Training Mode Sample Submission
Note to reader: This talk is mostly made up for a general example. It's designed to provide ideas of information to include the lowest level of detail to use, and overall flow of a good submission. The Detailed Outline (#9) doesn’t need to be formatted as it is in this sample, but it should contain enough information to convince us of the merits of your talk. This should be above and beyond the information contained in the Short Abstract (#8).
1. Email address
youremail@domain.com
2. Name or Handle
Your Name
3. Talk Title
XSS Boosting
4. Talk options are Level Up, Story Mode, and Training Mode
Training Mode
5. Twitter Handle
@YourTwitter
6. Speaker Bio(s)
Your Name is an Offensive Security Engineer who enjoys breaking code and mitigating risks. In her spare time she volunteers in the local security community.
7. Length of Talk or Training
90 Minutes
8. Short Abstract
Who I Am
XSS Variances
KinD Introduction
KinD Installation
Web Service Docker Image
BurpSuite as a Container
Attacking the Web Service
Additional Open Source Docker Images
Thanks
9. Detailed Outline
Hand out – email address which autoreplies with the set of URL links required for the training. Students will be downloading and installing the necessary tools during the introductory discussions.
Who I Am - I am NAME. I am a metal head and overall nerd whose hobbies include (D&D, war-gaming, reading, video games, Go, and learning new things).
XSS Variances – 10min lightening talk on common XSS attacks and variances of these attacks that often get through filters.
KinD Introduction – 10min lightening talk on what kind is and how it will be used.
KinD Installation – Quick walk-through on how to install kind.
Web Service Docker Image – Quick walk-through on how to deploy the web service and verify its functionality.
Burp Suite as a Container – Quick walk-through on deploying burp suite as a container and verifying it can communicate with the deployed web service.
Attacking the Web Service – Putting it all together, the students will have a chance to use XSS to attack the web service in a variety of scenarios with short achievable goals. It plays out as more of an adventure style attack than a jeopardy style short CTF.
Additional Open Source Docker images – last 30 minutes, or for all of those who finish the XSS scenarios will be guided to additional vulnerable images to attack as well as how to deploy additional attack tools.
Thanks – end slide will include link to find all of the resources used in this training.
10. Past Speaking/Training Experience (if any)
Aside from giving presentations on security tools during college I have none.
11. Have you given this Talk or Training anywhere before?
No
12. Special Requirements
Students will be required to bring a laptop capable of running linux.