Jayson E. Street - Simulated Adversary - Tactics & Tools Training $2,400 (Early $2,200)

Name of Training:

Simulated Adversary - Tactics & Tools Training

Description:

Attendees will learn how adversaries can attack in non-traditional ways.

Training description:

Engage in a transformative learning experience spanning the four days of this comprehensive security class, led by Jayson. Delve into the art of online research, exploring non-traditional adversary tactics and moving beyond vulnerability discovery to enhance target security. Emphasizing hands-on, real-world examples, Jayson's approach sheds light on the human side of social engineering attacks, utilizing non-intrusive simulations for education without compromise. Distinguishable from traditional pentesting, Jayson introduces the Security Awareness Engagement methodology, revealing real-world threats without negative impacts. This methodology involves hands-on simulations, educating users on daily threats, akin to routine exercises in banks preparing for robberies. The class extends beyond Metasploit and zero-day exploits, focusing on the paramount threat – the human factor. Progresses into a deeper understanding of social engineering attacks, guiding students on educating others and raising awareness. The focus is on bolstering an organization's security posture through practical changes and gaining management buy-in, fostering user engagement as an integral part of the security team. The last day the class shifts towards the critical realm of incident response planning. While most plans address computer/network compromises, this course introduces the concept of a Social Engineer Incident Response plan. Preparing first responders for suspicious incidents, it covers avoidance strategies, de-escalation techniques, and detection measures. Students learn a step-by-step approach to validate, protect, detect, respond, and recover from social engineering events, providing a comprehensive incident response plan that extends beyond the network to fortify the core of the enterprise.

Trainer(s) bio:

Jayson E. Street referred to in the past as:
A "notorious hacker" by FOX25 Boston, "World Class Hacker" by National
Geographic Breakthrough Series and described as a "paunchy hacker" by
Rolling Stone Magazine. He however prefers if people refer to him simply as
a Hacker, Helper & Human.

The Chief Adversarial Officer at SecureYeti.

The author of the "Dissecting the hack: Series" (which is
currently required reading at 5 colleges in 3 countries that he knows of).
Also the DEF CON Groups Global Ambassador. He's spoken at DEF CON, DEF CON
China, GRRCon, SAINTCON & at several other CONs & colleges on a variety of
Information Security subjects. He was also a guest lecturer for the Beijing
Institute of Technology for 10 years.

He loves to explore the world & networks as much as he can. He has
successfully robbed banks, hotels, government facilities, Biochemical
companies, etc.. on five continents (Only successfully robbing the wrong
bank in Lebanon once all others he was supposed to)!

*He is a highly carbonated speaker who has partaken of Pizza from Bulgaria
to Brazil & China to The Canary Islands. He does not expect anybody to still
be reading this far but if they are please note he was proud to be chosen as
one of Time's persons of the year for 2006.

Trainer(s) social media links:

https://twitter.com/jaysonstreet : @jaysonstreet
https://defcon.social/@jayson : @defcon.social/@jayson
https://infosec.exchange/@jaysonestreet : @infosec.exchange/@jaysonestreet
https://linkedin.com/in/jstreet/
JaysonEStreet.com & HackerAdventures.World

Outline:

Day 1:

Introduction
Agenda
Differences
Who am I
Who are we
Current State of security awareness

Module 1
What is Social Engineering
Red Teaming or Physical Pentest
The human factor


Module 2 Recon
Recon online
Recon in real life
Presenting findings
Case study

Lab: Conducting your own recon

Module 3 Phishing
Phishing for results
Finding target
Impersonation
Finding emotional trigger
Case study

Lab: Constructing a phish using results from Module

Module 4: Importance of preparedness
Preparing for onsite engagement
Clarifying scope of work
Managing client expectations
Defining success
Get out of jail free card
Case Study

Lab: 'Creating' a "Get out of jail free" card

Module 5 Weapons of Mass Education & Learning to code in Ducky script
An overview of the tools such as Bash Bunny, Pineapple, OMG cables & rubber
ducky, Flipper Zero & other useful devices.
Purpose of these tools
Each student will be given a book on programming in Ducky script.
We will go over several chapters that I will teach from. This will give
students the understanding and ability to write their own beginner payloads
for the Rubber Ducky.
Case study

Day 2:

Lab: Configuring the Rubber Ducky

Module 6 Infiltration of the Location
Persona creation
Passive infiltration
Assertive infiltration
Location infiltration
Commitment to your persona
Location
Time of attack
Population onsite

Lab: Creating your persona for your scenario

Module 7 Execution Phase
The attack
The approach
The target
Deployment
The escape
Case Study
Lab: Setting the stage and acting it out
Module 8 What's next?
The aftermath
Dealing with compromised humans
Educating on the spot
Conveying the lessons to management
Covering the findings in a positive way
Case Study

Lab 7: Consoling and educating the compromised
Closing

Technical difficulty:

Beginners to start. Intermediate & advanced students to learn new techniques.

Suggested Prerequisites:

None

What students should bring:

A laptop and a desire to learn! A Hak5 Rubber Ducky will be provided for all
students.

DATE: August 12th-13th, 2024
TIME: 8am to 5pm PDT
VENUE: Sahara Las Vegas
TRAINER: Jayson E. Street

- 16 hours of training with a certificate of completion.
- Note: Classes that do not meet their minimum class size by July 15 will be canceled, please register early

- 2 coffee breaks are provided per day
- Note: Food is not included

Registration terms and conditions:

Trainings are refundable before July 1st, the processing fee is $250.

Trainings are non-refundable after July 10th, 2024.

Training tickets may be transferred. Please email us for specifics.

Failure to attend the Training without prior written notification, will be considered a No-Show. No refund will be given.

By purchasing this ticket you agree to abide by the DCT Code of Conduct and the registration terms and conditions listed above.