Def Con 919 Presents – October Meeting – Forensic Intro
DFIR (Digital Forensic Incident Response)
Sunday, Oct 14, 2018, 3:00 PM
52 Ethical Hackers Went
ALL levels of experience, skill, and interest are welcome and encouraged to join us. You do not have to be a “hacker” to attend.
Ever wondered what it is like being a security analyst? Here is your chance. DC919 will be hosting an exciting 4-hour class taught by @Mr_Forensics and @S3curityN. This class will arm students with the knowledge needed to identify malicious threats and characterize their behavior.
This class is open to anyone that would like to participate or observe. If planning to participate in the hands-on learning objectives, please ensure to follow the preparation instructions below. Phishing & malicious spam attacks continue to pose a significant risk in today’s cyber threat landscape. Using forensic and malware analysis fundamentals, this class is designed to teach students how to analyze malicious downloaders, phishing emails & malicious spam.
Upon successful class completion, students will be able to:
– Build analysis skills that leverage complex scenarios and improve comprehension.
– Demonstrate an understanding of forensic fundamentals used to analyze an email.
– Use open-source information to collect and analyze threat actor data; identify indicators of compromise, and demonstrate how to pivot on that information.
– Demonstrate how to analyze a malicious downloader; to include but not limited to debugging and deobfuscation.
– Participate in a hand to keyboard combat capstone. Students will be given a malicious sample and demonstrate how to analyze.
***Download & Class Preparation***
Download Instructions: Please read all instructions (Part 1 & Part 2) very carefully before starting
This class assumes the student to have prior knowledge of setting up a virtual machine. If you are new to working with virtual machines, the instructors strongly recommend that you first observe the class. If you observe during the course and wish to continue the exercises afterward, the classroom instructors will arrange a special one on one review; at the student’s request.
Part 1: Virtual Machine Downloads
– Goal: Download two virtual machines and prepare for class.
– Download Links: Only download one link that meets your preference. See Option#1 and Option#2 below.
If you plan to use VirtualBox during the class, please download and follow the PDF instruction: https://www.dropbox.com/s/w8rks0mlesn3pkn/Oracle%20VirtualBox%20Import%20Instructions.pdf?dl=0
If you plan to use Vmware Workstation during the class, please download and follow the PDF instruction:
Part 2: Account Registration and Classroom file download
– Goal: Download remaining classroom material needed for class and register for two accounts. See sections 1 through 3 below.
– Download & Registration Links:
2. Register for a free VirusTotal Account.
3. Register for free Risk IQ Account.
**********File Hash Reference **********
The following are sha256 file hashes for all virtual machines:
Sunday, October 13, 2 PM
• 2 PM Forensic Introduction
• 6 PM Open Discussion at Raleigh Times Bar
Def Con 919 Presents – (ICS) Industrial Control Systems
ICS – Industrial Control Systems
Sunday, Sep 8, 2019, 4:00 PM5 Ethical Hackers Attending
Sunday, September 8, 4 PM
– Intro to ICS and how/where it’s used and why it it’s important.
– How interconnectivity between these devices to could-based analytics & mgmt tools is the next step.
– How organizations are fking this up.
– How to not fk it up.
• 4 PM Intro to ICS – Industrial Controls Systems
• 6 PM Open Discussion at Raleigh Times
Where: 150 Fayetteville St #1400, Raleigh, NC 27601
We’re on the 4th floor.
Friday, Oct 18, 2019, 9:00 AM
9 Ethical Hackers Attending
Def Con 919 will be community sponsoring this event, but it’s not an official Def Con 919 event, be sure to register and buy your ticket when they become available.
More details at:
Security BSides is a community-driven framework for building events for and by cyber security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of space and time. It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening.
Security is top of mind across the entire sphere of IT and the world beyond. Therefore, more people and organizations are interested in the next new thing in security. BSides is the place where these people come to collaborate, learn and share.
With many tech-companies, colleges and universities in Raleigh, Durham, Chapel Hill and surrounding areas, it is also an international center of innovation in the security industry.
Friday, October 18
To All the Hackers of DC919:
Hope this finds you well! Are you trying to up your game for CTF challenge? Can we help?
Knowing the enemy or preparing to pen-test, the hacking challenges represent real-world puzzles every day.
To help with this, DC919 will be hosting a conference call hack session on the 2nd Friday of this month, August 9th from 7-11. Here we hope to hack common vulnerable images, on our own machines.
Each month we’ll announce a new image that will be our target. Prepare by installing VMWare, VBox, or Whatever, download the image and making sure you can ping it before we get started. Loop into Slack if you need help with this.
All skill levels are welcome, but this is a peer-learning event without a leader. Newbs will want to partner with someone experienced. Everyone will work at their own pace and discuss the challenge in Real Time on the call.
Thanks for reading, and considering!
This month we’ll be working on: