Expert Training
VCISO SERVICES
The training team at VDA Labs possesses an unrivaled level of expertise in the industry working in the public sector, academia, consulting, and for vendors – and we can’t wait to share what we know with you. We have been delivering expert-class training in many formats over the past 10+ years at many of the premiere security conferences across the globe.
In addition to conference events, we also do private trainings on site, and have select courses available online via Pluralsight.
Training Courses Offered:
- Cybersecurity Training Suite
- Application Security: For Hackers and Developers
- Advanced Exploitation
- Advanced Malware Training
- Deeper Investigations For The SOC
- Security Leadership Training
Cybersecurity Training Suite
This unique training suite creates real “sticking power” with users by combining deep instructional design knowledge with advanced cybersecurity expertise.
INSTRUCTIONAL DESIGN
Our award-winning instructional design team holds advanced degrees in adult learning and instructional design. They’ve developed engaging learning programs for some of the largest companies in the world and provide thought leadership in the learning industry.
CYBERSECURITY EXPERTISE
Our information security experts have previously served as vulnerability analysts with the NSA and hold advanced degrees in information security. They regularly speak at conferences like RSA, DerbyCon, BlackHat, ToorCon, GrrCon, and HITB.
50% OF ALL ATTACKS
are a result of human error. In today’s digital world, effectively protecting your organization means ensuring that employees are properly trained.
Help your organization mitigate risk with effective cyber security awareness training that is engaging and retained by end users.
VDA Labs and Inno-Versity discuss security awareness training.
MODULE ONE: HACKERS WANT YOU
Most users are unaware of the methods in which they are being targeted. This module will provide an overview on why data protection matters and some basic methods for protection.
MODULE TWO: USER ACCOUNTS AND SECURE AUTHENTICATION
How strong are your users’ account credentials? Learn best practices for keeping accounts secure, including strong password creation and multi-factor authentication.
MODULE THREE: SOCIAL ENGINEERING
One of the most common threats of data breaches involves social interaction with a hacker. Users will be trained to identify areas of vulnerability, such as phishing/smishing/vishing and physical attacks.
MODULE FOUR: TRAVELING
Today’s mobile workforce has created a large increase in vulnerability. Learn how to reduce the risk when traveling.
MODULE FIVE: IMPACTS OF HOME OFFICE ON CORPORATE SECURITY
The current trend is shifting towards employees that often work from home. Users will learn how to work from home or with personal devices without compromising corporate data security.
MODULE SIX: BUSINESS SECURITY
This module includes special security training for HR, Accounting, IT, and Leadership teams. We’ll discuss specific considerations for each group.
LEARN MORE
This suite is available on a per-user subscription basis or can be customized for your specific needs. Can you beat the hacker in this very interactive suite of modules, follow-up quizzes, boss-fights, phishing, and more? LMS ready with deployment help.
Application Security: For Hackers and Developers
This course is designed for practitioners to learn about the tools and techniques used to prevent and find bugs in real world software. This class is great for anyone in software, testing, management, hacking/vulnerability research, and so much more.
- Security Strategy
- SDL, design review, security culture, etc.
- Code Auditing
- Static and Dynamic analysis
- Fuzzing
- Automated bug discovery
- Mayhem, MSRD, AFL, Peach, etc
- Reverse Engineering
- Protecting IP
- Finding bugs in managed (C#, etc) and unmanaged (C/C++, etc.) code
- Software Exploitation
- Command Injection, SQLi, and Memory corruption (Buffer overflows, Function pointer
overwrites, ROP,) etc. - More
We begin the class with a brief secure-by-design and strategy session. Next, understanding how and when to audit code is key for both developers and hackers. Students learn to zero in on the important components. Automated tools are employed, but auditing source manually is the key, since verifying results is a required skill even when using automated tools. Spotting and fixing bugs is the focus.
Dynamic investigation of web, mobile, and APIs requires skills with tools like burp. While hunters for bugs in core code (C/C++), often use fuzzing: a runtime method for weeding out or finding exploitable bugs. Both techniques are used by a growing number of product and security organizations.
Another technique hackers use to uncover bugs is reverse software. Managed (.net) and unmanaged code (C and C++) are covered. Ghidra and IDA pro are taught and used throughout. Calling conventions, Assembly-to-C, identifying and creating structures, RTTI reconstruction, etc. are covered. Students will use more advanced reversing features such as scripting.
Finally, students will walk out of this class knowing how to exploit discovered bugs. This is useful to both developers and hackers. The attack portion will teach students how to exploit common bugs such as: command injection, SQLi, IDOR, stack buffer overflows, function pointer overwrite, heap overflow, off-by-one, integer error, uninitialized variable, use-after-free, double fetch, and more. For the exploits, return overwrites, heap spraying, ROP, and gadget discovery are presented. Shellcode creation/pitfalls and other tips and tricks will all be rolled into the exciting, final component.
Cybersecurity Training Suite
Get online training for your business or organization
Help your organization mitigate risk with effective cyber security awareness training that is engaging and retained by end users.
As an IT Professional it’s my job to keep all of our endpoints protected. Even with the best hardware and software to safeguard our domain, it’s not IF we’ll have a breach but WHEN.
This is why we hired VDA Labs to come on site and train and inform our end-users; so not only they can understand how cyber-attacks happen but what to look for. End-users are the first line of defense and I am confident this training has prevented at least one occurrence."
— JOSHUA POTT
IT Manager, Compliance Systems Inc
Advanced Exploitation
As we learned in the first course (Security: For Hackers and Developers), there are almost always bugs in code. We found them by auditing, fuzzing, and reversing code. Then we crafted exploits. To counter this reality, vendors have developed a variety of protections.
DAY 1: BROWSER EXPLOITATION
In this class we continue the battle. We describe a number of modern day protections: things like EMET, Isolated Heap, and CFG. We then perform hands-on lab work to show how bypasses can be constructed. This build-and-break teaching style provides the tools for vulnerability researchers, security engineers, and developers to perform cutting edge research of their own.
DAY 2: KERNEL EXPLOITATION
The second half of the class is all about the kernel. You will learn how to debug, audit, fuzz, and exploit kernel code. The class is fast pasted, but low stress and fun. Prepare to learn!
It is recommended that you first take “Application Security: for Hackers and Developers” or have equivalent knowledge
Interested in Penetration Testing Services?
We are very happy with the test results from the pentest that VDA Labs did for us. It has set the stage for the conversations and programs for security we need to have."
— JESSE HULLIHEN
IT Manager, Wolverine Packaging Company
Advanced Malware Training
Dive deep into real world malware events. Tear them apart. Unwrap the layers of obfuscation. Find the exploit. Protect your network. Explore exploits kits and ransomware. Join the fun and make the world a little safer. Available now on PluralSight!
DAY 1: MALWARE DISTRIBUTION
USING NEXT-GEN SECURITY TOOLS
Intro the course, tools, and techniques. We’ll analyze events collected by Bromium micro-VMs. Bromium will help a SOC analyst to understand a threat quickly, and pull out critical IOCs. But the deepest levels of understanding will still be manual. That’s what the course will be about.
RECOGNIZING THE EXPLOIT VECTOR
Teach more about the details of a typical endpoint compromise. Begin work to determine which exploit was used on a victim.
We’ll learn how to decompile a SWF file with JPEXS FFDEC
UNRAVELING EXPLOIT OBFUSCATION
Malware exploits are highly obfuscated to hide attacker tricks. Begin work toward peeling back the layers of this onion.
We teach how to use tools such as FireBUG and JavaScript Deobfuscator.
CIRCUMVENTING EXPLOIT KIT ENCRYPTION
In the latest exploit kits, communications are not just obfuscated with simple tricks, but industry grade encryption is employed at most layers. We begin work to decrypted key stages of the attack.
UNDERSTANDING MOVING TARGET COMMUNICATIONS
Exploit kits use various tricks to make stopping them difficult. Even if a sample is obtained, they may phone home to a different server every day. They sometimes only accept connections at certain times and from certain IP blocks. We examine how these DGA algorithms work.
DAY 2: MALWARE ANALYSIS
DETECTING ANGLER IN THE WILD
We have now figured out what the EK looks like at various levels. Lets help the community. If we develop and share a YARA signature, all of the security vendors and open source security groups can pick it up and help detect this malware in the wild. Of course it’ll morph to avoid the detection, but that’s all part of this game.
PERFORMING SAFE DYNAMIC ANALYSIS
So we’ve figured out how the EK works. But what does it do? It ultimately needs to drop a malware payload. But what is the soup du jour? We begin our analysis of the payloads that were dropped in this event. A common approach to analyzing a malware payload is to run it in various sandboxed environments to automate the analysis of the constant flood of evolving threats.
ANALYZING FILES STATICALLY
Before we begin a deeper analysis of the file with in-depth tools like IDA pro and debuggers, it’s often fruitful to load the malware into a variety of simple file analysis tools, which perform numerous tests on the binary. These tools help us reason about rather the binary is malware, detect packers/crypto, and so much more, without needing to get into the bits and bytes – just yet. We’ll show how to use the tools covered in this section.
REVERSING MALWARE WITH DEBUGGING TOOLS
Sometimes breaking custom encryption or packing statically can be difficult. Going back and forth between static and dynamic analysis is common. You can even debug right from within IDA pro, if you want to run certain sections of code to see what it will actually do. We teach the tools and techniques.
REVERSING MALWARE WITH IDA pro
Once the malware is unpacked, static analysis is typically much easier. Also, we don’t have to worry about anti-debugging, once we switch to static analysis. Though time consuming, this, lowest level of analysis may be necessary if all of the details of the malware are required.
CUSTOMIZING REPORTS: FROM RESEARCHERS TO CISOs
Threat intelligence needs to reported differently at each level. CISOs care about different things compared to researchers. We describe the best ways to share the right data, to the right people, so the best actions can be taken. We also look at TI sharing tools and standards.
Deeper Investigations For The SOC
This is a great first malware and incident investigations class. The goal of the class is to consider the basic workflow of a typical internal IT security/SOC analyst, but go a number of steps beyond that. Rather than just guess about the severity of a particular security alert, how deep of an investigation is practical in 20min? You’d be surprised. But first you have to get comfortable with all the tools and techniques. That’s what we do in this class.
Who should take the class?
Anyone from SOC analysts, pentesters, developers, testers, QA, managers, journalists, etc. Anyone who wants to deepen their knowledge about how the latest threats can be quickly analyzed.
COURSE CONTENT
State of Malware
We start our training by looking at the current state of malware – how it is spread, what is being spread and how this impacts organizations. We will also discuss the overall process of how to analyze malware and develop a methodology that can be used for the rest of the course. Discussion will include SOC workflow and an introduction to core tools.
Command and Control
Before we begin analyzing samples, we’ll discuss how malware communicates. This will give us an opportunity to discuss domain generation algorithms (DGA) and other techniques that malware uses to avoid detection and disruption.
Open-Source Information Gathering
Once we have data that can identify our sample, we can use open-source tools to help us identify if it is malicious and, if so, what is it’s primary purpose. During this section we’ll look into VirusTotal and the VirusTotal API. We’ll start to explore ways to automate our work with Python scripting.
Gathering Signatures and Hashes
In this section we’ll cover techniques to help identify, and share, information about a potentially malicious sample. From generating file hashes to imphashes (import hashes) and file similarity analysis with tools such as ssdeep, we’ll generate identifying data about a sample to help our analysis.
Basic Malware Analysis
As we dig deeper into malware we look at basic static and dynamic approaches to analyzing malware. Our goal is to develop techniques and leverage tools that allow us to find the best data, the quickest.
Anti-Virus and Other End-Point Protections:
This section will discuss how anti-malware protections, such as AV, work – we’ll dig into their strengths and weaknesses. We’ll get hands-on with anti-malware products to write our own signatures to detect malicious files on a host machine.
Delivery Methods: How Malware Gets Through the Perimeter
We’ll begin this topic by discussing how malware is commonly spread. One of the more prevalent ways is through exploit kits (EK), which often requires no more interaction from the user than to visit an infected website.
Deeper Malware Analysis
Once initial triage is complete, we may have to dig deeper into our samples in order to collect the necessary information and answer questions such as “what did it do” and “how did it impact the organization”. In this section we look at disassembly tools such as IDA Pro and debuggers in order to gain that deeper level of understanding.
Deeper Look at Malware: Blocking and Hunting
This section we’ll explore advanced attacks such as those initiated by an exploit kit (EK). Using indicators of compromise (IOC) we’ll be able to create custom signatures – this will give us the ability to proactively and retroactively block and hunt for infections.
I have worked with many pentesting, code reviews, and IR organizations in the past, and VDA Labs stands high above all of them in both their skill and approach. They provide a highly interactive experience – which is uncommon in the world of security testing, which often simply produces a report at the end of the engagement. VDA worked closely with my team throughout the engagements, educating and informing us all along the way. We felt a genuine commitment from VDA to our organization’s safety in an increasingly hostile environment."
— RICH WUNSCH
Director of IT Infrastructure, Information Security Officer, Advanced Radiology Services
Security Leadership Training
New to the security field? Or in a security leadership position and want a shoulder to lean on?
We’re happy to provide 1-on-1 or group coaching.
- How the security industry works
- How to buy product
- How to build product
- How to buy services
- How to build services
- How to secure the enterprise
- How to hack the enterprise
- How to take security training
- How to build a training program