Expert Training

VCISO SERVICES

The training team at VDA Labs possesses an unrivaled level of expertise in the industry working in the public sector, academia, consulting, and for vendors – and we can’t wait to share what we know with you. We have been delivering expert-class training in many formats over the past 10+ years at many of the premiere security conferences across the globe.

In addition to conference events, we also do private trainings on site, and have select courses available online via Pluralsight.

Training Courses Offered:

 

  • Cybersecurity Training Suite
  • Application Security: For Hackers and Developers
  • Advanced Exploitation
  • Advanced Malware Training
  • Deeper Investigations For The SOC
  • Security Leadership Training

Cybersecurity Training Suite

Application Security:

For Hackers and Developers

Advanced Exploitation

Advanced Malware Training

Deeper Investigations For The SOC

Security Leadership Training

Cybersecurity Training Suite

This unique training suite creates real “sticking power” with users by combining deep instructional design knowledge with advanced cybersecurity expertise.

INSTRUCTIONAL DESIGN

Our award-winning instructional design team holds advanced degrees in adult learning and instructional design. They’ve developed engaging learning programs for some of the largest companies in the world and provide thought leadership in the learning industry.

CYBERSECURITY EXPERTISE

Our information security experts have previously served as vulnerability analysts with the NSA and hold advanced degrees in information security. They regularly speak at conferences like RSA, DerbyCon, BlackHat, ToorCon, GrrCon, and HITB.

50% OF ALL ATTACKS

are a result of human error. In today’s digital world, effectively protecting your organization means ensuring that employees are properly trained.

Help your organization mitigate risk with effective cyber security awareness training that is engaging and retained by end users.

VDA Labs and Inno-Versity discuss security awareness training.

module-1

MODULE ONE: HACKERS WANT YOU

Most users are unaware of the methods in which they are being targeted. This module will provide an overview on why data protection matters and some basic methods for protection. 

module-2

MODULE TWO: USER ACCOUNTS AND SECURE AUTHENTICATION

How strong are your users’ account credentials? Learn best practices for keeping accounts secure, including strong password creation and multi-factor authentication.

module-3

MODULE THREE: SOCIAL ENGINEERING

One of the most common threats of data breaches involves social interaction with a hacker. Users will be trained to identify areas of vulnerability, such as phishing/smishing/vishing and physical attacks.

module-4

MODULE FOUR: TRAVELING

Today’s mobile workforce has created a large increase in vulnerability. Learn how to reduce the risk when traveling.

module-5

MODULE FIVE: IMPACTS OF HOME OFFICE ON CORPORATE SECURITY

The current trend is shifting towards employees that often work from home. Users will learn how to work from home or with personal devices without compromising corporate data security.

module-6

MODULE SIX: BUSINESS SECURITY

This module includes special security training for HR, Accounting, IT, and Leadership teams. We’ll discuss specific considerations for each group.

LEARN MORE

This suite is available on a per-user subscription basis or can be customized for your specific needs. Can you beat the hacker in this very interactive suite of modules, follow-up quizzes, boss-fights, phishing, and more?  LMS ready with deployment help.

Application Security: For Hackers and Developers

This course is designed for practitioners to learn about the tools and techniques used to prevent and find bugs in real world software. This class is great for anyone in software, testing, management, hacking/vulnerability research, and so much more.

  • Security Strategy
  • SDL, design review, security culture, etc.
  • Code Auditing
  • Static and Dynamic analysis
  • Fuzzing
  • Automated bug discovery
  • Mayhem, MSRD, AFL, Peach, etc
  • Reverse Engineering
  • Protecting IP
  • Finding bugs in managed (C#, etc) and unmanaged (C/C++, etc.) code
  • Software Exploitation
  • Command Injection, SQLi, and Memory corruption (Buffer overflows, Function pointer
    overwrites, ROP,) etc.
  • More

We begin the class with a brief secure-by-design and strategy session. Next, understanding how and when to audit code is key for both developers and hackers. Students learn to zero in on the important components. Automated tools are employed, but auditing source manually is the key, since verifying results is a required skill even when using automated tools. Spotting and fixing bugs is the focus.

Dynamic investigation of web, mobile, and APIs requires skills with tools like burp. While hunters for bugs in core code (C/C++), often use fuzzing: a runtime method for weeding out or finding exploitable bugs. Both techniques are used by a growing number of product and security organizations.

Another technique hackers use to uncover bugs is reverse software. Managed (.net) and unmanaged code (C and C++) are covered. Ghidra and IDA pro are taught and used throughout. Calling conventions, Assembly-to-C, identifying and creating structures, RTTI reconstruction, etc. are covered. Students will use more advanced reversing features such as scripting.

Finally, students will walk out of this class knowing how to exploit discovered bugs. This is useful to both developers and hackers. The attack portion will teach students how to exploit common bugs such as: command injection, SQLi, IDOR, stack buffer overflows, function pointer overwrite, heap overflow, off-by-one, integer error, uninitialized variable, use-after-free, double fetch, and more. For the exploits, return overwrites, heap spraying, ROP, and gadget discovery are presented. Shellcode creation/pitfalls and other tips and tricks will all be rolled into the exciting, final component.

Cybersecurity Training Suite

Get online training for your business or organization

Help your organization mitigate risk with effective cyber security awareness training that is engaging and retained by end users.

quotation mark

As an IT Professional it’s my job to keep all of our endpoints protected. Even with the best hardware and software to safeguard our domain, it’s not IF we’ll have a breach but WHEN.

This is why we hired VDA Labs to come on site and train and inform our end-users; so not only they can understand how cyber-attacks happen but what to look for. End-users are the first line of defense and I am confident this training has prevented at least one occurrence."

— JOSHUA POTT
IT Manager, Compliance Systems Inc

Advanced Exploitation

As we learned in the first course (Security: For Hackers and Developers), there are almost always bugs in code. We found them by auditing, fuzzing, and reversing code. Then we crafted exploits. To counter this reality, vendors have developed a variety of protections.

DAY 1: BROWSER EXPLOITATION

In this class we continue the battle. We describe a number of modern day protections: things like EMET, Isolated Heap, and CFG. We then perform hands-on lab work to show how bypasses can be constructed. This build-and-break teaching style provides the tools for vulnerability researchers, security engineers, and developers to perform cutting edge research of their own.

DAY 2: KERNEL EXPLOITATION

The second half of the class is all about the kernel. You will learn how to debug, audit, fuzz, and exploit kernel code. The class is fast pasted, but low stress and fun. Prepare to learn!

It is recommended that you first take “Application Security: for Hackers and Developers” or have equivalent knowledge

Interested in Penetration Testing Services?

quotation mark

We are very happy with the test results from the pentest that VDA Labs did for us. It has set the stage for the conversations and programs for security we need to have."

— JESSE HULLIHEN
IT Manager, Wolverine Packaging Company

Advanced Malware Training

Dive deep into real world malware events. Tear them apart. Unwrap the layers of obfuscation. Find the exploit. Protect your network. Explore exploits kits and ransomware. Join the fun and make the world a little safer. Available now on PluralSight!

DAY 1: MALWARE DISTRIBUTION

Day 1_using next-gen

USING NEXT-GEN SECURITY TOOLS

Intro the course, tools, and techniques. We’ll analyze events collected by Bromium micro-VMs. Bromium will help a SOC analyst to understand a threat quickly, and pull out critical IOCs. But the deepest levels of understanding will still be manual. That’s what the course will be about.

Day 1_recognizing

RECOGNIZING THE EXPLOIT VECTOR

Teach more about the details of a typical endpoint compromise. Begin work to determine which exploit was used on a victim.

We’ll learn how to decompile a SWF file with JPEXS FFDEC

Day 1_unraveling

UNRAVELING EXPLOIT OBFUSCATION

Malware exploits are highly obfuscated to hide attacker tricks. Begin work toward peeling back the layers of this onion.

We teach how to use tools such as FireBUG and JavaScript Deobfuscator.

Day 1_circumventing

CIRCUMVENTING EXPLOIT KIT ENCRYPTION

In the latest exploit kits, communications are not just obfuscated with simple tricks, but industry grade encryption is employed at most layers. We begin work to decrypted key stages of the attack.

Day 1_Understanding

UNDERSTANDING MOVING TARGET COMMUNICATIONS

Exploit kits use various tricks to make stopping them difficult. Even if a sample is obtained, they may phone home to a different server every day. They sometimes only accept connections at certain times and from certain IP blocks. We examine how these DGA algorithms work.

DAY 2: MALWARE ANALYSIS

Day 2_Detecting

DETECTING ANGLER IN THE WILD

We have now figured out what the EK looks like at various levels. Lets help the community. If we develop and share a YARA signature, all of the security vendors and open source security groups can pick it up and help detect this malware in the wild. Of course it’ll morph to avoid the detection, but that’s all part of this game.

Day 2_Performing Safe alaylsis

PERFORMING SAFE DYNAMIC ANALYSIS

So we’ve figured out how the EK works. But what does it do? It ultimately needs to drop a malware payload. But what is the soup du jour? We begin our analysis of the payloads that were dropped in this event. A common approach to analyzing a malware payload is to run it in various sandboxed environments to automate the analysis of the constant flood of evolving threats.

Day 2_Analyzing Files

ANALYZING FILES STATICALLY

Before we begin a deeper analysis of the file with in-depth tools like IDA pro and debuggers, it’s often fruitful to load the malware into a variety of simple file analysis tools, which perform numerous tests on the binary. These tools help us reason about rather the binary is malware, detect packers/crypto, and so much more, without needing to get into the bits and bytes – just yet. We’ll show how to use the tools covered in this section.

Day 2_Reversing Malware

REVERSING MALWARE WITH DEBUGGING TOOLS

Sometimes breaking custom encryption or packing statically can be difficult. Going back and forth between static and dynamic analysis is common. You can even debug right from within IDA pro, if you want to run certain sections of code to see what it will actually do. We teach the tools and techniques.

Day 2_Reversingw IDA pro

REVERSING MALWARE WITH IDA pro

Once the malware is unpacked, static analysis is typically much easier. Also, we don’t have to worry about anti-debugging, once we switch to static analysis. Though time consuming, this, lowest level of analysis may be necessary if all of the details of the malware are required.

Day 2_customizing reports

CUSTOMIZING REPORTS: FROM RESEARCHERS TO CISOs

Threat intelligence needs to reported differently at each level. CISOs care about different things compared to researchers. We describe the best ways to share the right data, to the right people, so the best actions can be taken. We also look at TI sharing tools and standards.

Deeper Investigations For The SOC

This is a great first malware and incident investigations class. The goal of the class is to consider the basic workflow of a typical internal IT security/SOC analyst, but go a number of steps beyond that. Rather than just guess about the severity of a particular security alert, how deep of an investigation is practical in 20min? You’d be surprised. But first you have to get comfortable with all the tools and techniques. That’s what we do in this class.

Who should take the class?

Anyone from SOC analysts, pentesters, developers, testers, QA, managers, journalists, etc. Anyone who wants to deepen their knowledge about how the latest threats can be quickly analyzed.

COURSE CONTENT

Course content_State of malware

State of Malware

We start our training by looking at the current state of malware – how it is spread, what is being spread and how this impacts organizations. We will also discuss the overall process of how to analyze malware and develop a methodology that can be used for the rest of the course. Discussion will include SOC workflow and an introduction to core tools.

Course content_command

Command and Control

Before we begin analyzing samples, we’ll discuss how malware communicates. This will give us an opportunity to discuss domain generation algorithms (DGA) and other techniques that malware uses to avoid detection and disruption.

Course content_open-source

Open-Source Information Gathering

Once we have data that can identify our sample, we can use open-source tools to help us identify if it is malicious and, if so, what is it’s primary purpose. During this section we’ll look into VirusTotal and the VirusTotal API. We’ll start to explore ways to automate our work with Python scripting.

Course gathering signatures

Gathering Signatures and Hashes

In this section we’ll cover techniques to help identify, and share, information about a potentially malicious sample. From generating file hashes to imphashes (import hashes) and file similarity analysis with tools such as ssdeep, we’ll generate identifying data about a sample to help our analysis.

Course content_basic malware

Basic Malware Analysis

As we dig deeper into malware we look at basic static and dynamic approaches to analyzing malware. Our goal is to develop techniques and leverage tools that allow us to find the best data, the quickest.

Course content_Delivery Methods

Anti-Virus and Other End-Point Protections:

This section will discuss how anti-malware protections, such as AV, work – we’ll dig into their strengths and weaknesses. We’ll get hands-on with anti-malware products to write our own signatures to detect malicious files on a host machine.

Course content_Delivery Methods

Delivery Methods: How Malware Gets Through the Perimeter

We’ll begin this topic by discussing how malware is commonly spread. One of the more prevalent ways is through exploit kits (EK), which often requires no more interaction from the user than to visit an infected website.

Course content_Deeperanalysis

Deeper Malware Analysis

Once initial triage is complete, we may have to dig deeper into our samples in order to collect the necessary information and answer questions such as “what did it do” and “how did it impact the organization”. In this section we look at disassembly tools such as IDA Pro and debuggers in order to gain that deeper level of understanding.

Course content_Deepe look at malware

Deeper Look at Malware: Blocking and Hunting

This section we’ll explore advanced attacks such as those initiated by an exploit kit (EK). Using indicators of compromise (IOC) we’ll be able to create custom signatures – this will give us the ability to proactively and retroactively block and hunt for infections.

quotation mark

I have worked with many pentesting, code reviews, and IR organizations in the past, and VDA Labs stands high above all of them in both their skill and approach. They provide a highly interactive experience – which is uncommon in the world of security testing, which often simply produces a report at the end of the engagement. VDA worked closely with my team throughout the engagements, educating and informing us all along the way. We felt a genuine commitment from VDA to our organization’s safety in an increasingly hostile environment."

— RICH WUNSCH
Director of IT Infrastructure, Information Security Officer, Advanced Radiology Services

Security Leadership Training

New to the security field? Or in a security leadership position and want a shoulder to lean on?

We’re happy to provide 1-on-1 or group coaching.

  • How the security industry works
  • How to buy product
  • How to build product
  • How to buy services
  • How to build services
  • How to secure the enterprise
  • How to hack the enterprise
  • How to take security training
  • How to build a training program

SECURITY STARTS WITH OUR SPECTRA MODEL