Netcat for Everyone!

Kevin Tyers

Netcat has been called the swiss army knife of networking. This simple utility allows you to do some pretty amazing things, such as hosting a simple web server or acting as a pivot point to get into those hard to reach places in a pen test. This workshop is meant for users of all skill levels. We will discuss netcat basics, show some tricks and tips, talk about common netcat alternatives, and more. There will be hands on exercise to help reinforce what is being discussed.

A laptop with two Linux VMs is recommended, but not mandatory. This workshop was developed on Ubuntu, but other Linuxes may work. Cheat sheets will be handed out in class and a website will be put up with the exercises so people can practice their skills after the conference. Kevin Tyers

Kevin Tyers is a network security nerd at heart. He has worked in a variety of environments, and currently calls PayPal his home. Over the last few years, he has given talks at CactusCon, BSidesLV, SANS SOC Summit, and other conferences about various networking, information security, and python topics. He has a passion for teaching and helping people learn about networking, coding, and security.

Network Forensics Workshop: Long Live Packet Pillaging!

Ryan Chapman

The Network Forensics Workshop is returning this year with an all new challenge. This year, participants will be guided through each round of the Network Forensics Puzzle Contest from DefCon 23 (2015). The workshop covers the tools and tactics that the Bechtel GSOE Team used to win the challenge. Participants can look forward to learning tips and tricks for Wireshark, bash, Python, volatility, NetworkMiner, and other tools.

If you would like to participate:

  • Please bring a laptop with a Kali Linux VM locked and loaded (v2.0+ preferred)
  • Be prepared to come early or contact the workshop host prior to the class to obtain additional software. Alternatively, a lab network will be set up in the workshop for anyone who needs to obtain content.

Ryan Chapman works as an Incident Response Analyst for Bechtel Corporation. Ryan’s primary duties include incident handing and network security monitoring. Prior to this position, Ryan worked as an application developer during his transition from a full-time training career to a more hands-on vocation. Ryan enjoys malware analysis, network forensics, and… just about everything else that has to do with security. Outside of security, Ryan spends time with his family, dabbles in stand-up comedy, and plays plenty of Street Fighter. Hadouken!

Taking Over Real Servers

Sam Bowne

After a brief explanation and demonstration, participants will compete to exploit servers using these techniques:

  • Level 1: Shell command injection (easy buffer overflow)
  • Level 2: SQL injection (with PHP shell)
  • Level 3: Binary exploitation of stack buffer overflow

Participants will need a 32-bit Kali 2.0 Linux machine, real or virtual. USB thumbdrives with the VM will be available, and a few loaner computers.

All the projects and materials used are freely available on the Internet at

Sam Bowne has been teaching computer networking and security classes at CCSF since 2000. He has given talks and hands-on trainings at DEFCON, HOPE, B-Sides SF, B-Sides LV, BayThreat, LayerOne, and Toorcon, and taught classes and many other schools and teaching conferences.

He has a B.S. in Physics from Edinboro University of Pennsylvania and a Ph.D. in Physics from University of Illinois, Urbana-Champaign.

Web Application Firewall Kung Fu: Master the Art of WAF Defense

John Stauffacher

Identification of web application vulnerabilities is only half the battle we face today. Web Application Firewalls are the new 'goto' solution for rapid vulnerability defense. How do they work? How do we configure them? How can we use them to bolster our defenses?

This workshop is intended to provide an overview of the recommended practices for utilizing a web application firewall, building a program, and integrating the WAF into your SDLC and security teams. During the workshop, we will discuss Web Applications, as well as various WAF products from ModSecurity, F5 ASM, Imperva WAF and provide in-depth walk-throughs of the complex use cases. Examples will include addressing not only attacks but the underlying vulnerabilities, and an introduction to the Positive Security Model for Web Application Firewalls. The goal of this workshop is to both highlight cutting edge mitigation options using a web application firewall and to show how it can effectively be used by security consultants who traditionally gravitate towards other mitigation techniques.

TEACHING METHODS: Lecture, hands-on labs and group discussions.

WHO SHOULD ATTEND: Security Consultants, IDS/IPS/WAF admins

PREREQUISITES: Students should be familiar with HTTP, Linux, Regular Expressions

John Stauffacher (@g33kspeed) is a guy, who breaks stuff. Author, Consultant, Speaker, Bounty Hunter (, Hacker1, BugCrowd Top100, SynAck SRT alum) his many exploits are the stuff of legend. During the day he is a Principal Consultant within Optiv Security advising clients on all things Information Security, in his off time he is part bounty hunter, part rockstar, and all things bad ass.