4-hour case study based online workshop
Many computer security incidents are related to the malware. Incident responders and investigators are often required not only to find the malware samples, but they also have to identify them and understand their purpose and abilities. Moreover, especially in enterprise and government environments, it is highly desired to go deeper, collect IOCs for Threat Hunting and Monitoring teams and find its origin and attribution. Malware analysis and research accelerated with Threat Intelligence can significantly speedup the incident response process.
During this unique Case study-based Malware Analysis Workshop, we cover all of the aforementioned phases. The Case study is based on the real incidents in an enterprise network with thousands of endpoints and hundreds of compromised machines. We will identify and analyze multiple samples captured in the wild, which were used by current Threat Actor group during these incidents in the first half of 2020. Moreover, we will go beyond the standard malware analysis and we will enrich our results with the Threat Intelligence and Research methods, so we will be able to find the deleted malware artifacts and reconstruct the original attack chain including the initial exploitation, local privilege exploit, two backdoors, main payload and multiple persistence techniques.
The participants should:
- be familiar with Windows OS
- have a little bit experience with X86 assembly *they should be able to read at least few basic instructions
- have a laptop with at least 8GB of RAM, 20 GB of free space on HDD/SSD and installed VirtualBox (64-bit edition)
- have an active unfiltered network connection
- should be able to download the LAB VMs in advance
- should be able to download few ZIP-archives with malicious
content into their VM
- for troubleshooting, participants should be prepared for share their screen (if
desired), thus it is highly recommended to hide sensitive stuff from their Desktop
- Malware and forensic analysts
- Security specialists
- Incident responders
- Software developers
- Enthusiasts with technical skills
Workshop will be taught in english.
Maximum number of participants: 20
Senior Security Consultant and Malware Analyst | LIFARS
Ladislav Baco is a Senior Security Consultant and Malware Analyst in LIFARS LLC, with more than 10 years of experiences in Computer Security, Computer Science and education. During his previous employments he worked for Government of EU Country as analyst in National and Governmental CSIRT Slovakia, with focus on Incident Response, Malware Analysis and Forensic Analysis. Later he also led CSIRT's Analytical Department and Department of Cyber Threat Analysis.
He also cooperated with multiple Universities in Slovakia on Cyber Security educational program for students and consulted their Bachelor and Diploma Theses.
Moreover, Ladislav participated in many of famous Cyber Security Exercises (such as Cyber Europe by Enisa or NATO Locked Shields and Cyber Coalition) and he has hands-on with real APT and targeted attacks, too.
Currently Ladislav is focused mainly on Incident Response, Threat Hunting, Cyber Threat Analysis and Malware Analysis, which includes also his own research of famous malware families as well as APT attacks and new approaches of Cyber Threat Remediation.