• Writing Secure Code (round 2!)

    https://whitehatacademy.herokuapp.com

    We're going to do another round of virtual presentation and interactive hands-on lab covering common web application vulnerabilities and how to guard against them. Similar to the last event (https://www.meetup.com/White-Hat-Academy/events/243123056/), this time we'll walk through a more in-depth example covering how to identify, exploit and guard against stored XSS (https://en.wikipedia.org/wiki/Cross-site_scripting#Persistent), CSRF (https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)), and directory traversal (https://www.owasp.org/index.php/Path_Traversal). Participants will then get a chance to rewrite sample code to harden their apps from attack and test whether their fixes are successful. To get the most out of this session, you should already have some basic experience with an object-oriented programming language like Python. This event will be run completely online; join our Slack group (https://whitehatacademy.herokuapp.com) to ask questions and interact during the presentation, and watch the action at the YouTube livestream.

    1
  • Writing Secure Code

    https://whitehatacademy.herokuapp.com

    As part of DC CyberWeek, we're hosting a virtual presentation and interactive hands-on lab covering common web application vulnerabilities and how to guard against them. Participants will be able to practice exploiting web apps using injection, cross-site scripting, and other common attack vectors. Participants will then get a chance to rewrite sample code to harden their apps from attack and test whether their fixes are successful. To get the most out of this session, you should already have some basic experience with an object-oriented programming language; examples will mostly use Python code. While this event will be run completely online, you're encouraged to join others live at The HackerGround in Rosslyn; please RSVP here as well (https://www.meetup.com/The-HackerGround/events/243633700/) if you plan to attend in person.

    15
  • CTF 3 Challenge Walkthroughs

    https://whitehatacademy.herokuapp.com

    Still scratching your head over a couple challenges from the recent CTF (https://www.meetup.com/White-Hat-Academy/events/238320079/)? We'll do a walkthrough of how to solve each of the ten challenges, with full explanations of all the tools and tricks necessary. Join our Slack group ahead of time via the link above. I'll be broadcasting a YouTube Live stream, and we'll facilitate the discussion before/during/after on Slack for those who have follow-up questions or alternative solutions to offer. Sometimes there was more than one way to get a flag; perhaps you even discovered one that none of us had considered before! If you miss this event, you can still visit https://whitehatacademy.herokuapp.com to sign join our Slack later.

    3
  • Capture the Flag

    iStrategyLabs

    Let's do it again! We're back in DC for round 3. Capture The Flag is day-long hacking competition for individuals and teams. Check out https://whitehat.academy/ctf for reading material to get started ahead of time. This event will be a jeopardy-style tournament, with categories covering web application exploits, binaries and reverse engineering, password cracking, cryptography, and other fun surprises... We are looking for volunteers, both beginners and experts alike, to help make this event a success. If you would like to help out, please send an email to [masked] Thanks to iStrategyLabs (https://isl.co/) for the space and to our sponsor CyberVista (https://www.cybervista.net/)!

    33
  • Setting up a home lab

    Needs a location

    Bring a laptop with 30GB(!) of free space; leave with your own virtual network of servers perfect for practicing pentests in an isolated environment full of custom vulnerabilities. We will get you set up with a number of virtual machines including Kali Linux (https://www.kali.org/) and Metasploitable (https://www.offensive-security.com/metasploit-unleashed/requirements/) boxes, explain various network configurations to keep your virtual network safely removed from your personal machine, and go over the ideal workflow so that you can take image snapshot backups, keep your work organized, wreak havoc on your boxes, and wipe it all clean to start fresh again.

    15
  • Security+ review session

    Needs a location

    We will review common infosec topics, especially focusing on areas covered by the CompTIA Security+ certification exam. Topics include network and host security, access controls, vulnerability assessments, operational and physical security, wireless technologies, and basic cryptography. Whether you just want a refresher, you're able to share your experience taking the Security+, or you're just thinking about diving in, this meetup will be part presentation and part guided discussion.

    8
  • Web Application Security

    Opportunity@Work

    $90.00

    IMPORTANT! If you have RSVPed, please fill out this form (https://goo.gl/forms/jRX1XSTYr61tMpNe2) and make sure your machine is set up (https://whitehat.academy/vmprep) before attending the workshop. ------------------ This workshop will cover the most common vulnerabilities in web applications, using Mutillidae 2 (https://www.owasp.org/index.php/OWASP_Mutillidae_2_Project) to give you hands-on practice exploiting and securing web applications. You'll leave with a local setup allowing you to practice your new skills and more knowledge of how to secure your own web applications! Topics covered will include: • Using sqlmap for finding automated SQL injections • Bruteforce attacks • XSS and BeEF hooks • Burp Suite and cookie sniffing • Denial of Service attacks • Using nmap for port/service discovery • SSL, weak cryptography and SSL stripping • Common web services with defaults and known vulnerabilities It's recommended that you have some basic coding familiarity ahead of time (HTML and at least one programming language) - we'll be moving fast!

    3
  • CTF 2 Challenge Walkthroughs

    https://whitehatacademy.herokuapp.com

    Still scratching your head over a couple challenges from the recent CTF (https://www.meetup.com/White-Hat-Academy/events/238320079/)? We'll do a walkthrough of how to solve each of the ten challenges, with full explanations of all the tools and tricks necessary. Join our Slack group ahead of time via the link above. I'll be broadcasting a YouTube Live stream, and we'll facilitate the discussion before/during/after on Slack for those who have follow-up questions or alternative solutions to offer. Sometimes there was more than one way to get a flag; perhaps you even discovered one that none of us had considered before! If you miss this event, you can still visit https://whitehatacademy.herokuapp.com to sign join our Slack later.

    2
  • Capture The Flag (with The HackerGround)

    Topgolf Loudoun

    We're putting on another Capture The Flag competition in collaboration with The HackerGround! https://www.layeredefense.com/ctfinfo.pdf A day-long hacking competition for individuals and teams. This CTF will be a jeopardy-style tournament with categories covering web application exploits, binaries and reverse engineering, password cracking, cryptography, wifi, and other fun surprises. There will be food and refreshments, prizes for the winning teams, plenty of challenges, and raffle giveaways. Have an idea for a challenge? Please email us! [masked] Space will be limited to the first 100 participants that show up (first-come basis), so please plan accordingly. We are looking for volunteers, both beginners and experts alike, to help make this event a success. Please email us if you would like to help: [masked]

    8
  • Offensive Python: Custom scripts for penetration testing

    Needs a location

    $90.00

    In this workshop, we'll write custom Python scripts to automate and augment penetration testing. Learn the basics of port scanning, crafting custom packets, and building your own exploits in Python. Topics covered will include: • Creating TCP/UDP/FTP/SSH clients and servers • Capturing network packets • Custom packet crafting and port scanning • Web scraping with urllib2, requests and Beautiful Soup • Basic exploit development and antivirus evasion To get the most out of this class, you should already have some basic programming experience in Python or a similar programming language like Ruby. If you have not used Python prior to this workshop, take a look at Instant Python (http://hetland.org/writing/instant-python.html) or Learn Python in 10 Minutes (https://www.stavros.io/tutorials/python/) beforehand to familiarize yourself with the syntax.

    7