Null offensive hacking hands-on training.

Proposed sessions for this event:

  • Incident Response with YARA - Part 2 by D.M.Reddy
  • Incident Response with YARA - Part 2 Continued by D.M.Reddy
Note: The session details including schedule are available below.

Incident Response with YARA {A pattern matching swiss knife } Part 2

This is a complete hands on session on volatility (open source memory forensics framework) and yara {A pattern matching swiss knife} to detect Indicators of compromise (IoC) a.k.a cyber threat indicators. Yara tool identifies the malware patterns (using hexadecimal strings, text strings and regular expressions) in various files and processes to help classify them into various user defined malware families. The practical part deals with memory dump analysis using volatility to levarge yara to write up advanced yara rules for various files, memory dumps and process dumps.

Agenda:
* Incident Response
* Cyber threat Indicators (IOC)
* Introduction to Yara – Pattern matching Swiss knife
* Writing yara rules to scan malicious files ( PEs ) and processes
* Yara in Memory Forensics (Volatility )

* Loki - Simple IOC Scanner

Prerequisites:
* Basic understanding of C and Python (regular expressions )
* Basic Knowledge of windows PE and processes
* Hands on using tools like strings, hexdump, PE tools and sysinternals.
* Exposure to memory forensics ( memdump, dlldump, handles, mutantscan, yarascan etc.)
* Willingness to learn new things.

Come with the following:
* VMware Workstation 8 or above
*Download REMnux 6.0 at http://sourceforge.net/projects/remnux/files/version6/remnux-6.0-ova-public.ova/download
* Windows 7 VM with Yara. YARA available at https://goo.gl/PQjmsf
dependenices python 2.7 or above and Microsoft Visual C++ 2010 Redistributable Package (x86) (x64)

Date Saturday October 17 2015
Chapter Mumbai
Registrations 6
Max Registrations Unlimited
Event Type Invite Only
Start Time 09:30 AM
End Time 05:00 PM

Session Schedule

Name Speaker Start Time End Time Resources
Incident Response with YARA - Part 2 D.M.Reddy 09:30 AM 01:00 PM
Lunch Break 01:00 PM 02:00 PM
Incident Response with YARA - Part 2 Continued D.M.Reddy 02:00 PM 04:30 PM

Venue


This is an invite only event. If you are selected you will receive further information via e-mail.