source code red horizontal logo

SOURCE CODE RED

IN Person Training

owasp-singapore-training-banner
$

Upcoming Training

“Red Teaming the Software Supply Chain”

OWASP AppSec Days Singapore, October 1st, 2024

SourceCodeRED will be delivering a 8-hour workshop at the OWASP AppSec Days Singapore on October 1st, 2024.  Cost is $650 USD per person.   You can read about the lineup at:  https://owaspappsecdayssingapore202.sched.com/event/1g5yi/1-day-training-red-teaming-the-software-supply-chain

You can buy a ticket at: https://owaspappsecdayssingapore2.rsvpify.com/

DESCRIPTION:

The software supply chain faces escalating threats, with attacks increasing by more than 730% annually since 2019. These attacks are innovative and continually evolving. One method for organizations to counter this growing threat is by empowering their red teams to test their software supply chains. This training aims to equip security teams with the knowledge to broaden their operations to include software chain security through reconnaissance, tooling, and interactive attack scenarios.

melbourne-bsides-2023-logo
$

Upcoming Training

“Red Teaming the Software Supply Chain”

Melbourne BSides, November 15th, 2024

SourceCodeRED will be delivering a 8-hour workshop at Melbourne BSides, November 15th, 2024.  Cost is $100 AU per person.   

You can buy a ticket at: https://www.bsidesmelbourne.com/2024-training-course-ssc.html

DESCRIPTION:

The software supply chain faces escalating threats, with attacks increasing by more than 730% annually since 2019. These attacks are innovative and continually evolving. One method for organizations to counter this growing threat is by empowering their red teams to test their software supply chains. This training aims to equip security teams with the knowledge to broaden their operations to include software chain security through reconnaissance, tooling, and interactive attack scenarios.

Check out some of the training we’ve delivered in the past…

las-vegas-bsides-logo
bsides-las-vegas-training-audience
$

Past Training

“Red Teaming the Software Supply Chain”

BSides Las Vegas – August 6th, 2024

SourceCodeRED will be delivering a 4-hour workshop at BSides Las Vegas during Hacker Summer Camp 2024.  The workshop will start at 3pm and ends at 7pm:  https://bsideslv.org/speakers#G39HJA

The schedule can be found at https://bsideslv.org/schedule

DESCRIPTION:

The software supply chain faces escalating threats, with attacks increasing by more than 730% annually since 2019. These attacks are innovative and continually evolving. One method for organizations to counter this growing threat is by empowering their red teams to test their software supply chains. This training aims to equip security teams with the knowledge to broaden their operations to include software chain security through reconnaissance, tooling, and interactive attack scenarios.

bsides-adelaide-2024-logo
adelaide-bsides-class-picture
$

Past Training

“Red Teaming the Software Supply Chain”

BSides Adelaide – May 16th, 2024

SourceCodeRED will be delivering an 8 hour session at Lot 14 in Adelaide.  Tickets are $120 and can be purchased here:
https://bsidesadelaide.com.au/agenda-training

DESCRIPTION:

The software supply chain faces escalating threats, with attacks increasing by more than 730% annually since 2019. These attacks are innovative and continually evolving. One method for organizations to counter this growing threat is by empowering their red teams to test their software supply chains. This training aims to equip security teams with the knowledge to broaden their operations to include software chain security through reconnaissance, tooling, and interactive attack scenarios.

crikeycon-2024-logo
crikeycon-training-2024-redacted
$

Past Training

“Red Teaming the Software Supply Chain”

CrikeyCon Brisbane – March 23rd, 2024

SourceCodeRED delivered an 4-hour workshop at CrikeyCon 2024 entitled “Red Teaming the Software Supply Chain”

You can find the training website here:
https://crikeycon.com/workshops/#redteam

DESCRIPTION:

The purpose of this workshop is to learn about the security posture of a specific software supply chain (SSC) by testing it via focused red-teaming activities. A big part of this workshop is learning how software is created by identifying how a target writes, builds and deploys its applications.
We will go through the different stages of the SSC and talk about the different security controls that exist at each stage. From that insight will come an understanding of the weaknesses and attack vectors available against that target. We will also spend some time talking about recent attacks and how malicious actors are evolving their techniques.
Participants will come away from this workshop with an understanding of how broad the software supply chain is, what security controls exist, and how to test if those controls are present.

melbourne-bsides-2023-logo
melbourne-bsides-2023-classroom
$

Past Training

“Attacking and Defending the Software Supply Chain”

BSides Melbourne – September 8th, 2023

SourceCodeRED delivered an 8 hour training session at Melbourne BSides entitled “Attacking and Defending the Software Supply Chain”

You can find the training website here:
https://www.bsidesmelbourne.com/2023-training-course-ssc.html

DESCRIPTION:

The software supply chain is an often mis-understood thing, so this training will first help us understand how broad the software supply chain (SSC) is and what it comprises.  Once you understand what the SSC is, and what the different stages are in a given SSC, you can start to identify what security controls can be used to protect each stage.

​From that insight will come an understanding of the weaknesses and attack vectors available to you if you intend to test the security of a SSC.  This is important as attacks on the SSC are increasing at more than 630% year on year, which is crazy!  Even worse, the types of attacks, and the ingenuity of the attackers is really impressive, and downright scary.

aisa-cybercon-2023-logo
aisa-cybercon-2023-training-audience
$

Past Training

“Attacking and Defending the Software Supply Chain”

AISA CyberCon Canberra – March 20th, 2023

SourceCodeRED delivered an 8 hour training session at AISA CyberCon Canberra entitled “Attacking and Defending the Software Supply Chain”

You can find the training website here:

DESCRIPTION:

The software supply chain is an often mis-understood thing, so this training will first help us understand how broad the software supply chain (SSC) is and what it comprises.  Once you understand what the SSC is, and what the different stages are in a given SSC, you can start to identify what security controls can be used to protect each stage.

​From that insight will come an understanding of the weaknesses and attack vectors available to you if you intend to test the security of a SSC.  This is important as attacks on the SSC are increasing at more than 630% year on year, which is crazy!  Even worse, the types of attacks, and the ingenuity of the attackers is really impressive, and downright scary.

Our Reviews

jakob-pennington-headshot

Jakob Pennington

Application Security Lead at Taptu, Course Coordinator for Secure Software Development at University of South Australia

“A highlight for me was the Red Teaming the Supply Chain training run by Paul on Thursday. So much knowledge, technique and experience packed into one day of training. I hope I can bring the same level of enthusiasm and joy for teaching into my own classroom.”

Miranda Riddell

Manager at Malware Security

“Paul’s ‘Attacking and Defending the Software Supply Chain’ workshop at Canberra CyberCon was eye-opening into often overlooked attack vectors (and has retained relevance; re xzutils this year!). Paul expertly broke down the software supply chain’s vastness and vulnerabilities – not to mention he is a thoroughly engaging trainer! Hats off to SourceCodeRED for delivering training that’s as interesting as it is essential.”

miranda-riddell-circle
conor-naughton-circle

Conor Naughton

DFIR Technical Lead at CFC Response/Solis Security

“I attended SourceCodeRED training at CrikeyCon IX in Brisbane, Paul effortlessly demystified the intricacies of the software supply chain and gave clear examples of how Red Teams can exploit it. It is said “if you can understand it, you can explain it” proves that Paul, without doubt, understands it. His expertise and contagious enthusiasm for the subject make Paul &  SourceCodeRED the obvious first choice”

Shane Boulden

Principal Architect at RedHat

“I attended a fantastic workshop with Paul at CrikeyCon IX in Brisbane last weekend. Incredible to see Paul’s work supporting open source communities like OSC&R, and leading projects like TVPO.”

shane-boulden-circle
brandon-chuah-circle

Brandon Chuah

Senior Security Engineer at REA Group

“I attended Paul’s workshop at CrikeyCon IX in Brisbane and being someone who is constantly learning in the areas of AppSec and DevSecOps – going through quite a bit of materials from different courses and platforms, I’ve definitely taken away insights and knowledge from his workshop that none of the others have covered.

CONTACT US

Service

Gold Coast office

16 Nexus Way, Southport, QLD 4215

ACN: 669 707 680