Train the Trainer

Brought to you by OpenSecurityTraining.info 
and The MITRE Corporation

Do you provide security training in your organization? Do you instruct professionally? Are you constantly helping others learn security concepts and techniques? Looking to be a better teacher/instructor/mentor but are struggling with how to build labs, how to logically structure the material, or keep your audience engaged for multi-day training sessions? Then stop by Train the Trainer for tips, techniques, and material you can use to help you help others. 

For the past year OpenSecurityTraining.info has been collecting instructor-led training and making the materials available under open source and creative commons licenses. We have also been posting video recordings of classes, taken from internal training delivered at MITRE.

However, even if you know the the information contained in the online courses, material can still be useful to you in your role as teacher/instructor/mentor. We actively encourage people who are already versed in these topics to take the training material and teach in your own venues. You could use the training material to educate coworkers on security topics, thereby making you look good in front of your management while giving you more skilled colleagues.  You could convince your management to allow you to give formal training to others within your company. Or you could even take the materials and get paid to train them for customers or conferences that the creators aren't exposed to. The uses are purposely left open to you.

Each 1.5 to 2 hour time slot on the schedule will give you a chance to hear about what material is covered in that class. Instructors will discuss the major topics and themes of the class. They will also cover lab requirements, and how labs are structured and administered to reinforce the material. Q&A is encouraged throughout the presentations, and time-permitting, instructors will give a very brief run through the slides. But interested potential instructors are recommended to check out the slides before attending, so they can ask more questions in person.

The classes that will be offered throughout the con are as follows:

Introductory Intel x86: Architecture, Assembly, Applications, & Alliteration 
Taught by Xeno Kovah
http://opensecuritytraining.info/IntroX86.html

Assumes: basic knowledge of C

Teaches: x86 32 bit assembly, registers, and stack usage. Uses MS Visual Studio for compiling, disassembling, debugging on Windows. Uses GCC/objdump/GDB for compiling, disassembling, debugging on Linux.

Intermediate Intel x86: Architecture, Assembly, Applications, & Alliteration 
Taught by Xeno Kovah
http://opensecuritytraining.info/IntermediateX86.html

Assumes: Intro x86

Teaches: x86 internals that are used by many OSes or security tools. The exact implementation of privilege rings, protected mode segmentation, regular and Physical Address Extensions (PAE) paging and memory management, interrupts and the Interrupt Descriptor Table(IDT), hardware debug registers, port IO.

The Life of Binaries
Taught by Xeno Kovah
http://opensecuritytraining.info/LifeOfBinaries.html

Assumes: basic knowledge of C, but benefits from Intro x86

Teaches: The stages of an executable's life from source code through terminating executable. Compiler theory with a special emphasis on the stage where assembly code is output. Structuring code and data into well-formed executable files such as the Windows Portable Executable (PE) and Linux Executable and Linkable Format (ELF) formats. A deep dive of PE is taken with an eye toward security-relevant features; and then ELF is examined to show how it is similar and different to PE. The class ends with showing the applicability of binary format knowledge for viruses and packers.

Rootkits: What They Are, and How to Find Them
Taught by Xeno Kovah
http://opensecuritytraining.info/Rootkits.html

Assumes: Some Intro/Intermediate x86 & Life of Binaries knowledge (primarily assembly, interrupts, IAT)

Teaches: How stealth malware techniques work, and specific tools that reveal hidden malware attributes. Specifically we discuss Windows userspace and kernel malware using inline, IAT, IDT, SSDT, IRP hooks, as well as DKOM, KOH, and bootkits.



Introduction to Software Exploits
Taught by Corey Kallenberg
http://opensecuritytraining.info/IntroductionToSoftwareExploits.html

Assumes: Knowledge of C and x86 Assembly

Teaches: Locating and exploiting vanilla stack corruption vulnerabilities in a linux environment. Developing x86 linux shellcode. Debugging with GDB. Introduction to the design and implementation of heap allocators, as well as how heap overflows can be exploited. Describes the basics of ret2libc style exploit payloads.



Exploits 2: Exploitation in the Windows Environment 
Taught by Corey Kallenberg
http://opensecuritytraining.info/Exploits2.html

Assumes: Knowledge of C, x86 assembly, and basics of stack memory corruption vulnerabilities.

Teaches: Basics of exploiting memory corruption vulnerabilities in win32. Developing windows shellcode. The strengths and weaknesses of typical win32 exploit mitigations. Using ROP to build a fake VirtualProtect stack frame. Generating crashes with fuzzing and crash analysis.



Introduction to Software Reverse Engineering 
Taught by Frank Poz
http://opensecuritytraining.info/IntroductionToReverseEngineering.html

Assumes: C/C++ development experience; Introductory Intel x86

Teaches: Using static reverse engineering to identify common features and behavior of executable software.



Reverse Engineering Malware 
Taught by Frank Poz
http://opensecuritytraining.info/ReverseEngineeringMalware.html

Assumes: Introductory Intel x86; Introduction to Reverse Engineering

Teaches: Using static reverse engineering to identify common features and behavior of malware, and how to identify and bypass common anti-reverse engineering techniques.



Introduction to Trusted Computing 
Taught by Ariel Segall
http://opensecuritytraining.info/IntroToTrustedComputing.html

Assumes: Familiarity with basic security concepts such as public key cryptography at a high level; the class contains a review, but people who've never done any security work before will be lost.

Teaches: What TPMs and Trusted Computing are; what they are (and aren't) good for, including why they're not actually Treacherous Computing; what the TPM's capabilities are in detail; and how to make use of TPMs yourself.



Android Forensics and Security Testing 
Taught by Shawn Valle
http://opensecuritytraining.info/AndroidForensics.html

Assumes: Knowledge of Android OS and SDK; Linux commands

Teaches: Overview of general mobile device forensics, followed by a deep dive into the Android OS, file system, and hardware; with a focus on tools and techniques to extract and analyze data. Explores various rooting and passcode bypass techniques. Introduces tools and instructions on reverse engineering Android apps and forensically analyzing contents.



Introduction to Vulnerability Assessment 
Taught by Nate Adams, Chriss Koch, & Jose Cintron
http://opensecuritytraining.info/IntroductionToVulnerabilityAssessment.html

Teaches: The purpose of this course on Vulnerability Assessment is to demonstrate how to identify vulnerabilities in a computer network, determine how a cyber-attacker might exploit these vulnerabilities, and examine how the vulnerabilities might be mitigated. A methodology used by MITRE when conducting assessments. The methodology lays out an orderly approach for conducting a vulnerability assessment and demonstrates numerous tools and techniques in an isolated computer laboratory setting to examine such problems through penetration testing.

Course Objectives:

• Learn a general methodology for conducting assessments
  
• Scan and mapping network topology 
  
• Identify listening ports/services on hosts
  
• Fingerprint operating systems remotely
  
• Learn methodology/best practices for audit of router, switch, and firewalls
  
• Learn methodology/best practices for audit UNIX and Windows security
  
• Learn methodology/best practices for web application security assessments