סדנאות

Cloud CTF

You are welcome to an introduction to the cloud world. We will explore and learn on main concepts in a cloud environment like IAM, EC2 instances, S3 buckets and serverless functions (Lambda). The session is designed as CTF style, to achieve our objectives - we will hunt for the crown jewels (flags!) by exploiting various cloud attack vectors and misconfigurations. 

 

** The session may be in English. 

To make the most of this class, you should already have:  

  • Linux basics

 

Please prepare beforehand:  

  • SSH/Putty client

Web App Pentesting

Breaking stuff is fun! Come learn about how web applications really work, and see how easy it can be to investigate most apps. You’ll learn how to quickly find many types of common vulnerabilities such as the OWASP Top 10 and more, and see how to exploit them quickly and easily!

 

Please prepare beforehand:  

Cyber Threat Intelligence

You are welcome to an introduction to the threat intelligence research and analysis world. During the session, you’ll learn what cyber threat intelligence is, and how we can learn the attacker behavior to make impact internally. Threat Intelligence combines both technical skills and analyzing skills which are not technical only, including assessments, attribution and strategic thinking. With the collected data, we can lead the organization and our stakeholders to better defend from actual threats, understand the threat landscape and help decision makers to make better decisions. During the session, you will hear an introduction for the threat intelligence world and analyze a threat actor. 

Make sure to come ready for critical thinking!

Encryption Cracking

Encryption is the foundation for cyber security. Have you ever wondered what is happening behind the scenes when you purchase something online and you see the lock appears next to the URL?

Join us to learn the basics of cryptography and get a chance to crack your first code!

No prior knowledge is required. Just bring a laptop with your favorite programming environment and lots of curiosity.

To make the most of this class, you should already have:  

  • Basic coding skills in any programming language

  • No prior knowledge with cryptography

 

Please prepare beforehand:  

  • A development environment to write the cracking code.

OS Forensics Workshop

As a young or new profession cyber enthusiast- there are many roles that you can start with, however, one of the most interesting ones is DFIR analyst. What is that? DFIR= digital forensics incident response meaning, when a cyber attack occurs or something wrong happened - DFIR team will investigate the incident by using technical tools to determine what was the attack, who was the attack, which systems were compromised, etc.

If the DFIR team is big enough, each member would have a specific field, one of them is OS (operation systems) and HD (hard disk) forensics. Come to learn a few cool tools to use as a beginner-level analyst (Just bring your laptop, cable and passion to learn! We’ll provide you with access to a virtual machine with SIFT Workstation).

To make the most of this class, you should already have:  

  • Basic knowledge in OS field (what type are there, what does it mean)

 

Please prepare beforehand:  

  • Autopsy - download here
    You can find how to install this (Windows only) here OR here. If you have any issue installing it - we will have some time to help you during the session.

 Network Forensics Workshop

As a young or new profession cyber enthusiast- there are many roles that you can start with, however, one of the most interesting ones is DFIR analyst. What is that? DFIR= digital forensics incident response meaning, when a cyber attack occurs or something wrong happened - DFIR team will investigate the incident by using technical tools to determine what was the attack, who was the attack, which systems were compromised, etc.

If the DFIR team is big enough, each member would have a specific field, one of them is Network forensics. This skill will also help you as a SOC tier 1 analyst.  Come to learn a few cool tools to use as a beginner-level analyst, such as Bro, Wireshark, Tshark, and SecurityOnion (Just bring your laptop, cable and passion to learn!)

To make the most of this class, you should already have:  

  • Just basic computers trivial knowledge (how to install new program)

  • No need for prior knowledge in networks field

 

Please prepare beforehand:  

  • Wireshark - You can pre-install Wireshark on your windows/mac laptop. Here’s the guide (Hebrew).

Incident Response

In these sessions we will walk through the work of an incident responder, from the initial phase of getting the lead on an incident, validating the data and performing a deeper investigation to find the facts and vector of attack. This simulates, through a series of “incidents” the work of an incident responder and their day to day lives. All stories are based on real events.

To make the most of this class, you should:  

  • be a self learner, with a keen curiosity

  • like puzzles

 

Please prepare beforehand:  

  • Chrome browser

  • A notebook and a pen, or familiarity with using notes app / Word

Malware Analysis Training

Learn hands-on the basics of Malware Analysis by analyzing different malicious files and setting up a research lab called “Sand Box”.

To make the most of this class, you should already have:  

  • Curiosity

  • Self learning capability

AppSec Secure Coding

Would you like to create applications that could never be hacked? Would like to help other developers to apply security from the very first line of their code?

In this activity, we’ll learn how to mitigate web application vulnerabilities.

We’ll review vulnerable application code, learn how an attacker might exploit it, and then how to fix it.

At the end of the session, we’ll detect together vulnerabilities in a surveillance solution and steal a web camera live view.

To make the most of this class, you should already have:  

  • Some basic coding skills (any modern language, eg Java, C#, JavaScript, Python, etc)

  • Open And Fresh Mind

Web Bots - Red vs. Blue

Web bots are programs designed to collect data from websites. In this session we will have a short discussion about “good” and “bad” bots and do a hands-on exercise. The participants will simulate both the defender and attacker, learning how to write a basic scraping bot and how to protect yourself against it.

To make the most of this class, you should already have:  

  • Basic Python and computer networks knowledge

Please prepare beforehand:  

  • Python3  (Download and install the latest version from here)

  • A Python IDE, preferably PyCharm (download the community edition here)

Speed Networking

בואי להרחיב את מעגל ה- networking שלך!

אנחנו יודעות שליצור שיחה עם מישהי שאת לא מכירה יכול להביך, אז יצרנו מרחב ייעודי להיכרות מקצועית.

תתקיים חלוקה לזוגות , נקצה זמן ושאלות לניהול שיחת היכרות קצרה וקלילה. לאחר מספר דקות הזוגות יתחלפו, נתחיל סבב חדש ואת תכירי עוד נשים מעוררות השראה!

Kaffeeklatsch

מה דעתך לנהל שיחה על כוס קפה עם אישה שעובדת בתעשייה? יש לך הזדמנות ללמוד ולהיתרם מהמסע שהיא עברה. תוכלי לשאול שאלות על חייה המקצועיים וכך אולי תוכלי להגיע לתובנות בנוגע להמשך מסלול הקריירה שלך!

השיחות יתקיימו בקבוצות אינטימיות, בשולחנות ייעודיים במרחב המשותף.

 

מתאים לנשים שמתעניינות באורח העבודה במקצועות השונים.