This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
Black Hat Workshop Survival Guide, Day One (as related by Travis Carelock)
Black Hat has always been known for its 0-day releases and PoCs detailing the latest in offensive techniques. And while that is and will always be near and dear to our heart, Black Hat has also expanded its briefings to include workshops.
What exactly are workshops? Workshops are sessions, typically two to three times longer than a normal briefing, with a real emphasis on "knowledge transfer." Yes, I did just type that phrase, and no, the real Travis hasn't been bodysnatched. What I mean by knowledge transfer is that you leave the room with a new skill or a much deeper understanding of the topic at hand. Beyond that there's a distant hope that we may even make your day job easier.
I've been speaking with the workshop presenters, and they've got a ton of great stuff for you...but a very limited amount of time in which to present it all. To help the workshops hit the ground running (or at least jogging), I'm going to quickly run through their basic requirements and setup suggestions.GHz or Bust: Black Hat with Atlas
Atlas would like to show you a couple of things...a couple of very, very cool things. He has a lot of great info to share about the sub-GHz range, but to really participate in the hands-on section of the workshop he suggests obtaining the following:
- A CC1111 USB Evaluation Module Kit 868/915
- A laptop with Python and libusb) / pyusb. IPython is highly recommended as well
- A passion for learning RF
As Mr. Osborn notes in his abstract, modern browser exploitation is no trivial task. Sometimes the easiest path is around the wall -- attend this workshop to find your way. But before you arrive, here are a few things to install and become familiar with:
- Google Chrome
- Node NPM
- npm websockets
- npm node-static
- PHP is an option if node fails (tools have been coded for both)
- Linux (VM?) is preferred for running the tools, but most of it will work across systems as long as nodeJS or PHP is installed. There are a few that are specific to a Linux shell environment (which haven't been tested in OS X or Windows Cygwin.)
- Toolset repo is also available online
Money is commonly mistaken for the root of all evil, when in reality it is insecure coding. Obviously. Learn how to catch those critical mistakes with Abraham Kang. To get the most out of this Web app workshop please install the following IDEs and web frameworks:
- IntelliJ (30-day Eval)
- Struts 1 and Spring MVC (Netbeans)
- Struts 1 and Struts 2 (IntelliJ)
- Visual Studio .NET MVC with the Nerd Dinner 2.0 Project
- Ruby on Rails with IRB shell
- Groovy on Grails
Long Le will show you how to streamline your research with the help of PEDA -- Python Exploit Development Assistance (for GDB). You'll learn how to incorporate the different featuresets offered by PEDA to turn the GNU Debugger into a powerful exploit-development toolkit. The basic requirements for this workshop are as follows:
- Laptop with 2GB+ RAM
- Ubuntu 12.04 LiveCD/USB or ISO image
- Tools and Software Packages
Whew, that's everything for the day one workshops. Keep an eye out for part two of this workshop survival guide...soon. Trust me, it's gotta be soon, since Black Hat is right around the corner!