Trainings 2023

Trainings between October 9-10-11-12 2023!

▼ Jump to English trainings

Sécurité 101-102-103 - French

Formation unique créé par la communauté du Hackfest! Nos formations d’introduction à divers éléments essentiels de sécurité informatique.

Sécurité Physique 101 (Blue Team), 201 (Red Team), 202 (Rétro-ingénierie) - French

Formation unique pour vos besoins de sécurité physique en entreprise.

PowerShell pour l’équipe bleue - French

3e édition de cette formation unique et exclusive au Hackfest! Cette formation vise à ajouter une corde à l’arc aux personnes désirant sécuriser des organisations, et ce, à l’aide de PowerShell.

Crise et resilience - French

Cette formation de 2 jours permettra au participant d’acquérir les compétences de bases requises pour mettre en place une gestion de cybercrise aussi bien opérationnelle que décisionnelle.

  • Registration coming soon!

Corelan BOOTCAMP - English

The Corelan “BOOTCAMP” is a truly unique opportunity to learn both basic & advanced techniques from an experienced exploit developer. During this 4 days course, students will be able to learn all ins and outs about writing reliable stack based exploits for the Windows platform. The trainer will share his “notes from the field” and various tips & tricks to become more effective at writing exploits.

Full-Stack Pentesting Laboratory: 100% Hands-On + Lifetime LAB Access - English

Modern IT systems are complex and it’s all about full-stack nowadays. To become a pentesting expert, you need to dive into full-stack exploitation and gain a lot of practical skills. That’s why I created the Full-Stack Pentesting Laboratory.

For each attack, vulnerability and technique presented in this training there is a lab exercise to help you master full-stack pentesting step by step. What’s more, when the training is over, you can take the complete lab environment home to hack again at your own pace.

I found security bugs in many companies including Google, Yahoo, Mozilla, Twitter and in this training I’ll share my experience with you. The content of this training has been carefully selected to cover the topics most frequently requested by professional penetration testers.

Scada/ICS - English

In this course, the students will learn about the following topics relating to Industrial Systems and SCADA environments:

  1. The basic terminologies and devices that are found within an industrial network such as Actuators, HMIs, PLCs, Sensors and RTUs. Students will also learn about coils and registers, and how attackers can leverage these to interrupt industrial processes
  2. Students will be introduced (briefly) on how to securely architect an industrial network, based on the ideal Purdue Model
  3. Students will learn how to securely map and perform reconnaissance of a SCADA/ICS network
  4. Students will learn how to perform packet dissection and conduct packet sniffing activities on these types of network
  5. On the second day, students will be participating into hacking a live environment, making their way across a SCADA/ICS network. The students will also be provided with hardware material for the second part of the day, where they will be interacting and performing hardware attacks such as gaining shell access via the UART interface, and more !

Heap Exploitation Training - English

As exploit mitigation’s, such as Nx and stack canaries, have made traditional binary exploitation more difficult, modern exploits have moved to the heap. But heap exploitation is a major increase in difficulty compared to traditional methods, making it a difficult wall on the binary exploitation journey. In this training, we will conquer the complexity and difficultly of heap exploitation by breaking it down directly.

To conquer the complexity, we’ll learn all about the GLibC’s malloc allocator by diving into the weeds of the allocator directly, explaining the how, what, and why. We’ll use hands-on exercises to demonstrate techniques that are largely applicable, and cover the contexts which allow certain techniques to be used. Additionally, we will demonstrate how the victim program can add even more primitives that can be exploited and how to find these objects, allowing the information learned in the course to be widely applicable.

This training is specifically targeted at GLibC malloc, which is the default allocator on most Linux distributions. We will start by learning how the allocator functions and about heap specific vulnerability classes. From there, you will learn how to pwn with techniques in the allocator itself and how to find your own gadgets within victim programs to live off the land. Finally, we will attack a custom HTTP server stack by finding the vulnerabilities and exploiting them. This will require complicated heap feng shui and exploit techniques learned from the workshop in order to pull off. To make the content easy to grasp, the training includes many hands-on exercises for practicing the material, a large collection of visuals and an amazing virtual machine for pwnable challenges. After taking this course, you will be highly capable at finding heap related vulnerabilities and exploiting these bugs in a variety of ways.