SOURCE Boston 2015
May 25-28, 2015
Marriott Courtyard
Boston, MA, USA
CFP Status: OPEN
SOURCE Dublin 2015
Trinity College
Dublin, Ireland
SOURCE Seattle 2015
Bell Harbor Maritime Museum
Seattle, WA, USA
SOURCE Boston 2013 Training

SOURCE Boston 2013 Trainings

April 14-15, 2013

Price Varies By Training
A certificate of completion will be provided to all attendees


Training 1: Lessons in Mobile Penetration Testing V2.0 - 2013 Edition
(April 14-15th, 9:00am-5:00pm)

Training 2: Cyber Network Defense Bootcamp
(April 14-15th, 9:00am-5:00pm)

Training 3: Threat Model Express
(April 15th, 9:00am-5:00pm)

Training Details

Training 1: Lessons In Mobile Penetration Testing V2.0 - 2013 Edition

Trainer: Zach Lanier
Price: $1995


Course Description

This class is designed to provide students with an introduction to penetration testing, reverse engineering, and exploitation on modern mobile platforms. The instructor will cover the security architecture of popular mobile platforms and mobile applications, investigate their weaknesses and vulnerabilities, and give students hands-on experience in analyzing and attacking them. Through lectures and interactive labs, students will walk away armed with the foundational knowledge needed to discover, identify, and exploit vulnerabilities on mobile platforms such as Android, iOS, and Blackberry.

On day one, students will be brought up to speed with penetration testing on mobile platforms, exploring the differences and similarities between mobile and conventional pentesting. Students will be introduced to dynamic and static analysis tools and techniques for gaining the information necessary to reverse engineer, discover vulnerabilities, and plan their attacks against Android, iOS, or BlackBerry applications.

On day two, the training will dive a bit further into practical bug hunting, reverse engineering methods, and exploitation techniques, including replicating case studies from the instructors' experiences in real-world mobile application pentests. Students will also get hands-on experience through several labs including reverse engineering of the top Android security applications, exploiting native code vulnerabilities on the ARM architecture, and developing jailbreak/privilege escalation exploits from scratch and deploying them on real devices.


• Laptop capable of running a VMware Virtual Machine
• Dual core CPU, 2GB+ of RAM recommended
• At least 8GB disk space available
• At least one free USB 2.0 port
• This training course has a strong emphasis on the Android platform, so an actual Android device is recommended, but not strictly required.
• Familiarity with protocol analyzers (e.g. Wireshark, tcpdump), man-in-the-middle techniques, and basic reverse engineering concepts (e.g. debuggers, disassemblers)

Course Outline

Day 1

  1. Introduction
  2. Conventional attacks / penetration testing, and why mobile is different
  3. Building an Attack Methodology
  4. Static Analysis Techniques
    1. Tools used
    2. How to identify issues for each platform and what to look for
  5. Dynamic Analysis Techniques
    1. Runtime issues, artifacts, etc.
    2. Network issues, man-in-the-middle
  6. Reverse Engineering Lab (Pt 1.)
    1. Extracting "secrets" and useful data
    2. Patching and rebuilding apps

Day 2

  1. Application Auditing
  2. Reverse Engineering Lab (Pt. 2)
    1. Reversing advanced protection techniques
    2. Deeper bug hunting
    3. ARM exploitation lab
    4. Native code threats and vulnerabilities
  3. Intro to ARM Exploitation
    1. Exploit mitigation across platforms
    2. Real-world vulnerabilities
    3. Exploiting a vulnerable mobile app
  4. Jailbreak/privilege Escalation Lab
    1. Platform-level vulnerabilities
    2. Kernel-level vulnerabilities
    3. Writing your own jailbreak
    4. Post-exploitation persistence
    5. Findings Review

Trainer Bio

Zach Lanier - Accuvant Labs

Zach Lanier is a Senior Research Consultant with Accuvant Labs. Prior to joining Accuvant, Zach served as a Security Researcher with Veracode, Principal Consultant with the Intrepidus Group, Senior Network Security Analyst at Harvard Business School, and Security Assessment Practice Manager at Rapid7. Zach likes Android, vegan food, and cats (but not as food).


Training 2: Cyber Network Defense Bootcamp

Trainer: Adam Meyers, Director Of Intelligence, Crowdstrike, Inc.
Price: $1995

Course Description

The Cyber Network Defense Bootcamp is a full frontal immersion into
all aspects of network defense. We all know that Cyber Network
Defense is a critical and evolving requirement for organizations large
and small in the 21st century. There are a number of component courses
available for various disciplines in the realm of CND; however, there
are very few options for a CND crash-course bootcamp that covers
topics relevant to the overarching mission of defending the home
enterprise. While many courses teach the fundamentals of incident
response utilities, malware analysis, and reverse engineering, this
course aims to rapidly introduce the student to the processes,
machinations, and most important the mindset of being a network

This course is a condensed version of the two-day course which teaches
a holistic approach to CND, beginning with intelligence ingestion and
easing into network anomaly detection and advanced network forensics.
Following the understanding of the network layer, the course will
introduce key concepts of incident analysis by providing an in-depth
introduction into incident response device forensics using freely
available and commercially licensed tools of the trade. With incident
analysis and network forensics under their belts, students will then
immerse themselves in an indepth static and dynamic reverse
engineering section to include topics like manual unpacking and
deobfuscation of command and control protocols. To round out the
training, students will be given a short training in incident
reporting and will learn how to present technical findings to
managerial and executive level personnel in a clear and concise
manner. This course will be rich with hands on activities and
exercises to practice intelligence collection, network forensics, disk
forensics, and reverse engineering of malware.

Course Syllabus

Open Source Intelligence Methods and Commercial Intelligence Options
Network Forensics and Analysis
Advanced Network Detection Techniques
Device Forensics Tools
Device Forensics Methodologies
Dynamic Malware Analysis
Static Malware Analysis
Dynamic Memory Analysis
Incident Reporting
Talking to the C-Level

Student Requirements

Students should have a working understanding of how computer
networking functions. This class will require math skills to
understand decimal, hexadecimal, and binary. Understanding of the
various components of a computer and how they functions
(RAM/Disk/CPU). Experience using virtual machines, and comfort using
command line tools. This class will demonstrate low-level programming
language components so an understanding of what is assembly is
preferred - though we will cover some basics.
What to Bring:
Laptop with a windows XP/7 virtual machine. (VMWare is preferred as
some students have had issues using Virtual Box)


Adam Meyers is Director of Intelligence for CrowdStrike, Inc. Adam
manages collection activity, reverse engineering, and adversary
categorization. Prior to joining CrowdStrike, Adam was the Director
of Cyber Security Intelligence with the National Products and
Offerings Division of SRA International. Adam served as a senior
subject matter expert for cyber threat and cyber security matters for
a variety of SRA projects. Adam provided both technical expertise at
the tactical level and strategic guidance on overall security program
objectives. Adam’s background is in penetration testing and reverse
engineering. He also acted as the product manager for SRA Cyberlock a
dynamic malware analysis platform. Adam supports various law
enforcement agents as a technical resource, regarding malware and
criminal investigation. In support of the Department of State Bureau
of Diplomatic Security, Adam trained and managed an elite team of
reverse engineers who conducted incident investigation and analysis in
support of the mission of the Office of Cyber Security. He is a
recognized speaker who has spoke on a variety of topics ranging from
technical to emerging threat at security conferences throughout the


Training 3: Threat Model Express

Trainer: Subu Ramanathan, Security Compass, Inc.
Price: $995

Course Description

In this class students learn about the attacks that their applications may face and then an informal approach to threat modeling. They will first learn the steps in executing a Threat Model Express, and then they will engage in a fictional exercise with the instructor.

In this scenario, students perform all the activities of a threat model on acomplex application - including analyzing design and role-playing interviews. Students will understand how to implement a Threat Model Express in your organization using this model pioneered by Security Compass.


Prior information security experience in OWASP Top 10 useful but not mandatory

Learning Objectives

• Understand the benefits of a traditional threat model vs. a threat model express exercise
• Engage in asking valuable questions that will effectively identify potential threats within an application
• Learn who should be involved in a Threat Model Express exercise and how to apply the model within your organization
• Engage in a Threat Model Express exercise with the instructor using a sample architecture
• What is threat modeling
• Traditional vs. Express Threat Modeling

Course Outline

  1. Goals of the Threat Model
    • Identifying and determining goals
    • Identifying the scope
  2. Gathering Information
    • What kinds of information to gather
    • Sources to gather information from
    • Finding more about the application
    • Distilling an application
    • Developing data flow diagrams
  3. Interview with the Architect
    • Asking the right questions
  4. Meeting Setup
    • Who to invite to the meeting
    • Roles of the participants
  5. Determining Threats
    • STRIDE
    • Establishing Threats
    • Attacker motivations
    • Business Logic attacks
  6. Determining Risk
    • Factors of Impact
    • Factors of Likelihood
  7. Countermeasures
    • Establishing countermeasures
  8. Interactive Class Exercise
    • Taking a sample architecture to perform a Threat Model Express
    • Determining Threats
    • Determining Risks
    • Identifying countermeasures
    • Plotting risk and countermeasures

Trainer Bio

Subu Ramanathan is a security consultant with Security Compass. With his wide array of experience in the application security space, Subu plays a valuable part in Security Compass's Software and Enterprise Assessment Service practice. He is a senior application security professional with extensive experience in secure SDLC, application security assessments, framework level threat models and security source code reviews. Subu is also a secure software application development SME with experience in developing content for multiple ASP.NET secure development courses including SANS DEV544. Subu also spearheads Security Compass's mobile application security service offering.

Subu brings to the table relevant experience in rendering exceptional quality application security services to the financial, energy, consumer business and telecommunication sectors. His experience in leading various teams, both onshore and offshore, combined with his core technical background are his most valuable assets. Subu is also an integral part of Security Compass's training services. In addition to developing and teaching Security Compass's Building Secure Web Applications in ASP.NET, Subu regularly teaches courses in Exploiting and Defending Web Applications, Advanced Application Attacks and Mobile Hacking to Security Compass's client across the globe.


Keep In Touch

Mailing List Sign-Up


Boston 2014 Sponsors

Session Videos Channel