Training

Training at Kiwicon has a new twist; there's some for-pay training classes available on the Thursday 7th, and the same (or similar) training is available for free on the Friday. Why would you pay for something that you can get for free? Well, consider the abridged Kiwicon Code Of Conduct:

"Dont be a dick"

If you work in the industry, or your work is paying for you to be at the Con, or if you have some other kind of fat cash paying gig, then we think it'd be swell of you to pay your way, and leave the free classes for those who can't afford it. In particular, we'll give priority to those with student tickets or jobs outside the relatively-well paid IT sector. If you try and sign up for the free classes from your fancy-pants dr.jim.phd@fancypants.govt.nz, expect to be told to naff off :P

Kiwicon's about sharing the knowledge, so by paying your way, you're helping those who cant yet afford to.

Training registrations have now closed, if you registered you should have received an email confirming whether you got a spot or not.

Quick List

Details

TitleWindows Exploitation for the man on the street
Abstract

Abstract:

Do the terms buffer-over-flows, shell codes and ASLR excites you? Want to have a glimpse of what takes place behind an exploit writer's mind? Would you like a try at writing a browser exploit? This training is for the man on the street and (almost) no assumption is made on you having any per-requisite knowledge. This training is ideal for you if you have no prior experience in exploitation it will attempt to ease you into the world of exploitation by covering classic buffer over flows and slowly build our way up to more advanced exploitation techniques. The focus of the training is to take complex concepts and turn them into simple, clear and concise presentations that a man on the street can follow. The following topics would be covered should time permit:
  • ASM Refresher
  • Classic Buffer overflow
  • SEH Exploitation
  • Return-oriented programming (ROP) technique
  • ASLR + Heap Spray
  • Hands on exercises on writing your own browser exploit 

Learning Objectives / Focus:

Hands on experience in understanding windows exploitation and its various mitigation

Who Should Attend:

Anyone who wants to dip their toes into the world of windows exploitation.

Prerequisites:

Some basic Assembly would be helpful but participants could potentially pickup what they need to know during first hour. Should have at least program or scripted (any language) some simple stuff before. Hello World counts.

Requirements:

Laptop with VMWare Player/Workstation

Cost:

$800 (10 places available)
LocationThu 07 0900 @ Unconfirmed Location
Duration480 mins
NameEmmanuel Law
OriginWellington, NZ
BioOriginally from Singapore, Emmanuel has been in the security industry for over 5 year. Currently working at Aura information Security, he is just a geek at heart that enjoys eating pies and sharing knowledge.

TitleLearning to exploit Web Applications
Abstract

Abstract:

Today, web applications are everywhere. From updating your status on social media, to checking how much money is in your bank account, you likely use many web applications every day. This full-day, hands-on training aims to teach attendees how to exploit vulnerabilities in web applications; as well as what causes these vulnerabilities to arise in the first place, and how to avoid them.

Learning Objectives / Focus:

Attendees will learn about the mistakes made by developers that introduce vulnerabilities into web applications; and how to exploit them. Attendees will also learn how to avoid those same vulnerabilities in their own web applications.

Who Should Attend:

This training would ideally suit web application developers interested in how attackers break their apps; though those with a decent grasp of the prerequisite knowledge could also benefit from this. This course is aimed at those without previous hacking experience; those who already have experience exploiting the OWASP Top 10 (such as penetration testers, or some developers) will likely not benefit from this course.

Prerequisites:

Attendees for this course will need:
  • Good understanding of HTTP
  • Good understanding of HTML
  • Basic understanding of SQL
  • Basic understanding of JavaScript
  • Experience with web applications
Please note: no previous hacking experience is necessary. Those who apply without the prerequisite knowledge will likely struggle with this training.

Requirements:

Attendees will need to bring:
  • Laptop with VirtualBox/VMware installed
  • Kali Linux VM (desirable; can get it to you on the day)

Cost:

$500 (10 places available)
LocationThu 07 0900 @ Unconfirmed Location
Duration480 mins
NameBrendan 'hyprwired' Jamieson
OriginWellington, NZ
BioBrendan Jamieson is an IT Security Consultant working for IntuiSec Ltd. He has previously presented at Kiwicon VI and is particularly interested in Web Application security, Python and Open Source Intelligence.

TitleLockpicking 101
Abstract

Abstract:

A basic workshop in lock picking, no experience required.

Learning Objectives / Focus:

How do you keep your data center physical secure? By the end of this workshop all attendees will have opened at least one standard door lock. Also a chance to play with handcuffs and other types of locks.

Who Should Attend:

Anyone who has never done lock picking but want to learn.

Prerequisites:

None; no experience needed!

Requirements:

Lockpicking tools provided as part of the cost.

Cost:

$250 (12 places available, cost includes a set of quality tools from Southord)
LocationThu 07 1230 @ 3C Bar & Restaurant
Duration180 mins
NameD.Roc
OriginThe Lowest Hutt, NZ
BioStraight outta tha' hutt, D.Roc lives his life on the edge, reckless, a wildman: picks locks with his teeth, soothes the stampedeing allosaurus, and secures internets with only the power of cake. By day he rages against the public sector machine from within its very bowels, by night, only the sternest of cocktails can dislodge the veins from his teeth.

TitleWindows Exploitation for the man on the street (Free version)
Abstract

Abstract:

Do the terms buffer-over-flows, shell codes and ASLR excites you? Want to have a glimpse of what takes place behind an exploit writer's mind? Would you like a try at writing a browser exploit? This training is for the man on the street and (almost) no assumption is made on you having any per-requisite knowledge. This training is ideal for you if you have no prior experience in exploitation it will attempt to ease you into the world of exploitation by covering classic buffer over flows and slowly build our way up to more advanced exploitation techniques. The focus of the training is to take complex concepts and turn them into simple, clear and concise presentations that a man on the street can follow. The following topics would be covered should time permit:
  • ASM Refresher
  • Classic Buffer overflow
  • SEH Exploitation
  • Return-oriented programming (ROP) technique
  • ASLR + Heap Spray
  • Hands on exercises on writing your own browser exploit

Learning Objectives / Focus:

Hands on experience in understanding windows exploitation and its various mitigation

Who Should Attend:

Anyone who wants to dip their toes into the world of windows exploitation.

Prerequisites:

Some basic Assembly would be helpful but participants could potentially pickup what they need to know during first hour. Should have at least program or scripted (any language) some simple stuff before. Hello World counts.

Requirements:

Laptop with VMWare Player/Workstation

Cost:

Free (10 places available)
LocationFri 08 0900 @ Unconfirmed Location
Duration480 mins
NameEmmanuel Law
OriginWellington, NZ
BioOriginally from Singapore, Emmanuel has been in the security industry for over 5 year. Currently working at Aura information Security, he is just a geek at heart that enjoys eating pies and sharing knowledge.

TitleLockpicking 101 (Free version)
Abstract

Abstract:

A basic workshop in lock picking, no experience required.

Learning Objectives / Focus:

How do you keep your data center physical secure? By the end of this workshop all attendees will have opened at least one standard door lock. Also a chance to play with handcuffs and other types of locks.

Who Should Attend:

Anyone who has never done lock picking but want to learn.

Prerequisites:

None; no experience needed!

Requirements:

Some lockpicking tools are available to use during the class, or you can buy a set.

Cost:

Free (12 places available, tools available for purchase)
LocationFri 08 1230 @ 3C Bar & Restaurant
Duration180 mins
NameD.Roc
OriginThe Lowest Hutt, NZ
BioStraight outta tha' hutt, D.Roc lives his life on the edge, reckless, a wildman: picks locks with his teeth, soothes the stampedeing allosaurus, and secures internets with only the power of cake. By day he rages against the public sector machine from within its very bowels, by night, only the sternest of cocktails can dislodge the veins from his teeth.

TitleFriday Drop-in Workshop
Abstract

Abstract:

This training workshop will be of a similar format to last years in2security drop-in. A number of workshops wil be run simultaneously, each led by one of our esteemed trainers. You will be able to chop and change between them, learning about the following topics:
  • Web application penetration testing
  • Wireless Hacking
  • Application Source Code Auditing

Who Should Attend:

Anyone who is keen to learn how to hack stuff!

Prerequisites:

Zero pre-requisite knowledge is required, this session is for anyone new to IT security with an interest in learning how to break stuff.

Requirements:

  • A laptop and a copy of VMWare Player/Workstation (If you don't have a laptop, come along anyway, we are sure you will learn something)
  • A Kali virtual machine, or LiveCD (we will provide some on USB if reuqired)
  • A wireless card capable of packet injection (we will have a bunch of these that people can use)

Cost:

Free (30 places available)
LocationFri 08 1400 @ Little Beer Quarter
Duration240 mins
NameThe Not-So-Newbie Crue
OriginWellington, NZ
Bio

Brendan Jamieson aka @hyprwired is an IT Security Consultant working for IntuiSec Ltd. He has previously presented at Kiwicon VI and is particularly interested in Web Application security, Python and Open Source Intelligence

Stephen Shkardoon currently works for SIlverstripe as a dev, injecting security into everything they do. According to the Silverstripe website, his single goal is the delighting of customers

Andrew Kampjes works for Aura Information Security and splits his time between ruby coding on Aura's RedEye service and busting into client environments with the penetration testing team