Wild West Hackin' Fest 2018

Offensive WMI Workshop (Session 1)WMI has recently been publicized for its offensive use cases. Attackers, and now red teams, are discovering how powerful WMI can be when used beyond its original intent. Even with the recent surge in WMI use, not everyone knows how to interact with it. This workshop intends to showcase how you can leverage WMI on assessments to do nearly anything you would want to do in a post-exploitation scenario. Want to read files, perform a directory listing, detect active user accounts, run commands (and receive their output), download/upload files, and do all of the above (plus more) remotely?
 
The goal for this workshop will be to enable students to walk away with an understanding of how WMI, a service installed and enabled by default since Windows 2000, is utilized by attackers, demystify interacting with the service locally and remotely, and give students the ability to leverage WMI in the same manner as attackers.
 
Bio: Christopher Truncer (@ChrisTruncer) is a co-founder and red team lead with FortyNorth Security. He is a co-founder and current developer of the Veil-Framework, a project aimed to bridge the gap between advanced red team and penetration testing tools, WMImplant, EyeWitness, and other open-source software. Chris began developing tools that are not only designed for the offensive community, but can enhance the defensive community’s ability to defend their network as well. 
This workshop is provided at no extra cost (Wild West Hackin’ Fest ticket is required), but is limited in participants. Be the first to know when registration opens by signing up for our emails!

Offensive WMI Workshop (Session 2)WMI has recently been publicized for its offensive use cases. Attackers, and now red teams, are discovering how powerful WMI can be when used beyond its original intent. Even with the recent surge in WMI use, not everyone knows how to interact with it. This workshop intends to showcase how you can leverage WMI on assessments to do nearly anything you would want to do in a post-exploitation scenario. Want to read files, perform a directory listing, detect active user accounts, run commands (and receive their output), download/upload files, and do all of the above (plus more) remotely?
 
The goal for this workshop will be to enable students to walk away with an understanding of how WMI, a service installed and enabled by default since Windows 2000, is utilized by attackers, demystify interacting with the service locally and remotely, and give students the ability to leverage WMI in the same manner as attackers.
 
Bio: Christopher Truncer (@ChrisTruncer) is a co-founder and red team lead with FortyNorth Security. He is a co-founder and current developer of the Veil-Framework, a project aimed to bridge the gap between advanced red team and penetration testing tools, WMImplant, EyeWitness, and other open-source software. Chris began developing tools that are not only designed for the offensive community, but can enhance the defensive community’s ability to defend their network as well. 
This workshop is provided at no extra cost (Wild West Hackin’ Fest ticket is required), but is limited in participants. Be the first to know when registration opens by signing up for our emails! 

Join Johhny Long for this special opportunity to strengthen your Kali skills and knowledge in a hands-on environment.
 
Bio: Johnny Long spent his career as a professional hacker. He is the author of numerous security books including No-Tech Hacking and Google Hacking for Penetration Testers and a contributor to Kali Linux Revealed. He is the founder of Hackers for Charity and currently works with the Offensive Security team. 
This workshop is provided at no extra cost (Wild West Hackin’ Fest  ticket is required), but is limited in participants. Be the first to know when registration opens by signing up for our emails! 

The .NET framework is built in to every modern version of Windows. It is an amazing attack surface to explore. This will be a hands on workshop led by Joe Moles & Zac Brown. We will explore .NET / C# techniques for circumventing security controls.  Lots of time for questions and writing your own code.  This will be useful for both offense and defense. If you have never used C# or are an expert, this will be a fun way to learn and explore. We will cover Program Structure and Compilation, Shellcode Execution, Process Hollowing, PE Loaders and bypassing security controls.