DEF CON Forum Site Header Art


No announcement yet.

Digital Forensics and Incident Response Against the Dark Arts by Michael Solomon

  • Filter
  • Time
  • Show
Clear All
new posts

  • Digital Forensics and Incident Response Against the Dark Arts by Michael Solomon

    Digital Forensics and Incident Response Against the Dark Arts: The Battle of Malicious Email and Downloaders
    Michael Solomon
    Click image for larger version  Name:	DFIR Against the dark arts logo.jpeg Views:	218 Size:	321.1 KB ID:	237324

    Ever wondered what it is like being a cybersecurity or incident response analyst? Here is your chance to experience an exciting 4-hour class taught by mR_F0r3n51c5 and S3curityN3rd. Phishing and malicious spam attacks continue to pose a significant risk in today’s cyber threat landscape. Using forensic and malware analysis fundamentals, this class will teach students how to analyze malicious downloaders, phishing emails, and malicious spam.

    Upon successful class completion, students will be able to:
    • Build analysis skills that leverage complex scenarios and improve comprehension.
    • Demonstrate an understanding of forensic fundamentals used to analyze an email.
    • Use open-source information to collect and analyze threat actor data; identify indicators of compromise, and demonstrate how to pivot on that information.
    • Demonstrate how to analyze a malicious downloader; to include but not limited to debugging and deobfuscation.
    • Participate in a hand to keyboard combat capstone. Students will be given a malicious file sample and demonstrate how to analyze it.

    Michael Solomon (mR_F0r3n51c5) is currently a Threat Hunter for a large managed security service provider. He has ten years of experience conducting Cyber Operations, Digital Forensics & Incident Response (DFIR), and Threat Hunting. He is very passionate about helping grow and inspire cybersecurity analysts for a better tomorrow.

    Michael Register (S3curityN3rd) has 5 years of combined experience across IT, Networking, and Cybersecurity. He currently holds multiple certifications, including the GCIH. S3curityN3rd spent the last 3 years working in Incident Response before a recent transition into a Threat Hunting role. His areas of focus have been on forensics, malware analysis, and scripting.

    Prerequisites for students?:
    - None. All are welcome.

    Materials or Equipment students will need to bring to participate?:
    Students will be required to download two virtual machines (OVA files). Students will be given a URL for download access.

    In regards to the downloaded virtual machines, these should be imported into your virtual machine software and ready before the start of class. If any additional technical support is needed, the instructors will make themselves available online.

    Students must have a laptop that meets the following requirements:
    • A 64 bit CPU running at 2GHz or more. The students will be running two virtual machines on their host laptop.
    • Have the ability to update BIOS settings. Specifically, enable virtualization technology such as "Intel-VT."
    • The student must be able to access their system's BIOS if it is password protected. This is in case of changes being necessary.
    • 8 GB (Gigabytes) of RAM or higher
    • At least one open and working USB Type-A port
    • 50 Gigabytes of free hard drive space, allowing you the ability to host the VMs we distribute
    • Students must have Local Administrator Access on their system.
    • Wireless 802.11 Capability
    • A host operating system that is running Windows 10, Linux, or macOS 10.4 or later.
    • Virtualization software is required. The supplied VMs have been built for out of the box comparability with VMWare Workstation or Player. Students may use other software if they choose, but they may have to troubleshoot unpredictable issues.
    • At a minimum, the following VM features will be needed:
    • NATted networking from VM to Internet
    • Copy Paste of text and files between the Host machine and VM
    What level of skill is required for your targeted audience (Beginner/Intermediate/Advanced)?:
    This course is considered a beginner to intermediate level hands-on workshop. With that said, no specific expertise is needed; all levels are welcome. The instructors have carefully designed workbook instruction and classroom demonstrations, allowing everyone to complete the learning objectives.

    <If possible, please insert DFIR_ADA_logo.jpg here>

    Total Time: 4 Hours (includes 15-minute buffer)
    Last edited by Dark Tangent; 5 days ago.
    PGP key: valid 2020 Jan 15, to 2024 Jan 01 Fingerprint: BC5B CD9A C609 1B6B CD81 9636 D7C6 E96C FE66 156A

  • #2
    For transparency...

    Original post was altered by me, June 10, 2021:
    * A URL and content described was removed by request of person claiming to be the person responsible for running this workshop and approval from a leader responsible for workshops.
    6: "Who is Number1?"
    2: "You are number6"
    6: "I am not a number!..."


    • #3
      I may have missed it in there somewhere, but where do we go to download the files? Also, is the date/time slot released yet?


      • number6
        number6 commented
        Editing a comment
        Original announcement states: " Students will be required to download two virtual machines (OVA files). Students will be given a URL for download access."

        This implies that download information will be provided to students in the class.
        Students of this class would be people that signed up for this workshop.