Oct 13

Def Con 919 Presents – October Meeting – Forensic Intro

DFIR (Digital Forensic Incident Response)

Sunday, Oct 14, 2018, 3:00 PM

52 Ethical Hackers Went

Check out this Meetup →

ALL levels of experience, skill, and interest are welcome and encouraged to join us. You do not have to be a “hacker” to attend.

Class Summary:
Ever wondered what it is like being a security analyst? Here is your chance. DC919 will be hosting an exciting 4-hour class taught by @Mr_Forensics and @S3curityN. This class will arm students with the knowledge needed to identify malicious threats and characterize their behavior.

This class is open to anyone that would like to participate or observe. If planning to participate in the hands-on learning objectives, please ensure to follow the preparation instructions below. Phishing & malicious spam attacks continue to pose a significant risk in today’s cyber threat landscape. Using forensic and malware analysis fundamentals, this class is designed to teach students how to analyze malicious downloaders, phishing emails & malicious spam.

Upon successful class completion, students will be able to:
– Build analysis skills that leverage complex scenarios and improve comprehension.
– Demonstrate an understanding of forensic fundamentals used to analyze an email.
– Use open-source information to collect and analyze threat actor data; identify indicators of compromise, and demonstrate how to pivot on that information.
– Demonstrate how to analyze a malicious downloader; to include but not limited to debugging and deobfuscation.
– Participate in a hand to keyboard combat capstone. Students will be given a malicious sample and demonstrate how to analyze.

***Download & Class Preparation***
Download Instructions: Please read all instructions (Part 1 & Part 2) very carefully before starting

This class assumes the student to have prior knowledge of setting up a virtual machine. If you are new to working with virtual machines, the instructors strongly recommend that you first observe the class. If you observe during the course and wish to continue the exercises afterward, the classroom instructors will arrange a special one on one review; at the student’s request.

Part 1: Virtual Machine Downloads
– Goal: Download two virtual machines and prepare for class.
– Download Links: Only download one link that meets your preference. See Option#1 and Option#2 below.

If you plan to use VirtualBox during the class, please download and follow the PDF instruction: https://www.dropbox.com/s/w8rks0mlesn3pkn/Oracle%20VirtualBox%20Import%20Instructions.pdf?dl=0

If you plan to use Vmware Workstation during the class, please download and follow the PDF instruction:

Part 2: Account Registration and Classroom file download
– Goal: Download remaining classroom material needed for class and register for two accounts. See sections 1 through 3 below.

– Download & Registration Links:
1. Dropbox_Student_Download
Link: https://www.dropbox.com/sh/i09a6e589mubdbu/AABxNzJR8QJosMpkk0Mny3Eca?dl=0

2. Register for a free VirusTotal Account.
Link: https://www.virustotal.com/gui/join-us

3. Register for free Risk IQ Account.
Link: https://community.riskiq.com/registration

**********File Hash Reference **********
The following are sha256 file hashes for all virtual machines:

Name: DFIRADA_REMnux.7z
Hash: 13B7773DC68745AE07FA6225DB3FA91D7CF3660A29E00C5AEE6F665E0AF8B8D8

Name: DFIRADA_REMnux.ova

Name: DFIRADA_Windows.7z

Name: DFIRADA_Windows.ova

Name: DFIRADA_REMnux_VB.7z

Name: DFIRADA_REMnux_VirtualBox.ova

Name: DFIRADA_Windows_VB.7z

Name: DFIRADA_Windows_VirtualBox.ova

Sunday, October 13, 2 PM

• 2 PM Forensic Introduction
• 6 PM Open Discussion at Raleigh Times Bar