B-Sides Rochester 2023 - Trainings

08:00-12:00 This is a basic training to get student comfortable with OPSEC/Open source Intelligence and the tools used in research. The training is for anyone interested in OSINT and will last 3-4 hours with a couple of labs for practical experience. Instructor: Michael James

08:00-17:00 The objective of this Capture-the-Flag style class is to take students with existing networks or systems administration experience and teach them how to: 1. Perform a comprehensive penetration test against Active Directory environments. 2. Spot a bad penetration test. We understand that not everyone taking a pen test class will want to be a penetration tester. Hence, we have organized this class to be a well-rounded experience, allowing both aspiring red teamers and blue teamers to get the most out of it. This class will provide students with hands-on experience with all phases of a penetration test, from information gathering to reporting. Instructor: Qasim Ijaz

08:00-12:00 The 2021 OWASP Top Ten introduced a category “Insecure Design” to focus on risks related to design flaws. In this training, we will focus on building defense-in-depth software. What can we do to proactively architect software to be more resilient to attacks? What type of findings may not be discovered via automated static analysis? How can we design our software to be more friendly during incident response scenarios? This one-day training is perfect for engineers as well as security practitioners that have some familiarity with the OWASP top 10. During this training, we will focus on identifying often-overlooked architectural anti-patterns and vulnerabilities to be on the lookout for. We will utilize source code review to analyze patterns for improvement in both real-world applications as well as intentionally vulnerable applications. Every interactive exercise will involve discovering concerns and writing code to engineer solutions. The course will wrap up with real-w