2014 Honeynet Project Workshop
12-14 May 2014 | Warsaw
Training Agenda - May 14 2013
At the 2014 Honeynet Project Workshop, we will be offering hands-on tutorials training. The training courses are each a full day and cover a variety
of current security topics. Attendees will need to bring a laptop configured as required for the class.
The registration desk opens at 8:30.
Training courses will begin at 9:30 and end at 17:30, including a lunch break from 12:30 to 13:30.
|1||Understanding and Mitigating Botnets||Tillmann Werner|
|2||Virtualization Security||Brian Hay|
|3||Reverse Engineering Android Malware||Mahmud Ab Rahman|
|4||Malware Reverse Engineering||Felix Leder|
Training #1: Understanding and Mitigating Botnets
Instructor BioTillmann Werner is a researcher at CrowdStrike where his duties include the in-depth analysis of targeted attacks. He has a passion for proactive defense strategies like honeypots and botnet takeovers. Mr. Werner is actively involved with the global IT security community and is a regular speaker on the international conference circuit.
Training SummaryBotnets, remote-controlled collectives of infected machines, are today’s number one cyberweapon on the Internet and used by criminals for various purposes. In this training, attendees will take the role of a botmaster and construct their own botnet using the latest exploit kits to load custom-built malware onto a victim’s machine. They will then learn how this setup is used in the cyber underground to monetize these resources by conducting DDoS attacks, running spam campaigns, stealing personal information, etc. The hands-on exercises will be complemented by a discussion of the techniques used in modern botnets to improve resilience of mitigation efforts. Building upon this knowledge, we will introduce techniques to take down several types of botnets. We will cover all modern botnet architectures, ranging from old-school centralized IRC botnets to advanced peer-to-peer topologies.
Prerequisites and what to bringAttendees must bring a laptop with a Windows virtual machine installed and be familiar with their virtualization setup. Basic programming skills are preferred.
Training #2: Virtualization Security
Instructor BioDr. Brian Hay is a researcher with Security Works and specializes in virtualization and virtual machine introspection. He has authored over 20 publications and is the lead developer of the VIX virtual machine introspection toolkit. He is a frequent speaker and trainer at security conferences.
Training SummaryThis course will provide an introduction to virtualization, virtualization architectures, and virtualization platforms, with an emphasis on how they are used in enterprise environments. It will also cover the security implications of using virtualization, including the ways in which virtualization can be used to address security challenges, the different risks that arise when using virtualized environments, and mitigation strategies for the security related issues that can arise as a result of using virtualization.
Prerequisites and what to bringParticipants should have at least basic system administration skills, and some basic knowledge about networking. Previous understanding of virtualization is not required. Participants need to bring a Windows, Linux or Mac laptop with the latest vSphere web browser client installed.
Training #3: Reverse Engineering Android Malware
Instructor BioMahmud Ab Rahman is Security Researcher with NetbyteSEC. He previously worked as Information Security Specialist and manager for Malaysia Computer Emergency and Response Team (MyCERT) under umbrella of CyberSecurity Malaysia. He earned a Masters in Computer Science at the National University of Malaysia in 2006. Mahmud has been involved in the computer security field for over 8 years. His area of focus and interests include network security, honeynets, botnet monitoring, and malware analysis. He also engages in several large scale penetration-testing exercises and to provide solutions for any vulnerability detected. Moreover, he is recognized for conducting numbers of training for organizations to talk on advanced security courses. He is an occasional speaker at conferences such as DEFCON 19, HITCON 2011, FIRST Annual Conference, Honeynet Annual Security Conference, HackInTheBox and Infosec.MY. He currently holds a GIAC's GPEN and GREM certifications.
Training SummaryThe ubiquity of the Android mobile platform and growing threats to mobile applications calls for increased vigilance on the part of organizations analyzing Android malicious applications. Malware author are aiming for users of Android mobile operating system with a malicious application that harvests personal information, controlling the system and sends it to a remote server. Thus, reversing Android malware is interesting challenge to address. Reverse engineering is a vitally important skill for today's expert security professional. In this training, we’ll focus on the static approach to analyze Android malware. In this hands-on course introduces audiences to the Android application framework, architecture and how to analyze and reverse engineer Android malware. The audiences will gain the necessary reverse engineering and binary analysis skills to discover the true nature of any Android malware. The audiences will learn how to recognize the high level language constructs (such as branching statements, looping functions and network socket code) critical to performing a thorough and professional reverse engineering analysis of a Android malware. A significant portion of the course is dedicated to lab exercises where students are provided the opportunity to model attacks and perform reverse engineering of real-life Android malware samples.
Prerequisites and what to bringAudience should have an understanding of software development practices. General knowledge of software security and general knowledge of reverse engineering and mobile device architectures are recommended, but not required. For those audiences with no software security background, few reading materials related to Android malware analysis and reverse engineering is recommended for reading (Google is a good start). Participants should bring a laptops with a recent version of VMware Workstation, VMware Fusion, or Virtual Box installed.
Training #4: Malware Reverse Engineering
Instructor BioFelix Leder is the director for malware research at Blue Coat. Several malware analysis solutions, like Cuckoo box and Norman's Malware Analyzer G2, have been initiated by and grown around him. After starting in the mobile space with companies like Nokia, he turned to his favourite field of research IT-Security. During the time he worked for Fraunhofer and the University of Bonn, he joined into researching botnet mitigation tactics and new methodologies for executable and malware analysis. The results were successful takedowns and a PhD. Felix Leder is a reverse engineer and tool developer by heart. He has given world-wide classes on malware analysis, reverse engineering, and anti-botnet approaches. Participants range from governmental institutions, financial & security industries, to military bodies.
Training SummaryHave you ever wondered how to find hidden functionality in malware? How to make sense of assembly without spending days on looking up instruction after instruction? How to extract malicious functionality without access to command and control servers? This can be achieved by structured reverse-engineering. Some people say that reverse engineering - and especially malware reverse engineering - is an art. Actually it is not. It is just the selection and application of the right methods and tools for the desired goal. This training contains an introduction to reverse engineering and how to approach suspicious and malicious files. The main focus will be on executable malware. The major properties and identification criteria for malware will be discussed together with the methodology to investigate efficiently. This is complemented by presenting and playing around with state-of-the-art tools in real world exercises.
Prerequisites and what to bringParticipants are required to have Windows admin or even development knowledge together with a basic understanding of major protocols used in the Internet. Basic programming skills (in an arbitrary language) are required, too. Helpful is a basic understanding of the x86 architecture for the second half of the workshop (but not a requirement). Partecipants will need to bring a laptop with the latest VMWare VSphere client installed. We will provide virtual machines "in the cloud" for all students.
Do you have specific questions? Contact us via [email protected]