March 8 2020 – DFIR ADA

/in /by

Def Con 919 Presents – March Meeting – Digital Forensics Incident Response Against the Dark Arts

DefCon919

Morrisville, NC
790 Ethical Hackers

DEF CON Group (DCG) for the RTP/RDU/Raleigh/Durham/Chapel Hill area of North Carolina.  You’ll get the most out of being a member if you are able to attend in person meetings….

Check out this Meetup Group →


ALL levels of experience, skill, and interest are welcome and encouraged to join us. You do not have to be a “hacker” to attend.

Class Summary:
Ever wondered what it is like being a security analyst? Here is your chance. DC919 will be hosting an exciting 4-hour class taught by @Mr_Forensics and @S3curityN. This class will arm students with the knowledge needed to identify malicious threats and characterize their behavior.

This class is open to anyone that would like to participate or observe. If planning to participate in the hands-on learning objectives, please ensure to follow the preparation instructions below. Phishing and malicious spam attacks continue to pose a significant risk in today’s cyber threat landscape. Using forensic and malware analysis fundamentals, this class is designed to teach students how to analyze malicious downloaders, phishing emails & malicious spam.

For returning students, we will have updated content and malware samples; to include a new capstone.

Upon successful class completion, students will be able to:
– Build analysis skills that leverage complex scenarios and improve comprehension.
– Demonstrate an understanding of forensic fundamentals used to analyze an email.
– Use open-source information to collect and analyze threat actor data; identify indicators of compromise, and demonstrate how to pivot on that information.
– Demonstrate how to analyze a malicious downloader; to include but not limited to debugging and deobfuscation.
– Participate in a hand to keyboard combat capstone. Students will be given a malicious sample and demonstrate how to analyze.

Student Instructions:

Student Download Link: bit.ly/DC919

1. Students will be required to download two virtual machines. In regards to the downloaded virtual machines, these should be imported into your virtual machine software and ready before the start of class.

2. If any additional technical support is needed, the instructors will make themselves available online; via email to mregister@dfirada.com.

When:
Sunday, March 8, 1:45 PM

Agenda:
• 2 PM Forensic Introduction
• 6 PM Open Discussion at Raleigh Times Bar

April 19 – Lightning Talks

/in /by
Read more
DC919-CTF

January 10 2020 – CTF Meeting

/in /by
Read more

February 9 – HoneyDB

/in /by
Read more
DC919-CTF

November 10 – Capture The Flag

/in /by
Read more

Oct 13

/in /by

Def Con 919 Presents – October Meeting – Forensic Intro

DFIR (Digital Forensic Incident Response)

Sunday, Oct 14, 2018, 3:00 PM

52 Ethical Hackers Went

Check out this Meetup →


ALL levels of experience, skill, and interest are welcome and encouraged to join us. You do not have to be a “hacker” to attend.

Class Summary:
Ever wondered what it is like being a security analyst? Here is your chance. DC919 will be hosting an exciting 4-hour class taught by @Mr_Forensics and @S3curityN. This class will arm students with the knowledge needed to identify malicious threats and characterize their behavior.

This class is open to anyone that would like to participate or observe. If planning to participate in the hands-on learning objectives, please ensure to follow the preparation instructions below. Phishing & malicious spam attacks continue to pose a significant risk in today’s cyber threat landscape. Using forensic and malware analysis fundamentals, this class is designed to teach students how to analyze malicious downloaders, phishing emails & malicious spam.

Upon successful class completion, students will be able to:
– Build analysis skills that leverage complex scenarios and improve comprehension.
– Demonstrate an understanding of forensic fundamentals used to analyze an email.
– Use open-source information to collect and analyze threat actor data; identify indicators of compromise, and demonstrate how to pivot on that information.
– Demonstrate how to analyze a malicious downloader; to include but not limited to debugging and deobfuscation.
– Participate in a hand to keyboard combat capstone. Students will be given a malicious sample and demonstrate how to analyze.

***Download & Class Preparation***
Download Instructions: Please read all instructions (Part 1 & Part 2) very carefully before starting

This class assumes the student to have prior knowledge of setting up a virtual machine. If you are new to working with virtual machines, the instructors strongly recommend that you first observe the class. If you observe during the course and wish to continue the exercises afterward, the classroom instructors will arrange a special one on one review; at the student’s request.

Part 1: Virtual Machine Downloads
– Goal: Download two virtual machines and prepare for class.
– Download Links: Only download one link that meets your preference. See Option#1 and Option#2 below.

Option#1
If you plan to use VirtualBox during the class, please download and follow the PDF instruction: https://www.dropbox.com/s/w8rks0mlesn3pkn/Oracle%20VirtualBox%20Import%20Instructions.pdf?dl=0

Option#2
If you plan to use Vmware Workstation during the class, please download and follow the PDF instruction:
https://www.dropbox.com/s/mfrwm9f0o5l8kvx/VMWare%20Workstation%20Instructions.pdf?dl=0

Part 2: Account Registration and Classroom file download
– Goal: Download remaining classroom material needed for class and register for two accounts. See sections 1 through 3 below.

– Download & Registration Links:
1. Dropbox_Student_Download
Link: https://www.dropbox.com/sh/i09a6e589mubdbu/AABxNzJR8QJosMpkk0Mny3Eca?dl=0

2. Register for a free VirusTotal Account.
Link: https://www.virustotal.com/gui/join-us

3. Register for free Risk IQ Account.
Link: https://community.riskiq.com/registration

**********File Hash Reference **********
The following are sha256 file hashes for all virtual machines:

Name: DFIRADA_REMnux.7z
Hash: 13B7773DC68745AE07FA6225DB3FA91D7CF3660A29E00C5AEE6F665E0AF8B8D8

Name: DFIRADA_REMnux.ova
Hash:2323ADA60AFF1097F72E97B53E36F11939D3CF77C5CFBB7FAE1054AC4597AA0A

Name: DFIRADA_Windows.7z
Hash:9E2631697A59F07C6CDD704EF8FCADDFBC496069352C38C5B68294DFF5B1D21C

Name: DFIRADA_Windows.ova
Hash:
B325CC69A67E17D0F3440ECB9F938BD82EC626DA0AD79DDA01EC1F497837BF63

Name: DFIRADA_REMnux_VB.7z
Hash:D5AEE9747F89416F591B83CFF36EE3749832D63EC895B4604A75D4D0BB767E59

Name: DFIRADA_REMnux_VirtualBox.ova
Hash:475F737BA0CD45316AFDB9D86E2E0F1CDD9ACAEEBB6EA8DE25BA3680F4E95FBB

Name: DFIRADA_Windows_VB.7z
Hash:DB7C2B53C6D4D8BCBFFCD9F2C5CEDE1A9D3A9DE3460E7D87E26BCCCC40D85891

Name: DFIRADA_Windows_VirtualBox.ova
Hash:BBC8DD06F2041D80AD7FA49308FA23785BEF54C9D208D873991BE33D55D1F31B

When:
Sunday, October 13, 2 PM

Agenda:
• 2 PM Forensic Introduction
• 6 PM Open Discussion at Raleigh Times Bar

Sept 8 2019 – Industrial Control Systems

/in /by

Def Con 919 Presents – (ICS) Industrial Control Systems

ICS – Industrial Control Systems

Sunday, Sep 8, 2019, 4:00 PM

5 Ethical Hackers Attending

Check out this Meetup →

When:
Sunday, September 8, 4 PM

Agenda:

– Intro to ICS and how/where it’s used and why it it’s important.
– How interconnectivity between these devices to could-based analytics & mgmt tools is the next step.
– How organizations are fking this up.
– How to not fk it up.

 

• 4 PM Intro to ICS – Industrial Controls Systems
• 6 PM Open Discussion at Raleigh Times

Where:  150 Fayetteville St #1400, Raleigh, NC 27601

We’re on the 4th floor.

DC919-CTF

Sept 13 2019 – CTF Meeting

/in /by
Read more