TechnicalSegments
From Security Weekly Wiki
Jump to navigationJump to searchGuidelines
- Virtual training sessions are 60 minutes long and include a deep-dive and how-to on a specific topic.
- Topics can be covered as a technical segment (15-30 minute how-to guide on how to accomplish something that will help people learn and apply skills).
- Topics could also be an interview with the author of the tool or someone who is considered an SME (subject matter expert) in that area.
- These are higher-level suggestions, choose a project/tool/technique in the area described (or a different tool that does the same thing), and present on it for 30 minutes.
- If you work for a security vendor, please see our appearance guidelines.
- Please send email to psw -at- securityweekly -dot- com if you are interested in covering a topic!
- Segments indicated in green have been completed, all other topics are open!
Topics
| Virtual Training Topics | Docker Deployments, Security and You | Reverse Engineering Malware | Penetration Testing The Cloud | Penetration Testing Tactics and Techniques That Actually Work | Making The Most Out Of Open-Source Threat Intelligence | OSINT For Fun and Profit | Wireless (In)Security | Forensic Investigations For The Rest Of Us | Kali Linux Not-So-Secrets | How To Test Your Environment Against The Mitre Att&ck Framework | Bypassing Endpoint Protection(s) |
| Virtual Training Topics | Web App Scanning in DevOps Processes | Breach and Attack Simulation | Securing & Protecting Applications in AWS | Building Effective Security Programs: Compliance, Process and Procedures | Embedded and IoT Hacking Tips & Tricks | How To Threat Model For Better Security | How To Build an Incident Response Program with Practically No Budget | Hack The Human: Social Engineering Tactics For Your Next Pen Test | Building An Open-Source SIEM | Threat Hunting By Living Off The Land | Hardware Hacking 101 |
| Show Segments Or Webcasts | Panel: Nation-State Hacking | Panel: Threat Intel Sources That Actually Work | Panel: The Future Of Infosec Careers | Panel: The State Of Exploit Markets | Panel: History of Hacking/Malware/Security | Vendor Demo Days 1 | Vendor Demo Days 2 | Vendor Demo Days 3 | Breaking News or Research 1 | Breaking News or Research 2 | Breaking News or Research 3 |
| PSW Tech Segments | Building Secure-By-Default Containers | Storing Secrets In A Vault With Docker | Scraping The Web With Python | Flan Scan - Lightweight Vulnerability Management Using NMAP | Tracking Security News and Research | Open-Source Attack Surface Management | Linux Privilege Escalation Through Containers | Windows Local Privilege Escalation Example | Cool C2 Channels By Example | Bypassing 2FA | Software Defined Radio |
| PSW Tech Segments | Bloodhound (For Attack and Defense) | Metasploit | Threat Hunting (JA3, RITA) | RFID Hacking | YARA | Encrypting Linux Volumes | MS Office Macro Payload(s) | Evilgrade | Scapy | Nmap | OSQuery |
| PSW Tech Segments (Red Team Tools) | https://www.blackhillsinfosec.com/powershell-without-powershell-how-to-bypass-application-whitelisting-environment-restrictions-av/ | https://www.offensive-security.com/metasploit-unleashed/privilege-escalation/ | https://www.pentestpartners.com/security-blog/bloodhound-walkthrough-a-tool-for-many-tradecrafts/ | https://byt3bl33d3r.github.io/automating-the-empire-with-the-death-star-getting-domain-admin-with-a-push-of-a-button.html | https://github.com/SpiderLabs/Responder | https://github.com/ustayready/CredKing | https://github.com/ustayready/fireprox | https://github.com/graniet/chromebackdoor | https://github.com/DakotaNelson/sneaky-creeper | https://github.com/laramies/theHarvester | https://www.blackhillsinfosec.com/domain-goodness-learned-love-ad-explorer/ |
| ESW Tech Segments | Securing O365 | Runtime Application Protection | Vulnerability Management | Identity Management | Evaluating Endpoint Security | Microsoft ATP (Advanced Threat Protection) | Log Analysis for IoCs | Threat Intelligence | Powershell For Enterprise Defenders (DeepBlueCLI) | AWS Security Services | Analyzing Email Phishing Campaigns |
| ESW Tech Segments | The Security Onion | Tools For Dealing with CVE Data | MITRE Att&ck Matrix | Up and Running On Elk | The Security Awareness Program Cheat Sheet | Recommending The Best Secrets Manager | Group Policies For Security That Work | Amazon Elastic Beanstalk for Security Testing | Nagios (Or Alternatives) | GuardiCore, Infection Monkey | Cuckoo Sandbox |
| ESW or PSW Tech Segments | https://github.com/JPCERTCC/LogonTracer | https://github.com/draios/sysdig-inspect/blob/dev/README.md | https://github.com/CredDefense/CredDefense | https://www.misp-project.org/ | https://thehive-project.org/ | https://github.com/volatilityfoundation/volatility | https://www.saltstack.com/resources/community/ | https://www.npmjs.com/package/renovate | https://github.com/byt3bl33d3r/CrackMapExec | https://github.com/draios/sysdig-inspect/blob/dev/README.md | https://www.misp-project.org/ |
| ESW or PSW Tech Segments | https://github.com/meirwah/awesome-incident-response | Web App Pentesting Tools | Python Tips and Techniques for Pen Testers | https://github.com/dafthack/DomainPasswordSpray |
