Training Mode Sample Submission

Note to reader: This talk is mostly made up for a general example. It's designed to provide ideas of information to include the lowest level of detail to use, and overall flow of a good submission. The Detailed Outline (#9) doesn’t need to be formatted as it is in this sample, but it should contain enough information to convince us of the merits of your talk. This should be above and beyond the information contained in the Short Abstract (#8).

1. Email address

youremail@domain.com

2. Name or Handle

Your Name

3. Talk Title

XSS Boosting

4. Talk options are Level Up, Story Mode, and Training Mode

Training Mode

5. Twitter Handle

@YourTwitter

6. Speaker Bio(s)

Your Name is an Offensive Security Engineer who enjoys breaking code and mitigating risks. In her spare time she volunteers in the local security community.

7. Length of Talk or Training

90 Minutes

8. Short Abstract

Who I Am

XSS Variances

KinD Introduction

KinD Installation

Web Service Docker Image

BurpSuite as a Container

Attacking the Web Service

Additional Open Source Docker Images

Thanks

9. Detailed Outline

Hand out – email address which autoreplies with the set of URL links required for the training. Students will be downloading and installing the necessary tools during the introductory discussions.


Who I Am - I am NAME. I am a metal head and overall nerd whose hobbies include (D&D, war-gaming, reading, video games, Go, and learning new things).

XSS Variances – 10min lightening talk on common XSS attacks and variances of these attacks that often get through filters.

KinD Introduction – 10min lightening talk on what kind is and how it will be used.

KinD Installation – Quick walk-through on how to install kind.

Web Service Docker Image – Quick walk-through on how to deploy the web service and verify its functionality.

Burp Suite as a Container – Quick walk-through on deploying burp suite as a container and verifying it can communicate with the deployed web service.

Attacking the Web Service – Putting it all together, the students will have a chance to use XSS to attack the web service in a variety of scenarios with short achievable goals. It plays out as more of an adventure style attack than a jeopardy style short CTF.

Additional Open Source Docker images – last 30 minutes, or for all of those who finish the XSS scenarios will be guided to additional vulnerable images to attack as well as how to deploy additional attack tools.

Thanks – end slide will include link to find all of the resources used in this training.

10. Past Speaking/Training Experience (if any)

Aside from giving presentations on security tools during college I have none.

11. Have you given this Talk or Training anywhere before?

No

12. Special Requirements

Students will be required to bring a laptop capable of running linux.