B-Sides Rochester 2024 - Trainings

This course, inspired by "Practical Social Engineering," offers a deep dive into the utilization of Open Source Intelligence (OSINT) for social engineering purposes. Over four hours, participants will explore how to ethically gather and analyze publicly available information to enhance social engineering strategies. The course will cover the fundamentals of OSINT, practical techniques for information gathering, and the application of this intelligence in planning and executing social engineering operations. Participants will gain an understanding of the ethical boundaries, legal considerations, and the role of OSINT in enhancing security and awareness. Laptop encouraged, but not required. Instructor - Joe Gray

(For Students with a valid .edu address, the pay what you can option is available min $25) Empire Operations: Tactics APT28 is an intermediate-level course that focuses on executing APT TTPs using Empire. In this hands-on course, students will evaluate the 2021-2022 exploitation campaign from Fancy Bear APT 28 using MSHTML RCE CVE-2021-40444 in macro-enabled docs, OneDrive C2 communications, and C# payloads. Next, attendees will learn the individual components of Empire and how to apply them to execute a red team operation. Key topics that will be taught are building C2 infrastructure, deploying customized payloads in C# and PowerShell, and creating tailored scripts for engagements. Finally, the Empire TTPs learned throughout the course will be tested on a comprehensive range using an emulation plan provided on APT 28. Hardware/Software Requirements - Laptop with 8GB of RAM and Modern Web Browser (Chrome, Firefox, etc). Instructors- Jake Krasnov and Dominic Cunningham