From Security Weekly WikiJump to navigationJump to search
- Virtual training sessions are 60 minutes long and include a deep-dive and how-to on a specific topic.
- Topics can be covered as a technical segment (15-30 minute how-to guide on how to accomplish something that will help people learn and apply skills).
- Topics could also be an interview with the author of the tool or someone who is considered an SME (subject matter expert) in that area.
- These are higher-level suggestions, choose a project/tool/technique in the area described (or a different tool that does the same thing), and present on it for 30 minutes.
- If you work for a security vendor, please see our appearance guidelines.
- Please send email to psw -at- securityweekly -dot- com if you are interested in covering a topic!
- Segments indicated in green have been completed, all other topics are open!
|Virtual Training Topics||Docker Deployments, Security and You||Reverse Engineering Malware||Penetration Testing The Cloud||Penetration Testing Tactics and Techniques That Actually Work||Making The Most Out Of Open-Source Threat Intelligence||OSINT For Fun and Profit||Wireless (In)Security||Forensic Investigations For The Rest Of Us||Kali Linux Not-So-Secrets||How To Test Your Environment Against The Mitre Att&ck Framework||Bypassing Endpoint Protection(s)|
|Virtual Training Topics||Web App Scanning in DevOps Processes||Breach and Attack Simulation||Securing & Protecting Applications in AWS||Building Effective Security Programs: Compliance, Process and Procedures||Embedded and IoT Hacking Tips & Tricks||How To Threat Model For Better Security||How To Build an Incident Response Program with Practically No Budget||Hack The Human: Social Engineering Tactics For Your Next Pen Test||Building An Open-Source SIEM||Threat Hunting By Living Off The Land||Hardware Hacking 101|
|Show Segments Or Webcasts||Panel: Nation-State Hacking||Panel: Threat Intel Sources That Actually Work||Panel: The Future Of Infosec Careers||Panel: The State Of Exploit Markets||Panel: History of Hacking/Malware/Security||Vendor Demo Days 1||Vendor Demo Days 2||Vendor Demo Days 3||Breaking News or Research 1||Breaking News or Research 2||Breaking News or Research 3|
|PSW Tech Segments||Building Secure-By-Default Containers||Storing Secrets In A Vault With Docker||Scraping The Web With Python||Flan Scan - Lightweight Vulnerability Management Using NMAP||Tracking Security News and Research||Open-Source Attack Surface Management||Linux Privilege Escalation Through Containers||Windows Local Privilege Escalation Example||Cool C2 Channels By Example||Bypassing 2FA||Software Defined Radio|
|PSW Tech Segments||Bloodhound (For Attack and Defense)||Metasploit||Threat Hunting (JA3, RITA)||RFID Hacking||YARA||Encrypting Linux Volumes||MS Office Macro Payload(s)||Evilgrade||Scapy||Nmap||OSQuery|
|PSW Tech Segments (Red Team Tools)||https://www.blackhillsinfosec.com/powershell-without-powershell-how-to-bypass-application-whitelisting-environment-restrictions-av/||https://www.offensive-security.com/metasploit-unleashed/privilege-escalation/||https://www.pentestpartners.com/security-blog/bloodhound-walkthrough-a-tool-for-many-tradecrafts/||https://byt3bl33d3r.github.io/automating-the-empire-with-the-death-star-getting-domain-admin-with-a-push-of-a-button.html||https://github.com/SpiderLabs/Responder||https://github.com/ustayready/CredKing||https://github.com/ustayready/fireprox||https://github.com/graniet/chromebackdoor||https://github.com/DakotaNelson/sneaky-creeper||https://github.com/laramies/theHarvester||https://www.blackhillsinfosec.com/domain-goodness-learned-love-ad-explorer/|
|ESW Tech Segments||Securing O365||Runtime Application Protection||Vulnerability Management||Identity Management||Evaluating Endpoint Security||Microsoft ATP (Advanced Threat Protection)||Log Analysis for IoCs||Threat Intelligence||Powershell For Enterprise Defenders (DeepBlueCLI)||AWS Security Services||Analyzing Email Phishing Campaigns|
|ESW Tech Segments||The Security Onion||Tools For Dealing with CVE Data||MITRE Att&ck Matrix||Up and Running On Elk||The Security Awareness Program Cheat Sheet||Recommending The Best Secrets Manager||Group Policies For Security That Work||Amazon Elastic Beanstalk for Security Testing||Nagios (Or Alternatives)||GuardiCore, Infection Monkey||Cuckoo Sandbox|
|ESW or PSW Tech Segments||https://github.com/JPCERTCC/LogonTracer||https://github.com/draios/sysdig-inspect/blob/dev/README.md||https://github.com/CredDefense/CredDefense||https://www.misp-project.org/||https://thehive-project.org/||https://github.com/volatilityfoundation/volatility||https://www.saltstack.com/resources/community/||https://www.npmjs.com/package/renovate||https://github.com/byt3bl33d3r/CrackMapExec||https://github.com/draios/sysdig-inspect/blob/dev/README.md||https://www.misp-project.org/|
|ESW or PSW Tech Segments||https://github.com/meirwah/awesome-incident-response||Web App Pentesting Tools||Python Tips and Techniques for Pen Testers||https://github.com/dafthack/DomainPasswordSpray||https://github.com/sandboxie/sandboxie|