Hands-on Incident Response (4h)

Presented at BruCON 0x07 (2015), Oct. 9, 2015, 11 a.m. (300 minutes)

During this workshop attendees will get guidance and practical experience with handling a security incident. Our objective is to confront the students with a real-world scenario and provide them with questions that they need to solve but also with guidance on how to solve these questions. Virtual machines will be provided to each student so that they can practice on their own pace and take these home to continue after the workshop. Two instructors will assist the attendees and demonstrate a typical solution at the end of the workshop. The malware’s execution needs to be stopped within the 4 hour limit, else all files will have been encrypted and deleted from the workstation. During the workshop, attendees will be required to provide responses to management and work in teams of 2 people. Attendees laptop requirements: * x86-compatible or x64-compatible 2.0 GHz CPU minimum or higher * 4 GB RAM minimum with 8 GB or higher recommended * Ethernet adapter for wired network * 10 GB available hard-drive space * A working copy VMWare Workstation, Fusion or Player to run our virtual images * A functioning, non-intoxicated brain

Presenters:

  • Pieter Danhieux - Secure Code Warrior
    Pieter Danhieux is a certified instructor for the SANS Institute teaching military, government and private organizations offensive techniques on how to target and assess organizations, systems and individuals for security weaknesses. Pieter worked seven years at Ernst & Young as one of their information security experts before moving to Australia. Until January 2015, he has been working for a global defence contractor in the applied intelligence unit. Pieter currently designs and implements cyber security exercises together with a group of extremely talented people at Secure Code Warrior in Australia and is responsible for strategy and innovation at NVISO in Belgium.
  • Erik Van Buggenhout
    Erik is a co-founder of the Belgian cyber security company NVISO. At NVISO, Erik is responsible for the Cyber Resiliency service line, thereby coordinating the delivery of highly technical services such as penetration testing, digital forensics, incident response and malware analysis. For all of these engagements, Erik is supported by a team of highly skilled experts. Next to his activities at NVISO, Erik is also an Instructor for the SANS Institute where he teaches the SANS "SEC 560 - Network Penetration Testing and Ethical Hacking"​ and "SEC 542 - Web Application Penetration Testing"​. During these classes, Erik explains the technical concepts from the course, but also provides live demo's and shares insights he obtained during his professional activities.

Links:

Similar Presentations: