(0)Training
Training at Kiwicon has a new twist; there's some for-pay training classes available on the Thursday 7th, and the same (or similar) training is available for free on the Friday. Why would you pay for something that you can get for free? Well, consider the abridged Kiwicon Code Of Conduct:
"Dont be a dick"If you work in the industry, or your work is paying for you to be at the Con, or if you have some other kind of fat cash paying gig, then we think it'd be swell of you to pay your way, and leave the free classes for those who can't afford it. In particular, we'll give priority to those with student tickets or jobs outside the relatively-well paid IT sector. If you try and sign up for the free classes from your fancy-pants dr.jim.phd@fancypants.govt.nz, expect to be told to naff off :P
Kiwicon's about sharing the knowledge, so by paying your way, you're helping those who cant yet afford to.
Training registrations have now closed, if you registered you should have received an email confirming whether you got a spot or not.Quick List
- Emmanuel Law: Windows Exploitation for the man on the street
- Brendan 'hyprwired' Jamieson: Learning to exploit Web Applications
- D.Roc: Lockpicking 101
- Emmanuel Law: Windows Exploitation for the man on the street (Free version)
- D.Roc: Lockpicking 101 (Free version)
- The Not-So-Newbie Crue: Friday Drop-in Workshop
Details
| Title | Windows Exploitation for the man on the street |
| Abstract | Abstract:Do the terms buffer-over-flows, shell codes and ASLR excites you? Want to have a glimpse of what takes place behind an exploit writer's mind? Would you like a try at writing a browser exploit? This training is for the man on the street and (almost) no assumption is made on you having any per-requisite knowledge. This training is ideal for you if you have no prior experience in exploitation it will attempt to ease you into the world of exploitation by covering classic buffer over flows and slowly build our way up to more advanced exploitation techniques. The focus of the training is to take complex concepts and turn them into simple, clear and concise presentations that a man on the street can follow. The following topics would be covered should time permit:
Learning Objectives / Focus:Hands on experience in understanding windows exploitation and its various mitigationWho Should Attend:Anyone who wants to dip their toes into the world of windows exploitation.Prerequisites:Some basic Assembly would be helpful but participants could potentially pickup what they need to know during first hour. Should have at least program or scripted (any language) some simple stuff before. Hello World counts.Requirements:Laptop with VMWare Player/WorkstationCost:$800 (10 places available) |
| Location | Thu 07 0900 @ Unconfirmed Location |
| Duration | 480 mins |
| Name | Emmanuel Law |
| Origin | Wellington, NZ |
| Bio | Originally from Singapore, Emmanuel has been in the security industry for over 5 year. Currently working at Aura information Security, he is just a geek at heart that enjoys eating pies and sharing knowledge. |
| Title | Learning to exploit Web Applications |
| Abstract | Abstract:Today, web applications are everywhere. From updating your status on social media, to checking how much money is in your bank account, you likely use many web applications every day. This full-day, hands-on training aims to teach attendees how to exploit vulnerabilities in web applications; as well as what causes these vulnerabilities to arise in the first place, and how to avoid them.Learning Objectives / Focus:Attendees will learn about the mistakes made by developers that introduce vulnerabilities into web applications; and how to exploit them. Attendees will also learn how to avoid those same vulnerabilities in their own web applications.Who Should Attend:This training would ideally suit web application developers interested in how attackers break their apps; though those with a decent grasp of the prerequisite knowledge could also benefit from this. This course is aimed at those without previous hacking experience; those who already have experience exploiting the OWASP Top 10 (such as penetration testers, or some developers) will likely not benefit from this course.Prerequisites:Attendees for this course will need:
Requirements:Attendees will need to bring:
Cost:$500 (10 places available) |
| Location | Thu 07 0900 @ Unconfirmed Location |
| Duration | 480 mins |
| Name | Brendan 'hyprwired' Jamieson |
| Origin | Wellington, NZ |
| Bio | Brendan Jamieson is an IT Security Consultant working for IntuiSec Ltd. He has previously presented at Kiwicon VI and is particularly interested in Web Application security, Python and Open Source Intelligence. |
| Title | Lockpicking 101 |
| Abstract | Abstract:A basic workshop in lock picking, no experience required.Learning Objectives / Focus:How do you keep your data center physical secure? By the end of this workshop all attendees will have opened at least one standard door lock. Also a chance to play with handcuffs and other types of locks.Who Should Attend:Anyone who has never done lock picking but want to learn.Prerequisites:None; no experience needed!Requirements:Lockpicking tools provided as part of the cost.Cost:$250 (12 places available, cost includes a set of quality tools from Southord) |
| Location | Thu 07 1230 @ 3C Bar & Restaurant |
| Duration | 180 mins |
| Name | D.Roc |
| Origin | The Lowest Hutt, NZ |
| Bio | Straight outta tha' hutt, D.Roc lives his life on the edge, reckless, a wildman: picks locks with his teeth, soothes the stampedeing allosaurus, and secures internets with only the power of cake. By day he rages against the public sector machine from within its very bowels, by night, only the sternest of cocktails can dislodge the veins from his teeth. |
| Title | Windows Exploitation for the man on the street (Free version) |
| Abstract | Abstract:Do the terms buffer-over-flows, shell codes and ASLR excites you? Want to have a glimpse of what takes place behind an exploit writer's mind? Would you like a try at writing a browser exploit? This training is for the man on the street and (almost) no assumption is made on you having any per-requisite knowledge. This training is ideal for you if you have no prior experience in exploitation it will attempt to ease you into the world of exploitation by covering classic buffer over flows and slowly build our way up to more advanced exploitation techniques. The focus of the training is to take complex concepts and turn them into simple, clear and concise presentations that a man on the street can follow. The following topics would be covered should time permit:
Learning Objectives / Focus:Hands on experience in understanding windows exploitation and its various mitigationWho Should Attend:Anyone who wants to dip their toes into the world of windows exploitation.Prerequisites:Some basic Assembly would be helpful but participants could potentially pickup what they need to know during first hour. Should have at least program or scripted (any language) some simple stuff before. Hello World counts.Requirements:Laptop with VMWare Player/WorkstationCost:Free (10 places available) |
| Location | Fri 08 0900 @ Unconfirmed Location |
| Duration | 480 mins |
| Name | Emmanuel Law |
| Origin | Wellington, NZ |
| Bio | Originally from Singapore, Emmanuel has been in the security industry for over 5 year. Currently working at Aura information Security, he is just a geek at heart that enjoys eating pies and sharing knowledge. |
| Title | Lockpicking 101 (Free version) |
| Abstract | Abstract:A basic workshop in lock picking, no experience required.Learning Objectives / Focus:How do you keep your data center physical secure? By the end of this workshop all attendees will have opened at least one standard door lock. Also a chance to play with handcuffs and other types of locks.Who Should Attend:Anyone who has never done lock picking but want to learn.Prerequisites:None; no experience needed!Requirements:Some lockpicking tools are available to use during the class, or you can buy a set.Cost:Free (12 places available, tools available for purchase) |
| Location | Fri 08 1230 @ 3C Bar & Restaurant |
| Duration | 180 mins |
| Name | D.Roc |
| Origin | The Lowest Hutt, NZ |
| Bio | Straight outta tha' hutt, D.Roc lives his life on the edge, reckless, a wildman: picks locks with his teeth, soothes the stampedeing allosaurus, and secures internets with only the power of cake. By day he rages against the public sector machine from within its very bowels, by night, only the sternest of cocktails can dislodge the veins from his teeth. |
| Title | Friday Drop-in Workshop |
| Abstract | Abstract:This training workshop will be of a similar format to last years in2security drop-in. A number of workshops wil be run simultaneously, each led by one of our esteemed trainers. You will be able to chop and change between them, learning about the following topics:
Who Should Attend:Anyone who is keen to learn how to hack stuff!Prerequisites:Zero pre-requisite knowledge is required, this session is for anyone new to IT security with an interest in learning how to break stuff.Requirements:
Cost:Free (30 places available) |
| Location | Fri 08 1400 @ Little Beer Quarter |
| Duration | 240 mins |
| Name | The Not-So-Newbie Crue |
| Origin | Wellington, NZ |
| Bio | Brendan Jamieson aka @hyprwired is an IT Security Consultant working for IntuiSec Ltd. He has previously presented at Kiwicon VI and is particularly interested in Web Application security, Python and Open Source Intelligence Stephen Shkardoon currently works for SIlverstripe as a dev, injecting security into everything they do. According to the Silverstripe website, his single goal is the delighting of customers Andrew Kampjes works for Aura Information Security and splits his time between ruby coding on Aura's RedEye service and busting into client environments with the penetration testing team |
