MALWARE discovery and basic analysis by Michael Gough

REGISTER NOW ($1450)

COURSE DESCRIPTION:

Malware Discovery is an essential skill for today’s InfoSec and IT professionals. Many malware courses start you off with an infected system and how to deep analyze or even reverse engineer the malware. This course focuses on how to discover if a system has malware and then how to do basic malware analysis and build a simple lab to do testing in.

The goal being speed so you can get back to other tasks. We will look at what tools you need, the techniques and steps to analyze malware so you can determine if a system is clean or truly infected. This course is intended for everyday commodity malware that you might get in email or surfing, to advanced malware in a targeted attack. The focus will be on Windows systems; but will touch on some tools for Apple and Linux systems as well. 

Introduction to Incident Response

  • Malware Analysis Data Labs
  • Building a Malware Analysis environment
  • The Windows Logging Cheat Sheet(s) – What to set
  • Malware Analysis Tools
  • Command Line Logging and Network connections – Real intelligence
  • Automated Analysis & Lab
  • Basic Malware Analysis & Lab
  • Logging for Malware
  • Questions and Discussion
REQUIREMENTS
- Barebones system is recommended with re-imaging after the course OR
- Laptop running a Virtual Machine (VirtualBox, VMWare, ESXi, Parallels, etc.) a. Windows 7, 8 or 10
- Microsoft Office, PDF Reader (FoxIt), Notepad++ & 7Zip
- A list of tools will be provided on USB Card on the day of the training
- PowerShell 5.0 and .NET 4.5 or greater
- Malware samples and tools will be provided

ENTERPRISE PENETRATION
TESTING METHODS BY ROD SOTO

REGISTER NOW ($1450)

COURSE DESCRIPTION:

During this comprehensive course, tools and methodologies that are used during penetration tests in enterprise network environments will be detailed. The course will utilize a lab environment for a hands-on instruction of manual penetration testing methods, in addition to, training for use of exploitation frameworks, such as Metasploit. Focus will be geared towards methodology, processes, vectors, tools, and techniques used for exploitation (Infrastructure, Network. Web, Mobile).

By the end of the course, the student will have an in-depth understanding of the underlying principals of network exploitation and will have gained experience in the successful execution of attacks.

Minimum Course Requirements: Bring a Laptop with: 4 GB of RAM at Minimum and Quad-Core Processor at Minimum Ability to Run Virtual Machines Understanding of Basic Networking Concepts Basic Linux Comprehension.

TARGET AUDIENCE:

This seminar is geared towards those seeking to enter the information security industry while also enriching those who seek to develop the skills and experience necessary to succeed as a penetration tester (for fun and for profit).

INSTRUCTOR BIO:

Rod Soto has over 15 years of experience in information technology and security.  He has spoken at ISSA, ISC2, OWASP, BlackHat, DEFCON, Hackmiami, Bsides and also been featured in Rolling Stone Magazine, Pentest Magazine, Univision and CNN. Rod Soto was the winner of the 2012 BlackHat Las vegas CTF competition and is the founder and lead developer of the Kommand && KonTroll competitive hacking Tournament series.

Seminar Requirements

  • Laptop With at Least 4GB of RAM and at Minimum a Quad-Core Processor
  • Ability to Run Virtual Machines
  • Understanding of Basic Networking Concepts
  • Basic Linux Comprehension

Course Description

During this comprehensive course, tools and methodologies that are used during penetration tests in enterprise network environments will be detailed. The course will utilize a lab environment for a hands-on instruction of manual penetration testing methods, in addition to, training for use of exploitation frameworks, such as Metasploit. Focus will be geared towards methodology, processes, vectors, tools, and techniques used for exploitation (Infrastructure, Network. Web, Mobile).

By the end of the course, the student will have an in-depth understanding of the underlying principals of network exploitation and will have gained experience in the successful execution of attacks.

Minimum Course Requirements: Bring a Laptop with: 4 GB of RAM at Minimum and Quad-Core Processor at Minimum Ability to Run Virtual Machines Understanding of Basic Networking Concepts Basic Linux Comprehension.

SECURITY Analysis OF IOT
AND EMBEDDED SYSTEMS BY
MICHAEL SCHLOH VON BENNEWITZ

REGISTER NOW ($1450)

COURSE DESCRIPTION:

Examining IP (Ethernet), Serial (CAN, I2C, SPI, TIA/EIA), and RF (Bluetooth) communication, this full day workshop teaches IoT relevant security from a developer perspective. We build and penetrate embedded systems, considering reverse engineering and concluding with discussion. Rather than treating legacy APTs with Metasploit or IP tools, we extend our reach to include microcontroller MCUs with no TCP/IP stack or user login:

Public Grid                    Controller Area Network (CAN)
Water Pumps                Consumer Vehicles (Automotive)
Street Lights                  Industrial Aerospace and Robotics
Healthcare                    Surveillance
Prosthetics                    Baby Phones (M2M Comm)
RF Exposed Data          Webcams (Mirai Botnet!)
Industrial Monitors         Building Automation (Locks)
Heartbeat Sensors         Smart Homes (Detection* and Relays)
Pacemaker Analysis       *Turn light emitters into detectors

FREE DEVICES:

You get to keep and take home hardware including:

ARM Cortex (NXP) MCU
Atmel 328P based MCU
IoT Empire 802.3 Tap

INVENTORY:

We'll hack with devices on loan for the workshop duration:

Ubertooth One
Arduino Wi Fi
Tessel2                     Estimote beacon
RaspberryPi              CC2650 SensorTag
Beaglebone               Assorted shields
Minnowboard             Blesh beacon
nRF51-BTLE              Voltera One
FRDM-KL25Z             SmartScope
FRDM-K64F               Yubikey

INSTRUCTOR BIO:

Michael Schloh von Bennewitz is a computer scientist specializing in network engineering, embedded design, and mobile platform development. He speaks four languages fluently and presents at research events every year, and has presented for groups including Black Hat, CCC, Cable & Wireless, Mobile World Congress, Linux Foundation, Nokia, Ubuntu, Droidcon, and FOSDEM.

Michael's IoT knowledge profits from years of work at telecoms and relationships with industry leaders. He is a Intel innovator, Samsung partner, and Mozilla contributor with the mandate to promote IoT technology.

QUESTIONS?

Please direct questions about this workshop's unique build and destroy approach, communication technologies, or hardware availability to the instructor.

iotempire@encambio.com

Seminar Requirements

  • Please bring a computer (any OS) with two free USB ports.
  • Optionally bring a smartphone with a modern Bluetooth stack.
  • Topics and pace benefit experienced and novice hackers alike

Course Description

Examining IP (Ethernet), Serial (CAN, I2C, SPI, TIA/EIA), and RF (Bluetooth) communication, this full day workshop teaches invasive security from a developer perspective. We build and penetrate embedded systems, concluding with reverse engineering, penetration testing, or constructive discussion. Rather than treating legacy APTs with Metasploit or Nmap, we extend our reach to include microcontroller MCUs with no TCP/IP stack or user kernel:

Public Grid                    Controller Area Network (CAN)
Water Pumps                Consumer Vehicles (Automotive)
Street Lights                  Industrial Aerospace and Robotics
Healthcare                    Surveillance
Prosthetics                    Baby Phones (M2M Comm)
RF Exposed Data          Webcams (Mirai Botnet!)
Industrial Monitors         Building Automation (Locks)
Heartbeat Sensors         Smart Homes (Detection* and Relays)
Pacemaker Analysis       *Turn light emitters into detectors



Malware training analysis - bY ROBERT SIMMONS

REGISTER NOW ($1450)

COURSE DESCRIPTION:

The landscape of open source malware analysis tools improves every day. A malware analysis lab can be thought of as a set of entry points into a tool chain. The main entry points are a file, a URL, a network traffic capture, and a memory image. This talk is an examination of the major open source tools that satisfy the analysis requirements for each of these entry points. Each tool’s output can potentially feed into another tool for further analysis. The linking of one tool to the next in a tool chain allows one to build a comprehensive automated malware analysis lab using open source software.

For file analysis, the three major versions of Cuckoo Sandbox will be examined. To analyze a potentially malicious URL, the low-interaction honeyclient, Thug, will be covered. Next, if one has a network capture (PCAP) to analyze, the Bro Network Security Monitor is a great option, and will be covered. Finally, if the analysis target is a memory image, the Volatility Framework will be examined. Each of the inputs and outputs of the tools will be reviewed to expose ways that they can be chained together for the purpose of automation. For each tool covered, the class will login to live instances of each and learn the basics of malware analysis using each one.

TARGET AUDIENCE:

This seminar is geared towards those seeking to understand open source malware analysis tools.

INSTRUCTOR BIO:

Robert Simmons is Director of Research Innovation at ThreatConnect, Inc. With an expertise in building automated malware analysis systems based on open source tools, he has been tracking malware and phishing attacks and picking them apart for years. Robert has spoken on malware analysis at many of the top security conferences including DEFCON, HOPE, and DerbyCon among others. Robert, also known as Utkonos, has a background in biology, linguistics, and Russian area studies. He has lived extensively in Russia and Ukraine and has been known to swear profusely and constantly in Russian.

Seminar Requirements

Equipment needed: Bring a laptop with the current version of Chrome installed and a tested and working network connection (provide your own internet, please - only rely on the conference network if absolutely needed). Everything is remote and connected to via web browser - no malware will be worked on your equipment.

Attendee requirements: Basic to Intermediate python programming knowledge