This information is from a previous year. Please visit for up to date information.

  • Workshop registration is $20 and will be conducted via our main Registration Page.
  • Workshops will be held in via a private Zoom link that will be sent via email prior to the workshop starting.
  • Workshop registration will be closed after the workshop capacity is reached or on Oct 7th @ 11:59PM PDT, whichever comes first.
  • By registering for a workshop, you consent to have your email address shared with the instructor for the purpose of sending class materials.

All times are in Pacific Daylight Time (UTC-0700).

  • Track: Workshop: Friday 10/09 @ 0800-1200 PDT

If you are the kind of person who enjoys workshops with practical information that you can immediately apply when you go back to work, this workshop is for you, all action, no fluff :)

Attendants will be provided with training portal access to practice some attack vectors, including multiple mobile app attack surface attacks, deeplinks and mobile app data exfiltration with XSS. This includes: Lifetime access to a training VM, vulnerable apps to practice, guided exercise PDFs and video recording explaining how to solve the exercises.

This workshop is a comprehensive review of interesting security flaws that we have discovered over the years in many Android and iOS mobile apps: An entirely practical walkthrough that covers anonymized juicy findings from reports that we could not make public, interesting vulnerabilities in open source apps with strong security requirements such as password vaults and privacy browsers, security issues in government-mandated apps with considerable media coverage such as Smart Sheriff, apps that report human right abuse where a security flaw could get somebody killed in the real world, and more.

Read More

After 13 years in itsec and 20 in IT Abraham is now the CEO of 7ASecurity, a company specializing in penetration testing of web/mobile apps, infrastructure, code reviews and training. Former senior penetration tester / team lead at Cure53 and Version 1. Creator of “Practical Web...

Read More

twitter @7asecurity linkedin Abraham Aranguren github 7a
  • Track: Workshop: Friday 10/09 @ 1300-1700 PDT

Michael Wylie brings to you an introductory hands-on fundamental malware analysis workshop. IT and Cybersecurity professionals will learn the basic skills necessary to safely analyze the characteristics and behavior of malware. Students will walk away with practical techniques and methodologies that can be immediately applied to statically and dynamically analyzing software with an emphasis on malicious software. Gone are the days where incident responders reformat infected systems destroying valuable evidence. Preserving and analyzing malware artifacts will give attendees the skills to understand, at a high level, the techniques and malicious intents of malware that defeated their security controls. Once the threat is understood, additional detective and preventive controls can be put in place resulting in faster response. Throughout this workshop, students will learn about and how to work on labs involving both static and dynamic software analysis. Before diving in, students will be given an overview of malware analysis and be educated on safe responsible malware detonation to minimize the risk of spreading malware. Tools students will explore include: Strings, Wireshark, PEstudio, ProcMon, HxD, Process Hacker, Process Explorer, and more.

Read More

Michael Wylie, MBA, CISSP is the Director of Cybersecurity Services at Richey May Technology Solutions. In his role, Michael is responsible for delivering information assurance by means of vulnerability assessments, cloud security, penetration tests, risk management, and training. Michael has developed and taught numerous courses for the U.S. Department of...

Read More

twitter @TheMikeWylie
  • Track: Workshop: Saturday 10/10 @ 0800-1200 PDT

This will be a workshop that allows students and professionals to understand both pentesting and AWS by setting up various systems in AWS. Attendees will engage by setting up an attacker host, a couple of victim machines, and a couple of other AWS services. Once the environment is set up, attendees can expect to learn basic pentesting concepts as well as some more intermediate and advanced topics.

Read More

Security engineer and educator who has been working in engineering, security, and information technology for 10 years. Specializations in Penetration Testing, Threat and Adversarial Assessments, Vulnerability Management, Cloud Technology (AWS), and experience as a Technical Educator and University Level Professor.

Read More

twitter @Moos1e_Moose linkedin Jon Helmus
  • Track: Workshop: Saturday 10/10 @ 1300-1700 PDT

There are far too many pieces to the information security puzzle for one person to know them all. That’s OK, but there are still quite a few topics which warrant at least some basic level of understanding. One such topic is the typical malware kill chain. Those interested in different aspects of security may find they know nothing about this. They may also find the desire to learn.

If the best way to learn is by doing then let’s “do” some malware.

Students of this workshop will learn how to:

  • Build (harmless) pluggable implants for Windows in C
  • Run simple command-and-control and related services
  • Tie these pieces together into a usable kill chain

Please note we will not cover evasive or persistence techniques. The instructor is not a malware expert and has no intentions (yet) of arming the populace.

This workshop aims to provide a bit of fun and understanding around botnets and the kill chains used to build them. Students will take away a basic but (hopefully) new perspective on something they may have only read about in passing, but more importantly a spark to encourage continued research and experimentation at home.


Attendance Requirements


Read More

StudlyBeefyMcBeefyStudly is many things — DEF CON Goon, Chaotic Neutral Troublemaking Aficionado, Fornax Coversapien, Principal Systems Engineer, Raging Alcoholic, Firestarter… The list goes on. They have spent nearly 20 years bringing the fruits of their exploits to the techomancing world. Originally starting out with desktop software and then web application...

Read More

twitter @bad2beef

© 2021 ShellCon