loading

Training

Training '25

Attacking and defending software supply chain
Hacktastic Voyage: Explore Web App Hacking Fundamentals
Malware Analysis and Reverse Engineering
Windows Forensics for IR

Course Description
Are you curious about how attackers target cloud-native software supply chains? Do you want to learn how to protect your code, containers, and cloud environments from being exploited? Join me for this engaging two-day training where we’ll uncover the secrets of attacking and defending the software supply chain!
On Day 1, step into the attacker’s shoes. We’ll explore how vulnerabilities in tools like GitHub, code versioning systems, containers, and cloud platforms can be exploited. You’ll learn about real-world attack techniques like dependency hijacking, malicious code injection, and cloud misconfigurations that attackers use to compromise software supply chains.
On Day 2, it’s time to defend. Discover actionable strategies to secure your supply chain, from locking down repositories to hardening container images, securing Kubernetes clusters, and applying best practices for cloud-native security. By the end of the day, you’ll have a clear roadmap to assess and mitigate supply chain risks in your organization.

Course Prerequites: Laptop, Command line knowledge, GitHub access, Basic AWS/Docker knowledge is beneficial but not required
Target Audience: Beginner/Intermediate

About your Trainer: Kinga Fil - Senior Security Engineer at Telstra
Kinga is a Security Engineer specializing in cloud and Kubernetes security, with a strong passion for securing code, workloads, and cloud-native infrastructures. She focuses on implementing secure development practices, protecting containerised environments, and enhancing overall cloud security posture.

Course Description
Are you ready to embark on an epic adventure, full of danger and discovery? Then join us on our course, where we'll take you on a thrilling journey through the world of web app hacking.
As we set out on our adventure, we'll encounter countless obstacles and challenges, testing our skills and wits to the limit. Hot topics will include SSRF, broken access controls, injection vulnerabilities, tokens and session management. We’ll cover fundamentals on day 1 and on day 2 we will practice finding and exploiting them.
Together, we'll face the unknown and emerge victorious, ready to conquer the world of web app security.

Course Prerequites: Have a basic understanding of web traffic interception, are familiar with OWASP Top 10 fundamentals and a laptop
Target Audience: Beginners to web app pentesting

About your Trainers: Melody Lei and Renae Schilg
Mel started her career in software development but quickly discovered she was better at breaking things than making working things. She has since worked as a penetration tester, including managing a team of highly skilled penetration testers, and a security consultant. She holds a degree in Mathematics and enjoys researching and learning about RFID systems, especially the various vulnerabilities in different implementations.

Renae is an Offensive Security specialist with 10 years of experience hacking and securing systems for many industries. When not at a screen, she enjoys exploring nature and spotting tiny birds.

Course Description
This course provides all you need to start malware analysis. You will learn how to reverse engineer unknown files, use the best methods and tools to expedite your analysis based on the file format, recognize packed files and unpack them and finally write scripts to decrypt the encrypted components.
The course covers introduction to x86 architecture and assembly, hands-on exercises to analyse C/C++, PDF, .NET, malicious scripts and Android malwares. At the end of this 2-day course you will become familiar with essential malware analysis and reverse engineering concepts and best practices and some of the most commonly used malware analysis tools. You will be ready to tackle any type of challenge that involves malicious files with confidence.

Course Prerequites: Basic programming literacy, basic understanding of Windows OS, familiarity with basic cyber attack concepts and a laptop.
Target Audience: The course is for anyone interested in malware analysis. It's an introductory course which requires general computer science knowledge.

About your Trainers: Negar and Noushin Shabab
Negar is a senior security researcher at Microsoft. Her role in the Microsoft Threat Intelligence community involves researching threats and improving malware detection. Negar has also worked as a software developer, pentester and application security consultant in the cyber security space. Negar is passionate about sharing her knowledge with the security community. Negar regularly does presentations and technical workshops in various cyber security conferences including at AISA, AUSCERT, MRE, 0xCC, BSides events and the Security Analyst Summit.

Noushin Shabab is a lead security researcher in the Global Research & Analysis Team at Kaspersky. Her research focuses on the investigation of targeted attacks and advanced cyber-criminal activities with a particular focus on local threats in the Asia Pacific region. Noushin regularly presents at various cyber security conferences including BlackHat, Virus Bulletin, AusCERT, SAS, 0xCC, INTERPOL World, MRE and various BSides Events. She also serves as an arsenal review board member for Black Hat conferences globally.

Course Description
Windows forensics for IR involves the specialised process of collecting and analysing digital evidence from Windows systems during a cybersecurity incident. It focuses on quickly identifying and preserving key data, analysing system behaviour to understand the attack, and using that information to respond effectively and restore normal operations. In the context of IR, the focus is not just on understanding what happened, but on quickly and efficiently determining the nature and scope of the incident.

In this course, we explore how these forensic techniques are applied in real-time during an incident response. This includes the methods used to:
* Quickly Identify and Preserve Evidence: Ensuring that volatile data is captured before it is lost and that a clear chain of custody is maintained to keep the evidence admissible in a legal context.
* Analyse System Behaviour: Understanding what artefacts are available on Windows systems and how they can be used to reconstruct the sequence of events during an incident.

In this course, you’ll be introduced to key forensic tools essential for Windows forensics and incident response, including open-source and freely available options. You'll learn how to install and configure these tools, and then apply them to specific tasks like file system analysis, registry parsing, and event log examination. Through hands-on exercises, you'll gain practical experience using these tools to solve forensic challenges, and you'll also learn how to select the right tool for each phase of an investigation.

Course Prerequites:
Basic Understanding of Windows Operating Systems:
* Familiarity with the structure and basic functions of Windows operating systems, as the course will dive into Windows-specific artefacts and tools.
Fundamental Knowledge of Cybersecurity Concepts:
* A basic grasp of cybersecurity principles, such as threat detection, incident response, and types of cyberattacks, to help contextualise the forensic investigations.
Virtual Machine Requirements:
* Ability to run a virtual machine (Windows 10/11) with at least 8GB of RAM and 100GB of hard drive space.
Command Line Proficiency:
* Familiarity with using the command line, as many forensic tools require command-line interaction.
Target Audience: Technical / Immediate. This course is ideal for IT professionals looking to enhance their investigation skills, SOC (Security Operations Centre) analysts seeking to deepen their understanding of forensic techniques, and security consultants who need to expand their expertise in incident response. It's designed for those who want to build on their existing knowledge and gain practical experience in Windows forensics to better respond to and manage cybersecurity incidents.

About your Trainer: Shannaniggans
With over two decades of experience in the information security industry, Shanna Daly is a distinguished expert in data breach investigations, security solutions, and team management. Her innovative approaches to securing organisations have established her as a trusted figure in cybersecurity. Shanna is dedicated to advancing the field through her roles in consulting and advisory capacities, continuously imparting her knowledge to shape industry standards.