Null offensive hacking hands-on training.

Proposed sessions for this event:

  • Incident Response with YARA | A pattern matching swiss knife | Part 1 by D.M.Reddy
Note: The session details including schedule are available below.

Introduction
This hands-on session involves understanding the basics of yara rules using yara tool, also highlights the importance of yara rules to detect indicators of compromise (IoC) at the time of incident response. Yara tool identifies the malware patterns (using hexadecimal strings, text strings and regular expressions) in various files and processes to help classify them into various user defined malware families. The practical part of the session deals with writing up basic rules and extends to writing up advanced yara rules for various files, memory dumps and process dumps.

Agenda
- Intelligence driven Incident Response

- Cyber threat indicators
- Introduction to Yara ñ Pattern matching Swiss knife

- Setting up Yara platform
- Anatomy of Yara
- Writing basic yara rules
- Writing yara rules to scan malicious files ( PEs ) and processes

- Yara in Memory Forensics (Volatility )
- Yara modules ñ PE module at a glance.

Prerequisites
- Basic understanding of C and Python (regular expressions )
- Basic Knowledge of windows PE and processes
- Hands on using tools like strings, hexdump, PE tools and sysinternals.

- Exposure to memory forensics ( memdump, dlldump, handles, mutantscan, yarascan etc.)
- Willingness to learn new things.

Come with the following
- VMware Workstation 8 or above
- Download REMnux 6.0 at http://sourceforge.net/projects/remnux/files/version6/remnux-6.0-ova-public.ova/download

- Windows 7 VM with Yara. YARA available at https://goo.gl/PQjmsf (dependenices python 2.7 or above and Microsoft Visual C++ 2010 Redistributable Package)

Please fill out the form here http://goo.gl/forms/btrTGfSSsm required to filter out Humla attendees.

Date Saturday August 22 2015
Chapter Mumbai
Registrations 21
Max Registrations Unlimited
Event Type Invite Only
Start Time 11:00 AM
End Time 05:00 PM

Session Schedule

Name Speaker Start Time End Time Resources
Incident Response with YARA | A pattern matching swiss knife | Part 1 D.M.Reddy 11:00 AM 05:00 PM

Venue


This is an invite only event. If you are selected you will receive further information via e-mail.