
DEF CON Training
Jayson E. Street - Simulated Adversary - Tactics & Tools Training $2,400
Name of training:
Simulated Adversary - Tactics & Tools Training
Trainer(s) bio:
Jayson E. Street referred to in the past as:
A "notorious hacker" by FOX25 Boston, "World Class Hacker" by National
Geographic Breakthrough Series and described as a "paunchy hacker" by
Rolling Stone Magazine. He however prefers if people refer to him simply as
a Hacker, Helper & Human.
The Chief Chaos Officer of Truesec a global cybersecurity solutions
provider. The author of the "Dissecting the hack: Series" (which is
currently required reading at 5 colleges in 3 countries that he knows of).
Also the DEF CON Groups Global Ambassador. He's spoken at DEF CON, DEF CON
China, GRRCon, SAINTCON & at several other CONs & colleges on a variety of
Information Security subjects. He was also a guest lecturer for the Beijing
Institute of Technology for 10 years.
He loves to explore the world & networks as much as he can. He has
successfully robbed banks, hotels, government facilities, Biochemical
companies, etc.. on five continents (Only successfully robbing the wrong
bank in Lebanon once all others he was supposed to)!
*He is a highly carbonated speaker who has partaken of Pizza from Bulgaria
to Brazil & China to The Canary Islands. He does not expect anybody to still
be reading this far but if they are please note he was proud to be chosen as
one of Time's persons of the year for 2006.
Trainer social media links:
Twitter: @jaysonstreet
Defcon.Social: @jayson
Infosec.Exchange: @jaysonestreet
Linkedin: linkedin.com/in/jstreet/
Websites: JaysonEStreet.com & HackerAdventures.World
Class description:
This class covers all aspects of an engagement, starting with online
research in a quick and efficient manner. Attendees will learn how
adversaries can attack in non-traditional ways. Jayson's style focuses on
education over compromise by helping show how to move past finding
vulnerabilities into educating and improving the security of the target. The
emphasis for this class will be hands-on, real-world examples and
demonstrations that help companies understand the human side of social
engineering attacks.
Traditional pentest focuses on exposing vulnerabilities and showing how they
can be exploited. A Red Team engagement does a more in-depth simulation of
an advanced targeted attack with once again focusing on not just discovering
potential weaknesses in the target's defenses but giving proof of concepts
showing they can be exploited. Jayson has created the Security Awareness
Engagement methodology for a way to show real world threats without actually
compromising or exploiting discovered vulnerabilities in a way that might
negatively impact the company. Instead simulations use non-intrusive
demonstrations that work in tandem with direct and immediate education of
Through the use of hands-on, real-world examples and demonstrations. This
class will go beyond Metasploit, popping shells and zero day exploits,
focusing on the most considerable threat a company faces, the human factor.
This class is not just for pentesters but also for security teams who want
to educate their employees. Class activities will introduce students to real
world simulations of how Social Engineering and Physical Compromise attacks
occur. Students will also participate in simulations where they use the
results from their labs to execute the attack, an attack with Jayson playing
the roles of the target to compromise.
Class outline:
Day 1
Introduction
Agenda
Differences
Who am I
Who are we
Current State of security awareness
Module 1
What is Social Engineering
Red Teaming or Physical Pentest
The human factor
Module 2 Recon
Recon online
Recon in real life
Presenting findings
Case study
Lab: Conducting your own recon
Module 3 Phishing
Phishing for results
Finding target
Impersonation
Finding emotional trigger
Case study
Lab: Constructing a phish using results from Module
Module 4: Importance of preparedness
Preparing for onsite engagement
Clarifying scope of work
Managing client expectations
Defining success
Get out of jail free card
Case Study
Lab: 'Creating' a "Get out of jail free" card
Module 5 Weapons of Mass Education & Learning to code in Ducky script
An overview of the tools such as Bash Bunny, Pineapple, OMG cables & rubber
ducky, Flipper Zero & other useful devices.
Purpose of these tools
Each student will be given a book on programming in Ducky script.
We will go over several chapters that I will teach from. This will give
students the understanding and ability to write their own beginner payloads
for the Rubber Ducky.
Case study
Day 2
Lab: Configuring the Rubber Ducky
Module 6 Infiltration of the Location
Persona creation
Passive infiltration
Assertive infiltration
Location infiltration
Commitment to your persona
Location
Time of attack
Population onsite
Lab: Creating your persona for your scenario
Module 7 Execution Phase
The attack
The approach
The target
Deployment
The escape
Case Study
Lab: Setting the stage and acting it out
Module 8 What's next?
The aftermath
Dealing with compromised humans
Educating on the spot
Conveying the lessons to management
Covering the findings in a positive way
Case Study
Lab 7: Consoling and educating the compromised
Closing
Technical difficulty of the class (Beginner, Intermediate, Advanced) and any
required experience or skills needed (Such as Python, knowledge of specific
deep-learning algorithms, TCP dump analysis, Ghidra, etc.)
This class is created to be easy enough for a beginner to learn & keep up
with the training. Yet also engaging & technically novel enough that
intermediate & advanced students will stay engaged and learn new techniques
and different approaches to these skill sets.
Suggested prerequisites for the class:
There are no prerequisites for the class.
Items students will need to provide:
A laptop and a desire to learn! A Hak5 Rubber Ducky will be provided for all
students.
DATE: August 14th-15th 2023
TIME: 8am to 5pm PDT
VENUE: Caesars Forum, Las Vegas, NV
TRAINER: Jayson E. Street
- 16 hours of training with a certificate of completion.
- Note: Classes that do not meet their minimum class size by July 15 will be canceled, please register early
- 2 coffee breaks are provided per day
- Note: Food is not included
Registration terms and conditions:
Trainings are refundable before July 1st, the processing fee is $250.
Trainings are non-refundable after July 10th, 2023.
Training tickets may be transferred. Please email us for specifics.
Failure to attend the Training without prior written notification, will be considered a No-Show. No refund will be given.
By purchasing this ticket you agree to abide by the DCT Code of Conduct and the registration terms and conditions listed above.
DEF CON Communications, Inc.
1100 Bellevue way NE
8A-85
Bellevue, WA 98004