SEC554: SANS Stay Sharp Spring 2022

Provided by

Enquire about this course

What You Will Learn

In 2008, an anonymous author, under the pseudonym Satoshi Nakamoto, published a white paper outlining a public transaction ledger for a decentralized peer-to-peer payment system entitled Bitcoin: A Peer-to-Peer Electronic Cash System, which is regarded as the "birth" of blockchain. Since then, the use of blockchain has evolved beyond its original implementation as a cryptocurrency. It has gained momentum in recent years, being adopted by some of the largest organizations in the world, including IBM, Amazon, PayPal, Mastercard, and Walmart. However, due to the relative newness of blockchain compared to more understood and traditional technologies, its use is still hindered by speculation, confusion, uncertainty, and risk.

In SEC554: Blockchain and Smart Contract Security, you will become familiar with essential topics of blockchain and smart contract technology, including its history, design principles, architecture, business use cases, regulatory environment, and technical specifications. The course takes a detailed look at the mechanics behind the cryptography and the transactions that make blockchain work. It provides exercises that will teach you how to use tools to deploy, audit, scan, and exploit blockchain and smart contract assets. Hands-on labs and exercises will enable you to interact with various blockchain implementations, such as ethereum and bitcoin, and you'll be provided with resources to take with you to further explore.

There have already been widespread security breaches, fraud, and hacks on blockchain platforms, resulting in billions of dollars in losses. These issues, along with growing scrutiny by government agencies to find malicious users abusing the technology, is tarnishing blockchain's reputation. SEC554 approaches blockchain and smart contracts from an offensive perspective to inform students what vulnerabilities exist, how they are exploited, and how to defend against attacks that are currently leveraged today. Some of the skills and techniques you will learn are:
  • How to interact with and get data from public blockchains
  • How to exploit several types of smart contract vulnerabilities
  • How to test and exploit weak cryptography/entropy
  • How to discover and re-create private keys
  • What cryptojackers do and how to trace and track movements on blockchain
  • How to combat non-technical or social engineering types of attacks that adversaries use to access and steal from victims
We can see the many solutions blockchain technology can provide as a payment system, but as the technology is increasingly adopted, its attack surface will continue to grow. While there are some educational resources available for blockchain, there is relatively little educational content around blockchain security. No other training provides the comprehensive level of blockchain testing, exercises and knowledge that is delivered in SEC554.

You Will Be Able To
  • Compile and deploy smart contracts
  • Exploit vulnerable smart contracts, nodes, and private keys
  • Run automated security scans on smart contracts
  • Use the latest blockchain tools for development, security, auditing, and exploiting
  • Trace and discover blockchain transaction information
  • Set up and protect a cryptocurrency wallet
  • Crack partially exposed mnemonics keys
  • Send transactions to blockchain
  • Set up a local ethereum blockchain for testing
  • Join a cryptocurrency mining pool, or create your own mining node
  • Run static analysis on EVM bytecode
  • Interact with cryptocurrency on main and test networks
  • Investigate, install, and prevent crypto-jacking malware
  • Protect and defend against privacy attacks on blockchain
You Will Receive With This Course
  • ZIION blockchain and smart contract testing and development platform
  • Access to a full bitcoin testnet node
  • Reference documents outlining all the common smart contract vulnerability classes
  • Cheat sheet for the most common blockchain CLI tool commands
  • 14 labs with custom tools
  • Course workbook

Enquire

Start date Location / delivery
04 Apr 2022 Virtual Book now

Related article

At GIAC, we believe that hands-on testing is the future of cybersecurity certification. With five certification exams featuring CyberLive , and thr...