OVERDRIVE CONFERENCE

Register is needed

Remember to register for the trainings you wish along with the general pass for free: here

All trainings will be performed in english. If you have difficulties with the language please send a mail to staff at overdriveconference.com. If a certain amount of attendees has the sample problem we’ll have translators in the rooms

APT detection with Snort and Suricata

Trainer Tatyana Shiskova (Kaspersky Lab)

April 18th: from 16:00 to 19:00 and 19th from 10:00 to 13:00

P-III Building room 03

Level: Intermediate-Advanced


If you want to monitor and defend your network, a network intrusion detection system is a must for perimeter protection. The most popular NIDS’s now are open-source solutions Snort and Suricata. We will teach you how to use NIDS, speak about important parts of traffic that you should pay attention to and show step-by-step how to write rules for a given traffic dump. We will also tell about the most recent cases of infections of large corporations and organizations in our practice and provide examples of real traffic, including false alarms. At the end of the class, you will be able to set up your own NIDS, find malicious requests in traffic and write effective rules for various protocols.

Operating systems backdooring techniques

Trainers – Lance Buttars ( Blackhat NOC team), Lawrence Davis (Blackhat NOC team)

April 20th: from 10:00 to 13:00 and from 16:00 to 20:00

P-III Building room 03

Level: Beginner-Intermediate


Have you ever wanted to own a computer system in 60 seconds or less? Come out to our Backdoor and Dark Web CNC training class to learn how. We will teach you the dark arts of backdooring operating systems while maintaining control of those systems through a command and control architecture using the dark web. By the end of the class, we’re going to test your skills by leaving a computer unattended for 2 minutes and see how well you can do. See if you can gain control of the system and walk away unnoticed before we return. Download syllabus and Sign up fo attend

Modern Web Application Penetration Testing (MWAPT)

Trainer Seth Law(Independant consultant)

April 19th: from 10:00 to 13:00 and from 16:00 to 19:00

P-III Building room 04
Level: Beginner-Intermediate

Breaking modern web applications requires an understanding of exploits, vulnerabilities, tools and techniques. This course provides students with knowledge of these common vulnerabilities, open source tools and professional techniques used in performing web application penetration testing. Students will be introduced to open source tools including Burp Suite and SQLMap, when they should be used, and taught to use these tools to complement a tester’s expertise. Most importantly, this course will teach students how to use this knowledge to perform an end-to-end test of a modern web application.

This version of the MWAPT will review items from the latest iteration of OWASP’s Top 10 Application Security Risks (https://github.com/OWASP/Top10/tree/master/2017) and cover the tools and techniques for identifying and exploiting those vulnerabilities. The training requires hands-on interaction with a custom intentionally-vulnerable application to practice these tools and techniques. Students will need a laptop with a wireless connection, Firefox, and Burp Suite (portswigger.net) installed.


 

Actual trends in android malware analysis

Nikita Buchka (Kaspersky Lab), Dmitry Galov (Kaspersky Lab)

April 19th: from 10:00 to 13:00 and from 16:00 to 20:00

P-III Building room 03

Level: Intermediate


Android is the most widely used mobile operating system today. The amount of malicious mobile application targeting Android based smartphones has increased rapidly. People are storing more and more sensitive information on their mobile devices; security is more important than ever. We will guide you through the main aspects of Android Security and give you a wide view of modern malware that can be found in the wild. In the training the following topics will be discussed and analyzed:

  • Overview of Android architecture and internal structure of applications
  • Malware statistics (ransomware, rooting malware, bankers, etc.)
  • Examples of modern malware ITW (Ztorg, Android miners, etc.)
  • Android APTs
  • Latest Android security overview
  • Tips about static and dynamic analysis of Android malware

Introduction to OSINT gathering

JC (snowfensive)

April 19th: from 09:00 to 13:00 and from 16:00 to 20:00

P-III Building room 05

Level: Beginner-Intermediate


This eight-hour workshop will instruct attendees on Open-Source Intelligence (OSINT) gathering tools and techniques specifically focused on organizations and its employees. During this workshop, the instructors will walk through an OSINT collection framework developed by Snowfensive stopping at each process to explain different techniques and tools. Attendees can easily follow along with the demonstrations for additional hands on experience. At the end of each lecture, attendees will be presented with different challenges which can be solved using the information provided during the workshop.

Areas which we will focus on include the concept of OSINT, the Snowfensive OSINT Collection Framework, Network Information, Employee Information, 3rd Party Information, Physical Location Information, and Company-Sensitive Information. Material is geared towards beginners. Students will receive an Ubuntu Virtual Machine pre-configured to run all the software needed for the course.

Warning: Unlike some other OSINT courses, no fictitious data will be planted for students to find. This course utilizes real live data from companies and individuals. As a result, students may discover data containing adult content including drug/alcohol use, violence, pornography, etc. (it is the internet after all). During the live exercise portions, students will be given targets consisting of real companies and people to gather specific intelligence goals against. As a result, some students may feel uncomfortable.

Who this course is for:

• Penetration Testers

• Threat Intel Analysts

• Social Engineers

• Law Enforcement

• Stalkers

• Anyone interested in the subject matter