Defensive Security event.
Proposed sessions for this event:
- Network Forensics by Bhavik
Abstract: With the Internet penetration increasing rapidly worldwide it becomes important to protect the data from being stolen and also protect its authenticity. With the data forgery crimes increasing it becomes important to determine the evidence of the forgery and also estimate the potential impact of the malicious activity on the victim. It becomes increasingly important in analysing the data in different forms like packet captures. This Session would provide a detailed overview of a Kill chain attack being carried in a pcap . The later part of the Session would have challenges in the form of the CTF where the attendees would apply the concepts learnt .
This session is primarily focussed on blue teaming approach in determining security flaws in a network by analysing unusual and suspicious activiy.
The session would primarily focus on determining suspicious activity by analysing a network pcap in depth.
The session would start by explaining in details different stages of cyber kill chain attack in the form of network pcap.
The attendees would then be given small pcaps in the form of CTF style where they need to apply the concepts learnt from the cyber kill chain pcap .
The different pcaps in CTF style would be from below topics
1) data hiding in network PCAP (Covert channel attack)
2) data exfiltration (here they need to determine the data being transferred and find the flag hidden in it)
3) bufferoverflow exploits (need to determine the payload being built to exploit server)
4) command and control attack using DNS (attendees need to determine the attack being carried over DNS by visualizing the PCAP)
5) command and control attack using ICMP(attendees need to determine attack being carried over ICMP)
6)Malware attack (attendees need to determine malware used to exploit by looking at pcap)
Join the session on OWASP YouTube
|Date||Saturday November 07 2020|
|Event Type||Invite Only|
|Start Time||09:45 AM|
|End Time||01:00 PM|