Workshop: Windows Live Analysis: A hunt we can’t refuse!
DATE: Monday, 11th October 2021
TIME: 1400H – 1800H MYT/GMT+8
VENUE: Online via Zoom
PRICE: FREE!
REGISTRATION: CLOSED (Class is FULL)
Workshop Trainer
Workshop Summary
We may assume the operating systems are mature enough not to be targeted as much as humans. The recent security reports by Microsoft proves us wrong! 117 Vulnerabilities and nine zero-days only in July. There is a chance that an attacker has walked into our system using any of those vulnerabilities. Shall we acquire forensics images to conduct a passive investigation? What if we deal with a massive volume of data storage in which making forensics images requires a long time and a few packs of popcorn! What about sophisticated attacks that may not leave any traces on the hard disk, such as file-less attacks. Plus, a proactive hunt is crucial to minizine the dwell time of cyberattacks. This hands-on workshop will discuss a comprehensive technical checklist for system live analysis and proactive cyber threat hunting using manual observation, automation, visualisation, and advanced analytical techniques. All the case studies are practical and mapped with MITRE ATT&CK and D3FEND knowledge bases.
Agenda:
Topic | Mode |
Threat Hunting and Types of the hunt | Discussion |
Tips and Tricks for successful threat hunting | Discussion |
Hypothesis Formulation and Educated Guesses | Case studies |
Live Investigations – Rules and Tools | Discussion |
Break and Q and A | Open Discussion |
System Information and Configurations | Hands-on |
Users, Groups and Privileges | Hands-on |
Services and Applications | Hands-on |
Break and Q and A | Open Discussion |
Process, Dlls, and Handle | Hands-on |
Network and Internet | Hands-on |
Files and Folders | Hands-on |
Break and Q and A | Open Discussion |
Detecting Persistence Techniques | Hands-on |
Conclusion | Discussion |
Requirements: Laptop with Windows operating system – It is highly recommended to use Windows 10 in a virtual environment with admin rights.