Offensive Operations East 2025 – Workshops Gratis

10am-12pm Eastern Daylight Saving Time (UTC-4)

Artificial Infection: Using AI to Write Malware

Keyloggers have long been a tool of choice for both penetration testers and cybercriminals. However, traditional options—like Meterpreter—are easily flagged by antivirus solutions, while writing a custom keylogger from scratch can be cumbersome and technically demanding. But with the rise of Generative AI, that challenge has all but disappeared.

In this hands-on workshop, we'll harness the power of AI to build a fully functional keylogger from the ground up—no prior expertise required. Taking an iterative approach, we'll start with a basic keylogger before progressively refining it with quality-of-life enhancements such as output cleanup, window monitoring, timestamps, and clipboard capture. In the second half, we'll push the boundaries further, integrating advanced capabilities like persistence, trojanization, and built-in safety mechanisms—including self-destruct features, file encryption, and blacklisting protections. Whether you're a red teamer looking to sharpen your offensive toolkit or a security professional seeking to better understand and mitigate modern threats, this workshop will equip you with the skills to build, analyze, and defend against next-generation keyloggers—all with the power of AI.

CRITICAL NOTE ABOUT THIS WORKSHOP: This is considered an advanced workshop that has a list of device requirements that must be met prior to attending the workshop.

The requirements are:

• Access to a Windows 10 or 11 device for testing.
• Virtual machines or other sandboxed environments are highly recommended.
• Your device must have an integrated development environment (IDE), such as Visual Studio Code, installed prior to the workshop.
• Python must be installed on the target device.
• Mobile devices such as phones and tablets will not be sufficient for this lab.

Legal Disclaimer

1. This workshop involves the development and execution of live malware, which has the potential to compromise system integrity.
2. Participants acknowledge that the use of spyware or similar tools on individuals or systems without explicit consent is both  unethical and illegal.
3. SANS and its affiliates  expressly disclaim any liability for the misuse of malware developed during this session.
4. Furthermore, no guarantees are made regarding the safety or stability of executing such software on any device. 
5. Participants assume full responsibility for any consequences arising from their use or deployment of the materials covered in this workshop.
6. This workshop is strictly for educational and research purposes.
7. By participating, attendees agree to abide by all applicable laws and ethical guidelines governing cybersecurity practices.

10am-4pm Eastern Daylight Saving Time (UTC-4)

Speed Run CTF | Web Workshops | Intro to CTFs

Join SANS in this exciting opportunity to hone your skills in a village setting with your peers. We’ve planned an exciting multifaceted engagement to take place over the course of our day. Take part in any one or all parts of our SANS Villages!

Speed Run CTF

Think you're fast? Prove it.
This adrenaline-pumping Capture the Flag (CTF) event is unlike any other. Anyone can solve a CTF challenge with enough time. This tournament is about proving you can think fast and act decisively. This isn't your average CTF... it's a race against the clock.

• 2 Minutes Per Challenge – can you handle the pressure?
• Variety of Challenges – Test your skills in a wide range of CTF categories from cryptography to web exploitation
• 3 Hours of Intensity – Solve as many challenges as you can in the 3-hour tournament window. Every second counts!

Web Workshops

ThreatShop is an interactive workshop designed to be a hands-on, practical experience to learn about web application security. Attendees will learn the top web vulnerabilities through a guided hands-on approach. Each exercise contains information on the vulnerability and an example of vulnerable code. After attempting the exercise you’ll have a walkthrough allowing you to complete the task on your own. Apply what you’ve learned in the Speed Run CTF!

Topic Areas:

• Module – Introduction to Web Fundamentals
• Module – Understanding Web Communications
• Module –  Practical Web Tools for Security Testing
• Exercise – Insecure Direct Object Reference (IDOR)
• Exercise – Path Traversal
• Exercise – SQL Injection
• Exercise – Server-Side Request Forgery (SSRF)
• Exercise – Cross-Site Scripting (XSS)
• Exercise – Insecure Deserialization

Intro to CTFs

Capture the Flag (CTF) competitions range in style and difficulty but every CTF offers a wealth of knowledge. After an initial base-lining on CTF basics, the main focus of this workshop relates to how both technical and non-technical skills learned through participation can be applied to real-world scenarios. This workshop aims to excite participants about the value of CTFs and what they stand to gain by playing! Turn these fun puzzles into real-world skills to apply in your career.

Workshop Outline:

• CTF Styles
• Types of Challenges
• Technical Skills, Tools and Techniques **real-world tie in examples**
• Non-Technical Skills **real-world tie in examples**
• Socializing & Teamwork **real-world tie in examples**
• Post CTF
• CTF Resources
• Conclusion

1pm-3pm Eastern Daylight Saving Time (UTC-4)

Follow the SSRF rabbit

Server-Side Request Forgery (SSRF) vulnerabilities made it to the OWASP Top Ten in 2021, which is quite an accomplishment! But it was not a surprise as in previous years we have witnessed many devastating attacks where SSRF vulnerabilities were to blame. Even though SSRF vulnerabilities can be very devastating, at the core they are quite simple to understand and (sometimes) to exploit.

In this workshop we’ll explain how SSRF vulnerabilities work and then we will dive into a lab that will require us to chain a number of vulnerabilities (SSRF included, of course) to achieve the final goal and find that white rabbit!

 Prerequisites: Familiarity with Burp suite and fuzzers such as ffuf, wfuf or feroxbuster

3:15pm-5:15pm Eastern Daylight Saving Time (UTC-4)

Active Directory Privilege Escalation Workshop

This session will guide attendees through various attack techniques used to escalate privileges within Active Directory environments, leveraging Empire version 5 to execute real-world attack scenarios. By the end of the workshop attendees will gain the skills to perform several privilege escalation techniques that can later be used in real-world environments.

Participants will walk away with a fully functional AD lab environment in AWS, allowing them to replay and refine techniques on their own time. Additionally, attendees will gain a solid understanding of AD security weaknesses, empowering them to identify and mitigate these threats in real-world environments.