Oct 13
Def Con 919 Presents – October Meeting – Forensic Intro
—
ALL levels of experience, skill, and interest are welcome and encouraged to join us. You do not have to be a “hacker” to attend.
Class Summary:
Ever wondered what it is like being a security analyst? Here is your chance. DC919 will be hosting an exciting 4-hour class taught by @Mr_Forensics and @S3curityN. This class will arm students with the knowledge needed to identify malicious threats and characterize their behavior.
This class is open to anyone that would like to participate or observe. If planning to participate in the hands-on learning objectives, please ensure to follow the preparation instructions below. Phishing & malicious spam attacks continue to pose a significant risk in today’s cyber threat landscape. Using forensic and malware analysis fundamentals, this class is designed to teach students how to analyze malicious downloaders, phishing emails & malicious spam.
Upon successful class completion, students will be able to:
– Build analysis skills that leverage complex scenarios and improve comprehension.
– Demonstrate an understanding of forensic fundamentals used to analyze an email.
– Use open-source information to collect and analyze threat actor data; identify indicators of compromise, and demonstrate how to pivot on that information.
– Demonstrate how to analyze a malicious downloader; to include but not limited to debugging and deobfuscation.
– Participate in a hand to keyboard combat capstone. Students will be given a malicious sample and demonstrate how to analyze.
***Download & Class Preparation***
Download Instructions: Please read all instructions (Part 1 & Part 2) very carefully before starting
This class assumes the student to have prior knowledge of setting up a virtual machine. If you are new to working with virtual machines, the instructors strongly recommend that you first observe the class. If you observe during the course and wish to continue the exercises afterward, the classroom instructors will arrange a special one on one review; at the student’s request.
Part 1: Virtual Machine Downloads
– Goal: Download two virtual machines and prepare for class.
– Download Links: Only download one link that meets your preference. See Option#1 and Option#2 below.
Option#1
If you plan to use VirtualBox during the class, please download and follow the PDF instruction: https://www.dropbox.com/s/w8rks0mlesn3pkn/Oracle%20VirtualBox%20Import%20Instructions.pdf?dl=0
Option#2
If you plan to use Vmware Workstation during the class, please download and follow the PDF instruction:
https://www.dropbox.com/s/mfrwm9f0o5l8kvx/VMWare%20Workstation%20Instructions.pdf?dl=0
Part 2: Account Registration and Classroom file download
– Goal: Download remaining classroom material needed for class and register for two accounts. See sections 1 through 3 below.
– Download & Registration Links:
1. Dropbox_Student_Download
Link: https://www.dropbox.com/sh/i09a6e589mubdbu/AABxNzJR8QJosMpkk0Mny3Eca?dl=0
2. Register for a free VirusTotal Account.
Link: https://www.virustotal.com/gui/join-us
3. Register for free Risk IQ Account.
Link: https://community.riskiq.com/registration
**********File Hash Reference **********
The following are sha256 file hashes for all virtual machines:
Name: DFIRADA_REMnux.7z
Hash: 13B7773DC68745AE07FA6225DB3FA91D7CF3660A29E00C5AEE6F665E0AF8B8D8
Name: DFIRADA_REMnux.ova
Hash:2323ADA60AFF1097F72E97B53E36F11939D3CF77C5CFBB7FAE1054AC4597AA0A
Name: DFIRADA_Windows.7z
Hash:9E2631697A59F07C6CDD704EF8FCADDFBC496069352C38C5B68294DFF5B1D21C
Name: DFIRADA_Windows.ova
Hash:
B325CC69A67E17D0F3440ECB9F938BD82EC626DA0AD79DDA01EC1F497837BF63
Name: DFIRADA_REMnux_VB.7z
Hash:D5AEE9747F89416F591B83CFF36EE3749832D63EC895B4604A75D4D0BB767E59
Name: DFIRADA_REMnux_VirtualBox.ova
Hash:475F737BA0CD45316AFDB9D86E2E0F1CDD9ACAEEBB6EA8DE25BA3680F4E95FBB
Name: DFIRADA_Windows_VB.7z
Hash:DB7C2B53C6D4D8BCBFFCD9F2C5CEDE1A9D3A9DE3460E7D87E26BCCCC40D85891
Name: DFIRADA_Windows_VirtualBox.ova
Hash:BBC8DD06F2041D80AD7FA49308FA23785BEF54C9D208D873991BE33D55D1F31B
When:
Sunday, October 13, 2 PM
Agenda:
• 2 PM Forensic Introduction
• 6 PM Open Discussion at Raleigh Times Bar
Sept 8 2019 – Industrial Control Systems
Def Con 919 Presents – (ICS) Industrial Control Systems
—
When:
Sunday, September 8, 4 PM
Agenda:
– Intro to ICS and how/where it’s used and why it it’s important.
– How interconnectivity between these devices to could-based analytics & mgmt tools is the next step.
– How organizations are fking this up.
– How to not fk it up.
• 4 PM Intro to ICS – Industrial Controls Systems
• 6 PM Open Discussion at Raleigh Times
Where: 150 Fayetteville St #1400, Raleigh, NC 27601
We’re on the 4th floor.
October 18 – BSides RDU
—
Def Con 919 will be community sponsoring this event, but it’s not an official Def Con 919 event, be sure to register and buy your ticket when they become available.
More details at:
https://bsidesrdu.org/
Security BSides is a community-driven framework for building events for and by cyber security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of space and time. It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening.
Security is top of mind across the entire sphere of IT and the world beyond. Therefore, more people and organizations are interested in the next new thing in security. BSides is the place where these people come to collaborate, learn and share.
With many tech-companies, colleges and universities in Raleigh, Durham, Chapel Hill and surrounding areas, it is also an international center of innovation in the security industry.
When:
Friday, October 18
Where:
Aug 9 2019 – CTF Meeting
To All the Hackers of DC919:
https://www.meetup.com/DefCon919/events/262061475/
Hope this finds you well! Are you trying to up your game for CTF challenge? Can we help?
Knowing the enemy or preparing to pen-test, the hacking challenges represent real-world puzzles every day.
To help with this, DC919 will be hosting a conference call hack session on the 2nd Friday of this month, August 9th from 7-11. Here we hope to hack common vulnerable images, on our own machines.
Each month we’ll announce a new image that will be our target. Prepare by installing VMWare, VBox, or Whatever, download the image and making sure you can ping it before we get started. Loop into Slack if you need help with this.
All skill levels are welcome, but this is a peer-learning event without a leader. Newbs will want to partner with someone experienced. Everyone will work at their own pace and discuss the challenge in Real Time on the call.
Thanks for reading, and considering!
This month we’ll be working on:
