Sam Bowne & Team - Beginner's Guide to Attacks and Defenses - DCTLV2025 **4-Day Training**
**Please note: This is a four-day training that will be held Saturday-Tuesday (August 9-12). Participants will receive a DEF CON Human Badge with their registration**
Name of Training: Beginner's Guide to Attacks and Defenses
Trainer(s): Sam Bowne, Elizabeth Biddlecome, Kaitlyn Handelman, and Irvin Lemus
Dates: August 9-12, 2025 **4-day training**
Time: 8:00 am to 5:00 pm PT
Venue: Las Vegas Convention Center
Cost: $3,200
Course Description:
We will survey modern attack and defense techniques at an introductory level. We will demonstrate all the techniques, and participants will perform hands-on projects practicing with the tools. We will provide beginner-friendly instructions, a live CTF scoreboard, and personal assistance.
Course Outline:
Day 1: Intro to Attack Techniques for Both Windows and Linux Systems
Learn fundamental tools and techniques used to attack Windows and Linux systems. Topics include Linux and Windows command-line, command injection, SQL injection, network discovery, and vulnerability scanning.
Day 2: Intro to Exploit Development: Finding Vulnerabilities and Taking Advantage of Them
Learn how software uses memory, and why computers are so easily tricked into executing bytes as code that entered the system as data. Learn how to develop binary exploits including buffer overflows on the stack and the heap, format string vulnerabilities, and race conditions.
We will examine modern Windows defenses and learn how to defeat them.
Day 3: Intro to Malware analysis: Learn Windows Internals and How Malware Operates
Analyze malware to find indicators of compromise using static and dynamic techniques. We will modify Windows executables to cheat at games and examine malware's actions, including droppers, botnets, and keyloggers.
Day 4: Intro to Incident Response: detecting attacks and analyzing intrusions
This class covers essential Incident Response tools and techniques to defend modern corporate networks.
Difficulty Level:
Beginner
Suggested Prerequisites:
Participants should be familiar with basic networking, security, and programming concepts.
What Students Should Bring:
Participants need a laptop computer capable of running local virtual machines. A second screen will be very helpful. They should also have a credit card to apply for free cloud server hosting.
Trainer(s) Bio:
Sam Bowne has been teaching computer networking and security classes at City College San Francisco since 2000. He has given talks and hands-on trainings at DEF CON, DEF CON China, Black Hat USA, HOPE, BSidesSF, BSidesLV, RSA, and many other conferences and colleges. He founded Infosec Decoded, Inc., and does corporate training and consulting for several Fortune 100 companies, on topics including Incident Response and Secure Coding.
Elizabeth Biddlecome is a consultant and instructor, delivering technical training and mentorship to students and professionals. She leverages her enthusiasm for architecture, security, and code to design and implement comprehensive information security solutions for business needs. Elizabeth enjoys wielding everything from soldering irons to cripting languages in cybersecurity competitions, hackathons, and CTFs.
Kaitlyn Handelman is an offensive security engineer at Amazon. Her focus is cybersecurity in space. In addition to traditional penetration testing, Kaitlyn works on physical devices and RF signals. In her free time, she enjoys ham radio, astronomy, and her cat, Astrocat.
Irvin Lemus, CISSP is a Cyber Range Engineer at By Light IT Professional Services, training military personnel through international cyber security exercises. Irvin has been in the field since 2006, involved with cybersecurity competitions since 2015 as a trainer, coach, and mentor. He also has taught IT and Cybersecurity courses at Coastline and Cabrillo Colleges. He is the BACCC Cyber Competitions Regional Coordinator, Board member at Pacific Hackers and is a speaker at DEFCON. He describes himself as, "A professional troublemaker who loves hacking all the things."
Registration Terms and Conditions:
Trainings are refundable before July 8, 2025, minus a non-refundable processing fee of $250.
Trainings are non-refundable after July 8, 2025.
Training tickets may be transferred. Please email us at training@defcon.org for specifics.
If a training does not reach the minimum registration requirement, it may be cancelled. In the event the training you choose is cancelled, you will be provided the option of receiving a full refund or transferring to another training (subject to availability).
Failure to attend the training without prior written notification, will be considered a no-show. No refund will be given.
By purchasing this ticket you agree to abide by the DEF CON Training Code of Conduct and the registration terms and conditions listed above.
Several breaks will be included throughout the day. Please note that food is not included.
All courses come with a certificate of completion, contingent upon attendance at all course sessions.
Training Justification Request – DEF CON Training
To: [Manager Name]
From: [Employee Name]
Date: [Date]
Subject: Business Justification for Attendance at DEF CON Training
Dear [manager’s name],
I am requesting approval to attend DEF CON Training, one of the cybersecurity industry's most recognized technical training programs. I’ve reviewed the options and selected a course to expand my skills with [1-2 key skills focus areas for the course].
DEF CON has been one of the world’s leading cybersecurity communities for more than three decades, known for convening industry, government, and independent experts to exchange advanced knowledge and practical skills. Building on this tradition, DEF CON Training delivers intensive courses taught by recognized global instructors. DEF CON Training courses offer hands-on instruction in a challenging, fast-paced environment. Many of the courses offered by DEF CON Training align with the National Institute of Standards and Technology (NIST) NICE Framework and Department of Defense Cyber Workforce Framework (DCWF), and attending this course will help me build and sharpen the skills required for my role.
Training: [Name of DEF CON Training Course]
Instructor/Provider: [Trainer Name(s)]
Dates: [Training Dates]
Location: Las Vegas, NV
Cost: [Course Fee]
Travel Expenses: [estimated travel & accommodations costs]
Course Description: [Copy short description of the selected class from the website here]
Trainer Bio: [Copy bio of the trainers of the selected class from the website here]
Once I’ve completed the course, I’ll be able to:
[copy student outcomes from course page where available or choose 3-4 skills or topic areas from the outline that are applicable to your current role, will help you fill a skill gap, etc.]
Business Need
As cyber threats continue to evolve, it is critical that our organization maintains current knowledge of emerging techniques and industry best practices. The selected DEF CON training aligns directly with my responsibilities in [your role/field here - for example, security operations, incident response, threat detection and hunting, application security, cloud security, risk management, security engineering].
The course will provide practical, hands-on experience that can be immediately applied to our environment and security initiatives. DEF CON training emphasizes real-world attack and defense scenarios, enabling participants to develop skills that extend beyond traditional classroom learning.
Request for Approval
I respectfully request approval and funding to attend DEF CON Training this August in Las Vegas. The knowledge, hands-on experience, and industry insights gained will directly support our cybersecurity objectives and contribute to strengthening our organization's security capabilities.
Thank you for your consideration. Please let me know if you have questions or need additional information to support this request.
Sincerely,
[Employee name]