Be the first to register. This will be sold out fast!

Part 1 of a two-part, scenario based workshop. The story is you are hired as first responder, given the scenario and a zip of files taken from Patient Zero. In the first workshop, students are guided as they organize, validate, and report on the information. In the second, follow-on workshop, students take on the role of a senior analyst and perform full binary analysis on executable samples to uncover attacker details as well as capabilities. Prerequisites for students: • Laptop with 12+GB of Ram • VMWare Player • Basic understanding of computer architecture. • Basic understanding of programming structures.

Part 2 of a two-part, scenario based workshop. The story is you are hired as first responder, given the scenario and a zip of files taken from Patient Zero. In the first workshop, students are guided as they organize, validate, and report on the information. In the second, follow-on workshop, students take on the role of a senior analyst and perform full binary analysis on executable samples to uncover attacker details as well as capabilities. Prerequisites for students: • Laptop with 12+GB of Ram • VMWare Player • Basic understanding of computer architecture. • Basic understanding of programming structures.

CHRIME is a handy acronym and method of constructing threat data into intelligence. It stands for (C)onstellation (H)istory (R)eputation (I)ntent (M)alware (E)xecution and is aimed at rapidly helping an analyst turn data into linked, correlated and context infused information that can be profiled and analyzed into intelligence. Students are challenged to take on the role of an intelligence analyst and work through several scenarios using the CHRIME technique.

A gentle introduction to the simple but powerful art of using YARA to find patterns in data. YARA is the pattern matching king of analysis tools, compatible with nearly every platform out there, open source and built in C. If it’s not in your trusted tool set for incidents and intelligence work – it should be. In this 3-hour workshop, students are introduced to and then use YARA to interrogate files and pull out the information they need. This is not a how-to rule building class but a hands-on usage workshop.

www.cyberdefenses.com DEFINING TTPS FROM INCIDENT DATA Monty St John, Director of Intelligence This analytics workshop walks students through on how to derive the use of tactics, procedures and techniques from telemetry and incident data. You will learn to: • Identify adversary tactics employed • Outline procedures and techniques from observations of data • Further separate and break down procedure/techniques into operations

$BRO is gaining a significant amount of buzz in the community, but for those interested it can be difficult to figure out where to start. Students will learn: • How $BRO differs from other open-source IDS projects like Snort and Suricata • The basic capabilities $BRO provides “out of the box” • How $BRO can be extended to fit in their environment • An introduction to the why and how of $BRO scripting The workshop will contain multiple labs where students will analyze and process packet captures using $BRO.

This workshop walks you through the analysis of a credential harvesting phishing email. You are then taken through a series of steps to analyze the phishing email and email header, you'll then learn how to analyze credential harvesting websites and the network traffic through the site and finally we'll hunt for phishing kits to learn more about the miscreants. Intro and Scenario Handout 1. Phishing Email and Header Analysis 2. Analyze Credential Harvesting Websites 3. Hunting for Phishing Kits

Interested in cyber competitions but don’t know where to start? Or have you tried one or two or ten and want more practice? In this hands-on-keys workshop we will explore different types of competitions, from capture-the-flag to offense/defense and everything in between. Participants will be provided with a virtualized environment that will be used to explore techniques associated with reconnaissance, scanning and enumeration, and exploitation. Also featured will be forensic challenges, hash-cracking, malware analysis, and crypto decoding. This guided workshop will help participants prepare to engage in cyber competitions by Marcelle Lee & Tyrone Wilson f(9:00 AM-12:30 PM). Students will be participate in a Beginners CTF challenge designed by HackEDin the afternoon session (1:30 PM - 4:00 PM). *This ticket gives you access to the con on Saturday too!