From: 9:40 to 15:15 on the 3rd floor

DFIR Against the Dark Arts: The Battle of Malicious Email and Downloaders

DFIR Against the Dark Arts Logo

Presented By: Michael Register & Michael Solomon

Ever wondered what it is like being a cybersecurity or incident response analyst? Here is your chance to experience an exciting 4-hour class taught by mR_F0r3n51c5 and S3curityN3rd. Phishing and malicious spam attacks continue to pose a significant risk in today’s cyber threat landscape. Using forensic and malware analysis fundamentals, this class will teach students how to analyze malicious downloaders, phishing emails, and malicious spam.

Upon successful class completion, students will be able to:

  • Build analysis skills that leverage complex scenarios and improve comprehension.
  • Demonstrate an understanding of forensic fundamentals used to analyze an email.
  • Use open-source information to collect and analyze threat actor data; identifyindicators of compromise, and demonstrate how to pivot on that information.
  • Demonstrate how to analyze a malicious downloader; to include but not limited to debugging and deobfuscation.
  • Participate in a hand to keyboard combat capstone. Students will be given a malicious file sample and demonstrate how to analyze it.

Michael Solomon (mR_F0r3n51c5) is currently a Threat Hunter for a large managed security service provider. He has ten years of experience conducting Cyber Operations, Digital Forensics & Incident Response (DFIR), and Threat Hunting.He is very passionate about helping grow and inspire cybersecurity analysts for a better tomorrow.

Michael Register (S3curityn3rd) has 5 years of combined experience across IT, Networking, and Cybersecurity. He currently holds multiple certifications, including the GCIH. S3curityN3rd spent the last 3 years working in Incident Response before arecent transition into a Threat Hunting role. His areas of focus have been on forensics, malware analysis, and scripting.

Prerequisites for students?:
- None. All are welcome.

Materials or Equipment students will need to bring to participate?:
Students will be required to download two virtual machines (OVA files). Students will be given a URL for download access.

In regards to the downloaded virtual machines, these should be imported into your virtual machine software and ready before the start of class. If any additional technical support is needed, the instructors will make themselves available online.

Students must have a laptop that meets the following requirements:

  • A 64 bit CPU running at 2GHz or more. The students will be running two virtual machines on their host laptop.
  • Have the ability to update BIOS settings. Specifically, enable virtualization technology such as "Intel-VT."
  • The student must be able to access their system's BIOS if it is password protected. This is in case of changes being necessary.
  • 8 GB (Gigabytes) of RAM or higher
  • At least one open and working USB Type-A port
  • 50 Gigabytes of free hard drive space, allowing you the ability to host the VMs we distribute
  • Students must have Local Administrator Access on their system.
  • Wireless 802.11 Capability
  • A host operating system that is running Windows 10, Linux, or macOS 10.4 or later.
  • Virtualization software is required. The supplied VMs have been built for out of the box comparability with VMWare Workstation or Player. Students may use other software if they choose, but they may have to troubleshoot unpredictable issues.
  • At a minimum, the following VM features will be needed:
  • NATted networking from VM to Internet
  • Copy Paste of text and files between the Host machine and VM

What level of skill is required for your targeted audience (Beginner/Intermediate/Advanced)?:
This course is considered a beginner to intermediate level hands-on workshop. With that said, no specific expertise is needed; all levels are welcome. The instructors have carefully designed workbook instruction and classroom demonstrations, allowing everyone to complete the learning objectives.