View other date
BSides Tel Aviv 2019 - Workshops Day
June 23rd, 2019 09:00
Tickets on sale
BSides Tel Aviv 2019 - Main Conference Day
June 24, 2019 10:00
Tickets on sale

BSides Tel Aviv 2019 - Workshops Day

June 23rd, 2019
Begin: 09:00
End: 18:00
Add to Calendar

Workshop Tickets

Tickets for the BSidesTLV workshop sessions

PowerShell has evolved greatly in the last decade to become the tool of choice for Windows Post-Exploitation by many (see IBM on PS Attacks peaking at 57%). Indeed, with great power(shell) comes great responsibility. PowerShell has come a long way, and is the main enabler of Microsoft’s management efforts & future, both on premise and in the cloud. Yet in the “living of the land” reality, where any admin tool can be used as an attack tool, PowerShell is “part of the OS” and helps us do anything we want without any pre-reqs – we’ll see how to run fileless in memory without touching disk/without launching explicit process/without powershell.exe/obfuscating command and much more. While MS has some cool detection & logging techniques, we will demonstrate how Powershell blue team techniques can be bypassed in creative ways (from standard stuff to advanced).

Workshop by: Yossi Sassi More Info:


This workshop is an advanced workshop for Reverse Engineers who want to expand their horizons and skills on Reversing C++ Programs. C++ Binaries are full of mysteries, they have objects, inheritance, templates, vtables and many more. The workshop will try to make reverse engineering of C++ programs easier by explaining advanced C++ topics. We will start with how to identify C++ Objects and Inheritance in a binary and how to represent them in IDA, next we will study work methods and design patterns in C++. Finally, we will practice, fight and untangle deep and modern C++ programs and finish off with a complete exercise of static and dynamic reversing.

Workshop by: Gal Zaban More info:


This course is an introduction to the basics of ethical hacking. It covers most of the aspects one requires to get started in this field. It has been created for students with limited to no prior experience with ethical hacking. This course, while remaining ethical in its approach, will ensure that students understand and are able to get from the perimeter right into the heart of networks and systems. This very exciting hacking course will take each student through the process of ethical hacking, from setting up your virtual machines or desktops to prepare for assessments through to enumeration and exploitation of networks and systems.

Workshop by: TelSpace More Info:


This is the essential course on ModSecurity and the OWASP Core Rule Set (CRS). There are more than ten years of experience with practical ModSecurity in high security setting in this course. The teacher is one of the co-leads of the CRS project, author of the 2nd ed. of the ModSecurity Handbook and the best known instructor on the subject.

Workshop by: Christian Folini More Info:


The Unified Extensible Firmware Interface (UEFI) plays a critical role in ensuring platform security. However, there seems to be a steep learning curve for developers and researchers to implement firmware functionality. This course intends to be a resource for firmware enthusiasts to ease into developing interesting platform functionality as well as to provide them with the tools necessary to test the state of a platform and the firmware running on it.

The class is a hands-on course focused on coding, compiling, and testing platform firmware. The course material and labs are based around two projects: the open source implementation of UEFI (TianoCore) and CHIPSEC, a widely deployed open source platform security framework. The UEFI development section covers everything from the basics of the UEFI build environment, basic Hello World examples, and UEFI shell apps all the way to UEFI driver development and System Management Mode (SMM) functionality. Students don’t necessarily need to be firmware experts, but could benefit from the material even if they have firmware research experience.

The CHIPSEC development section will focus on the creation of verification modules that check for the proper hardware configuration of a platform, provide the ability to blacklist known vulnerable code, perform forensics, craft POC’s for vulnerabilities, and even stress test different firmware features. The class is ideal for firmware security researchers looking for a deeper dive into platform configuration and stress testing.

Workshop by: Maggie Jauregui More Info:


DNS is the one of the basic layers that holds the Internet together. Without it, not much else works… even malware. In this training we will focus on how to use DNS to the advantage of defending networks. With good techniques it is possible to find a great deal of misuse based on DNS such as DGAs, fast/double flux networks, phishing, and brand impersonation. Tools like passive DNS, whois, and active probing allow defenders to proactively search for malicious indicators before they are operationalized so defenders can get ahead of the attack cycle. This is a training on the usage of DNS for malware hunting, detection of new infrastructure, discovery of new network assets and other “research” type of products. In this training we will focus on hands on labs while covering also some theory and history of DNS.

Workshop by: Irena Demsky More Info:


If you already ordered a ticket

If you want to see or change the status and details of your order, click on the link in one of the emails we sent you during the order process. If you cannot find the link, click on the following button to request the link to your order to be sent to you again.