Trainings at Hack Red Con 2022
*Go to the training and agenda pages for more information
K-8 and 9-12 with Cyber.Org
Student Session Title: Don't Click that Link!
In this session, you will discover the actual dangers of clicking malicious links and/or downloading files from untrusted sources. You may hear all the time that you should not take these risks, but what are the actual dangers of doing these? This session will show how easy it can be for a malicious actor/hacker to gain control of your entire system, including your webcam, microphone, and all your files.
The presenters will demonstrate how to “hack”/take over each other’s systems while being states away from one another. The presenter playing the “hacker” role will take over the webcam, microphone, and other features of the “victim’s” system all from a simple error.
Teacher Session Title: Technical Cybersecurity Curriculum for High School
In this hands-on session, you will use a cyber range to showcase attack and defend style labs using a Kali Linux and Windows OS. Attendees will learn how to implement Cybersecurity in your classroom with the help of CYBER.ORG’s free Cybersecurity course. The content developers will also cover real-world case studies and the 150+ lessons (containing teacher notes, presentation materials, and quizzes) that come with the course.
In partnership with the Department of Homeland Security, CYBER.ORG's Cybersecurity course is designed for 9-12 cybersecurity classrooms at no cost to the educators/schools. Aligned to CompTIA's SY0-601 Security+ objectives, this course is aimed at preparing students to become workforce-ready by exploring the threats and vulnerabilities of cybersecurity.
This session will utilize/showcase the following labs:
- Credential Harvesting Lab
- Phishing Lab
- Brute Force Lab
- Denial of Service Lab
- Web Application Attack Labs
Hardware Auto CAD = How to create a PCB
Penetration Testing for Systems and Network Admin
Director of Offensive Security at Blue Bastion
Senior Security Consultant at Blue Bastion
The objective of this Capture-the-Flag style class is to take students with existing networks or systems administration experience and teach them how to:
Perform a comprehensive penetration test against Active Directory environments.
Spot a bad penetration test.
We understand that not everyone taking a pen test class will want to be a penetration tester. Hence, we have organized this class to be a well-rounded experience, allowing both aspiring red teamers and blue teamers to get the most out of it. This class will provide students with hands-on experience with all phases of a penetration test, from information gathering to reporting.
What does a good pen test look like?
Passive and active information gathering
Vulnerability analysis in an Active Directory environment
Domain privilege escalation
A Note to Prospective Students:
An introductory penetration testing class like this will only be beneficial to students who intimately know computer networking and have Windows administration experience. Existing experience with Windows command line, Linux administration, and Active Directory is highly recommended. For example, students should know how a packet traverses from point A to point B on the OSI model, and what HTTP GET and POST requests look like. Students should be comfortable with the Linux command line as our primary attack host will be Linux-based.
Students should bring a laptop capable of running a Kali Linux VM and connecting to a wireless network. A VirtualBox image of customized Kali Linux will be provided. Instructors will not provide support for VMWare, Parallels, Hyper-V, or other virtualization platforms.
Lab connectivity guide and Kali Linux image will be provided to students a week before the class.
Qasim "Q" Ijaz is a Senior Security Consultant at Blue Bastion Security and specializes in healthcare security and penetration testing. He has conducted hundreds of penetration tests in small to large environments with a focus on networks and web applications testing. His areas of interest include healthcare security, Active Directory, cybersecurity policy, and the "dry" business side of hacking. Qasim is a penetration test lead during the day and a teacher in the after-hours. Qasim has presented and taught at cybersecurity conferences including BSides and Blackhat on offensive security topics. He currently teaches a bootcamp on Offensive Security Certified Professional (OSCP) certification.
Jake Nelson is a Security Consultant at Blue Bastion Security. He comes from Linux and Unix administration background. Jake has worked in a variety of industries and has been pentesting for the last 3 years. Teaching students has been a favorite part of his previous jobs and that has resulted in helping to teach clients how to better secure their networks.