Skip Main Navigation
Page Content

Save This Event

Event Saved

Looks like this event has already ended.

Check out upcoming events by this organizer, or organize your very own event.

View upcoming events Create an event

Shakacon VI Trainings

SHAKACON

Monday, June 23, 2014 from 8:00 AM to 5:00 PM (HST)

Shakacon VI Trainings

Registration Information

Registration Type Sales End Price Fee Quantity
Training 1: Introduction To Disassembly And Reverse Engineering – Gary Golomb
See information for Training 1 below. Hawaii GET included.
Ended $1,047.12 $51.36
Training 2: Breaking into Embedded Devices: Side Channel Analysis and Fault Injection, Jasper van Woudenberg & Peter Ateshian Ended $1,047.12 $51.36

Share Shakacon VI Trainings

Event Details

Training 1: Introduction to Disassembly And Reverse Engineering – Gary Golomb

Description: You're technical, but have never had the opportunity to make the leap to static executable analysis. You understand a lot about malware, but nothing about executable structures and following disassembly (or using tools focusing on those things to make decisions about if executables are good or evil). What will be covered: the basics of executable structures, disassembly, and the machine-level instructions that matter most often to malware analysts, using the demo version of IDA to dissect unknown binaries, taking an unknown binary and determining if it’s good or malicious (frequently required, given the abysmal accuracy of existing InfoSec products on the market), impressing your friends by having open IDA windows on your screen - that have obviously moved beyond the entry point of the executable. While the topic sounds fun, this is actually a very serious subject and a skill desperately needed in organizations. The terrible efficacy of products across the entire industry is no secret. With at least 250,000 new malware samples discovered every day, organizations can no longer depend on vendors to keep up with identifying and creating indicators of malware for them. (Keep in mind, these samples are mostly discovered by your organizations and not vendors in the first place!) Organizations now require the ability to reverse engineer malware themselves to generate indicators and intelligence they can take action on. The goal of this training is to teach you the basics of taking sample binaries and determining (from a static analysis perspective) if they are good or malicious, even when other mainstream tools give you inconclusive results. We’ll first learn the basics of executable structures and disassembly, then apply that knowledge to examining various samples to identify when they’re malicious, then extract actionable indicators from the malicious binaries. Of course I can only teach the basics in a single day, but we'll focus on the building blocks you can utilize to move forward with this subject outside the classroom. Some subjects just take a little "kick-start" to get you going on your own. This is one of those subjects, and the class will be delivered with that goal in mind. 

Biography: There comes a point in some people's careers where they have forgotten more of their accomplishments than they remember. Whether that is because of a wonderfully fortunate and eclectic career, or because of old age, Gary is approaching that point. Having spent the past 15 years mostly focused on productizable Research and Development for award winning products, doing forensics and reverse engineering in some of the world's most notorious cases, co-founding a new technology product-focused company from scratch and successfully carrying it through acquisition, doing formal competitive intelligence, and creating product architectures and tactical long-term product planning - Gary has many rich experiences to share in the classroom and on the lecture stage (which he's done at some of the most elite security conferences, including: RSA, SANS, Shakacon, CanSecWest, THOTCON, You Sh0t the Shriff, ekoparty, BlackHat, and others). With a love for both teaching and developing new solutions to difficult problems, Gary's goal is to "teach or automate himself out of a job." Fortunately (for his family), the creativity, ingenuity, and persistence of our advisories have ensured that hasn't come to fruition, yet.  


Training 2: Breaking into Embedded Devices: Side Channel Analysis and Fault Injection, Jasper van Woudenberg & Peter Ateshian

Description: Secure boot, trusted execution environments and many other security mechanisms depend on the security of the underlying hardware. What if we can break the actual hardware? And what if that's EASIER than breaking the software?

Side channel analysis and fault injection are techniques to break various security mechanisms, allowing an attack to load arbitrary firmware code and discover secrets such as cryptographic keys and PINs from hardware and embedded software. They were first (publicly) discovered on smart cards in response to the major platforms becoming highly resistant against ‘software’ attacks. Now that this type of security is becoming more widely understood and implemented on most embedded systems, attackers are also moving into the field of hardware attacks.

This course provides an understanding of the possibilities and impact of these techniques and explains how you can protect against them through a hands-on approach. Besides the necessary theory, students will perform exercises themselves in which they will, for instance, break a DES key through real time power analysis. Further, in another exercise, each student is challenged to devise their own countermeasures and the effect of these is analyzed via a live data acquisition and analysis on the code using side channel power analysis equipment.

Biographies: Jasper (@jzvw) currently is CTO for Riscure North America. As CTO of Riscure North America, Jasper is principal security analyst and ultimately responsible for Riscure North America's technical and commercial activities. Jasper's interest in security matters was first sparked in his mid-teens by reverse engineering software. During his studies for a master's degree in both CS and AI, he worked for a penetration testing firm, where he performed source code review, binary reverse engineering and tested application and network security. At Riscure, Jasper's expertise has grown to include various aspects of hardware security; from design review and logical testing, to side channel analysis and perturbation attacks. He leads Riscure North America's pentesting teams and has a special interest in combining AI with security research. Jasper's eagerness to share knowledge is reflected by regular speaking appearances, specialized client training sessions, student supervision and academic publications. Jasper has spoken at many security conferences including BlackHat trainings, Intel Security Conference, RSA, EDSC, BSides, ICMC, Infiltrate, has presented scientific research at SAC, WISSEC, CT-RSA, FDTC, ESC Design {West,East}, ARM TechCon, and has given invited talks at Stanford, GMU and the University of Amsterdam.

Specialties: Side channel analysis, fault injection, binary code analysis, security evaluations of {mobile phones, smart cards, set-top-boxes}, network penetration testing, code reviews.

Peter Ateshian Faculty Adjunct Lecturer & Research Associate at NPS, Monterey California, Business Development Manager Riscure North America. San Francisco California Formed and built Xtrm DESIGNS LLC, a successful Technical Engineering Support, Business Development, Sales & Services Company that has been in operation for 20 years with as many as 50 people. Provided the leadership and technical direction for VLSI Full custom & ASIC design and complex EDA/CAD flows; including new technology implementation applications for IC design. FPGA prototyping of ARM based SoCs and multiprocessor devices. ‘Xtr'm' Designs LLC, was initially funded by Mentor Graphics, TeraSystems, Conexant Oracle/ SUN Micro Systems and the US Navy. 2013-4 DARPA APAC Android malware PI NPS CCW;

2014 Clearance level: TS/SCI. Master of Engineering University of California Berkeley EECS & Business Administration.

Discount:  10% discount for Military/Govt Fed/State/Academic and all local Hawaii businesses with identification/credentials/local biz license. (Contact info@shakacon.org for more information.)

Have questions about Shakacon VI Trainings? Contact SHAKACON

Please log in or sign up

In order to purchase these tickets in installments, you'll need an Eventbrite account. Log in or sign up for a free account to continue.