DEF CON Forum Site Header Art

Announcement

Collapse
No announcement yet.

Digital Forensics and Incident Response Against the Dark Arts by Michael Solomon

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Digital Forensics and Incident Response Against the Dark Arts by Michael Solomon

    Digital Forensics and Incident Response Against the Dark Arts: The Battle of Malicious Email and Downloaders
    Michael Solomon
    Click image for larger version  Name:	DFIR Against the dark arts logo.jpeg Views:	218 Size:	321.1 KB ID:	237324




    Ever wondered what it is like being a cybersecurity or incident response analyst? Here is your chance to experience an exciting 4-hour class taught by mR_F0r3n51c5 and S3curityN3rd. Phishing and malicious spam attacks continue to pose a significant risk in today’s cyber threat landscape. Using forensic and malware analysis fundamentals, this class will teach students how to analyze malicious downloaders, phishing emails, and malicious spam.

    Upon successful class completion, students will be able to:
    • Build analysis skills that leverage complex scenarios and improve comprehension.
    • Demonstrate an understanding of forensic fundamentals used to analyze an email.
    • Use open-source information to collect and analyze threat actor data; identify indicators of compromise, and demonstrate how to pivot on that information.
    • Demonstrate how to analyze a malicious downloader; to include but not limited to debugging and deobfuscation.
    • Participate in a hand to keyboard combat capstone. Students will be given a malicious file sample and demonstrate how to analyze it.

    Michael Solomon (mR_F0r3n51c5) is currently a Threat Hunter for a large managed security service provider. He has ten years of experience conducting Cyber Operations, Digital Forensics & Incident Response (DFIR), and Threat Hunting. He is very passionate about helping grow and inspire cybersecurity analysts for a better tomorrow.

    Michael Register (S3curityN3rd) has 5 years of combined experience across IT, Networking, and Cybersecurity. He currently holds multiple certifications, including the GCIH. S3curityN3rd spent the last 3 years working in Incident Response before a recent transition into a Threat Hunting role. His areas of focus have been on forensics, malware analysis, and scripting.

    Prerequisites for students?:
    - None. All are welcome.

    Materials or Equipment students will need to bring to participate?:
    Students will be required to download two virtual machines (OVA files). Students will be given a URL for download access.

    In regards to the downloaded virtual machines, these should be imported into your virtual machine software and ready before the start of class. If any additional technical support is needed, the instructors will make themselves available online.

    Students must have a laptop that meets the following requirements:
    • A 64 bit CPU running at 2GHz or more. The students will be running two virtual machines on their host laptop.
    • Have the ability to update BIOS settings. Specifically, enable virtualization technology such as "Intel-VT."
    • The student must be able to access their system's BIOS if it is password protected. This is in case of changes being necessary.
    • 8 GB (Gigabytes) of RAM or higher
    • At least one open and working USB Type-A port
    • 50 Gigabytes of free hard drive space, allowing you the ability to host the VMs we distribute
    • Students must have Local Administrator Access on their system.
    • Wireless 802.11 Capability
    • A host operating system that is running Windows 10, Linux, or macOS 10.4 or later.
    • Virtualization software is required. The supplied VMs have been built for out of the box comparability with VMWare Workstation or Player. Students may use other software if they choose, but they may have to troubleshoot unpredictable issues.
    • At a minimum, the following VM features will be needed:
    • NATted networking from VM to Internet
    • Copy Paste of text and files between the Host machine and VM
    What level of skill is required for your targeted audience (Beginner/Intermediate/Advanced)?:
    This course is considered a beginner to intermediate level hands-on workshop. With that said, no specific expertise is needed; all levels are welcome. The instructors have carefully designed workbook instruction and classroom demonstrations, allowing everyone to complete the learning objectives.

    <If possible, please insert DFIR_ADA_logo.jpg here>

    Total Time: 4 Hours (includes 15-minute buffer)
    Dark Tangent
    The Dark Tangent
    Last edited by Dark Tangent; June 16, 2021, 08:09.
    PGP key: dtangent@defcon.org valid 2020 Jan 15, to 2024 Jan 01 Fingerprint: BC5B CD9A C609 1B6B CD81 9636 D7C6 E96C FE66 156A

  • #2
    For transparency...

    Original post was altered by me, June 10, 2021:
    * A URL and content described was removed by request of person claiming to be the person responsible for running this workshop and approval from a leader responsible for workshops.
    Disclaimer: I do not run or control any villages, contests, events, parties, etc. at DEF CON. Any announcements or updates about Villages, Contests, Events, Parties, etc. posted by me include content from the people running it. I am not responsible for their content or claims. Any answers provided by me about these are best-effort with information i have available at the time of posting/edit but are NOT authoritative. For official answers, contact the organizers. I grant permission to any DEF CON Forum admins to alter announcements for these as needed.
    ------------------------------------------
    6: "Who is Number1?"
    2: "You are number6"
    6: "I am not a number!..."

    Comment


    • #3
      I may have missed it in there somewhere, but where do we go to download the files? Also, is the date/time slot released yet?

      Comment


      • number6
        number6
        404 Image not found
        number6 commented
        Editing a comment
        Original announcement states: " Students will be required to download two virtual machines (OVA files). Students will be given a URL for download access."

        This implies that download information will be provided to students in the class.
        Students of this class would be people that signed up for this workshop.

    • #4
      What time will this be???

      Comment


      • number6
        number6
        404 Image not found
        number6 commented
        Editing a comment
        For people that bought access to the workshops, the details of when and where should be available in the eventbrite confirmation they received.

        Workshops are small classes for fee, not covered by DEF CON badge. They are often put up for sale at the same time, then all seats are sold within hours. There is a thread on swapping workshops here:
        https://forum.defcon.org/node/237556

        According to URL1=https://info.defcon.org/ , selecting drop-down 'Category' called "DEF CON Workshops" then after oage loads, "find on page" the word "dark" I see:

        Originally posted by URL1
        Digital Forensics and Incident Response Against the Dark Arts: The Battle of Malicious Email and Downloaders

        Michael Register, Michael Solomon

        Workshops - Las Vegas 5+6 (Onsite Only)
        If I click on the name of this, I see:
        Originally posted by URL1
        Saturday, Aug 7, 10:00 PDT - Saturday, Aug 7, 14:00 PDT

        Ever wondered what it is like being a cybersecurity or incident response analyst? Here is your chance to experience an exciting 4-hour class taught by mR_F0r3n51c5 and S3curityN3rd. Phishing and malicious spam attacks continue to pose a significant risk in today’s cyber threat landscape. Using forensic and malware analysis fundamentals, this class will teach students how to analyze malicious downloaders, phishing emails, and malicious spam.

        Upon successful class completion, students will be able to:

        Build analysis skills that leverage complex scenarios and improve comprehension.

        Demonstrate an understanding of forensic fundamentals used to analyze an email.

        Use open-source information to collect and analyze threat actor data; identify indicators of compromise, and demonstrate how to pivot on that information.

        Demonstrate how to analyze a malicious downloader; to include but not limited to debugging and deobfuscation.

        Participate in a hand to keyboard combat capstone. Students will be given a malicious file sample and demonstrate how to analyze it.

        Registration Link: https://www.eventbrite.com/e/digital...s-162218185961

        Prerequisites:

        None

        Materials needed:

        Students will be required to download two virtual machines (OVA files). Students will be given a URL for download access. In regards to the downloaded virtual machines, these should be imported into your virtual machine software and ready before the start of class. If any additional technical support is needed, the instructors will make themselves available online.

        Students must have a laptop that meets the following requirements:

        - A 64 bit CPU running at 2GHz or more. The students will be running two virtual machines on their host laptop.

        - Have the ability to update BIOS settings. Specifically, enable virtualization technology such as "Intel-VT."

        - The student must be able to access their system's BIOS if it is password protected. This is in case of changes being necessary.

        - 8 GB (Gigabytes) of RAM or higher

        - At least one open and working USB Type-A port

        - 50 Gigabytes of free hard drive space, allowing you the ability to host the VMs we distribute

        - Students must have Local Administrator Access on their system.

        - Wireless 802.11 Capability

        - A host operating system that is running Windows 10, Linux, or macOS 10.4 or later.

        - Virtualization software is required. The supplied VMs have been built for out of the box comparability with VMWare Workstation or Player. Students may use other software if they choose, but they may have to troubleshoot unpredictable issues.

        At a minimum, the following VM features will be needed:

        - NATted networking from VM to Internet

        - Copy Paste of text and files between the Host machine and VM
        number6
        404 Image not found
        Last edited by number6; August 3, 2021, 00:00.

    • #5
      Thank you! I appreciate it. I guess I missed this purchase oppty. Hopefully someone wants to give theirs up!

      Comment


      • #6
        Someone has the links for the VM’s? Didn’t got them..

        Comment


        • number6
          number6
          404 Image not found
          number6 commented
          Editing a comment
          The original text had links to download VM, but we were informed that the person presenting would make them available to the people that managed to score entry to the workshop so they were removed. I'm assuming that is still the case.

        • Zlt
          Zlt commented
          Editing a comment
          I am registered, that is why i’m asking

        • number6
          number6
          404 Image not found
          number6 commented
          Editing a comment
          Excellent! My comment was to let you know what I know on this topic. I don't have the images.
      Working...
      X