March 21-23, 2025
DakotaCon 12
Madison, SD
Join us for three full days of talks and trainings from the finest peeps in the security world! Come enjoy the benefits of a small conference where you won't get lost in the crowd and you get time to interact directly with the speakers and your security peers. Attending the talks on Friday is FREE, so you have no excuse!
March 21
~9:00
Theater & Conference Center
Conference Begins
Join us for two tracks of great talks from experts in the industry! Check back a little later for the detailed schedule.
~6:00
Madison
Social/Reception
Meal is provided. Please register in advance.
March 22 - March 23
~9:00
Various Locations
Trainings Begin
Our two-day trainings will be held Saturday and Sunday March 22-23
Speaker Schedule
March 21 - Track 1
March 21 - Track 2
Trainings
7ASecurity
Abraham Aranguren
Hacking Modern Web Apps
- This course is a 100% hands-on deep dive into the OWASP Security Testing Guide and relevant items of the OWASP Application Security Verification Standard (ASVS), so this course covers and goes beyond the OWASP Top Ten.
- Modern Web apps share traditional attack vectors and also introduce new opportunities to threat actors. This course will teach you how to review modern web apps, showcasing Node.js but using techniques that will also work against any other web Apps platform. Ideal for Penetration Testers, Web Apps Developers as well as everybody interested in JavaScript/Node.js and Modern app stack security.
- All action, no fluff, improve your security analysis workflow and immediately apply these gained skills in your workplace, packed with exercises, extra mile challenges and CTF, self-paced and suitable for all skill levels, with continued education via unlimited email support and lifetime access to training portal with step-by-step video recordings and interesting apps to practice, including all future updates for free.
Long are the days since web servers were run by perl scripts apps written in Delphi. What is common between Walmart, eBay, PayPal, Microsoft, LinkedIn, Google and Netflix? They all use Node.js: JavaScript on the server.
Antisyphon
Gerry Johansen
Enterprise Forensics and Response
- The Enterprise Forensics and Response course is designed to provide students with both an investigative construct and techniques that allow them to scale incident response activities in an enterprise environment. The focus of the lecture portion of the course work is understanding the incident investigation process, objective oriented analysis and response, intrusion analysis and an exploration of attacker Tactics and Techniques.
- The technical portion of the course will focus on how to conduct incident investigations at enterprise scale using the remote evidence acquisition and analysis tool Velociraptor along with other free and open-source tools. The focus of the technical portion will be on extracting usable Indicators of Compromise (IOCs) related to specific MITRE ATT&CK tactics. For example, students will be instructed on extracting and analyzing evidence related to the Execution TA0002 of malicious code or LOLBAS. From here, they will be tasked with addressing containment and eradication measures.
- This course will combine technical elements along with lecture that provides students with both an investigative construct and techniques that allows them to analyze evidence and provide stakeholders with data necessary to limit the damage of modern cyber-attacks.
Antisyphon
Hayden Covington
SOC Foundations
- Foundations of SOC will take you from the ground floor of “What is a SOC” to “How to detect and investigate a multi-stage attack”. Have you ever wondered what it would be like to work in a SOC? Do you manage a SOC and want a better understanding of what goes on within? Or maybe you want to experience Elastic and how it can be used for threat detections and analysis?
- Throughout the course you will gain an understanding of key functions of a SOC and it’s tools, specifically its SIEM and ticketing systems. You’ll learn how they work under the hood and how to bend them to your will. These fundamentals will build upon themselves until you find yourself writing custom sequence detections and investigating them when they fire.
- Foundations of SOC has a good mixture of fundamental knowledge with the freedom to apply that knowledge at a more advanced level for more experienced analysts. As different functions within a SIEM are covered there is leeway for those with more experience to branch out and build on the basics of the labs.
- By the end of the course, you will have a fully functioning SOC of your very own, lacking only in analysts (besides yourself). You’ll be given resources on how to further improve your SIEM should you wish. Lastly, you will be able to tell interviewers that you single-handedly stood up a SOC’s infrastructure.
Antisyphon
Kent Ickler & Jordan Drysdale
Assumed Compromise
- This course will deep dive into what we call threat optics: auditing endpoints, centralizing logs, and visualizing results.
- Assumed Compromise – A Methodology with Detections and Microsoft Sentinel is for you if:
- You need a methodology for assessing networks and domains. You want to improve the efficiency of your red and blue teams. You have an interest in threat optics. You want to implement a methodology for improving business processes around your security culture. Your business executives require ROI data to warrant further capital expenditure on threat-optic and threat-hunting initiatives. You want to see Azure Sentinel’s threat visualizations in near real-time.
- You have interest in modern post-exploitation and pentest-related activities, including:
- Active Directory Certificate Services
- Command and Control
- Credential Attacks
- Impacket’s Heavy Hitters
- Kerberoasting
- Shadow Credentials
- Threat actor TTPs
- You have interest in deception techniques and detection engineering, including:
- Honey accounts and service principals
- BloodHound and Kerberoasting detections
- Password spray and credential attack detects
- Certificate request and KeyCredentialLink auditing
- Real world attacker attribution using services
- The Nitty Gritty:
- Assumed Compromise: This is an Active Directory post-exploitation course where students can walk through penetration testing methodology with two well-seasoned veterans. The courseware is entirely lab based and most of those labs are based on attacks used as part of an industry proven penetration testing methodology.
- Detections: The course provides configuration walkthroughs for Linux syslog and Windows event log data connectors for Microsoft Sentinel. An introduction to Kusto Query Language and Microsoft Sentinel alerts is provided to demonstrate threat detection. Association between attacker techniques, Windows event IDs, and detection logic is provided for most of the courseware’s attack labs.
- Defenses: Students are guided through highly effective Active Directory deception techniques. Deception tech is then used throughout the courseware as a baseline for detecting common Active Directory enumeration like ADExplorer, BloodHound, and Impacket’s GetADUsers.py. Alongside the assumed compromise methodology and detection logic is a thorough discussion of security defenses and best practices.
Register Today!