SOLD OUT! 

Workshop #1:
Practical Intrusion Analysis:
Investigating Real-World Intrusions with Kostas

This workshop provides an in-depth exploration of Digital Forensics and Incident Response (DFIR) through interactive, cloud-based labs. Participants will have access to a wide array of logs, including system, network, and memory data, to explore and investigate. The session emphasizes practical skills in analyzing and responding to cybersecurity threats using tools like Elasticsearch and Kibana. Attendees will experience the power of interactive dashboards and visualizations, along with the ability to search through raw data in Elasticsearch. This hands-on approach ensures a comprehensive understanding of digital forensics, equipping participants to tackle real-world security challenges effectively.

Workshop participants will require a laptop that can support a modern web browser. Tools utilized as part of the workshop will be cloud-based and accessed through the browser. 

May 26, 10:30-5:00

Room 2200

Workshop #2:
Cloud Access Control with Colin and Brad

If your workload already lives on AWS, then there is a high chance that some temporary AWS credentials have been securely distributed to perform needed tasks. But what happens when your workload is on premises? In this workshop, learn how to use AWS Identity and Access Management (IAM) Roles Anywhere. Start from the basics and create the necessary steps to learn how to use your applications outside of AWS in a safe way using IAM Roles Anywhere in practice.

May 26, 10:00-12:00

Room 2245

SOLD OUT! 

Workshop #3:
Unveiling Cyber-Criminal Actions:
The Art of Battlefield Forensics and Incident Response with Anna and Neumann

The course "Unveiling cyber-criminal actions: The Art of Battlefield Forensics and Incident Response" covers essential topics in digital forensics, emphasizing the importance of understanding intake/collection processes and their impact on case outcomes. It highlights the significance of acquiring memory and detecting encryption. Specialization options and methods for diving deeper into the field are discussed.

Students learn about file systems, metadata, evidence formats, and scene management for effective evidence acquisition. Acquisition hardware and software, including live response and dead box methods, are explored. Various acquisition methodologies, such as accessing devices and interacting with data, are covered. Hands-on labs demonstrate live response, dead box acquisition, and triage collection.

Further topics include memory acquisition, encryption checking, host-based live acquisition, dead box acquisition, rapid triage with tools like KAPE, file and stream recovery, advanced data carving, and OSINT for threat intelligence gathering. Throughout the course, students gain practical skills in evidence acquisition and analysis critical for digital forensic investigations.

May 26, 12:45-5:00

Room 2245

Workshop #4:
CodeQL  with Chanel

CodeQL is an open-source static analysis tool that can be used to find vulnerabilities, anti-patterns, code smells, and other interesting patterns in your codebases. Code patterns are abstracted into language specific queries that can be used to scan across many repositories for QA, research, and variant hunt purposes with the option to integrate as part of your CI/CD pipeline. CodeQL is powerful and extensible, with many included queries as well as a query language that allows a query author to write their own. In this workshop we’ll write queries for three C# vulnerabilities: BinaryFormatter deserialization of untrusted data, use of the weak hash SHA1, and creation of a Weak RSA Key. This workshop focuses on C# but the concepts are applicable to any other language that CodeQL supports. 

By the end of this presentation, participants will be able to author their own queries, become familiar with the features of the CodeQL VSCode extension, and understand how to model dataflow in CodeQL. 

May 26, 11:00-1:00

Room 2250

SOLD OUT!

Workshop #5:

The Art of OSINT: Techniques and Tools Revealed with Ritu

* Introduction to OSINT: Understand its importance and considerations.

* Search Techniques: Learn methods for gathering data efficiently.

* Geolocation and Image Analysis: Explore extracting intelligence from images and geolocation data.

* Saving Online Content: Discover tools and techniques for archiving and organizing online information.

* OSINT Resources: Explore valuable online tools for OSINT.

May 26, 2:00-4:00

Room 2250

Workshop #6:
Practical Threat Modelling with Amiran

Threat modelling is considered to be a critical component of Secure Software Development Lifecycle (S-SDLC) as evidenced by the fact that it’s included in most S-SDLC methodologies (see Microsoft SDL or OWASP Secure Software Development Lifecycle Project, for example). There’s a ton of information available on threat modelling, though most of it seems to be focused on explaining the importance of it, or where it should fit within S-SDLC, not so much on practical aspects of how it can be done. This workshop presents a practical collaborative approach to threat modelling with focus on applicability to Agile teams of various scales. We’ll spend a bit of time on threat modelling overview, but the majority of the workshop will be dedicated to going through an example threat modelling session and creating a sample threat model. You might be interested in this workshop if you are a security engineer, software engineer, engineering manager, or product manager. There are no prerequisites, but you are expected to actively participate.

May 26, 10:00-12:00

Room 2270

Workshop #7:
Docker for Security Use Cases Workshop with Amiran

Docker has gained immense popularity among development and SRE teams for allowing consistency across development/test/prod environments, and enabling immutable infrastructure and higher compute density. As security professionals, it helps to understand how Docker works to be able to secure our workloads. At the same time, there are a number of use cases where Docker makes our lives easier as well.

In this workshop we'll get our feet wet with Docker:

- Explore the basics of Docker and how it works

- Work through  a number of security-relevant use cases: exploring different OS distros, running containerized security tools, building custom images, scanning Docker images for CVEs and secrets, image structure and manual introspection.

Pre-requisites:

- Laptop with Docker installed. Docker Desktop recommended, but Docker Engine should work too.

May 26, 12:45-5:00

Room 2270

Workshop #8:
Threat Modeling 101 - Burn Risks, Not Hope
with Jeevan and Bhawandeep

Threat Modeling is the best way to discover and remediate threats in your system before they are even created. If done correctly, it is one of the most impactful security programs that you can run within your organization.

In the Security Industry, threat modeling has been misunderstood and many security folks are afraid to carry out a threat model. While it is commonly performed by Application Security or Cloud Security professionals, threat modeling can be done by anyone.

This hands-on workshop will cover the threat modeling workflow and common classes of vulnerabilities in a way that is easy to understand. You will also walk through many hands-on threat modeling examples to ensure that you will be empowered to discover threats in your systems.

May 26, 10:00-2:15

Room 2945

Workshop #9:
Precision Threat Hunting:
Unveiling Adversary Infrastructure using Free and Open Source Tools with Greg

This workshop is designed to teach participants techniques and methodologies for discovering and analyzing digital infrastructure utilized by cyber adversaries. It will focus on leveraging publicly available, open-source intelligence (OSINT) tools and resources to systematically uncover and map the network assets of potential cyber threats.

We will start with a brief discussion of the types of digital assets (such as servers, domains and IP addresses) commonly used by adversaries and their purposes in cyber operations. We will then introduce some of the free and open source tools that are readily available to conduct tactical threat hunting. We’ll conclude with several exercises using multiple tools for participants to gain proficiency discovering active adversary infrastructure and turning it into actionable intelligence.

The workshop will include hands-on exercises using free and open source tools such as Shodan, Censys, and urlscan.io to identify and analyze malicious infrastructure linked to a range of malware (stealer, botnet, RAT, etc.) families and command-and-control (C2) frameworks such as Cobalt Strike.

May 26, 2:30-4:30

Room 2945