NoNameCon

Attention! The workshop is provided in English only. To take part you have to register and be accepted by the speaker(s). Registration form: https://goo.gl/forms/cgOVit362uam6xaM2

In February 2018 Cisco released details of a 6-month investigation into the use of phishing in Bitcoin wallet thefts and malware campaigns. The investigation, named COINHOARDER, provided insights into these new methods by utilizing whois data and domain registration patterns.

Using live access to Cisco’s OpenDNS threat intelligence interface, this workshop will provide an overview of the investigation. Then attendees will apply similar tools and hunting patterns to find new attacker constructions.

Prerequisites and tools needed:
1.     Basic knowledge of DNS, HTTP, and HTTPS.
2.     A laptop with Python installed.
3.     Attendees will receive a temporary OpenDNS API key for threat hunting during the class.

Attention! To take part in the workshop you have to register first! Registration: https://goo.gl/forms/VoaXdmL450Usj5QR2.
To download VM for the workshop: https://nnc.underdefense.com/HAYSTACK.zip

Penetration testers as well as criminals are really good in breaking legacy and vulnerable IT components, apps, getting a reverse shell on the server and think that they won a battle. But, often they stuck and in many cases are easily detected and blocked, because of lack skill-set and knowledge about latest protection techniques and tools. Not always, but often. And often the reason of successful defense is the right combination of people skills, response processes, and simple tools. So we want to help you practice in modern Incident detection and Response.

During this workshop we allows our students to hack organization with a common architecture, infect hosts with ransomware and run few exploits to get privileged access, establish persistence and clean-up to cover our tracks.
Then we will let them hunt down for logs collected to SIEM. You will feel how it is to be a SOC Analyst, utilizing Splunk as SIEM tool, it's best tips and tricks, using open-source and commercial defense arsenal and trying to meet 30 min initial incident detection and response SLA. Also during next exercises, we will practice automation for Adaptive response and divide on red and blue team play more games to polish both - offense and defense techniques & tactics.