You have already seen Bogdan in “Attacks on Windows Infrastructure” announce.

So let us introduce to you his team-mate Oleh Levytskyi.
Oleh has 4 years experience as a full time IT-Security Analyst I am currently responsible for malicious software analysis, forensics, incident response, Security Product researches and development.

During this workshop we will ensure, that network logs are one of the most efficient sources to hunt adversaries, but building good analytics capabilities require a deep understanding of benign activity and attacker behavior. This training focuses on detecting real-case attacks, tools and scenarios by the past year. 

The training is highly interactive and retains a good balance between theory and a lot of hands-on exercises for the students to get used to the detection engineering methodology and prepare them to start implementing this at their organizations.

Schedule link: https://cfp.nonamecon.org/nnc2021/talk/XQ9CKD/

Zoom link: https://zoom.us/j/9399893033

Discord Channel(nnc-activities) for QA link: https://discord.gg/7Ts4CWzk

STUDENT REQUIREMENTS

Students should be familiar with Windows and have at least basic Splunk and WireShark experience.

WHAT STUDENTS SHOULD BRING

Laptop with VmWare installed, imported training VM and with minimum 8GB RAM and 100 GB SSD free.

Link to the VM: https://drive.google.com/file/d/1ckBTJZZmhKrqYM7gjpwUOOccvMm4Cy9D/view?usp=sharing Alternative link: https://fex.net/s/bzmnt2s

WHAT STUDENTS WILL BE PROVIDED WITH

  • Training slides
  • Training VM
  • All tools and scripts used in the training

TRAINING VM CREDENTIALS

Virtual Machine credentials:

username: nncworkshop

password: nncworkshop

Splunk credentials:

username: admin

password: nncworkshop