2015 Honeynet Project Workshop
18-20 May 2015 | Stavanger Norway
TRAININGS
Big Data Visualizaton for Security
Trainer: Raffael Marty
Big Data is the latest hype in the security industry. We will have a closer look at what big data is comprised of: Hadoop, Spark, ElasticSearch, Hive, MongoDB, etc. We will learn how to best manage security data in a small Hadoop cluster for different types of use-cases. Doing so, we will encounter a number of big-data open source tools, such as LogStash and Moloch that help with managing log files and packet captures. As a second topic we will look at visualization and how we can leverage visualization to learn more about our data. In the hands-on part, we will use some of the big data tools, as well as a number of visualization tools to actively investigate a sample data set.
Network Analysis and Forensics
Trainer: Guillame Arcas
This tutorial will include the following basic components:
- Introduction to network analysis & forensics
- Tools: Wireshark, snort & other open source software
- Basic Usage 1: How to extract files from PCAPs
- Basic Usage 2: How to track web surfing from PCAPs
- Basic Usage 3: How to identify a malware from PCAPs
- Advanced Usage: Introduction to GSoC plugins
Attendees will learn how to use Wireshark and Open Source network analysis tools to quickly find key elements in live or dumped network traffic. Training will be based on real-life situations & PCAPs.
Trainer: Mahmud Ab Rahman
This workshop will highlight techniques and issues related to analyzing malicious documents files (office and PDF). This workshop will walk through participant how to analyze malicious document in the wild. We'll share how we can analyze malicious document file by using publicly available tools. Shellcode analysis will be conducted as well to get the whole picture of malicious documents attack anatomy.
Trainer: Brian Hay
This course will provide an introduction to virtualization, virtualization architectures, and virtualization platforms, with an emphasis on how they are used in enterprise environments. It will also cover the security implications of using virtualization, including the ways in which virtualization can be used to address security challenges, the different risks that arise when using virtualized environments, and mitigation strategies for the security related issues that can arise as a result of using virtualization.
Trainer: Hugo Gonzalez & Ryan Smith
In this workshop we will teach you how to analyze Android malware using a range of tools and techniques against malware samples discovered in the wild. We will start with beginner level techniques to teach you the structure of an APK, how to reverse engineer a malware sample, and what to look for. We will then move to to more intermediate tools and techniques such as programatic analysis (Python), dynamic analysis, and sandboxes. Finally we will cover more advanced malware analysis concepts such as de-obfuscation, modification, recompilation, and analysis of large malware families. After completing this workshop, you will have the skills, understanding, and tools to begin exploring Android malware samples on your own.
Trainer: Kai Roer
Learn how to build and maintain security culture from the creator of the Security Culture Framework - the free and open framework to build and maintain security culture in any organization. In this workshop, you will learn how to:
- Define clear goals, and how to measure your progress
- Who to involve in your security culture programme
- How to choose activities and topics
- Planning and executing a security culture campaign
The workshop is highly dynamic and interactive with discussions and group tasks.
Who should attend:
Anyone who works with building security culture / awareness, or who wants to learn how to create successful security culture campaigns. Bring your team!
Moloch: full packet capture and analysis framework
Trainer: William Salusky
Students will overview the build and configuration of the open source Moloch full packet capture framework, and focus on the hands-on analysis of network packet capture through exercises.
Event Partner
