Hands-On Training

★ Additional registration via Eventbrite is required for training ★

H1/H3 – Ohhhh-Sint: Look What We Found…

Dan Astor & Evan Perotti

The pre-exploitation phase is often considered one of the most important steps of an offensive engagement. Information gained during this phase can be used to better understand the target network and its public-facing resources. However, with their being such an enormous volume of data available and wide number of services in use, obtaining a manageable amount of quality results can be troublesome.

In this lab session, we’ll present several ideas and methodologies that we have used in offensive engagements, to perform effective open-source intelligence (OSINT) and reconnaissance. We will provide resources on how to leverage these techniques, in addition to presenting scripts to help automate these processes.

Participants will Learn:

  • Different forms of passive OSINT activities
  • How to identify target network ranges and domains to develop a footprint
  • How to identify employees of the target to develop a faceprint
  • How to use public information aggregation services to support their faceprinting and footprinting activities
  • How to extract useful reconnaissance information from public datasets (Project Sonar, breach dumps, etc.)
  • How to perform targeted searches to identify potential vulnerabilities and misconfiguration
  • Ways to automate information gathering activities
  • Methods of using gathered information to support offensive operations


Attendees should:

  • Be familiar the Linux (or other *nix) command line
  • Have Docker installed (VM or host) with the ability to run Debian-based containers
  • (optionally) Make accounts for the following services (all are free): Hunter.io, LinkedIn, Google, Connect.data.com, SecurityTrails, Censys
    • While not strictly required, some of the activities utilize tools that require an account
  • Note: Necessary course materials will be made available at the start of the training

Please let us know if you would like any additional information about the training.


Dan Astor is a senior operator for Security Risk Advisors’ Technical Assessment team. His focus is in red team operations, network penetration testing, password cracking, and spear phishing. He has been a speaker at BSides PGH, NOLA, and Philly.

Evan Perotti is an operator for Security Risk Advisors’ Technical Assessment team. His focus is in red team operations, network penetration testing, reconnaissance activities, and spear phishing. He has developed a number of open source and private tools to automate common offensive activities.

H2/H4 – OWASP Capture the Flag

Jim Keeler

Vulnerabilities in web applications are a prolific attack vector and the developers that create and maintain these network accessible resources are in an opportune position to harden them; but many are unaware of the attack surfaces they are introducing.

What better way to learn how to defend a web application than to role play the attacker? Attendees will be given a vulnerable web application to attack for “flags” that can be redeemed for points on our live scoreboard. Self-organized teams of two to four are encouraged but attendees can be placed into a team at the event; or they can try it solo. There will be help available for those still developing their skills.

Attendees must bring a Wi-Fi enabled laptop with Docker pre-installed.


Jim Keeler is a senior software engineer at Calero Software. After 13 years in development he jumped at the opportunity to specialize in security. He currently serves as a member of Calero’s Security Center of Excellence; an internal team that heads security initiatives and promotes security culture. Jim holds a BS in Computer Science from SUNY Fredonia and will be pursuing a GSSP-.NET certification this fall.