Threat investigation – A drama in four acts
2-3 December 2020
Cyber attacks are often talked about, what we hear and what we see are damages and the loss of data. The fact of the matter remains that no one really breaks down the attack and narrate “How it happened”.
This bootcamp aims to solve 4 real cyber attacks. The evidences of cyber attacks will be time line of events, malware file evidence, log evidence, string or pattern evidences in the internet, behavioural evidence of malwares and evidences which network packet captures.
The goal of the participants will be to use tools, mind and instincts to solve these crimes. Participants will perform threat hunting, fit hunted threats into MITRE framework, dissect a real malicious pcap to look for patterns, perform basic malware analysis on real malware and finally would be doing memory forensics on an advance malware that evades the traditional analysis methods.
Workshop is part of QuBit Conference Belgrade 2020.
Shyam Sundar Ramaswami is a two time TEDx speaker, Black Hat speaker, GREM certified malware analyst, Cisco Security Ninja black belt and teaches cyber security using “Batman” & ” Avengers” characters. Shyam leads the Threat research group for Umbrella Asia Pacific and is a threat researcher in Cisco. Shyam has delivered talks in several conferences and universities like Black Hat (Las Vegas), Stanford University (Cyber Security Program), Qubit Forensics (Serbia), Nullcon 2020 (Goa), Cisco Live (Barcelona), IRespond (San Francisco), Defcon Packet Village (remote) and in several IEEE forums in India.
Shyam has also taught classes on “Advanced malware attack and defences” in Stanford University Cyber security program and runs a mentoring program called being robin where he mentors students all over the globe on cyber security.