██████████████████████████████████████████████████████████████████████████
_ _ _ _
| | | | | | | |
| | | | ___ _ __| | _____| |__ ___ _ __ ___
| |/\| |/ _ \| '__| |/ / __| '_ \ / _ \| '_ \/ __|
\ /\ / (_) | | | <\__ \ | | | (_) | |_) \__ \
\/ \/ \___/|_| |_|\_\___/_| |_|\___/| .__/|___/
| |
|_|
## Time: 10:00 -> 13:00 | Limited Spots | Mandatory Form Registration ##
Please select only one training session to attend, as they will be happening concurrently. The sign-up forms will stay open until we hit the training capacity, plus a waiting list in case any spots open up.
Title: Hardware fault injection, MacGyver style!
Trainer: Pedro Umbelino (@kripthor)
Duration: 10:00 - 13:00 (3h)
Description: In this session, we will introduce the attendees to hardware fault injection on a budget, MacGyver style. We will talk about fault injections in a presentation in the first part and go full hands on approach on the second part, doing EMFi and voltage glitching with hardware built from spare/cheap parts.
Requirements: A laptop with a proper serial drivers installed. Hardware will be provided for the duration of the workshop. The laptop will be used to monitor live EMFi and voltage glitches, use at your own risk! If you can connect/program an arduino/esp32 you are probably good to go. Feel free to bring your hardware tools and favorite microcontrollers to glitch (if you can program it using the Arduino IDE or Platform IO, probably it is easy test).
Capacity: Limited to 10 persons (5 groups of two).
Form: https://bit.ly/HackDay-HardwareFaultInjection
Title: WiFi - It’s free real estate
Trainer: Pedro Rodrigues (@darkcookie)
Duration: 10:00 - 12:00 (2h)
Description: Nobody asks for the Internet anymore, everyone asks for the WiFi password! Albeit erroneous, it’s the truth. WiFi is now synonymous of Internet, however, how can we ensure that our communications remain secure? A de facto technology that still suffers from vulnerabilities and misconfigurations. In this workshop, we will revisit the old protocols and see how they pan out in today’s infrastructure. From the clean Open Network to Enterprise Encryptions passing by captive portals, we will look at techniques to leverage these protocols in an offensive way to open the door for bad actors.
Requirements: Laptop with up-to-date Kali Linux virtual machine and a USB wireless card with injection and monitoring mode capabilities. Helper: https://www.aircrack-ng.org/doku.php?id=compatible_cards.
Capacity: Limited to 12 persons.
Form: https://bit.ly/HackDay-WiFiSecurity
Title: Surface Security
Trainers: Duarte Duarte (@dduarte) and Gustavo Silva (@gsilvapt)
Duration: 10:00 - 13:00 (3h)
Description: Surface Security is an open source security intelligence and automation platform open sourced in 2022, backed by the InfoSec Flutter UK&I Engineering team (Blip.pt). In this workshop, we will dive in, set Surface up, show possible configurations and their purposes, teach how to expand Surface’s capabilities and how to use the existing code to make the platform work for you. Although originally built for blue-teamers, a lot of the underlying design applies to red-teamers and what we will demonstrate will be heavily focused on bug bounty automation.You can expect in the 3 hour workshop:
- A walkthrough to setup Surface
- Setup and configure scanners
- Creating your own commands to programmatically populate data in your database
Requirements: Laptop and comfortable with Python code, ideally Django Framework.
Capacity: Limited to 12 persons.
Form: https://bit.ly/HackDay-SurfaceSecurity
Title: Real world attacks on Active Directory
Trainer: Gustavo Pinto (@ArmySick)
Duration: 10:00 - 13:00 (3h)
Description: Ever wondered what this Active Directory thing is all about and why so many attackers research and abuse it to compromise organisations? Have you heard of tools like Mimikatz and Bloodhound but never got a chance to try them out or understand how they fit in an attack chain, going from zero to hero? In this entry-level workshop, you’ll learn about popular tools and techniques used to attack Active Directory and Windows domains, while hands-on testing your newly found skills against a lab environment, inspired in recent and real scenarios.
Requirements: No prior Active Directory or tooling knowledge required. Laptop with up-to-date Kali Linux virtual machine.
Capacity: Limited to 12 persons.
Form: https://bit.ly/HackDay-ActiveDirectorySecurity
Title: Web Security 101
Trainers: Mariana Fernandes (@kikloki)
Duration: 10:00 - 12:30 (2.5h)
Description: During this training session, participants will receive a comprehensive overview of web security fundamentals, including the latest attack trends. Additionally, they will learn new techniques to enhance their skills and remain up-to-date with the latest industry developments. This training is particularly beneficial for those who write code, have a security interest, or are simply curious about potential vulnerabilities within modern software stacks.
Requirements: Computer with a web browser and internet.
Capacity: Limited to 20 persons.
Form: https://bit.ly/HackDay-WebSecurity101
Note: To get all the details sorted, we will contact all trainees one week before the workshop to confirm your enrollment. If a trainee fails to confirm their attendance on time, it will be deemed invalid, and their slot will be given to the first person on the waiting list.
_ _ _ _____ _ ______ _ _
| | | | | | |_ _| | | ___ \ | | |
| |_| | __ _ ___| | __ | | | |__ ___ | |_/ / | __ _ _ __ ___| |_
| _ |/ _` |/ __| |/ / | | | '_ \ / _ \ | __/| |/ _` | '_ \ / _ \ __|
| | | | (_| | (__| < | | | | | | __/ | | | | (_| | | | | __/ |_
\_| |_/\__,_|\___|_|\_\ \_/ |_| |_|\___| \_| |_|\__,_|_| |_|\___|\__|
## Time: 14:00 -> 18:00 | Limited Spots | Mandatory Meetup Event Registration ##
Title: Hacked City - Hack Your Way to Victory!
Description: Immerse yourself in a world where hacking becomes a thrilling adventure. This “cutting-edge” creation lets you control a city with moving parts, complete with a Bridge, a Billboard, a Nuclear Power Plant, and a Dam. Each component comes alive when one of the four websites is hacked! Test your skills as a hacker and challenge your friends to an exhilarating race against time. Unleash your creativity, dive into the world of cybersecurity, and experience the adrenaline rush of controlling a city at your fingertips. Get ready to hack your way to victory in the Hacked City!
Organization: Pedro Tarrinho (@Tarrinho)
Title: SDR Explorations
Description: Do you want to learn about radio and Software Defined Radio (SDR)? Too afraid of maths? No worries!!! This workshop will teach you how to use an SDR receiver and transceiver, intercepting the signals, decode them and reversing the messages as also how to communicate back to the device. Feel free to bring your own SDR device’s.
Organization: José Moreira (@Zezadas)
Title: Love is in The Air!
Description: Do you ever wonder if your Wi-Fi network is really secure or if your neighbor can easily sneak onto it? Have you ever been curious about Captive Portals and if it’s possible to bypass them? Are all enterprise wireless networks actually well-protected? If you’re eager to find the answers, have fun, and learn how to crack interesting material, this pitstop is just for you! Bring your laptop and a proper Wi-Fi card, and let’s have a good time!
Organization: Pedro Rodrigues (@darkcookie)
Title: Lockpicking Station
Description: Come hang out at our lockpicking table and explore the exciting world of lockpicking! We have tooling and locks for you to test your skills and knowledge. Whether you’re a seasoned lockpicker or just getting started, you will definitely have fun.
Organization: Duarte Monteiro (@d0kt0r)
Title: BYOHack (Small lighting topics about hacking)
Description: We would love to hear your amazing insights, tips&tricks, or stories about hacking or security in general! Therefore, we encourage all attendees to bring their own lightning talk topics. Our main aim for this event is to share knowledge and insights among fellow enthusiasts while having fun at the same time.
Organization: Renato Rodrigues (@SiMpS0N)
██████████████████████████████████████████████████████████████████████████