Hands-On Workshops

Experienced bug bounty hunters, red teamers, and security engineers who already know the basics (OWASP Top 10, Burp, scopes, triage).

• Build a scalable, repeatable advanced recon pipeline that enumerates assets beyond subdomains.
• Apply WAF/edge bypass strategies (ModSecurity/OWASP CRS & Cloudflare) ethically to gain visibility without brute force or service disruption.
• Use AI workflows to accelerate recon, prioritize findings, and draft higher-quality reports.
• Detect and validate advanced vulnerability classes like race conditions, cache issues, SSRF via converters, GraphQL/OAuth authz bugs.
• Communicate impact and maximize acceptance with clean evidence, reproduction steps, and risk narratives.

Practical, hands-on introduction to attacking Bluetooth (BLE & Classic) devices: discovery, service analysis, common weaknesses, fuzzing, and basic exploitation techniques.

• Basic Linux command line comfort
• Laptop with Bluetooth (or external adapter like Ubertooth/CSR) and Wireshark installed

After this course participants will be able to:

• Enumerate Bluetooth devices and identify BLE vs Classic
• Inspect GATT services & characteristics and manipulate them
• Perform passive/active recon (scan, sniff, MITM basics)
• Fuzz and test characteristic inputs; find simple crashes/logic flaws
• Apply basic hardening recommendations for Bluetooth products

Secure coding starts with deeply understanding code and vulnerabilities, and secure code reviews are crucial in finding issues early. In this hands-on secure code review workshop, we will teach the participants how to perform effective code reviews with both manual and automated techniques.

We start by understanding how a common web application code is structured — from imports to functions to object-oriented logic. Participants will learn how code and data flow in real-world applications and be able to kickstart their journey with source code reviews.

From there, we will explain a few of the OWASP Top 10 vulnerabilities, showing how each one appears in real Python code. For every vulnerability, we:

• Explain the security issue with a live example
• Show how to detect it during code review
• Demonstrate exploitation in a lab environment
• Teach how to remediate it securely

This hands-on workshop introduces modern Threat Operations (ThreatOps), combining OSINT, dark web reconnaissance, and telemetry fusion to identify, track, and analyze advanced adversaries. Participants will learn actionable techniques for structured dark web monitoring and derive threat insights that strengthen defensive and offensive cyber operations.

• Threat Intelligence Fusion: How to combine OSINT, telemetry, and multi-source insights into one actionable operational picture.
• Dark Web Reconnaissance: Conduct safe and compliant dark web intel gathering using TOR and structured frameworks.
• Red Team Operation Lifecycle: Fundamental lifecycle from planning and reconnaissance through exploitation and reporting.
• Adversary TTP Identification: Understand how to map the TTPs (Tactics, Techniques & Procedures) of sophisticated threat groups to tailor defense strategies.