Team Cymru Security Workshop (21 – 22 Nov@Cyberport)

Banner - Yeam Cymru Cybersecurity Workshop

Team Cymru Security Workshop – Understanding, Identifying and Investigating Malicious Internet Activity through Malware Analysis (21 – 22 Nov@Cyberport)

Date:	21 – 22 Nov 2013 (2 days workshop)
Time:	9:30am – 5pm
Venue:	Training Theatre, CYBERPORT 3 (CORE F), CYBERPORT
Language:	English
Fee:	$2800 (Normal Price); $2380 (ISOC HK members rate) (Seats are reserved upon receipt of payment and are limited to a “first come first served” basis. Max. Capacity is 20.)

Registration: Click Here

Trainer

Cecil Goldstein, Training Practice Manager, Team Cymru.

Cecil is Team Cymru’s Training Practice Manger. Based in Sydney Australia, Cecil is responsible for the development and implementation of Team Cymru’s training program with particular emphasis on the developing world. In this respect Cecil has delivered training extensively throughout Asia and Africa and is currently working on a number of major security training initiatives.

Cecil was previously the Training Manager at APNIC, the Regional Internet Registry for the Asia Pacific region and before that was a lecturer in the Faculty of Information Technology at the Queensland University of Technology, focusing particularly on internetworking subjects.

He has been involved in Internet training and support from the initial AARNET (Internet) days in Australia and co-authored the first guide to using the Internet in Australia, “Getting the Most out of AARNet”.

He has strong passions about keeping the Internet safe, free and working as well as strengthening its accessibility and usability in the developing world.

TRAINING SUMMARY

I. Botnet Creation, Operation and Observation

Creating, expanding, controlling, using and observing actual botnets in operation
Browser Exploit Kits – Blackhole
Zeus – credential theft and building a backdoor
DirtJumper – Ddos bottnet
Observing and identifying the botnet

II. Malware Analysis

In this component methods for both static and dynamic analysis will be considered and relevant tools for malware analysis employed. Tools, including Volatility, IDA Pro, Ollydbg and Sandboxie will be demonstrated

III. Network Forensics Using Netflow and Pcap Traffic Analysis

In this section participants will consider how Netflow and Internet traffic analysis can be used in a forensic examination of malicious activity on the Internet. The nature of network flows, what they are, how they are generated and collected and how they can be analysed will be discussed.

OUTLINE

This workshop will focus on understanding the operation and nature of malicious Internet activity by following the life cycle of a piece of malware including its creation and use in compromising a target victim machine, making that victim part of a botnet, the operation and use of that botnet, the observation and identification of the malware, its capture, exfiltration and subsequent analysis.

In the analysis, host-based processes will be used to identify and locate the malware and on examining how this can provide clues and information to assist in tracking a botnet through network based analysis.
Malware analysis in general will be discussed and both static and dynamic processes will be demonstrated.

To conduct an Internet forensic examination, participants will capture the traffic generated by the activities conducted in part I and will be able to examine this traffic using both pcaps and flows to observe, identify and forensically analyse the traffic, and so relate the results of the analysis with the operations they initially conducted with the botnet.
These exercises will be conducted on virtual machines.