HACKER SUMMER CAMP 2024 GUIDES — Part Eight: DOUBLEDOWN24 by RingZer0

DCG 201
13 min readJul 18, 2024

--

Welcome to the DCG 201 Guides for Hacker Summer Camp 2024! This is part of a series where we are going to cover all the various hacker conventions and shenanigans both In-Person & Digital! This year in 2024 we have completely lost our minds and thus we will have a total of 18 guides spanning 3 months of Hacker Insanity!

As more blog posts are uploaded, you will be able to jump through the guide via these links:

HACKER SUMMER CAMP 2024 — Part One: Surviving Las Vegas & Virtually Anywhere 2024

HACKER SUMMER CAMP 2024 — Part Two: Capture The Flags & Hackathons

HACKER SUMMER CAMP 2024 — Part Three: Design Automation Conference #61

HACKER SUMMER CAMP 2024 — Part Four: ToorCamp 2024

HACKER SUMMER CAMP 2024 — Part Five: LeHack 20th

HACKER SUMMER CAMP 2024 — Part Six: HOPE XV

HACKER SUMMER CAMP 2024 — Part Seven: SummerCon 2024

HACKER SUMMER CAMP 2024 — Part Eight: DOUBLEDOWN24 by RingZer0

HACKER SUMMER CAMP 2024 — Part Nine: TRICON & REcon 2024

HACKER SUMMER CAMP 2024 — Part Ten: The Diana Initiative 2024

HACKER SUMMER CAMP 2024 — Part Eleven: Wikimania Katowice

HACKER SUMMER CAMP 2024 — Part Twelve: SquadCon 2024

HACKER SUMMER CAMP 2024 — Part Thirteen: BSides Las Vegas 2024

HACKER SUMMER CAMP 2024 — Part Fourteen: Black Hat USA 2024

HACKER SUMMER CAMP 2024 — Part Fifteen: DEFCON 32

HACKER SUMMER CAMP 2024 — Part Sixteen: USENIX Security Trifecta 2024

HACKER SUMMER CAMP 2024 — Part Seventeen: HackCon 2024

HACKER SUMMER CAMP 2024 — Part Eighteen: SIGS, EVENTS & PARTIES

DOUBLEDOWN24 by RingZero

Date & Time:

Virtual: Saturday, July 20th — Frisday, July 26th, Monday, August 5th — Thursday, August 8th, Monday, August 19th — Sunday, August 25th

Location: Virtual

Website: https://ringzer0.training/

Tickets: https://ringzer0.regfox.com/doubledown24-lasvegas?ref=ringzer0.training

Virtual Platform(s): N/A

Schedule: https://ringzer0.training/doubledown24-virtual-training/

Live Streams:

YouTube: N/A

Discord: N/A

Virtual Chat: Discord (Only For Ticket Holders)

Affordability: Late Pricing post June 1st with almost all trainings except for one $4,400, with only one training for $2,500.

Code Of Conduct: TBA

You don’t need to come to Las Vegas to take part in DOUBLEDOWN24. You can study with our amazing trainers from the comfort of your own home! Our trainings run from July 20–26, and are 16 or 32 hours long. Our trainings are fully interactive with teaching assistants ready to capture questions and queries from our discord, and streams available to watch again later.

Ringzer0 provides advanced, hands-on training designed for cybersecurity professionals. Our instructors are top industry experts who offer technical deep dives into a range of core issues, including vulnerability research, exploitation, malware analysis, red teaming and practical attacks.

Each class is laser-focused on a specific topic, to pack in as much learning, hands-on experience and instructor face time as possible. Ringzer0 gets students past the learning curve!

While other cons have a small session of Trainings during Hacker Summer Camp, ringzer0 is the only group that is dedicated to the craft. Normally a four day intensive of hands-on-training with some of the top cybersecurity hackers in their fields, this year has been shifted to all virtual half done earlier in the year and the rest during the normal Vegas week. If you have serious money to spend (or you convince your job to) and you want to move from your current hax0r skillz to pure wizard, this is the place to be!

🇺🇸 U.S. GOVERNMENT REGISTRATIONS
Please email us at info@ringzero.training and request our CAGE code.

🏦 PRICE QUOTES AND PAYMENTS VIA BANK TRANSFERS
Please email us at info@ringzero.training requesting price quote and bank transfer information.

GROUP & COMBO DISCOUNTS

$200 OFF EACH TRAINING, $50 OFF CONFERENCE TICKETS

For 2–3 participants OR back to back training combos.

For groups of 4 or more, email info@ringzero.training for special discounts!

Discount will be automatically calculated and applied before checkout

DCG 201 DOUBLEDOWN24 by ringzer0 COURSE HIGHLIGHTS

These are some of the multi-day course training that stood out to us. Space is limited and this is not the full list so RSVP ASAP and look at the full list of training on their website: https://ringzer0.training/doubledown24-virtual-training/

Fuzzing and Attacking Custom Embedded Systems

Tobias Scharnowski, Marius Muench
Virtual Training | August 19–25 | 32 hours

This training teaches how to analyze, fuzz test, and exploit deeply embedded devices that use custom embedded operating systems. We will take a deep dive into the inner workings of Arm Firmware, teach reverse engineering essentials with Ghidra, and will have plenty of hands-on exercises to teach proficiency with Unicorn, AFL++, and Fuzzware.

ABSTRACT

Deeply embedded systems play a crucial role in the ever-growing Internet of Things and typically offer a lucrative attack surface with over-the-air interfaces, hardcoded secrets, and missing security protections.

During the training, we will understand the inner workings of a typical embedded system, and re-discover memory corruption vulnerabilities in a real-world, non-linux embedded operating system by combining reverse engineering, emulation and fuzzing. We will then develop proof-of-concept exploits using the discovered vulnerabilities to demonstrate how an attacker could compromise the target system.

The full training is accompanied with various practical hands-on exercises and tinkering with a physical embedded training platform created for this training. After the training, we expect participants to feel comfortable to independently analyze deeply embedded systems of their choice.

INTENDED AUDIENCE

💡

- Security Researchers
- Firmware Developers
- Curious Minds

KEY LEARNING OBJECTIVES

  • The inner workings of deeply embedded firmware
  • Fundamentals of firmware reverse engineering
  • Harnessing parsers for fuzzing
  • Fuzzing via full-system firmware rehosting
  • Overcoming typical fuzzing roadblocks
  • Triaging found crashes
  • Exploitation strategies for Arm Cortex-M systems

MalOpSec2 — EDR: The Great Escape

Silvio La Porta, Antonio Villani
Virtual Training | July 25–31 | 32 hours

This training focuses primarily on Windows malware and on the analysis, tweaking and re-purposing of real malware samples. Participants will be provided with plenty of custom code to facilitate the understanding of complex malware techniques.

ABSTRACT

Engaging in red-team activities within enterprise networks often involves encountering and bypassing endpoint protection solutions, specifically Endpoint Detection and Response (EDR) systems. These EDRs are intricate and sophisticated systems designed to monitor and defend against various threats, including unauthorized access attempts by red team operators seeking to infiltrate the target network.

This course aims to provide a comprehensive understanding of the architecture of modern EDRs and their underlying Antivirus (AV) systems. It delves deeply into the complexity of modern EDRs, their structure, including the components responsible for real-time monitoring, data collection, and threat analysis.

The course also explores how internal Antivirus (AV) systems operate within the EDR framework, their role in threat detection, and their interaction with other security components.

In addition to examining detection mechanisms employed by EDRs, participants will learn about evasion techniques. This includes tactics and strategies to evade detection by EDRs, such as bypassing signature-based scans, disguising malicious behavior, and exploiting potential vulnerabilities in EDR configurations.

The techniques will be demonstrated in two ways: first, by reversing real malware samples, and then by re-implementing an improved version of the malware code.

The training is designed from an attacker’s point of view, teaching red-teams how to make their implants stealthier, but it will also teach defenders how to deal with the anti-reversing and the OPSEC techniques demonstrated in class.

The course focuses on Windows malware and on the analysis, tweaking and re-purposing of real malware samples. Participants will be provided with plenty of custom code to facilitate the understanding of complex malware techniques.

As part of the course, theory sessions will be followed by exercises where participants will reverse and re-implement specific parts of real malware in order to fully understand the hidden corners of all the techniques involved. The 50% of the course will be dedicated to hands-on labs that will show how to translate the theory principles into practice.

Labs are designed to provide flexibility in terms of complexity and include bonus tracks to ensure that you always feel engaged and have something interesting to explore and learn.

This course is valuable not only for red team operators but also for blue team professionals. Blue team members can gain insights into how their detection systems may be bypassed, helping them enhance their security measures and stay one step ahead of potential threats.

This course equips security professionals with a deep understanding of modern EDRs and their AV systems, enabling them to better simulate advanced threat scenarios, improve their evasion detection skills, and contribute to the overall enhancement of security within enterprise networks.

INTENDED AUDIENCE

💡

Developers and Reverse engineers who want to understand tradecrafts from a different point of view, red-team members who want to go beyond using third-party implants, and researchers who want to develop anti-detection techniques of real malware/APT.

TESTIMONIALS

4 hectic days caught me up with over 20 years of work in offensive EDR security. Given how far behind I was, I fully expected to not understand several sections of cutting edge bypass techniques. Pleasantly, this turned out not to be the case. Silvio and Antonio made the material very accessible by going through each technique in sufficient detail enabling complete understanding. I fully expect to be back at Ringzer0 for further training.

KEY LEARNING OBJECTIVES

  • Be able to recognize, implement and deal with stealthy malware/backdoors evasion techniques and tradecrafts.
  • Be able to modify malware components to protect them against reversing efforts.
  • Familiarize with the .NET advanced obfuscation system.
  • Be able to build custom obfuscators and to recognize some pattern left by some obfuscation transforms.
  • Learn tradecrafts used by attackers to prevent and effectively impair defensive incident responders from analyzing their tools, payloads, and backdoors.

TEEPwn: Breaking TEE By Experience

Cristofaro Mune
Virtual Training | July 22–26 | 32 hours

Trusted Execution Environments (TEEs) are notoriously hard to secure due to the interaction between complex hardware and a large trusted code bases (TCBs). The security provided by TEEs has been broken on a wide variety of devices, including mobile phones, smart TVs and even vehicles. Publicly disclosed TEE vulnerabilities were often exploited directly from the less-trusted Rich Execution Environment (REE). Many of these vulnerabilities were specific for TEEs and required novel exploitation techniques. The TEEPwn experience provides an offensive system-level perspective and dives into the darker corners of TEE Security. It is designed with a system-level approach, where you will experience powerful exploitation of TEE vulnerabilities. The TEEPwn experience is hands-on, gamified and driven by an exciting jeopardy-style Capture the Flag (CTF).

ABSTRACT

Trusted Execution Environments (TEEs) are notoriously hard to secure due to the interaction between complex hardware and a large trusted code bases (TCBs). The security provided by TEEs has been broken on a wide variety of devices, including mobile phones, smart TVs and even vehicles. Publicly disclosed TEE vulnerabilities were often exploited directly from the less-trusted Rich Execution Environment (REE). Many of these vulnerabilities were specific for TEEs and required novel exploitation techniques.

The TEEPwn experience provides an offensive system-level perspective and dives into the darker corners of TEE Security. It is designed with a system-level approach, where you will experience powerful exploitation of TEE vulnerabilities. The TEEPwn experience is hands-on, gamified and driven by an exciting jeopardy-style Capture the Flag (CTF).

Your journey starts by achieving a comprehensive understanding of TEEs, where you will learn how hardware and software concur to enforce effective security boundaries. You will then use this understanding for identifying interesting vulnerabilities across the entire TEE attack surface. You will then be challenged along the path to exploit them in multiple scenarios.

All vulnerabilities are identified and exploited on our emulated attack platform, implementing a 64- bit TEEs based on ARM TrustZone.

You will take on different roles, as an attacker in control of:

  • the REE, attempting to achieve privileged code execution in the TEE.
  • the REE, trying to access assess protected by a Trusted Application (TA).
  • a TA, aiming to escalate privileges to TEE OS.
  • a TA, accessing the protected assets of other TAs.

TEEPwn will guide you into an unexpected range of attack vectors and TEE-specific exploitation techniques, which may be leveraged for novel and creative software exploits, refining your skills to a new level.

INTENDED AUDIENCE

💡

- Security Analysts and Researchers, interested in new techniques
- Software Security Developers/Architects interested in TEE software attack techniques.

KEY LEARNING OBJECTIVES

  • Explore TEE security at the system level
  • Gain strong understanding of TrustZone-based TEEs
  • Identify vulnerabilities across the entire TEE attack surface
  • Experience TEE-specific exploitation techniques

Mobile Reverse Engineering with R2frida on Android and IOS

Grant Douglas, Alex Soler
Virtual/In-Person | August 3–6 | 4 days

Abstract

Combining dynamic with static analysis is the key to quickly solving many challenges when performing binary analysis. Have you ever thought about combining Radare2 with Frida? This combination has given birth to “R2Frida”, an IO plugin that allows you to put the power of Frida into Radare2 land.

For the beginners with Radare2 and Frida, the workshop will cover the basics of both. During this practical training, we will walk you through how to use R2Frida to analyze Android and iOS mobile apps. Attendees will learn about offensive mobile security, e.g. bypass jailbreak protections, SSL pinning, anti-debugging, or even Frida detections using Frida itself.

Students receive:

  • Access to Corellium’s virtualized devices for the duration of the training.
  • A copy of all training content to take home
  • A copy of the crackme’s, challenges, and solutions to take home.
  • Access to a trainee-trainer Telegram group which persists beyond the training for general tips, questions, etc.

INTENDED AUDIENCE

💡

Beginner and intermediate mobile security professionals or enthusiasts. Basics of radare2 and Frida will be covered but prior exposure to these will come in handy.

TRAINING FEEDBACK:

“Awesome work by you guys, appreciate the time and effort that was put into preparing and sourcing all the information and for instructing it too!”

“I attended the R2Frida training at R2Con 2019. The training was excellent. The content was clear, concise, and actionable. The instructors had practical real world experience and shared their tips/tricks that I now use regularly. Would recommend.”

KEY LEARNING OBJECTIVES

  • Understand the basic usage of Frida
  • Understand the basic usage of Radare2
  • Understand the theory covering mobile security topics and how to analyze them
  • Gain hands on experience installing demo and real mobile apps for analysis
  • Gain hands on experience analyzing network traffic without requiring proxy interception
  • Learn and hone application tampering skills including sideloading and patching for debugging
  • Learn where applications store secrets or crypto keys and how to extract them
  • Develop certificate pinning and root/jailbreak detection bypass solutions
  • Understand mobile security findings that may arise during penetration testing and code review activities

Xeno’s All You Can Learn Buffet

Xeno Kovah
Virtual Training
August 3–6 | 32 hours

Xeno’s Learn All You Can combo of x86–64 Assembly, RISC-V Assembly, OS Internals, Intel Firmware and C/C+++ vulnerabilities.

ABSTRACT

This is the combination class that lets you take any of the material(!) from the x86–64 Assembly, RISC-V Assembly, x86–64 OS Internals, x86–64 Intel Firmware Attack & Defense, or C/C++ Implementation Vulnerabilities classes at your own pace, but with full instructor support!

ONE OF A KIND CLASS FORMAT

💡

This class is run a little different from most classes. We provide you purpose-built recorded lectures instead of trapping you in realtime with live-lectures. But fear not, the instructor is always right there eagerly waiting to mingle with the students and answer any questions you have. (The instructor really likes being asked questions. It shows you’re paying attention ;)). One of many benefits is that you can watch lectures at 2x speed and zoom ahead of the other students and get to the hands on labs quicker. Or if there’s bits of material you already know, you can just skip them and move on to the bits you don’t know! Another big benefit is that you get to take the full lectures and labs with you! That means if you forget stuff and then need it in 6 months, you can quickly re-bootstrap yourself! Or you can watch the class twice, to really grow those neural connections and cement it in your brain! And unlike live lectures, our lectures are always getting more factually accurate, by having any accidental errors edited out.

Because we give you all the lecture and lab materials and videos after class, what you’re really paying for is support from the instructor! So you’ll be entitled to keep asking up to 20 questions after class, with 1–2 hour turnaround answers (after accounting for time-zone differences.) This lets you keep productively working through the material if you run out of time at the conference. If you’d like to learn more about the benefits of this style of class delivery, please read this blog post.

MIX AND MATCH FROM ANY OF THE FOLLOWING TRAININGS

--

--

DCG 201

North East New Jersey DEFCON Group Chapter. Dirty Jersey Represent! We meet at Sub Culture once a month to hack on technology projects! www.defcon201.org