HOU.SEC.CON v9 - Training

Event Information

Share this event

Date and Time



Marriott Marquis Houston

1777 Walker Street

Houston, TX 77010

View Map

Event description
Training classes for HOU.SEC.CON v9. Classes are held on April 9, 2019 at the Marriott Marquis in Downtown Houston.

About this Event

Training classes for HOU.SEC.CON v9. Classes are held on April 9, 2019 at the Marriott Marquis in Downtown Houston.

Classes DO NOT include access to the conference sessions. Sessions tickets must be purchased separately.

Scroll down to see all class descriptions.

CLASS 1: Cloud Busting: Cloud Forensics Workshop and Challenge (Instructor: Kerry Hazelton)

Description: What, exactly, is “the Cloud”? Is it a network of machines connected via the Internet scattered all over the globe? Is it a data center environment located in the United States or anywhere in the world? Is it really just “someone else’s computer”? Or, is there more to it that needs to be understood by the Information Security professional, to arm him or her with enough knowledge to answer the tough question that inevitably will be asked by their employer, “Why should we take the risk to move our most sensitive data into the cloud?” To take it one step further, should in the event of a data breach that same employer should say, “We need to investigate how this happened;” what exactly will the Information Security professional need to know to successfully conduct a digital forensic investigation, especially if he or she doesn’t have direct access to the server or hardware?

The Cloud Forensics Challenge team (@Cloud4n6) is excited to come to HOU.SEC.CON for 2019 and bring our workshop with us. We have presented this training at both the 2017 BSides DC and the 2018 BSides Charm events, and seats have sold out both times. The focus of our workshop is two-fold: first, to explore key concepts of Cloud computing and understanding the procedures and processes of conducting a digital forensics investigation in the Cloud; and second, a half-day challenge to test students' comprehension of the material and their skill sets by investigating a digital image of a Cloud-based server and searching for various "flags" to be turned in as part of a team competition. Prizes will be up for grabs and we look forward to sharing our knowledge with attendees!

What to expect:

Everything including the kitchen sink. Come get a 10,000-foot view on cloud computing and how it changes the way a digital forensics investigation is conducted. Come test your skills and knowledge on log analysis, file carving, packet analysis, memory analysis, reverse engineering, steganography, cryptography, and other areas as you conduct your investigation accordingly.

What to bring:

A laptop capable of running the latest version of Kali Linux. Don't like it nor don't care for it? Have the following tools pre-loaded and ready to go:

  • TSK/Autopsy
  • Wireshark
  • Volatility or other memory forensics software
  • OpenStego or other steganography software
  • Ida Pro (trial version is fine), Ollydbg, or other reverse engineering tool
  • Decrypter or other decryption software
  • Cipher tools

Instructor: Kerry Hazelton

Kerry Hazelton's career between Information Technology and Security has spanned the course of over twenty years, and with it he has developed considerable experience with systems and network support, data center operations, and information security. As such, he considers himself a "cybersecurity enthusiast" due to his desire and motivation to read up on the latest trends within the industry, to learn about a new exploit or tool, or his willingness to teach and share with others his experiences over the years. He also has presented technical workshops on the tools and procedures often used in security analysis and cloud-based digital forensics at prior conferences including BSides Charm, DC, and NoVA; which helped to form the basis for the Cloud Forensics Challenge he currently runs. Additionally, he recently gave a talk at his hometown inaugural BSides Idaho Falls conference about his experiences as an instructor, and the importance of mentoring the next generation of hackers.

Mr. Hazelton is currently employed as a Senior Cloud Security Engineer with Tenable.

CLASS 2: Mitre ATT&CK: What is it, how to use, and apply it to your organization (Instructor: Michael Gough)

Description: Mitre has created the “Adversarial Tactics, Techniques & Common Knowledge” (ATT&CK) to help security practitioners understand the actual techniques and tactics that adversaries use against us. The advantage of ATT&CK is it allows us to build a framework to understand how we might detect, respond, and prevent many of the tactics. Creating your own ATT&CK framework provides for a way for us to map what technologies, procedures, playbooks, reports/queries, and alerts we have, and then map any gaps that we have that then can be addressed.

This course is intended for any Information Security or IT professional. The focus will be on What ATT&CK is, How to start using it, and resources available to you. We will walk through mapping your technologies and options to self-assess yourself against ATT&CK and how to know if you are ready to defend against these type of adversarial techniques. All attendees will get a copy of LOG-MD Professional as part of the class.


  • Introductions, Goals & Objectives and Terms & Concepts
  • What is ATT&CK
  • Resources for ATT&CK
  • Malware Management – Where to get the latest techniques and TTPs
  • Lunch – Sponsor
  • How to use ATT&CK
  • Self-Assessment exercises
  • Filling in your own ATT&CK Matrix
  • Questions and Discussion

Target Audience (Who should take the course): This course is intended for any Information Security or IT professional, newbs to seasoned pro’s, this class is for everyone.

What to bring: Students will need a laptop with Word, PDF and Excel. All class documentation will be provided on a USB drive to each student.

Instructor: Michael Gough

Michael has 20 years experience in IT and InfoSec. Michael now focuses his talents as a Blue Team Defender, Incident Responder, malwarian fighter and malware archaeologist. Michael also co-partnered the BSides Texas Conference entity for 6 years. Michael is co-creator of LOG-MD, a free Windows logging and malicious behavior discovery tool to help defenders improve their Windows logging, discover malicious behavior and malware for Blue Teamers and Incident Responders. Michael also created the "Malware Management Framework", and also developed several "Windows Logging Cheat Sheets" to provide a starting point on detailed logging for Windows hosts.


Share with friends

Date and Time


Marriott Marquis Houston

1777 Walker Street

Houston, TX 77010

View Map

Save This Event

Event Saved