Announcement

Collapse
No announcement yet.

Michael Solomon, Michael Register - DFIR Against the Digital Darkness...

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Michael Solomon, Michael Register - DFIR Against the Digital Darkness...

    Michael Solomon, Michael Register - DFIR Against the Digital Darkness: An Intro to Forensicating Evil

    Abstract:

    Friday from 0900 to 1300
    EventBrite Link: https://www.eventbrite.com/e/michael...s-378987370427

    Ever wondered what it is like being a cybersecurity or incident response analyst? Are you new to investigation or want to take your analysis to the next level? If you answered yes, here is your chance to experience an exciting 4-hour class taught by mR_F0r3n51c5 and S3curityNerd. In today's threat landscape, malware continues to be used by all various types of threat actors. This class teaches students how to investigate a compromised Windows system using forensic and malware analysis fundamentals.

    Upon successful class completion, students will be able to:
    - Build analysis skills that leverage complex scenarios and improve comprehension.
    - Practically acquire data in a forensically sound manner.
    - Identify common areas of malware persistence.
    - Gather evidence and create a timeline to characterize how the system was compromised.
    - Participate in a hand to keyboard combat capstone. Students are given an image of a compromised Windows system and demonstrate how to analyze it.

    Skill Level: Beginner to Intermediate

    Materials Needed: Students will be required to download a virtual machine (OVA file). Students will be given a URL for download access.
    Regarding the downloaded virtual machine, this will be imported into your virtual machine software and ready before the start of class. If any additional technical support is needed, the instructors will make themselves available online.
    Students must have a laptop that meets the following requirements:
    A 64 bit CPU running at 2GHz or more. The students will be running a virtual machine on their host laptop.
    Have the ability to update BIOS settings. Specifically, enable virtualization technology such as "Intel-VT."
    The student must be able to access their system's BIOS if it is password protected. This is in case of changes being necessary.
    8 GB (Gigabytes) of RAM or higher
    At least one open and working USB Type-A port
    50 Gigabytes of free hard drive space, allowing you the ability to host the VMs we distribute
    Students must have Local Administrator Access on their system.
    Wireless 802.11 Capability
    A host operating system that is running Windows 10+, Linux, or macOS 10.4 or later.
    Virtualization software is required. The supplied VM has been built for out-of-the-box comparability with VMWare Workstation or Player. Students may use other software if they choose, but they may have to troubleshoot unpredictable issues.
    At a minimum, the following VM features will be needed:
    NATted networking from VM to Internet
    Copy Paste of text and files between the Host machine and VM

    Bio:

    Michael Solomon (mR_F0r3n51c5) is a Threat Hunter for a large managed security service provider. He has 12 years of experience conducting Cyber Operations, Digital Forensics & Incident Response (DFIR), and Threat Hunting. He is very passionate about helping grow and inspire cybersecurity analysts for a better tomorrow.

    Michaeal Register (S3curityNerd) has 6 years of combined experience across IT, Networking, and Cybersecurity. S3curityNerd joined the cybersecurity space in 2017 and has worked in multiple roles, including his current one as a Threat Hunter. He enjoys both learning new things and sharing new things with others.

    Max Class Size: 200
    Last edited by number6; July 4, 2022, 16:39.

  • #2
    It says "Students will be required to download a virtual machine (OVA file). Students will be given a URL for download access"

    Will you share that soon so we can pre-download it before the class ?

    Comment


    • number6
      number6 commented
      Editing a comment
      I do not run workshops, contests, events, parties, etc. at DEF CON. You will have to wait for a workshop organizers, or the person leading this workshop to reply, or you could try sending an email to the workshop confirmation email address you received.
Working...
X