Detailed description and trainer's bio

• 4 days training
• 20 people maximum
• Start: Tuesday, 23 September 2025
• End: Friday, 26 September 2025
• Training hours: 09:00 - 18:00 CEST
  ‎

Microsoft Entra ID (formerly Azure AD) is Microsofts identity management platform that many companies use as an identity platform for their cloud services, often using their existing on-prem AD in a hybrid setup. Entra ID is vastly different from on-premises AD and requires a different security approach to either attack or defend.

At Outsider Security, we spent years analyzing the internals of the services, found many critical flaws such as MFA bypasses and privilege escalations.

This training is your chance to learn how to hack Entra ID, directly from the researcher. The training covers how organizations use Entra ID to manage their identities and what security challenges this brings. The material is technical and deep-dives into core protocols such as OAuth2, different tokens and security policies. It is built as a hands-on training where theory is applied directly in a lab, solving challenges to gain access to accounts and elevate privileges.

Detailed description and trainer's bio

• 4 days training
• 20 people maximum
• Start: Tuesday, 23 September 2025
• End: Friday, 26 September 2025
• Training hours: 09:00 - 18:00 CEST
  ‎

This is a training for Web hackers who want to master their toolbox. Burp Suite Pro is the leading tool for auditing Web applications at large, but also a complex beast where new features get added every few weeks.

Mastering Burp Suite Pro, including its newest features, allows testers to get the most out of the tool, optimizing time spent auditing and testing. Work will be faster (hotkeys!) and much more efficient (more tools, more possibilities!). Attendees will also learn to measure and assess the quality of their attacks, a crucial skill in real life engagements that can make the difference between a false-negative and a critical finding.

Detailed description and trainer's bio

• 4 days training
• 15 people maximum
• Start: Tuesday, 23 September 2025
• End: Friday, 26 September 2025
• Training hours: 09:00 - 18:00 CEST
  ‎

This 4 day training course will teach you how to exploit advanced .NET enterprise targets, bypass mitigations, chain bugs and pop shellz!
We will be exploiting more than 15 remote code execution chains (total of 25 single bugs): these vulnerabilities will all be unique in their style and target real world software.

During the class, we'll walk you through bypassing mitigation, discovering and chaining complex vulnerabilities, the tricks and techniques based on each target and many more exciting subjects.
This is going to be 32 hours of intensive reverse engineering and exploitation to develop your intuition for finding and exploiting bugs in .NET environments.

Prior to enrolling in this course, students are encouraged to undertake a self-assessment challenge to ascertain if the course aligns with their objectives and proficiency level.

Detailed description and trainer's bio

• 4 days training
• 20 people maximum
• Start: Tuesday, 23 September 2025
• End: Friday, 26 September 2025
• Training hours: 09:00 - 18:00 CEST
  ‎

Fault Injection is often the weapon of choice for breaking into devices when exploitable software vulnerabilities are not known or absent.

While Fault Injection attacks are nowadays common, typical concepts, methodologies, techniques, and attacks are often not sufficiently understood. While achieving success by simply glitching a target can yield results, it’s important to note that this approach alone doesn’t facilitate the creation of innovative attacks. In this training, students will experience and appreciate the Art of Fault Injection (TAoFI) to exploit the full potential of Fault Injection attacks.

Students will experience, with guidance from experts, performing real-world Fault Injection attacks, that were either disclosed by Raelize or other security researchers. Students will be using the NewAE ChipWhisperer-Husky, typical hardware lab tooling like an oscilloscope and a hardware debugger.

Upon completing the training, students will be proficient in executing sophisticated Fault Injection attacks on real-world targets using commercially available tooling. The knowledge gained from understanding the underlying concepts, methodologies, techniques, and attacks, can be used by the students to perform novel fault Injection attacks on other targets of interest.

Detailed description and trainer's bio

• 4 days training
• 20 people maximum
• Start: Tuesday, 23 September 2025
• End: Friday, 26 September 2025
• Training hours: 09:00 - 18:00 CEST
  ‎

Hands-on training course that teaches students how to find and exploit vulnerabilities in embedded devices such as routers, cameras, industrial devices, televisions, microcontrollers, automotive, etc.

The course will go in depth into several classes of vulnerabilities, with practical exercises on real and emulated devices of different CPU architectures. Each vulnerability class will be described, studied and then exploited in a variety of different ways. This course aims to bridge the gap between hardware hacking and exploitation, giving students the necessary knowledge they need to become product security experts.