Tutorials

Tutorials - Day 1

09:00
09:30
10:00
10:30
11:00
11:30
12:00
12:30
13:00
13:30
14:00
14:30
15:00
15:30
16:00
16:30
17:00
17:30
Tutorials Tracks
Tutorials Tracks
Incident Response and Analysis.
09:00 - 12:30
Incident Response Tools and Techniques Track<BR> (Marcin Szymankiewicz)<br> Location:TBC

DescriptionPrerequisitesTrainer
Technical Difficulty: Beginner

In this class attendees learn the tools and techniques used to analyze a malware-related incident based on the data captured from many different sources (ids, full packet capture, dhcp and dns server, proxy logs and more).

The exercises require hands-on analysis of the investigation record collected in a small company network during several malware infections and carving out the data from a few hundred megabytes logs and pcaps into around a dozen of significant events.

As the organizations tend to choose different software vendors the class utilizes Linux command line as a primary analysis platform instead of introducing a specific utility. Learn how to process big pcap and log files in command line, investigate them, filter out noise and find out the needle in the haystack.

The VM with toolset and exercises are provided to the attendees prior to the class.

Familiarity with Linux command line. Quick reminder and a cheat sheet will be provided to the attendees during the class.

Marcin Szymankiewicz

Applying Machine Learning to Cyber Security – Part 1
09:00 - 12:30
Machine Learning for Cyber Security Track <br> (Brian Hay, Felix Leder and Ben Whitham)<br> Location:TBC

DescriptionPrerequisitesTrainer
Technical Difficulty: Intermediate / Advanced

In this workshop, you will learn how to apply machine learning to undertake a range of cyber security activities, including building your own next generation AV, creating fake content for your honeypots and detecting anomalies.

This workshop will involve python coding and real world malware. Some experience with Python is required to gain the most value from the lesson.Felix Leder
Ben Whitham
Brian Hay

Introduction to Cyber Deception
09:00 - 12:30
Honeythings Track<br> (Guillaume Arcas and Lukas Rist)<br> Location:TBC

DescriptionPrerequisitesTrainer
Technical Difficulty: Beginner


TBC

TBCGuillaume Arcas
Lukas Rist

CTF Day 1
09:00 - 17:00
(TBC)<br> Location:TBC

TBC

Lunch

Reverse engineering of malicious JavaScript
13:30 - 17:00
Incident Response Tools and Techniques Track <br> (Marcin Szymankiewicz)<br> Location:TBC

DescriptionPrerequisitesTrainer
Technical Difficulty: Intermediate

In this workshop attendees learn the tools and techniques used to analyze and reverse malicious JavaScript redirection code used by many exploit kits including Angler, Fiesta or Nuclear. In the workshop attendees analyze real examples of obfuscated JavaScript in tools like JSBeautifier, JSDetox or JSUNPACK to understand the code flow, conditional criteria for successful exploitation attempt and to get the final infection URL(s).

The VM with toolset and exercises are provided to the attendees prior to the class.Marcin Szymankiewicz

Applying Machine Learning to Cyber Security – Part 2
13:30 - 17:00
Machine Learning for Cyber Security Track <br> (Brian Hay, Felix Leder and Ben Whitham)<br> Location:TBC

DescriptionPrerequisitesTrainer
Technical Difficulty: Intermediate / Advanced

Continuation from the previous session


In this workshop, you will learn how to apply machine learning to undertake a range of cyber security activities, including building your own next generation AV, creating fake content for your honeypots and detecting anomalies.

This workshop will involve python coding and real world malware. Some experience with Python is required to gain the most value from the lesson. Felix Leder
Ben Whitham
Brian Hay

Hands on with Cowrie - the World’s Most Popular SSH Honeypot
13:30 - 17:00
Honeythings Track<br> (Michel Ooserhof)<br> Location:TBC

DescriptionPrerequisitesTrainer
Technical Difficulty: Beginner


TBC

TBCMichel Ooserhof


Tutorials - Day 2

09:00
09:30
10:00
10:30
11:00
11:30
12:00
12:30
13:00
13:30
14:00
14:30
15:00
15:30
16:00
16:30
17:00
17:30
Tutorials Tracks
Tutorials Tracks
Investigating Malicious Office and PDF Documents Part 1
09:00 - 12:30
Analyzing Malicious Files Track <BR> (Mahmud Ab Rahman and Jose Esparza) <br> Location:TBC

DescriptionPrerequisitesTrainer
Technical Difficulty: Intermediate

This hands-on workshop will highlight techniques and issues related to analyzing malicious office documents (xls, ppt, doc) and PDF files. This workshop will walk through participant how to analyze in-the-wild malicious office documents. We’ll share how we can analyze malicious document file by using few techniques and method against different office file formats. The malicious macro will be covered as main topic in this workshop. Shellcode analysis will be conducted as well to get the whole picture of malicious documents attack anatomy.

By the end of this course, students will be able to analyze a malicious office documents and PDF files and know how to solve obfuscation techniques used and how to extract the payload in order to perform a further analysis.

TBCMahmud Ab Rahman
Jose Esparza

Android Reverse Engineering - Part 1
09:00 - 12:30
Malware Track <br> (Hugo Gonzalez and Hanno Lemoine)<br> Location:TBC

DescriptionPrerequisitesTrainer
Technical Difficulty: Intermediate

TBC

TBCHanno Lemoine

Making Credentials, Beacons, Files and Other Fake Objects
09:00 - 12:30
Honeythings Track<br> (Adel Karimi and Ben Whitham)<br> Location:TBC

DescriptionPrerequisitesTrainer
Technical Difficulty: Beginner

TBC

TBCTBC

CTF Day 2
09:00 - 17:00
TBC<br> Location:TBC

TBC

Lunch

Investigating Malicious Office and PDF Documents Part 2
13:30 - 17:00
Analyzing Malicious Files Track <br> ( Jose Esparza)<br> Location:TBC

DescriptionPrerequisitesTrainer
Technical Difficulty: Intermediate

Continuation from the morning session.

PDF exploits are still used as attack vector in order to execute code in the victims' computers. They are still included in some Exploit Kits nowadays, but are usually chosen to perform targeted attacks too. This session will show you how to distinguish a malicious PDF file from a harmless one, how to extract and analyze all the relevant elements like Javascript code and shellcodes, and how to automate the analysis using peepdf. Attendees will learn helpful tricks to analyze those documents and they will not get scared by opening a PDF document anymore.

TBCJose Miguel Esparza

Android Reverse Engineering - Part 2
13:30 - 17:00
Malware Track <br> (Hugo Gonzalez and Hanno Lemoine)<br> Location:TBC

DescriptionPrerequisitesTrainer
Technical Difficulty: Intermediate

TBC

TBCHanno Lemoine

Setting up glutton (full traffic), looking at the live data and working on an extension
13:30 - 17:00
Honeythings Track<br> (Lukas Rist)<br> Location:TBC

DescriptionPrerequisitesTrainer
Technical Difficulty: Advanced

TBC

TBCLukas Rist