Training Schedule - November 14th 2025

👉 Get Your Training Tickets Now

:bangbang: NOTICE: All Training Sessions are at The University of North Florida, University Center, located at: 12000 Alumni Drive, Jacksonville, FL 32224
:star: Please check the posted schedule for updates. The schedule is subject to change.
:star: The schedule and event details are also available on HackerTracker.app
:books: The floor plan for Friday and Saturday can be found here: Map

Time Track 1 Track 2 Track 3 Track 4
09:00-12:00 # It's a Literal Cluster F*** ## Over-Engineering Your Homelab 101 and All the Stuff They Don't Teach You at the Academy!

Christian McLaughlin		 Binary Jiu-jitsu: White Belt Fundamentals

Joshua Connolly		 The Burglar’s Guide to Web Application Testing: Stealing Secrets Like a Hobbit, a hands-on, story-driven workshop

Kevin Johnson		 No Morning Session
12:00-13:00 Lunch Break - Offsite
13:00-17:00 # It's a Literal Cluster F*** ## Over-Engineering Your Homelab 101 and All the Stuff They Don't Teach You at the Academy!

Christian McLaughlin		 Binary Jiu-jitsu: White Belt Fundamentals

Joshua Connolly		 The Burglar’s Guide to Web Application Testing: Stealing Secrets Like a Hobbit, a hands-on, story-driven workshop

Kevin Johnson		 From Datasheet to .data Section: Acquiring Firmware from a Code-Protected Microcontroller

RJ Crandall

Training

# It's a Literal Cluster F*** ## Over-Engineering Your Homelab 101 and All the Stuff They Don't Teach You at the Academy!

This isn’t your traditional homelab talk it’s a masterclass in overengineering the hell out of your homelab. Why? Because we can. And more importantly because that's how real infrastructure is built. Most talks stop at “how to set up a homelab” or “what services to deploy.” Not this one. In this hands-on workshop, we’ll go beyond Docker and VMs to explore how engineers and architects design resilient, scalable systems in production environments and how you can recreate those same practices at home.

You’ll learn how to build and manage:

  • High availability clusters and quorum logic
  • Reverse proxies and load balancers with HAProxy, Nginx, or Traefik
  • Internal DNS, service discovery, and local PKI
  • Infrastructure monitoring with Prometheus, Grafana, Loki, and Alertmanager
  • Failure domains, backups, and disaster recovery strategies
  • CI/CD pipeline integration with your services
  • Orchestration and automation with Ansible, Terraform, and GitOps flows
  • Infrastructure as Code — and why it matters even in your homelab

This workshop is ideal for tinkerers, SREs, engineers, and anyone who wants to simulate real-world production infrastructure at home. You’ll walk away with hands-on knowledge and resume-ready skills that make you stand out from the crowd.

Trainer: Christian McLaughlin
Christian McLaughlin is an Information Security Professional with over 13 years of combined professional experience in IT systems and avionics. Throughout his career, he has demonstrated expertise in offensive and defensive security, computer networking, automation, avionics, and aviation safety and maintenance. After spending 8 years in the Naval Aviation, he transitioned to a civilian career in Information Security where he continued his passion for knowledge holding roles as a SOC Analyst, Security Researcher, Security Consultant and Security Engineer. He is an advocate for teaching others about the awesome world of selfhosting. He advocates teaching others how to build homelabs for themselves and learning enterprise skills with free and open source software (FOSS).

Requirements: A Linux Laptop with the latest version of KVM installed (Lab VM instances can be provided to users with Windows or Mac devices however they will need an SSH Client)

Cost: $200
Binary Jiu-jitsu: White Belt Fundamentals

Binary exploitation can feel overwhelming for beginners. With so many tools, techniques, and architectures to learn, it’s easy to get lost without a structured path. Binary Jiu-Jitsu is designed to guide students through the fundamentals of binary exploitation using a skill-based, hands-on approach inspired by martial arts training.

In this workshop, we’ll cover the essential building blocks for exploiting simple 64-bit Linux ELF binaries. Attendees will learn the fundamentals of computer architecture, reverse engineering with Ghidra, debugging with GDB, finding stack-based buffer overflows, and developing custom exploits using pwntools. Throughout the session, participants earn “stripes” by completing progressively harder hands-on challenges in a live CTFd environment. By the end, students will have the knowledge — and practical skills — to identify vulnerabilities, write working exploits, and pop their first shell.

By the end of this session, participants will be able to:

  • Understand CPU architecture and memory layout fundamentals.
  • Use Ghidra for disassembly and static analysis.
  • Debug and inspect binaries using GDB.
  • Identify and exploit stack-based buffer overflows.
  • Build exploit scripts using pwntools.
  • Gain experience solving CTF-style binary exploitation challenges.
  • Earn four stripes by solving challenges tied to key skills.
  • Finish with a belt test — a mini-CTF with real exploit scenarios.
  • Top scorer wins a prize, and all students receive collectible Binary Jiu-Jitsu skill-level stickers.

Trainer: Joshua Connolly
Joshua is a vulnerability researcher and reverse engineer with a passion for hacker education.

Requirements: Computer with Virtualbox installed

Cost: $200
The Burglar’s Guide to Web Application Testing: Stealing Secrets Like a Hobbit, a hands-on, story-driven workshop

This workshop takes you on a journey through the methodical process of web application penetration testing, equipping you with practical skills to uncover vulnerabilities that often remain hidden from plain sight. Like a careful burglar (I mean Hobbit), planning the perfect heist, you'll learn how to systematically approach security assessments with precision and purpose. Kevin Johnson will guide you through each phase of the testing lifecycle, sharing battle-tested techniques refined over years of testing applications and APIs.

From initial reconnaissance and OSINT gathering to the careful mapping of attack surfaces, Kevin will demonstrate techniques that have successfully uncovered critical vulnerabilities in real-world applications. Drawing from his experience, he'll share war stories of unexpected discoveries—those precious "ring" moments where seemingly small findings led to significant security risk.

Through hands-on demonstrations, you'll learn to move through systems with the stealth and cleverness of the most unlikely hero, identifying weaknesses that others have overlooked and developing the practical skills to document and communicate these findings effectively to development teams and stakeholders alike.

Trainer: Kevin Johnson

Requirements: TBD

Cost: $200
From Datasheet to .data Section: Acquiring Firmware from a Code-Protected Microcontroller

You will learn the following material in the specific context of a PIC18 microcontroller:

  • Reading datasheets and interacting with microcontrollers with vendor-provided tools
  • Reading configuration bits and unprotected memory regions
  • Identifying and attacking improper configuration of microcontroller code protection
  • Interfacing with a UART peripheral in PIC18 assembly
  • Bit-banging a microcontroller programming specification via an FTDI cable
  • Dumping code-protected memory regions from a breadboarded microcontroller
  • Loading the firmware into a disassembler for initial reverse engineering

What this workshop will NOT teach you:

  • Hardware attacks (e.g., glitching, side-channel analysis, fault injection)
  • A universal bypass for a properly code-protected PIC18
  • In-depth software reverse engineering with Ghidra

Trainer: RJ Crandall
RJ Crandall specializes in low-level software security training regarding the emulation, vulnerability discovery, and exploitation of embedded systems, operating systems, and application software. He has 10+ years of career experience in both national security and private industry, leading teams with dozens vulnerability researchers (VR) and reverse engineers (RE). In these roles, he also created interview processes and made hiring decisions. Attendees may leverage this experience to transition into the VR/RE industry or broaden their professional networks. Previous training, instructional, and presentation experiences: * RE//verse 2025 Lightning Talk * Reverse Engineering for Interviews @ HackUCF * US Cyber Games Season II Senior Tech Mentor * "Bypassing the Upcoming Safe Linking Mitigation" blog post * Many other blog posts at Research Innovations, Inc (RII) * BSides Orlando 2024 Unconference Talk: “How to Teach Yourself VR/RE” * Many tech talks given at universities and local meetups around the country * Developed an administered company-internal mentoring plans for all new VR/RE engineers and a company-wide tech talk explaining what work the Cyber unit performs

Requirements: A Laptop with ability to run a 64-bit Intel virtual machine.

VM Specifications:

  • 4GB RAM
  • 50 GB Virtual Disk
  • 4 vCPUs
  • 2x USB 3.0 (xHCI) ports, concurrently

Tested with: * Ubuntu 24.04.3 LTS Host (AMD) * VirtualBox 7.1.12

Hardware kits will be loaned to attendees and available for purchase separately.

Cost: $200