Tutorials

In this class attendees learn the tools and techniques used to analyze a malware-related incident based on the data captured from many different sources (ids, full packet capture, dhcp and dns server, proxy logs and more).

The exercises require hands-on analysis of the investigation record collected in a small company network during several malware infections and carving out the data from a few hundred megabytes logs and pcaps into around a dozen of significant events.

As the organizations tend to choose different software vendors the class utilizes Linux command line as a primary analysis platform instead of introducing a specific utility. Learn how to process big pcap and log files in command line, investigate them, filter out noise and find out the needle in the haystack.

The VM with toolset and exercises are provided to the attendees prior to the class.

Familiarity with Linux command line. Quick reminder and a cheat sheet will be provided to the attendees during the class.

In this workshop, you will learn how to apply machine learning to undertake a range of cyber security activities, including the identification of polymorphic malware families as well as building your own next generation AV.

This workshop will involve python coding and real world malware. Some experience with Python is required to gain the most value from the lesson.

TBC

TBC

In this workshop attendees learn the tools and techniques used to analyze and reverse malicious JavaScript redirection code used by many exploit kits including Angler, Fiesta or Nuclear. In the workshop attendees analyze real examples of obfuscated JavaScript in tools like JSBeautifier, JSDetox or JSUNPACK to understand the code flow, conditional criteria for successful exploitation attempt and to get the final infection URL(s).

The VM with toolset and exercises are provided to the attendees prior to the class.

In this workshop, you will learn how to apply machine learning to undertake a range of cyber security activities, including the identification of polymorphic malware families as well as building your own next generation AV.

This workshop will involve python coding and real world malware. Some experience with Python is required to gain the most value from the lesson.

TBC

This hands-on workshop will highlight techniques and issues related to analyzing malicious office documents (xls, ppt, doc) and PDF files. This workshop will walk through participant how to analyze in-the-wild malicious office documents. We’ll share how we can analyze malicious document file by using few techniques and method against different office file formats. The malicious macro will be covered as main topic in this workshop. Shellcode analysis will be conducted as well to get the whole picture of malicious documents attack anatomy.

By the end of this course, students will be able to analyze a malicious office documents and PDF files and know how to solve obfuscation techniques used and how to extract the payload in order to perform a further analysis.

Android malware is very common, diverse and have been spreading all over the world. This malware ins capable of stealing information, abuse of the mobile devices and extorting the users for money among other nefarious activities.

In this training we will review the basics of Android malware, we also present common open source tools to perform analysis and reverse engineering. Attendants will have hands-on work on some recent samples. We will finish with a brief guide on how to perform analysis in scale, create Yara rules, Snort and Clamav signatures.

Virtual Box and 64bits OS

Honeypots are only useful if the insider or network intruder interacts with them. This is a challenge as often honeypots can be placed in locations within the production network that are isolated and/or away from the real data.

Honeytokens and breadcrumbs can help draw threat actors to your honeypots or can be used on their own to detect mischief. In this workshop, we will explore various honeytokens and their different use-cases. We show you how to set up honeytokens using honeyλ, honeybits, and Canarytokens and embed them in your documents. We will also explore how to build fake content for documents.

Android malware is very common, diverse and have been spreading all over the world. This malware ins capable of stealing information, abuse of the mobile devices and extorting the users for money among other nefarious activities.

In this training we will review the basics of Android malware, we also present common open source tools to perform analysis and reverse engineering. Attendants will have hands-on work on some recent samples. We will finish with a brief guide on how to perform analysis in scale, create Yara rules, Snort and Clamav signatures.

Virtual Box and 64bits OS

In this training session you will learn everything about Glutton, the all eating honeypot.

We will setup and run Glutton together. Watch it catch traffic in the wild and learn how to interpret the data we collect. We also look at some advanced deployment methods with Glutton as a proxy for more advanced honeypots. From there we continue with picking a new protocol we want to support and implement the handler for Glutton.

- Golang 1.8/1.9 readily setup in a Linux environment/vm. MacOS should work as well but might have some issues.
- This class will definitely involve some Go programming but we will keep it simple.
- We will also look at network traffic, so some experience with Wireshark is an advantage..