processes, and our own experiences that allow us to successfully apply information to plan and launch realistic SE scenarios for our clientele. Having the information is only half of what you need. During these two days, you will learn:

Non-tech OSINT gathering
Obfuscating your traffic
Email headers
Search engines
Social media exploitation
Developing realistic attack vectors

This course was developed based on student demand from our 5-Day Advanced Practical Social Engineering Course. Now a full two days devoted to the very same methods our team uses during Social Engineering Risk Assessments and Social Engineering Penetration Tests are offered to the students of this class.


Student Requirements:

* Your own laptop with admin rights to install tools
* A Willingness to learn


Chris Hadnagy is the founder and CEO of Social-Engineer, Inc. Chris possesses over 16 years experience as a practitioner and researcher in the security field. His efforts in training, education, and awareness have helped to expose social engineering as the top threat to the security of organizations today.

Chris established the world’s first social engineering framework at, providing an invaluable repository of information for security professionals and enthusiasts. That site grew into a dynamic web resource including a podcast and newsletter, which have become staples in the security industry and are referenced by large organizations around the world. Chris also created the first hands-on social engineering training course and certification, Advanced Practical Social Engineering, attended by law enforcement, military, and private sector professionals.

A sought-after writer and speaker, Chris has spoken and trained at events such as RSA, Black Hat, and various presentations for corporate and government clients. Chris is also the best-selling author of two books; Social Engineering: The Art of Human Hacking and Unmasking the Social Engineer: The Human Element of Security.

Chris specializes in understanding how malicious attackers exploit human communication and trust to obtain access to information and resources through manipulation and deceit. His goal is to secure companies by educating them on the methods used by attackers, identifying vulnerabilities, and mitigating issues through appropriate levels of awareness and security.

Chris is a certified Expert Level graduate of Dr. Paul Ekman’s Micro Expressions courses, having made the study of non-verbal behaviors one of his specialties. In addition, he holds certifications as an Offensive Security Certified Professional (OSCP) and an Offensive Security Wireless Professional (OSWP).

Chris also enjoys listening to fine music such as Bruce Hornsby – Mandolin Rain and The Way It Is. Chris likes long walks on the beach with David Kennedy (@HackingDave) and appreciates gentle fingers through his hair.

Mike Hadnagy joins his brother, Chris, at Social-Engineer, Inc. as the company’s technical lead. Mike’s expertise in fortifying the technological side of network security over the past seven years gives the company an edge when executing the realistic social engineering audits for which Social-Engineer, Inc. is so well-known.
Over the years, the family talent for social engineering shone through as Mike negotiated and developed an impressive client base for several businesses including his own. Mike’s managerial success is a natural product of his desire to create solutions and provide excellent customer service.
Mike’s professional experience encompasses a number of defensive security skills, including: security management, firewall, antivirus solutions, data backup, and recovery systems. His belief that all users should be trained on best practices to keep systems secure was demonstrated in his time assisting customers with installation and implementation of network security systems and policies. Social-Engineer, Inc. is also taking advantage of Mike’s defensive knowledge for improving network security and virus/malware removal to craft realistic penetration tests exploiting human error in standard compliance policies. He is also a certified Social Engineering Pentest Professional (SEPP).

Purchase Advanced OSINT for SE below

Course Name: PenTesting with PowerShell

Trainers: Adam Crompton, Mick Douglas
Course Description:

Are you a pen tester who needs to make the most out of PowerShell? Then this class is the one for you! You will learn how to use PowerShell in each phase of penetration testing. This class will give you:
– How to setup a free/low cost lab which accurately emulates large enterprise domains.
– How to get the most out of the major PowerShell frameworks (powersploit, nishang, etc).
– Overview and tips for using some handy modules like PowerCat, PowerShell based keyloggers, etc.
– Techniques for performance tweaking scripts you and others develop so get results FAST regardless of domain size.
– Turbocharged WMI to extend your reach even further.
– Components for working with AD Web Services, the fastest way work with modern domains.

Course Outline:

DAY 1:
– setting up your lab at home
– setting up your lab in the cloud
— converting amazon ec2 instances into domain controllers
— binding cloud and local lab systems to your ec2 DCs

Overview of Nishang
Overview of PowerSploit
Intro to PowerCat
Intro to web proxy

DAY 2:
brief overview of yesterday
sharing your work – how to quickly and easily stream your results to your teammates.
work faster, not harder — performance tweaking to make your life easier
— using WMI
— using AD web services
putting it all together – how to merge all the modules


Student Requirements:

Students will need to bring:
– Laptop with some virtualization technology
– At least one windows OS (VM or physical)
– The Derbycon attitude (hungry to learn and ready to have fun)



Adam Crompton is a Senior Security Consultant with InGuardians where he specializes in penetration testing, research and development, and architecture reviews. He has spent a great deal of time within the networks of Insurance Companies performing penetration testing, vulnerability analysis, network device configuration and access reviews, data loss prevention, and software development. Adam has been a speaker at several security conferences and universities presenting on data exfiltration, antivirus evasion, and the honeypot tools he has developed. He is a graduate of The Ohio State University, with a bachelor’s degree in Computer Science.

Mick Douglas – Even when his job title indicated otherwise, Mick Douglas has been doing information security work for over ten years. He has received a bachelor’s degree in Communications from the Ohio State University and holds the CISSP, GPEN, GCUX, GWEB, GSNA, and GCIH certifications.

Prior to joining Black Hills InfoSec, Mick has done computer and network security in a variety of industries including: academia, telecommunications, banking, and insurance.

He is always excited for the opportunity to share with others so they do not have to learn the hard way! When he’s not “”geeking out”” you’ll likely find him indulging in one of his numerous hobbies; photography, scuba diving, or hanging around in the great outdoors.

Pentesting with PowerShell

Course Name: Advanced PowerShell for Blue and Red Teams

Trainers: Carlos Perez and Jose Quiñones
Course Description:

Learn how you can use PowerShell both in a defensive and offensive manner by people who have been using and teaching Microsoft PowerShell for years on both defense and offense.

Each exercise will build on the previous one so as to offer a solid based on how to use PowerShell both as a pentester and a defender. We will cover when PowerShell makes sense to use and when it will just get you caught quicker than any other tool in the target OS, on the defender side we will cover how it can be used to setup a properly secured environment and how to mitigate the use of PowerShell by attacker and be able to track every action an step taken and for the attacker how to operate in the shadows and minimize what they leave behind.

The class is geared to provide a solid foundation of knowledge on the language and tools that can be used to build your own tools and understand better how to use other. Challenges after each module will make the student apply what they learn in a fun competitive manner where the students who complete first most of the challenges will win a *class challenge coin* and their will be opportunity for all to win one.

Course Outline:

Day 1
• Review of PowerShell Basics (Additional references and material will be provided before class so as to provide with a solid base)
• WMI and CIM Basics.
• Introduction to working with the .Net API how it can be leverage to get more from PowerShell other than what is already built in.
• Introduction to working with Win32 so as to get access to lower level APIs not part of .Net
• ADSI (Active Directory Scripting Interface)

Day 2
• Network Discovery. How to enumerate and discover host in a network and how to build your own tools to do it.
• Crypto Basics. How to leverage .Net Crypto APIs for both abuse and protection and build your own tools.
• Post-Exploitation using built in PowerShell cmdlets, .Net API, Win32 and different available Modules like PowerView, PowerSploit and others, including some limitations and risks on their used based on the PTES (Penetration Testing Execution Standard). We will cover both gathering of information, lateral movement and persistence.
· How to use it in a Shell on its own.

· How to use it inside of Metasploit.

· How to use it inside Cobalt Strike

Incident Response
· What PowerShell technology makes sense to when and where?
· How to setup your system for to track and log every PowerShell action and limitations of each version and how to mitigate some of them.


Student Requirements:

Windows Laptop running the latest version of the Windows Management Framework.


BIO: Carlos Perez

Carlos Perez is an experienced security practitioner on both defense and offense and has presented on the subjects in several security conference, blogs and Podcasts. Has contributed to the community several open source tools in Ruby, Python, C# and PowerShell. He has been awarded the Microsoft MVP award for his contributions to the community on PowerShell.

Purchase Advanced PowerShell for Red and Blue below

Course Name: Penetration Testing 101

Trainers: Larry Spohn and Paul Koblitz
Course Description:

New to the Pentesting world?! Thinking about becoming a Pentester?! Ever want to peek over your Pentester’s shoulder and figure out how they are doing everything?! Then this course is for you!

This course will walk through a couple days in the lives of a Pentester following methodologies laid out in the PTES (Penetration Testing Execution Standard). An exploitable virtual network environment will be set up so that you can actually scan and exploit to really see how things work!

This is a beginner’s course and designed to teach the basics!

Course Outline:

Day 1:
• Intro to Kali Linux – Updating, starting services, etc.
• Recon phase – Google hacking, LinkedIn stalking, NMAP scanning… just learning about your target in general
• Exploitation – Using the information gathered during recon to figure out how to exploit your target, includes a crash course on Metasploit

Day 2:
• More Exploitation – Lots of exploitation! Creating your own antivirus bypass!
• Post Exploitation – Once your target is exploited, what can you do?
• Social Engineering and Physical Tests – Learn everything you ever wanted to know about using the art of persuasion to get into a company!


Student Requirements:

A laptop with Windows and Kali Linux installed. Host OS does not matter, these can be virtual machines.


BIO: Larry Spohn

Larry Spohn is a Senior Principal Security Consultant at TrustedSec, an Information Security consulting company, based out of Cleveland Ohio. Larry’s main areas of expertise are focused on Information Security Risk Assessments, Penetration Testing, Application Security, and Red Teaming. Larry has extensive experience in the financial sector and has extensive knowledge in Python and PowerShell development and exploitation.

BIO: Paul Koblitz

Paul is a Senior Security Consultant at TrustedSec. He has always had a passion for security, focusing on the physical side. While in the US Navy, Paul was a Duty Master-at-Arms and part of the shipboard security team. In Paul’s off time from the military, he held several security related jobs to include: late night and emergency locksmith, security systems installation consultant, and vehicle/personal property repossession. While working for TrustedSec, Paul has utilized his physical and social engineering skills in several fields of business such as; financial institutions, retail clothing chains, grocery store chains, manufacturing, and education. Paul also likes wearing extremely tight fitting clothes that does not appropriately fit him. It’s the tight feeling around the body.

Purchase Pentesting 101 below

Course Name: Corelan “Advanced”

Trainers: corelanc0d3r
Course Description:

For the 5th year in a row, Corelan is offering Win32 exploitation classes at Derbycon. In fact, this is the only conference in the US where you can take Corelan classes. The “”Corelan Advanced”” course is a truly unique opportunity to learn advanced exploitation skills from “corelanc0d3r”, the founder of Corelan Team, author of, and author of numerous tutorials on Exploit Development for the Win32 platform.

You will leave this class with an arsenal of tools, techniques and insights that will allow you to find bugs more easily, understand and manipulate the Windows heap, diagnose and understand heap corruptions and write complex exploits.

This is definitely not an intro class. This may be one of the most advanced courses on Win32 exploitation out there.

Students are expected to understand the basics of memory management on Windows (stack, heap, process virtual memory layout), master stack based buffer overflows (saved return pointer overwrites, SEH overwrites), have practical understanding of DEP bypass (ROP) and know how to write exploit modules for Metasploit.

Additionally, students should be fluent with debuggers (Immunity / notions of WinDBG), experienced with writing simple scripts in python/javascript and have a basic understanding of common assembly instructions. This is a fast-paced hands-on class, packed with knowledge and practical tips & tricks. Prepare for long days of brain smashing, bleeding from the eyes & ears and high blood pressure.


Course Outline:



Student Requirements:

Students are required to bring 2 VMs (Win7 64bit SP1 and Kali). Don’t start installing the VMs yet. The trainer will send out detailed instructions to set up the VMs a few weeks before the training.
It is recommended to bring notepads to take notes.



Founder of Corelan Team, author of and proud dad.

Purchase Corelan Advanced Below

Course Name: Corelan Foundations

Course Description:

The Corelan Foundations course is geared towards those new to exploit development, and will provide a fun and interactive environment to break Windows applications. The Foundations course covers a significant portion of the popular Bootcamp class, excluding some of the more advanced topics while adding a few chapters of its own.

This course will give you a rock solid understanding of the fundamentals of exploit development for Windows. During the course, students will get “hands-on” experience working with real vulnerabilities in real applications and the techniques used to exploit them.

Course Outline:

Course topics include:
-Stack Buffer Overflow Basics
-Saved Pointer Overwrites
-Structured Exception Handler (SEH) Overwrites
-Unicode Transformed Buffers
-Developing Reliable & Reusable Exploits
-Finding and avoiding bad characters
-Creative ways to deal with character set limitations
-Egg Hunters
-Custom egg-hunters
-Egg-hunters under WoW64
-Introduction to Shellcoding
-Metasploit Framework Exploit Modules


Student Requirements:

A laptop (no netbook) with vmware workstation/virtualbox and enough processing power and RAM (we recommend 4Gb of RAM) to run up to 2 virtual machines at the same time.

Make sure your laptop has a screen size of at least 15″. The use of a 64bit processor and a 64bit operating system on the laptop will make the exercises more realistic.

2 Virtual machines installed (Windows 7 SP1, Kali Linux)

* Students will receive exact installation instructions after registration


BIO: Lincoln

Corelan Team Member “Lincoln” is a researcher, exploit developer, and senior security analyst with over 8 years industry experience.

He has been with Corelan Team since the beginning and enjoys learning and sharing with others. He has taught the Foundation class at Derbycon 2014.


Course Name: Practical Mobile Penetration Testing (COST $1,100)

Trainers: Olie Brown and Chris Bellows
Course Description:

A No BS approach to learning practical Mobile Application Hacking using the Android platform and correlating its nuances with IOS for further study. This will be a lab focused class, where participants will walk away armed with the ability to fully access a mobile application and begin their journey into mobile application penetration testing.

Course Outline:

Module 1: Diving into Mobile
Setting up a Mobile Testing Environment (Studio / AVD / Devices / Tools)
Intro to Android studio for coding and testing
Mobile Security Architectures
Attack Surfaces for mobile applications and OWASP

Module 2: Interacting and Exploring Android
Getting familiar with ADB and managing packages
Exploring the android file system
Exploring application data storage and running memory
Application logging
Decompiling and deconstructing APK files
Analyzing the AndroidManifest.xml
Android Application Components and how they work
Attacking Android application components (Intents, Activities, Receivers, and Data)

Module 3: Reverse and Patching Android Applications
Understanding the Android APK (Dalvik, Smali, Java, Filetypes, Signing)
Smali 101 for android
Java source in Android and its relation to Smali
Patching Android application functionality

Module 4: Attacking Application Web Architectures
Proxying Mobile Traffic
Bypassing Certificate Pinning Protections
Web services testing refresher SOAP/REST
OWASP Attacks refresher
How web data interacts with your device and analyzing its data flow
Beyond OWASP attacking application logic


Student Requirements:

Course Pre-Reqs: (IMPORTANT)
1. Basic Linux cmdline skills
2. Web Application Testing Experience

Equipment and Software
A laptop with Administrative access and the following installed prior to class:
1. Java JDK installed
2. Android Studio installed and create an AVD
3. VMware installed

Rooted Android phone for testing and Labs
USB loaded with tools and custom VM for testing

BIO: Olie Brown

Olie Brown – CC Labs Inc.
Founder and Principal Security Engineer at CC Labs Inc. Focusing on Mobile Security Testing and Application Security.

BIO:Chris Bellows

Senior Security Consultant at FishNet Security focusing on Application Security.


Course Name: WiFi Penetration Testing

Trainers: Thomas d’Otreppe de Bouvette aka “Mister X” (Aircrack-ng)
Course Description:

Wireless has become ubiquitous and this fast-paced class (redesigned from the previous years) will bring you up to speed with current WiFi security.
You will learn how WiFi networks work, from the big picture to the frame level and its different bits and pieces. A little bit of RF theory will help you choose the right hardware for the job and you will be able to build your own spectrum analyzer using Software defined radio. Hands-on cracking WEP, WPA Preshared key and (WPA) Enterprise via different methods will also be on the menu as well as cracking them using the processing power available with the cloud. We will finish with some tools to do WiFi reconnaissance as well as direction finding in order to find an access point hidden somewhere in the hotel.

The target audience for this class are penetration testers, wireless security researchers, IT folks or anyone interested in WiFi security.

Course Outline:

Day 1:
– WiFi networks structure
– The WiFi frame structure
– How WiFi networks work (at the frame level)
– Packet analysis using Wireshark (understanding what’s wrong or what’s going on)
– Basic antenna theory
– Using the different Aircrack-ng tools
– Cracking WEP and WPA networks
– Using the cloud to crack WEP and WPA networks
– Generating custom dictionaries for WPA cracking

Day 2:
– WPA Enterprise Attacks: 802.1x, EAP, LEAP, PEAP, EAP-TTLS
– WiFi backdoors
– Build a spectrum analyzer using SDR
– Wireless reconnaissance
– WiFi direction finding


Student Requirements:

– A laptop with a RJ45 port
– Latest version of Kali Linux running natively (installed or as a Live CD/USB) or as a virtual machine. VMware products are recommended (VirtualBox USB driver is unstable) if you plan on using a virtual machine. A preinstalled Kali VM is available on their website.
– An Alfa AWUS036H

Other requirements:
– Be comfortable using the command line on Linux
– Have basic Wireshark knowledge


BIO: Thomas d’Otreppe “Mister X”

Thomas d’Otreppe “Mister X” is a WiFi hacker and the author of Aircrack-ng, a Wi-Fi auditing suite as well as OpenWIPS-ng, an open source WiFi Intrusion Prevention System.
He has designed Offensive-Security Wireless Attacks (aka WiFu), a proactive wireless security course, with Mati Aharoni (muts) and also contributes to Kali Linux.
He works as a software developer for MainNerve.

Twitter: @aircrackng @openwipsng”

WiFi Penetration Testing

Course Name: Building Network Scout ($1,100 cost)

Trainers: “Shawn Jordan @ph_shawn and Aedan Somerville @acsomerville”
Course Description:

Everyone is watching the edge of their network. We have installed firewalls, IDS, IPS, and other defensive technologies at the network edge. Network-Scout moves these technologies inside your network to monitor for malicious activities that gets by traditional network perimeter defenses. Network-Scout is a distributed IDS, IPS, and Honeypot that is built on a Raspberry Pi using off-the-shelve technologies for under $150 per device. We will be teaching attendees on how to build and install a Network Scout.

Course Outline:

Day 1 will include an introduction to Network Scout, parts break-out, soldering parts, and preparing the casing.
Day 2 will include cutting plexiglass, completing the build of the unit, and downloading the software. We will connect them together and give a demonstration on how they work.


Student Requirements:

None – the cost of the material is covered in the increased cost for $1,100 of the class.

After the class, you will get to take home your raspberry pi, jumper cables, charger, as card, Pelican case, and all the other parts that come with a Network Scout. This means you get to take home your Network Scout, but we also had to charge a little more for the materials (the Pi, charger, SD card combo alone costs about $55). Hope to see you there!


BIO: Shawn Jordan and Aedan Somerville

Shawn Jordan and Aedan Somerville are seniors at Marshall University. They are currently majoring in Digital Forensics and Information Assurance. Shawn Jordan runs a small home inspection company, leads a small college church group, and is conducting forensic research. Aedan Somerville works part time at a local restaurant and is president of the Marshall CCDC team.

Building Network Scout

Course Name: Introduction to Malware Analysis

Trainers: Tyler Hudak
Course Description:

Due to the prevalence and business impact of malware, security professionals increasingly need the skills necessary to analyze worms, bots and trojan horses. This two day course teaches attendees the proven concepts, techniques and processes for analyzing malware.

Students will take multiple “”from-the-wild”” malware samples in a hands-on environment and learn how to analyze their characteristics and behavior to determine what they do and what risk they present. The course culminates in an analysis that utilizes all of the tools and techniques that have been learned.

No previous malware analysis experience is necessary as this course is designed for those who have never performed malware analysis before.

Course Outline:

Day 1:

– Introduction to Malware Analysis
– Setting up a Lab
– Static Analysis
– File Identification
– Hashing
– Header Analysis
– Embedded Strings Analysis
– Packers

Day 2:
– Dynamic Analysis
– System Integrity Monitoring
– System Activity Monitoring
– Baselining
– Process Analysis
– Network Analysis and Monitoring
– Sandnets and Automation
– Advanced Malware Analysis Topics


Student Requirements:

Technical Skills: No previous experience in malware analysis is necessary as this course is designed for those who have never performed it before. High-level understanding of malware is recommended, and students must be experienced with a virtual machine (e.g. Taking snapshots, etc.)

Tools: Students will be required to bring their own laptops for the class. Laptops will need a VMWare Workstation or VirtualBox installation with an install of Windows (XP or higher) as the guest OS prior to the class. All other tools will be provided.



Tyler Hudak uses his 15 years of experience to provide KoreLogic’s clients with expertise and guidance in the areas of malware analysis, incident response, and computer forensics. He has successfully led cases that have involved system compromises, malware outbreaks, data exfiltration, and denial of service attacks. Tyler has developed and runs malware analysis training courses at information security conferences and privately for KoreLogic clients. He also regularly gives presentations on a variety of security topics including malware analysis, intrusion detection and incident response.

Purchase the course Introduction to Malware Analysis below

Course Name: Intro to Web Application Security by Example

Trainers: Scott White and Tristan Jones
Course Description:

This introductory course is tailored towards individuals that would like to gain a better understanding of basic web application security concepts. The course is taught through student participation with live hacking exercises, real world examples, and discussion. Dynamic testing, static source code analysis, and learning by doing while examining the OWASP Testing Guide to explore the OWASP Top 10.

Course Outline:

(subject to change)
Intro to Web Application Security
HTTP 101
Local Proxy Usage
OWASP Top 10
Static Source Code Analysis
Case Studies


Student Requirements:

-Wireless capable computer
-Firefox Web Browser
-BurpSuite Free Version (


BIO: Scott White

Scott White is a Principal Security Consultant at TrustedSec and also runs the DerbyCon Capture the Flag(CTF) competition. He has presented to organizations such as OWASP, ISSA, ISACA, FBI’s Infragard, and others. He has also spoken at Defcon, and has been called upon by organizations such as the FBI and Secret Service as a subject matter expert. He is the technical reviewer for the popular book, “Metasploit: The Penetration Tester’s Guide”. He holds a bachelors degree in Computer Science and a master’s degree in Network Security. He has held various past positions in support, system administration, web development, penetration testing, and application security for both public and private sectors with clients in both government and commercial spaces. His experience includes performing web application security assessments, internal, external, and physical penetration tests, source code reviews, social engineering, and web application security training. He has assessed everything from casinos to kiosks, 911 networks to power plants, and Fortune 500 companies to state and foreign federal governments. His extensive work in penetration testing coupled with over 15 years of programming experience gives him a thorough web application security understanding from both developer and attacker viewpoints.

BIO: Tristan Jones
Tristan Jones is a Senior Security Consultant at Trustedsec. He routinely performs internal, external, web-application, mobile, and wireless penetration tests on a diverse set of clients including manufacturing, financial, biomedical, and retail spaces. He holds Offensive Security’s OSCP certification and has a wealth of knowledge from prior experience with penetration testing, system administration, and help desk responsibilities.

Purchase the Intro to Web Application Security by Example below

Course Name: Android Hacking Basics

Trainers: Joshua “jduck” Drake and Zach “quine”Lanier TEAM JOCH 2.0
Course Description:

This course will provide basic instruction on how to hack on Android devices. The instructors will cover the security architecture of the Android platform and applications, investigate their weaknesses and vulnerabilities, and give students hands-on analysis and attack experience. Through lectures and interactive labs, students will walk away armed with the foundational knowledge needed to discover, identify, and exploit vulnerabilities on the Android mobile platform.

Course Outline:

Day 1

1. Introduction / Android ecosystem overview

2. Android security architecture
a. Android platform
b. Android applications

3. Attack Surface Overview
a. Local
b. Physically proximity
c. Client-side
d. Remote

4. Discovering Vulnerabilities
a. Static Analysis Techniques
i. Tools used
ii. How to identify issues / what to look for

b. Dynamic Analysis Techniques
i. Runtime issues, artifacts, etc.
ii. Network issues, man-in-the-middle

5. Rooting your device
a. Methods
i. Unlocking bootloaders
ii. Soft-rooting (exploits)

6. Rooting Lab (LAB1)

Day 2

1. Application Auditing
a. Intents / Receivers
b. File system issues
c. MITM attacks

2. Reverse Engineering
a. Extracting “secrets” and useful data
b. Patching and rebuilding apps
c. Examining network traffic
d. Reversing advanced protection techniques
e. Deeper bug hunting
f. RE Lab (LAB2)

3. Debugging
a. User and kernel mode crash logs
b. Attaching to Dalvik Code
c. Attaching to Native Code
d. Debugging Lab (LAB3)

4. Intro to ARM Exploitation
a. Native code threats and vulnerabilities
b. Exploit mitigations
c. Real-world vulnerabilities
d. Exploiting a vulnerable mobile app
e. ARM exploitation lab (LAB4)

5. Privilege Escalation
a. Platform-level vulnerabilities
b. Kernel-level vulnerabilities
c. Post-exploitation persistence
d. Privilege escalation lab (LAB5)
e. Findings Review


Student Requirements:

* Laptop running Linux or capable of running a VMware Virtual Machine
* Dual core CPU, 2GB+ of RAM recommended
* At least 20GB disk space available (100GB for full AOSP mirror + tools)
* At least one free USB 2.0+ port

* A physical Android device is strongly recommended (Nexus preferred)
* A MicroUSB cable (or cable that fits your device)
* Familiarity with protocol analyzers (e.g. Wireshark, tcpdump), man-in-the-middle techniques, and basic reverse engineering concepts (e.g. debuggers, disassemblers)
* Recommended: A licensed copy of the JEB decompiler


BIO: Joshua J. Drake

Joshua J. Drake is the Sr. Director of Platform Research and Exploitation at Zimperium and Lead Author of the Android Hacker’s Handbook (Wiley, 2014). Joshua focuses on original research such as reverse engineering and the analysis, discovery, and exploitation of security vulnerabilities. He has over 10 years of experience in the field and regularly speaks at top industry conferences. Prior to Zimperium, Joshua also worked with Accuvant, Rapid7’s Metasploit, and VeriSign’s iDefense Labs.

BIO: Zach Lanier

Zach Lanier is a Senior Research Scientist with Accuvant Labs, specializing in various bits of network, mobile, and application security. Prior to joining Accuvant, Zach most recently served as a Senior Security Researcher with Duo Security. He has spoken at a variety of security conferences, such as Black Hat, CanSecWest, INFILTRATE, ShmooCon, and SecTor, and is a co-author of the “Android Hacker’s Handbook” (Wiley, 2014).

Purchase the Android Hacking Basics Below

Course Name: Pwning and Responding to SCADA Devices and Networks

Trainers: Kyle Wilhoit @lowcalspam and Stephen Hilt @tothehilt
Course Description:

Taught by two of the leading ICS security experts, this hands-on SCADA Security course features exercises and labs that are performed on a portable SCADA lab. The participant will achieve an understanding of SCADA devices, how they work, how to exploit and perform incident response on these devices. The students will have a chance to also work with and physically interact with multiple SCADA devices. In addition, defense mechanisms will be taught to ensure attack damage is kept to a minimum.

Course Outline:

Day 1:
1.1 Course Overview, Introductions and Ground rules
-Virtual machine install
1.2 ICS Systems Overview
1.3 Controllers, Embedded Systems and Protocols
-PLCS, DCS, Hybrid Controllers, PC-Control
1.4 SCADA and ICS Protocols
1.5 Working with Modbus, OPC, and HMIs
1.6 Tests performed against SCADA networks
-External Penetration Testing
-Internal Penetration Testing
-Vulnerability Assessments
-Wireless Audits
1.7 SCADA Vulnerability Assessment Methodology
-Vulnerability assessment against SCADA devices

DAY 2:
2.1 SCADA Exploitation
-Discuss SCADA exploitation
-Discuss methods for exploitation
-Perform exploitation of SCADA devices/embedded controllers
2.2 Introduction to SCADA Incident Response
-Concepts of SCADA Incident Response
-Phases of SCADA Incident Response
2.3 SCADA Incident Response Overview
-Challenges seen
2.4 SCADA Incident Response In-Depth
-How to perform SCADA Incident Response
-In Depth Incident Response against live Havex malware sample and custom created malware
-Lessons learned phase
2.5 SCADA Defense Mechanisms


Student Requirements:

Laptop capable of running 3 virtual machines or virtual box images.

Purchase Pwning and Responding to SCADA Devices and Networks below

Course Name: Practical Web Application Penetration Testing (PWAPT)

Course Description:

This course provides customized training on the latest open source tools and manual techniques for performing end-to-end web application penetration testing engagements. After a quick overview of the penetration testing methodology, the instructor will lead students through the process of testing and exploiting a target web application using the techniques and approaches developed from a career of real world application penetration testing experiences. Students will be introduced to the best open source tools currently available for the specific steps of the methodology, including Burp Suite Pro, and taught how these tools integrate with manual testing techniques to maximize effectiveness. A major goal of this course is teaching students the glue that brings the tools and techniques together to successfully perform a web application penetration test from beginning to end, an oversight in most web application penetration testing courses.

The majority of the course will be spent performing an instructor led, hands-on web application penetration test. Students won’t be given overly simplistic steps to execute independently. Rather, at each stage of the test, the instructor will present the goals that each testing task is to accomplish and perform the penetration test in front of the class while students do it on their own machine. Primary emphasis of these instructor led exercises will be placed on how to integrate the tools with manual testing procedures to improve the overall workflow. This experience will help students gain the confidence and knowledge necessary to perform web application penetration tests as an application security professional.

Course Outline:

Day 1:
* Methodology
* Reconnaissance
* Mapping
* Automated Discovery
Day 2:
* Manual Discovery
* Exploitation
* Capture the Flag (time permitting)


Student Requirements:

* Laptop with at least two (2) USB ports.
* Latest VMware Player, VMware Workstation, or VWware Fusion installed. Other virtualization software such as Parallels or VirtualBox will probably work if the attendee is familiar with its functionality. However, VMware Player should be prepared as a backup.
* Ability to disable all security software on their laptop such as Antivirus and/or firewalls (Administrator).
* At least twenty (20) GB of hard drive space.
* At least four (4) GB of RAM.



Tim (lanmaster53) Tomes is the Managing Consultant at nVisium with extensive experience in Application Security and Software Development. Tim currently manages multiple open source software projects such as the Recon-ng Framework, the HoneyBadger Geolocation Framework, and PeepingTom, writes technical articles at, and frequently instructs and presents on Application Security topics at major Information Security conferences such as DerbyCon, ShmooCon, Black Hat and SANS.

Purchase Practical Web Application Penetration Testing (PWAPT) below