Category Archives: Workshops

BSides Detroit 13 Episode 14

Raphael Mudge (@armitagehacker) brings us up to speed on Metasploit, Armitage, and Cobalt Strike. He then introduces his new workshop: Armitage and Cobalt Strike. “My idea of hacking is taking the tactics, techniques, and procedures that different threats are using today and using them against our organizations to understand how our controls stand up when exercised in concert by a sophisticated adversary.” Listen in and find out how Cobalt Strike makes this possible.

Abstract: The Metasploit Framework is a must-have tool for penetration testers. Armitage builds a workflow on top of the Metasploit Framework and exposes its most advanced capabilities. Cobalt Strike augments Armitage with tools to simulate advanced persistent threat-style targeted attacks. This lab oriented class will introduce you to the penetration testing process from the perspectives of Armitage and Cobalt Strike. You’ll learn how to craft an attack package, deliver it to a target, spy on a user, attack systems from a foothold, and abuse trust relationships to gain access.

For more information about BSides Detroit 13, please see:

BSides Detroit 13 Episode 07

Steven Fox and Andrew MacPherson from Paterva join the podcast. We discuss Maltego and Steven’s Open Source Intelligence Workshop / Scavenger Hunt.

Abstract. The Internet is replete with information resources which communicate both trivial and useful information about people/organizations. Open Source Intelligence (OSINT) comprises an analytical process where this information is collected, distilled and deployed for use in a variety of scenarios. This process reveals the information associated with physical assets, enabling us to interface strategically with the world.

Attendees will learn, over two half-day sessions, the OSINT lifecycle in the context of a scavenger hunt. They wll become familier with the fundamentals behind cyber intelligence collection and analysis, and how these current methods can be deployed in their organizations. They will also learn to visualize connections between information and physical assets through the use of Paterva’s Maltego. Each workshop attendee will receive a 5-day enterprise license for us in both this workshop and the Security BSides Detroit CTF.

Note. This is a two part workshop. Part one is on Friday morning, part two is on Saturday afternoon, and the scavenger hunt runs through-out the conference. Exact times will be announced closer to the event.

For more information about BSides Detroit 13, please see:

BSides Detroit 13 Episode 05

Fresh from Twitter’s security breach with 250,000 passwords and the increased calls for Twitter to use two-factor authentication, John Moore (@RabidSecurity) joins the podcast to cover password strength and two-factor authentication. John covers his new BSides Detroit talk, Advanced Password Recovery Techniques and Modern Mitigation Strategies, along with his Cain and Abel password cracking workshop.

Abstract. Think about all the passwords we use to access information every day. Whether it is email, social media, financial institutions or numerous other services, passwords have become the keys to our digital kingdoms. So it’s no surprise that Advanced Persistent Threat (APT) actors and malicious software target these credentials once they have compromised a system or systems in our network to further entrench and seek profit from unlocking our personal and corporate data. In order to curb this problem, most enterprises and operating systems encrypt this data to keep it safe. However, we have seen with the right tools these credentials can be unencrypted and used for more nefarious means. This problem has plagued even the largest organizations and the list of companies suffering from credential leaks is growing almost daily and includes such giants as LinkedIn, EHarmony and Yahoo. In this talk, we discuss how these breaches occur, the risks to the organization as well as the individual and what can be done to mitigate this growing security epidemic. An “Enclave Protected Defense-in-Depth” strategy toward creating, securing and managing passwords against this class of attack will be propounded and a focus will be placed on explicating the tools, techniques and practices (TTPs) used by malicious actors that leverage these attacks to gain access within the network to breach critical data that can bring harm to the individual and organization. Lastly, we will explore how to improve personal and enterprise password strategies, discuss alternatives like two factor authentication and Active Directory Group Policy strategies to help mitigate this risk and, finally, speculate to what the future of authentication may look like.

For more information about BSides Detroit 13, please see: