Workshop: Windows Live Analysis: A hunt we can’t refuse!

DATE: Monday, 11th October 2021
TIME: 1400H – 1800H MYT/GMT+8
VENUE: Online via Zoom

Workshop Trainer

Workshop Summary

We may assume the operating systems are mature enough not to be targeted as much as humans. The recent security reports by Microsoft proves us wrong! 117 Vulnerabilities and nine zero-days only in July. There is a  chance that an attacker has walked into our system using any of those vulnerabilities. Shall we acquire forensics images to conduct a passive investigation? What if we deal with a massive volume of data storage in which making forensics images requires a long time and a few packs of popcorn! What about sophisticated attacks that may not leave any traces on the hard disk, such as file-less attacks. Plus, a proactive hunt is crucial to minizine the dwell time of cyberattacks.  This hands-on workshop will discuss a comprehensive technical checklist for system live analysis and proactive cyber threat hunting using manual observation, automation, visualisation, and advanced analytical techniques. All the case studies are practical and mapped with MITRE ATT&CK and D3FEND knowledge bases.


Topic Mode
Threat Hunting and Types of the hunt Discussion
Tips and Tricks for successful threat hunting Discussion
Hypothesis Formulation and Educated Guesses Case studies
Live Investigations – Rules and Tools  Discussion
Break and Q and A Open Discussion
System Information and Configurations Hands-on
Users, Groups and Privileges Hands-on
Services and Applications Hands-on
Break and Q and A Open Discussion
Process, Dlls, and Handle Hands-on
Network and Internet Hands-on
Files and Folders Hands-on
Break and Q and A Open Discussion
Detecting Persistence Techniques Hands-on
Conclusion    Discussion

Requirements: Laptop with Windows operating system – It is highly recommended to use Windows 10 in a virtual environment with admin rights.