Defensive Security event.

Proposed sessions for this event:

  • Network Forensics by Bhavik
Note: The session details including schedule are available below.

Abstract: With the Internet penetration increasing rapidly worldwide it becomes important to protect the data from being stolen and also protect its authenticity. With the data forgery crimes increasing it becomes important to determine the evidence of the forgery and also estimate the potential impact of the malicious activity on the victim. It becomes increasingly important in analysing the data in different forms like packet captures. This Session would provide a detailed overview of a Kill chain attack being carried in a pcap . The later part of the Session would have challenges in the form of the CTF where the attendees would apply the concepts learnt .

This session is primarily focussed on blue teaming approach in determining security flaws in a network by analysing unusual and suspicious activiy.
The session would primarily focus on determining suspicious activity by analysing a network pcap in depth.
The session would start by explaining in details different stages of cyber kill chain attack in the form of network pcap.
The attendees would then be given small pcaps in the form of CTF style where they need to apply the concepts learnt from the cyber kill chain pcap .
The different pcaps in CTF style would be from below topics

1) data hiding in network PCAP (Covert channel attack)
2) data exfiltration (here they need to determine the data being transferred and find the flag hidden in it)
3) bufferoverflow exploits (need to determine the payload being built to exploit server)
4) command and control attack using DNS (attendees need to determine the attack being carried over DNS by visualizing the PCAP)
5) command and control attack using ICMP(attendees need to determine attack being carried over ICMP)
6)Malware attack (attendees need to determine malware used to exploit by looking at pcap)

Date Saturday November 07 2020
Chapter Bangalore
Registrations 110
Max Registrations Unlimited
Event Type Invite Only
Start Time 09:00 AM
End Time 01:00 PM

Session Schedule

Name Speaker Start Time End Time Resources
Network Forensics Bhavik 09:00 AM 01:00 PM

Venue


This is an invite only event. If you are selected you will receive further information via e-mail.