Workshop 1 | The Bug Hunter's Methodology​

I am thrilled to introduce you to The Bug Hunter’s Methodology, my masterclass designed for aspiring and seasoned offensive security professionals, including web application security testers, red teamers, and bug bounty hunters. The Bug Hunter’s Methodology (TBHM) aims to equip you with the latest tools, techniques, and strategies, plus provide a data-driven methodology on how and where to search for vulnerabilities that are currently common in the wild. Unlike other courses, TBHM is not an A-Z or beginner-oriented course. True to the spirit of my public TBHM talks, my emphasis is on expert tips, time-saving tricks, practical Q&As, automation strategies and vetted resources. Join us for TBHM and get ready to supercharge your skills, refine your strategies, and join an active community of like-minded professionals.   Attendees should have:
  • Burp Suite (PRO preferably), VM or equivalent access to *nix command line.
Pre-requisites for attendees:
  • – General Web application and network security testing knowledge required. Some topics will assume some knowledge of OWASP Top Ten type vulnerabilities and previous experience.
  • – A full list of tools needed will be posted in the weeks leading to the workshop.

Bio: Jason Haddix, also known as jhaddix, leads as CEO and “Hacker in Charge” of Arcanum Information Security, a premier firm specializing in assessments and training. Currently, he is the Field CISO for Flare.io and a Strategic Advisor to Bugcrowd. With a distinguished 20-year tenure in cybersecurity, Jason has previously held notable positions such as CISO at Ubisoft, Head of Trust at Bugcrowd, Director of Penetration Testing at HP, and Lead Penetration Tester at Redspin. He has expertise across nearly all cybersecurity domains and is ranked 57th all-time on Bugcrowd’s bug bounty leaderboards. A prolific speaker, Jason has delivered numerous talks on offensive security methodologies at major conferences including DEFCON, BlackHat, RSA, OWASP, Nullcon, SANS, IANS, BruCon, and Toorcon, among others.

Workshop 2 | Windows Forensics for Insider Threat

Windows Forensics for Insider Threat is an immersive workshop built for beginners looking to get into digital forensics to uncover the traces of malicious insider activity. This session focuses on the artifacts that insiders leave behind when interacting with Windows systems — covering file access, program execution, USB storage usage, Recycle.Bin analysis, disk imaging, file recovery, and browser activity. Through guided activities, you’ll learn how to connect these evidence sources into meaningful timelines that reveal intent, method, and impact.
No prior forensics experience is required. We’ll start from first principles, explain how and why artifacts are created, and guide you through hands-on exercises that demonstrate how investigators reconstruct user actions from raw evidence.
Note: This will mostly be repeated content of last years Windows Forensics for Insider Threat if you have already taken the workshop.
Attendees should have:
•A Windows 10/11 environment (native or virtual) with admin rights.
•Ability to work with disk images and external media.
•Adequate storage (~10 GB free).
•Access to PowerShell and command-line utilities.
Pre-requisites for attendees:
– A working knowledge of Windows internals and basic DFIR concepts (artifacts, imaging, hashing) is recommended.
– Some prior exposure to security operations or investigative workflows will help maximize the value of the exercises.
– A full list of required tools and data sets will be distributed to registered attendees in advance.

Bio: Tyler Chevrier, is a Senior Cybersecurity Specialist at Commissionnaires du Quebec and a part-time Cyber Operator for the 34 Signal Regiment. With a specialization in Digital Forensics and Incident Response, Tyler holds 5 years of experience in the field consulting and leading real-world DFIR investigations. Tyler has delivered numerous presentations on digital forensics and penetration testing concepts.

Places limitées

Inscription

Un montant symbolique est demandé à l’inscription pour confirmer votre intérêt. Veuillez noter que les workshops ne sont offerts qu’en anglais.