BEGIN:VCALENDAR PRODID:-//vBulletin 6//EN VERSION:2.0 CALSCALE:GREGORIAN BEGIN:VEVENT UID:a8ff3fe3-7f69-4cb9-8aa6-a12750eb51eb DTSTAMP:20260607T224820Z SUMMARY:Adrian Wood\, David Mitchell - Creating and uncovering malicious co ntainers Redux DESCRIPTION:Title: Adrian Wood\, David Mitchell - Creating and uncovering m alicious containers Redux\n\nScheduled Date and Time (Pacific Standard): S aturday\, August 12\, 2023\, at 0900 PDT\n\nEventBrite Link: https://www.e ventbrite.com/e/adrian-wood-creating-and-uncovering-malicious-containers-r edux-tickets-668385056697?aff=oddtdtcreator\n\nMax Class Size: 90\n\n\n\n\ nAbstract:\n\nContainers allow bad actors access to an excellent delivery mechanism for malware deployment in organizations\, offering a wide variet y of detection avoidance and persistence mechanisms. Fear not protectors\, containers also offer ways to detect these\, but can be fraught with chal lenges. Whether you're red\, blue or just container curious this workshop is for you.\n\nIn this workshop\, you will get hands-on with containers an d kubernetes\, - starting with introductory content - learning how they wo rk\, where and how to hide or find things\, how to identify indicators of compromise\, indicators of attack\, and how to apply analysis to gain a de eper understanding of container malware and what is going on inside contai ners.\n\nThis workshop will utilize the Google Cloud Platform alongside co mmand line operands and a small amount of open source tooling to learn bot h offensive and defense techniques on containers. By the end\, you’ll ha ve a solid mental model of how containers work\, how they are managed and deployed\, and be equipped with the ability to analyze container images\, identify problems\, attack container supply chains and identify familiar p atterns. Ultimately\, these skills will allow you to generate valuable ins ights for your organization’s defense or aid you in your next attack.\n\ nThis course is designed to take you deep into the world of containers\, m aking tooling like Kubernetes much more intuitive and easy to understand.T here’s lots of labs which will be used to reinforce your learnings\,in b oth attack and defense and the course comes with very detailed notes and i nstructions for setup which you can repeat on your own time. This course w ill provide references to scripts that make certain tasks easier\, but we will be challenging you to learn the process and reasoning behind them rat her than relying on automation.\n\nAttendees will be provided with all the lab material used in the course in digital format\, including labs\, guid es and virtual machine setup.\n\n\n\n\nSkill Level: Beginner to Intermedia te\n\nPrerequisites for students: None! the class is well designed to allo w those with little to no linux\, kubernetes or cloud familiarity to follo w along\, but a basic familiarity with Linux and terminal will allow atten dees to focus on the work.\n\n\n\n\nMaterials or Equipment students will n eed to bring to participate: A Google Cloud free tier account (basically a fresh gmail account)\, and an internet connected computer. We will send o ut instructions to attendees prior to the class\, so they can be ready on the day.\n\n\n\n\nBios:\n\nAdrian Wood\, aka threlfall\, discovered a love for hacking from cracking and modding video games and from the encouragem ent of online friends. He has worked as a red team consultant for WHITEHAC K\, a company he founded\, and later as a lead engineer for an offensive r esearch team at a US bank\, where he was very interested in appsec\, conta iner security\, CI/CD security and also founded their bug bounty program. He currently works for Dropbox\, working on their red team. In his free ti me\, he enjoys playing saxophone\, working on vintage cars\, and fly-fishi ng.\n\n\n\n\nDavid Mitchell\, aka digish0\, started his hacking career as a script kiddie running 7th Sphere in mIRC in high school. Later falling i n with some Linux/RedHat nerds at a local 2600 group at college while stud ying CS\, etc. He got into Linux\, started an IT career\, later rediscover ing his hacking script kiddie roots when a local hacker space opened up an d shared members with a lockpicking group that worked in infosec as penetr ation testers\, etc where he discovered he could get paid to do the things he liked doing in high school/college. He now works professionally as a r ed team member and cyber security researcher at a large financial institut ion. The rest of the time he spends being a dad/husband\, trying not to ge t injured in Muay Thai/BJJ or mountain biking\, and listening to either ve ry expensive or very cheap vinyl.\n​ URL:https://forum.defcon.org/node/246020 DTSTART:20230812T170000Z DTEND:20230812T210001Z LOCATION:Las Vegas\, NV\, DEF CON 31 END:VEVENT END:VCALENDAR