RomHack Training 2024

Welcome to the RomHack Training 2024 ticket shop! In this page you can buy tickets for RomHack Training.

Early bird started on Monday 15 Jan 2024 and will last for 3 months.

Logistics and Accommodation

  • The Trainings will take place at the Polo Didattico, a facility located in a historic building in the characteristic Roman district of Garbatella
  • Training Rooms address: Polo Didattico, Piazza Oderico da Pordenone, 3, Rome, Italy
  • Lunch & coffee breaks: included
  • Accommodation: Here you can find a list of hotels and B&B near the trainings' location (accommodation is not included in the price)

Payments and Invoicing

  • Accepted methods for payment: Stripe (Credit cards/Google Pay/Apple Pay/Link) or PayPal or Bank transfer (up to 13 September)
  • Invoicing: invoice will be sent after the payment

Important notes

  • Classes that do not reach minimum participants by 31 March 2024 will be cancelled and tickets will be fully refunded
  • Confirmed trainings are NOT refundable, failure to attend will be considered as No-Show. No refund will be given
  • Training tickets may be transferred. Please email us for specifics
  • Each participant will receive a ticket to the RomHack Conference, which will take place on Saturday, 28 September 2024
  • Tickets will be sold until Friday, 20 September 2024

In case you have questions, need more information or you have budget constraints drop us an email, we are here to help.

When does the event happen?
Add to Calendar

Full Stack Web Attack by Steven Seeley

Full Stack Web Attack by Steven Seeley

Detailed description and trainer's bio

  • 4 days training
  • 20 people maximum
  • Start: Tuesday, 24 September 2024
  • End: Friday, 27 September 2024
  • Training hours: 09:00 - 18:00 CEST

This is an advanced training designed to push you beyond what you thought was possible and set you on the path to develop your own workflow for offensive zero-day web research. Each of the vulnerabilities presented have either been mirrored from real zero-day or are n-day vulnerabilities that have been discovered by the author with a focus on not just exploitation, but also on the discovery. It teaches how to exploit web technologies without client interaction for maximum impact, i.e. remote code execution.

Original price: €4,000.00 New price: €3,600.00 plus 22% VAT

Advanced Fuzzing and Crash Analysis by Richard Johnson

Advanced Fuzzing and Crash Analysis by Richard Johnson

Detailed description and trainer's bio

  • 4 days training
  • 20 people maximum
  • Start: Tuesday, 24 September 2024
  • End: Friday, 27 September 2024
  • Training hours: 09:00 - 18:00 CEST

This class is designed to introduce students to the best tools and technology available for automating vulnerability discovery and crash triage with a focus on delivering a practical approach to applying this technology in real deployments. Through an applied understanding of introductory program analysis and binary translation, techniques for finding various bug classes and methods for improved crash debugging will be discussed. We will take a deep dive into fuzzing, covering all aspects of this practical approach to finding bugs.

Original price: €4,000.00 New price: €3,600.00 plus 22% VAT

EDR - The Great Escape by Silvio La Porta & Antonio Villani

EDR - The Great Escape by Silvio La Porta & Antonio Villani

Detailed description and trainer's bio

  • 4 days training
  • 20 people maximum
  • Start: Tuesday, 24 September 2024
  • End: Friday, 27 September 2024
  • Training hours: 09:00 - 18:00 CEST

The training provides a comprehensive understanding of the architecture of modern EDRs and their underlying Antivirus (AV) systems. It equips security professionals with a deep understanding of modern EDRs and their AV systems, enabling them to better simulate advanced threat scenarios, improve their evasion detection skills, and contribute to the overall enhancement of security within enterprise networks. The training is designed from an attacker's point of view, teaching red-teams how to make their implants stealthier, but it will also teach defenders how to deal with the anti-reversing and the OPSEC techniques demonstrated in class.

Original price: €4,000.00 New price: €3,600.00 plus 22% VAT

Advanced Active Directory Exploitation by John Iatridis (SensePost)

Advanced Active Directory Exploitation by John Iatridis (SensePost)

Detailed description and trainer's bio

  • 4 days training
  • 20 people maximum
  • Start: Tuesday, 24 September 2024
  • End: Friday, 27 September 2024
  • Training hours: 09:00 - 18:00 CEST

Standing on the shoulders of giants in the industry, the Advanced Active Directory Exploitation (AADE) course provides a meticulous and thorough examination of domain object relationships and of the quite complicated Kerberos protocol, the latter being scrutinized on a request and response level. The end goal being to enable attackers and defenders into engaging with domain environments deployed on the premises with efficiency and precision. This is achieved by comprehensive theory in conjunction with a series of practical exercises within a unique to each student domain environment.

Original price: €3,000.00 New price: €2,700.00 plus 22% VAT

Hunting Zero-Days In Embedded Devices by Pedro Ribeiro & Radek Domanski

Hunting Zero-Days In Embedded Devices by Pedro Ribeiro & Radek Domanski

Detailed description and trainer's bio

  • 4 days training
  • 20 people maximum
  • Start: Tuesday, 24 September 2024
  • End: Friday, 27 September 2024
  • Training hours: 09:00 - 18:00 CEST

Hands-on training course that teaches students how to find and exploit vulnerabilities in embedded devices such as routers, cameras, industrial devices, televisions, microcontrollers, automotive, etc. The course will go in depth into several classes of vulnerabilities, with practical exercises on real and emulated devices of different CPU architectures. Each vulnerability class will be described, studied and then exploited in a variety of different ways. This course aims to bridge the gap between hardware hacking and exploitation, giving students the necessary knowledge they need to become product security experts.

Original price: €4,000.00 New price: €3,600.00 plus 22% VAT

Exploiting the Linux Kernel by Andrey Konovalov

Exploiting the Linux Kernel by Andrey Konovalov

Detailed description and trainer's bio

  • 4 days training
  • 20 people maximum
  • Start: Tuesday, 24 September 2024
  • End: Friday, 27 September 2024
  • Training hours: 09:00 - 18:00 CEST

This training guides researchers through the field of Linux kernel exploitation. In a series of practical labs, the training explores the process of exploiting kernel bugs in a modern Linux distribution on the x86-64 architecture. The training starts with beginner topics but proceeds into advanced areas as well. The beginner chapters include learning how to escalate privileges and bypass foundational mitigations in x86-64 kernels. The advanced chapters are primarily dedicated to the modern slab (heap) exploitation techniques and include an in-depth analysis of the kernel allocators' internals.

Original price: €4,000.00 New price: €3,600.00 plus 22% VAT