Presented at
DEF CON 30 (2022),
Aug. 12, 2022, 9 a.m.
(240 minutes)
Ever wondered what it is like being a cybersecurity or incident response analyst? Are you new to investigation or want to take your analysis to the next level? If you answered yes, here is your chance to experience an exciting 4-hour class taught by mR_F0r3n51c5 and S3curityNerd. In today's threat landscape, malware continues to be used by all various types of threat actors. This class teaches students how to investigate a compromised Windows system using forensic and malware analysis fundamentals.
Upon successful class completion, students will be able to:
- Build analysis skills that leverage complex scenarios and improve comprehension.
- Practically acquire data in a forensically sound manner.
- Identify common areas of malware persistence.
- Gather evidence and create a timeline to characterize how the system was compromised.
- Participate in a hand to keyboard combat capstone. Students are given an image of a compromised Windows system and demonstrate how to analyze it.
Materials:
Students will be required to download a virtual machine (OVA file). Students will be given a URL for download access.
Regarding the downloaded virtual machine, this will be imported into your virtual machine software and ready before the start of class. If any additional technical support is needed, the instructors will make themselves available online.
Students must have a laptop that meets the following requirements:
A 64 bit CPU running at 2GHz or more. The students will be running a virtual machine on their host laptop.
Have the ability to update BIOS settings. Specifically, enable virtualization technology such as "Intel-VT."
The student must be able to access their system's BIOS if it is password protected. This is in case of changes being necessary.
8 GB (Gigabytes) of RAM or higher
At least one open and working USB Type-A port
50 Gigabytes of free hard drive space, allowing you the ability to host the VMs we distribute
Students must have Local Administrator Access on their system.
Wireless 802.11 Capability
A host operating system that is running Windows 10+, Linux, or macOS 10.4 or later.
Virtualization software is required. The supplied VM has been built for out-of-the-box comparability with VMWare Workstation or Player. Students may use other software if they choose, but they may have to troubleshoot unpredictable issues.
At a minimum, the following VM features will be needed:
NATted networking from VM to Internet
Copy Paste of text and files between the Host machine and VM
Prereq:
Although no prerequisites are required, experience with using virtual machines will be helpful.
Presenters:
-
Michael Solomon
- Threat Hunter
Michael Solomon (mR_F0r3n51c5) is a Threat Hunter for a large managed security service provider. He has 12 years of experience conducting Cyber Operations, Digital Forensics & Incident Response (DFIR), and Threat Hunting. He is very passionate about helping grow and inspire cybersecurity analysts for a better tomorrow.
-
Michael Register
- Threat Hunter
Michaeal Register (S3curityNerd) has 6 years of combined experience across IT, Networking, and Cybersecurity. S3curityNerd joined the cybersecurity space in 2017 and has worked in multiple roles, including his current one as a Threat Hunter. He enjoys both learning new things and sharing new things with others.
Similar Presentations: