Training Schedule - November 14th 2025

:bangbang: NOTICE: All Training Sessions are at The University of North Florida, University Center, located at: 12000 Alumni Drive, Jacksonville, FL 32224
:star: Please check the posted schedule for updates. The schedule is subject to change.

Time Track 1 Track 2 Track 3 Track 4
09:00-12:00 # It's a Literal Cluster F*** ## Over-Engineering Your Homelab 101 and All the Stuff They Don't Teach You at the Academy!

Christian McLaughlin		 Binary Jiu-jitsu: White Belt Fundamentals

Joshua Connolly		 The Burglar’s Guide to Web Application Testing: Stealing Secrets Like a Hobbit, a hands-on, story-driven workshop

Kevin Johnson		 No Morning Session
12:00-13:00 Lunch Break - Offsite
13:00-17:00 # It's a Literal Cluster F*** ## Over-Engineering Your Homelab 101 and All the Stuff They Don't Teach You at the Academy!

Christian McLaughlin		 Binary Jiu-jitsu: White Belt Fundamentals

Joshua Connolly		 The Burglar’s Guide to Web Application Testing: Stealing Secrets Like a Hobbit, a hands-on, story-driven workshop

Kevin Johnson		 From Datasheet to .data Section: Acquiring Firmware from a Code-Protected Microcontroller

RJ Crandall

Training

# It's a Literal Cluster F*** ## Over-Engineering Your Homelab 101 and All the Stuff They Don't Teach You at the Academy!

This isn’t your traditional homelab talk it’s a masterclass in **overengineering the hell out of your homelab**. Why? Because we can. And more importantly because that's how real infrastructure is built. Most talks stop at “how to set up a homelab” or “what services to deploy.” Not this one. In this hands-on workshop, we’ll go beyond Docker and VMs to explore how engineers and architects design resilient, scalable systems in production environments and how you can recreate those same practices at home. **You’ll learn how to build and manage:** - High availability clusters and quorum logic - Reverse proxies and load balancers with **HAProxy**, **Nginx**, or **Traefik** - Internal DNS, service discovery, and local PKI - Infrastructure monitoring with **Prometheus**, **Grafana**, **Loki**, and **Alertmanager** - Failure domains, backups, and disaster recovery strategies - CI/CD pipeline integration with your services - Orchestration and automation with **Ansible**, **Terraform**, and GitOps flows - Infrastructure as Code — and why it matters even in your homelab This workshop is ideal for tinkerers, SREs, engineers, and anyone who wants to simulate real-world production infrastructure at home. You’ll walk away with hands-on knowledge and **resume-ready skills** that make you stand out from the crowd.

Trainer: Christian McLaughlin
Christian McLaughlin is an Information Security Professional with over 13 years of combined professional experience in IT systems and avionics. Throughout his career, he has demonstrated expertise in offensive and defensive security, computer networking, automation, avionics, and aviation safety and maintenance. After spending 8 years in the Naval Aviation, he transitioned to a civilian career in Information Security where he continued his passion for knowledge holding roles as a SOC Analyst, Security Researcher, Security Consultant and Security Engineer. He is an advocate for teaching others about the awesome world of selfhosting. He advocates teaching others how to build homelabs for themselves and learning enterprise skills with free and open source software (FOSS).

Requirements: A Linux Laptop with the latest version of KVM installed (Lab VM instances can be provided to users with Windows or Mac devices however they will need an SSH Client)

Cost: $100
Binary Jiu-jitsu: White Belt Fundamentals

Binary exploitation can feel overwhelming for beginners. With so many tools, techniques, and architectures to learn, it’s easy to get lost without a structured path. Binary Jiu-Jitsu is designed to guide students through the fundamentals of binary exploitation using a skill-based, hands-on approach inspired by martial arts training. In this workshop, we’ll cover the essential building blocks for exploiting simple 64-bit Linux ELF binaries. Attendees will learn the fundamentals of computer architecture, reverse engineering with Ghidra, debugging with GDB, finding stack-based buffer overflows, and developing custom exploits using pwntools. Throughout the session, participants earn “stripes” by completing progressively harder hands-on challenges in a live CTFd environment. By the end, students will have the knowledge — and practical skills — to identify vulnerabilities, write working exploits, and pop their first shell. By the end of this session, participants will be able to: • Understand CPU architecture and memory layout fundamentals. • Use Ghidra for disassembly and static analysis. • Debug and inspect binaries using GDB. • Identify and exploit stack-based buffer overflows. • Build exploit scripts using pwntools. • Gain experience solving CTF-style binary exploitation challenges. • Earn four stripes by solving challenges tied to key skills. • Finish with a belt test — a mini-CTF with real exploit scenarios. • Top scorer wins a prize, and all students receive collectible Binary Jiu-Jitsu skill-level stickers.

Trainer: Joshua Connolly
Joshua is a vulnerability researcher and reverse engineer with a passion for hacker education.

Requirements: Computer with Virtualbox installed

Cost: $100
The Burglar’s Guide to Web Application Testing: Stealing Secrets Like a Hobbit, a hands-on, story-driven workshop

Abstract TBD.

Trainer: Kevin Johnson
.
From Datasheet to .data Section: Acquiring Firmware from a Code-Protected Microcontroller

You will learn the following material in the specific context of a PIC18 microcontroller: * Reading datasheets and interacting with microcontrollers with vendor-provided tools * Reading configuration bits and unprotected memory regions * Identifying and attacking improper configuration of microcontroller code protection * Interfacing with a UART peripheral in PIC18 assembly * Bit-banging a microcontroller programming specification via an FTDI cable * Dumping code-protected memory regions from a breadboarded microcontroller * Loading the firmware into a disassembler for initial reverse engineering What this workshop will NOT teach you: * Hardware attacks (e.g., glitching, side-channel analysis, fault injection) * A universal bypass for a properly code-protected PIC18 * In-depth software reverse engineering with Ghidra

Trainer: RJ Crandall
RJ Crandall specializes in low-level software security training regarding the emulation, vulnerability discovery, and exploitation of embedded systems, operating systems, and application software. He has 10+ years of career experience in both national security and private industry, leading teams with dozens vulnerability researchers (VR) and reverse engineers (RE). In these roles, he also created interview processes and made hiring decisions. Attendees may leverage this experience to transition into the VR/RE industry or broaden their professional networks. Previous training, instructional, and presentation experiences: * RE//verse 2025 Lightning Talk * Reverse Engineering for Interviews @ HackUCF * US Cyber Games Season II Senior Tech Mentor * "Bypassing the Upcoming Safe Linking Mitigation" blog post * Many other blog posts at Research Innovations, Inc (RII) * BSides Orlando 2024 Unconference Talk: “How to Teach Yourself VR/RE” * Many tech talks given at universities and local meetups around the country * Developed an administered company-internal mentoring plans for all new VR/RE engineers and a company-wide tech talk explaining what work the Cyber unit performs

Requirements: Laptop requirements: * Ability to run a 64-bit virtual machine * VM Specifications: * 4GB RAM * 50 GB Virtual Disk * 4 vCPUs * 2x USB 3.0 (xHCI) ports, concurrently * Tested with: * Ubuntu 24.04.3 LTS Host (AMD) * VirtualBox 7.1.12 Hardware kits will be loaned to attendees and available for purchase separately.

Cost: $100