Joe Blog

Johannesburg Events Weblog

What: 📅 BSides Joburg 2024 Workshops

BSides Joburg 2024 Workshops


Where: 🕳 Focus Rooms, Johannesburg

How much:

🎟️ R100.00Quicket

We will be hosting a half day workshop on 19 July at the Focus Rooms, the day before the inaugural BSides Joburg Event.The tickets for workshop and the event are separate. If you want to purchase tickets for BSides Joburg, you can get them here.

We have 2 workshops that will be presented:Please note that both workshops run simultaneously.

========================================Workshop 1 - RCE in Web Applications; Harder than you may thinkPresenters: Jonathon Everatt & Robin Roodt[19 July - Friday 13:00-17:00] ========================================

One of the most impactful malicious actions that can be executed in a web application is to gain the ability to perform Remote Code Execution of the application server. Not only does this give you access to the source code of the application and its infrastructure, but often it can also serve as a foothold to start attacking the internal, corporate, environment that the web server may have access to. Fortunately, over the years security has made great strides in protecting against these kinds of attacks so that they are not nearly as common as they used to be. However, with those strides in defensive capabilities have come with an extraordinarily complex system that is the current internet and its web applications. These complex systems have greatly increased the attack surface of the applications providing new ways to gain remote code execution on servers. But its not as simple as it used to be.

Inline with the theme of a new dawn this workshop aims to take attendees from the most basic instances of remote code execution, such as web shell uploads, through to more advanced Web application attack vectors that can result in remote code execution on a host. The workshop will take attendees from the more basic File Upload and Web/Reverse shell attack that can be found on many introductory CTF challenges up to advanced attacks such as Insecure Deserialisation and prototype pollution which is a current reality in corporate web applications. The goal of this Workshop is to not only upskill the attendees on web application hacking and increase their understanding of AppSec pentesting that is performed on corporate environments but also provide them with more understanding and context of the types and level of attacks that are required for threat actors to currently gain remote code execution in web applications (That being said, the old techniques can still be viable for out-of-date or newly developed web applications).

The workshop intends to follow this itinerary:

20 min 20 - Introductions40 min 60 - Bypassing File Upload protections40 min 100 - Bypassing a Web Application Firewall for Command Execution with SQLi20 min 120 - Break40 min 160 - Server-Side Template Injection for RCE60 min 220 - Insecure Deserialisation20 min 240 - Conclusions

Attendees who take the course will have a theory and practical section for each of the sections, taking them through the necessary knowledge for the vulnerability as well as exploitation; with a practical exercise for the attendees to do, and finally a discussion of the exercise, its tricks (If there are any) and remediations for the issue. While attendees will be encouraged to push themselves with these exercise, guided walkthroughs will also be provided alongside them to support and facilitate learning. The practical room will also be released after the conference on TryHackMe for candidates to retake as needed.

Ideally the topics we cover suit a variety of candidates from those who are just getting into CyberSecurity, to those who have done CTFs for a while. Attendees of any skill level are welcome to join and those who may not yet have as much experience can take the later topics as a learning experience rather than a bit more of a challenge.


Please bring a laptop that has Kali installed with you for this workshop

========================================Workshop 2 - Security Analyst Workshop

  • Navigation to InvestigationPresenter: Marvin Ngoma[19 July - Friday 13:00-17:00] ========================================

This an enlightening hands-on workshop which is aimed at providing participants with common workflows and analysis that a security analyst would leverage daily.

This workshop is divided into four modules detailing Data Navigation and Visualization, Guided Investigation, Threat Detection and Investigation and Dark Radiation Investigation and a roundup sample Ransomware Investigation.

Workshop Takeaways

Ability to leverage an analytics tool for Incident Response. Ability to understand common workflows for cyber security tasks. Ability to create security focused visualizations. Ability to take a proactive approach when doing investigations. Ability to apply comprehensive incident response with a case management workflow.


Please bring a laptop with you for this workshop