WORKSHOPS
Practical File Analysis Part 1 (Friday 23 FEB 18 | 9:00 AM-12:30 PM) with Chris Rogers, Team Lead, CyberDefenses vSOC workshop provided by
Part 1 of a two-part, scenario based workshop. The story is you are hired as first responder, given the scenario and a zip of files taken from Patient Zero. In the first workshop, students are guided as they organize, validate, and report on the information. In the second, follow-on workshop, students take on the role of a senior analyst and perform full binary analysis on executable samples to uncover attacker details as well as capabilities. Prerequisites for students: • Laptop with 12+GB of Ram • VMWare Player • Basic understanding of computer architecture. • Basic understanding of programming structures
Practical File Analysis Part 2 (Friday 23 Feb 18 | 1:00-4:30 PM) with Chris Rogers, Team Lead, CyberDefenses vSOC workshop provided by
Part 2 of a two-part, scenario based workshop. The story is you are hired as first responder, given the scenario and a zip of files taken from Patient Zero. In the first workshop, students are guided as they organize, validate, and report on the information. In the second, follow-on workshop, students take on the role of a senior analyst and perform full binary analysis on executable samples to uncover attacker details as well as capabilities. Prerequisites for students: • Laptop with 12+GB of Ram • VMWare Player • Basic understanding of computer architecture. • Basic understanding of programming structures.
CHRIME, An analyst’s Tale (Friday 23 Feb 18 | 9:00 AM-12:30 PM) with Monty St. john, Director of Intelligence workshop provided by
CHRIME is a handy acronym and method of constructing threat data into intelligence. It stands for (C)onstellation (H)istory (R)eputation (I)ntent (M)alware (E)xecution and is aimed at rapidly helping an analyst turn data into linked, correlated and context infused information that can be profiled and analyzed into intelligence. Students are challenged to take on the role of an intelligence analyst and work through several scenarios using the CHRIME technique.
THREE STEP YARA (Friday 23 Feb 18 | 1:00-4:30 PM) with Monty St. john, Director of Intelligence workshop provided by
A gentle introduction to the simple but powerful art of using YARA to find patterns in data. YARA is the pattern matching king of analysis tools, compatible with nearly every platform out there, open source and built in C. If it’s not in your trusted tool set for incidents and intelligence work – it should be. In this 3-hour workshop, students are introduced to and then use YARA to interrogate files and pull out the information they need. This is not a how-to rule building class but a hands-on usage workshop.
CTF FOR NOOBS prep (Friday 23 Feb 18 | 9:00 AM-12:30 PM) With Marcelle Lee, Senior Malware Researcher @marcelle_fsg and Tyrone E. Wilson
Interested in cyber competitions but don’t know where to start? Or have you tried one or two or ten and want more practice? In this hands-on-keys workshop we will explore different types of competitions, from capture-the-flag to offense/defense and everything in between. Participants will be provided with a virtualized environment that will be used to explore techniques associated with reconnaissance, scanning and enumeration, and exploitation. Also featured will be forensic challenges, hash-cracking, malware analysis, and crypto decoding. This guided workshop will help participants prepare to engage in cyber competitions being offered over the course of the weekend.
NOOBS CTF (Friday 23 Feb 18 | 1:30 PM-4:30 PM) – Author: Josh Schroeder . CTF organized by HackEd
This workshop will be followed with a CTF designed by HackEd Team. The CTF challenge will be catered to first time players.
______________________________________________________
Defining TTPs from Incident Data (Saturday 24 Feb 18 | 08:30-11:00 AM) with Monty St. john, Director of Intelligence workshop provided by
This analytics workshop walks students through on how to derive the use of tactics, procedures and techniques from telemetry and incident data. You will learn to: • Identify adversary tactics employed • Outline procedures and techniques from observations of data • Further separate and break down procedure/techniques into operations
The IDS Formerly Known as Bro (Saturday 24 Feb 18 |11:30 AM – 2:00 PM) with Adam Pumphrey, Director of Threat Research at Bricata AND Andrew Beard, Software architect at Arbor Networks workshop provided by
$BRO is gaining a significant amount of buzz in the community, but for those interested it can be difficult to figure out where to start. Students will learn: • How $BRO differs from other open-source IDS projects like Snort and Suricata • The basic capabilities $BRO provides “out of the box” • How $BRO can be extended to fit in their environment • An introduction to the why and how of $BRO scripting The workshop will contain multiple labs where students will analyze and process packet captures using $BRO.
Good Fishing for Phishers (Saturday 24 Feb 18 | 2:30-5:00 PM) with John Laycock, Senior Threat Intel Analyst workshop provided by
This workshop walks you through the analysis of a credential harvesting phishing email. You are then taken through a series of steps to analyze the phishing email and email header, you’ll then learn how to analyze credential harvesting websites and the network traffic through the site and finally we’ll hunt for phishing kits to learn more about the miscreants. Intro and Scenario Handout 1. Phishing Email and Header Analysis 2. Analyze Credential Harvesting Websites 3. Hunting for Phishing Kits