Tutorials

Tutorials - Day 1

09:00
09:30
10:00
10:30
11:00
11:30
12:00
12:30
13:00
13:30
14:00
14:30
15:00
15:30
16:00
16:30
17:00
17:30
Tutorials Tracks
Tutorials Tracks
Incident Response and Analysis.
09:00 - 12:30
Incident Response Tools and Techniques Track<BR> (Marcin Szymankiewicz)<br> Location:TBC

DescriptionPrerequisitesTrainer
Technical Difficulty: Beginner

In this class attendees learn the tools and techniques used to analyze a malware-related incident based on the data captured from many different sources (ids, full packet capture, dhcp and dns server, proxy logs and more).

The exercises require hands-on analysis of the investigation record collected in a small company network during several malware infections and carving out the data from a few hundred megabytes logs and pcaps into around a dozen of significant events.

As the organizations tend to choose different software vendors the class utilizes Linux command line as a primary analysis platform instead of introducing a specific utility. Learn how to process big pcap and log files in command line, investigate them, filter out noise and find out the needle in the haystack.

The VM with toolset and exercises are provided to the attendees prior to the class.

Marcin Szymankiewicz

Applying Machine Learning to Cyber Security – Part 1
09:00 - 12:30
Machine Learning for Cyber Security Track <br> (Brian Hay, Felix Leder and Ben Whitham)<br> Location:TBC

DescriptionPrerequisitesTrainer
Technical Difficulty: Intermediate / Advanced

In this workshop, you will learn how to apply machine learning to undertake a range of cyber security activities, including building your own next generation AV, creating fake content for your honeypots and detecting anomalies.

This workshop will involve python coding and real world malware. Some experience with Python is required to gain the most value from the lesson.Felix Leder
Ben Whitham
Brian Hay

Introduction to Cyber Deception
09:00 - 12:30
Honeythings Track<br> (Guillaume Arcas and Lukas Rist)<br> Location:TBC

DescriptionPrerequisitesTrainer
Technical Difficulty: Beginner


TBC

TBCGuillaume Arcas
Lukas Rist

CTF Day 1
09:00 - 17:00
(TBC)<br> Location:TBC

TBC

Lunch

TBC
13:30 - 17:00
Incident Response Tools and Techniques Track <br> (Marcin Szymankiewicz)<br> Location:TBC

DescriptionPrerequisitesTrainer
Technical Difficulty: Intermediate


TBCRusty Bower

Applying Machine Learning to Cyber Security – Part 2
13:30 - 17:00
Machine Learning for Cyber Security Track <br> (Brian Hay, Felix Leder and Ben Whitham)<br> Location:TBC

DescriptionPrerequisitesTrainer
Technical Difficulty: Intermediate / Advanced

Continuation from the previous session


In this workshop, you will learn how to apply machine learning to undertake a range of cyber security activities, including building your own next generation AV, creating fake content for your honeypots and detecting anomalies.

This workshop will involve python coding and real world malware. Some experience with Python is required to gain the most value from the lesson. Felix Leder
Ben Whitham
Brian Hay

Hands on with Cowire - the World’s Most Popular SSH Honeypot
13:30 - 17:00
Honeythings Track<br> (Michel Ooserhof)<br> Location:TBC

DescriptionPrerequisitesTrainer
Technical Difficulty: Beginner


TBC

TBCMichel Ooserhof


Tutorials - Day 2

09:00
09:30
10:00
10:30
11:00
11:30
12:00
12:30
13:00
13:30
14:00
14:30
15:00
15:30
16:00
16:30
17:00
17:30
Tutorials Tracks
Tutorials Tracks
Investigating Malicious Office and PDF Documents Part 1
09:00 - 12:30
Analyzing Malicious Files Track <BR> (Mahmud Ab Rahman and Jose Esparza) <br> Location:TBC

DescriptionPrerequisitesTrainer
Technical Difficulty: Intermediate

This hands-on workshop will highlight techniques and issues related to analyzing malicious office documents (xls, ppt, doc) and PDF files. This workshop will walk through participant how to analyze in-the-wild malicious office documents. We’ll share how we can analyze malicious document file by using few techniques and method against different office file formats. The malicious macro will be covered as main topic in this workshop. Shellcode analysis will be conducted as well to get the whole picture of malicious documents attack anatomy.

By the end of this course, students will be able to analyze a malicious office documents and PDF files and know how to solve obfuscation techniques used and how to extract the payload in order to perform a further analysis.

TBCMahmud Ab Rahman
Jose Esparza

Android Reverse Engineering
09:00 - 12:30
Machine Learning Track <br> (Hanno Lemoine)<br> Location:TBC

DescriptionPrerequisitesTrainer
Technical Difficulty: Intermediate

TBC

TBCHanno Lemoine

TBC
09:00 - 12:30
Honeythings Track<br> (TBC)<br> Location:TBC

DescriptionPrerequisitesTrainer
Technical Difficulty: Beginner

TBC

TBCTBC

CTF Day 2
09:00 - 17:00
TBC<br> Location:TBC

TBC

Lunch

Investigating Malicious Office and PDF Documents Part 2
13:30 - 17:00
Analyzing Malicious Files Track <br> (Mahmud Ab Rahman and Jose Esparza)<br> Location:TBC

DescriptionPrerequisitesTrainer
Technical Difficulty: Intermediate

Continuation from the morning session.

This hands-on workshop will highlight techniques and issues related to analyzing malicious office documents (xls, ppt, doc) and PDF files. This workshop will walk through participant how to analyze in-the-wild malicious office documents. We’ll share how we can analyze malicious document file by using few techniques and method against different office file formats. The malicious macro will be covered as main topic in this workshop. Shellcode analysis will be conducted as well to get the whole picture of malicious documents attack anatomy.

By the end of this course, students will be able to analyze a malicious office documents and PDF files and know how to solve obfuscation techniques used and how to extract the payload in order to perform a further analysis.

TBCMichel Ooserhof

Reverse engineering malicious JavaScript
13:30 - 17:00
Malware Track <br> (Marcin Szymankiewicz)<br> Location:TBC

DescriptionPrerequisitesTrainer
Technical Difficulty: Intermediate

In this workshop attendees learn the tools and techniques used to analyze and reverse malicious JavaScript redirection code used by many exploit kits including Angler, Fiesta or Nuclear. In the workshop attendees analyze real examples of obfuscated JavaScript in tools like JSBeautifier, JSDetox or JSUNPACK to understand the code flow, conditional criteria for successful exploitation attempt and to get the final infection URL(s).

The VM with toolset and exercises are provided to the attendees prior to the class.Marcin Szymankiewicz

Setting up glutton (full traffic), looking at the live data and working on an extension
13:30 - 17:00
Honeythings Track<br> (Lukas Rist)<br> Location:TBC

DescriptionPrerequisitesTrainer
Technical Difficulty: Advanced

TBC

TBCLukas Rist