2024-08-07 –, Pearl
This workshop will focus on teaching participants how to handle malware and analyze samples using both Windows and Linux containers. The workshop will focus leveraging open-source tools, and techniques to build out a simple analysis queue pipeline to allow students to analyze multiple samples at scale within a controlled environment.
This workshop is designed to help you analyze malware with containers, in both Windows and Linux containers. This workshop explains how to use containers using open-source tools, and techniques to help you develop workflows to improve your ability to analyze malware. The workshop has intermediate difficulty, covers two major operating systems, and demonstrates basic/intermediate malware analysis knowledge using these workflows. The workshop culminates with the analysis of a Go ransomware binary, providing "fun and exciting*" challenge for those that want real-world challenges at the end of the workshop. The workshop also tailors to red team folks looking to improve trade craft within containerized systems.
The workshop does not teach malware analysis for beginners, but we do a good job of splitting participants into teams depending on whether they identify that they have knowledge of containers or knowledge of malware analysis prior to start. Participants that can read and interpret command line syntax will have no trouble with this workshop as we explain things along the way.
We provide a remote environment to handle and process all samples. This allows students to not have to worry about self-infection on their personal devices while instead focusing on executing these samples in an environment designed to help participants with malware analysis.
This is the 6th iteration of this workshop, which has been presented in BSides PR, Nova, Charm, Tampa, and similar conferences with positive reviews. Participants have provided input each time to make this workshop better.
Desired prerequisites:
1. Some familiarity with Docker or containers
2. Basic experience with malware analysis tools and techniques
3. Comfortable with command line interfaces in Windows and GNU / Linux
4. Laptop, wireless NIC, modern web browser.
Bio
José Fernández is the President of CompSec Direct. Jose's background in CNO, CND, and engineering has allowed him to work in some of the most technically demanding environments in both private and public sector. Mr. Fernandez is a Puertorican Hacker Dude, Veteran, Vice-president of Obsidis Consortia Inc which does the BSides in Puerto Rico, and the Director of Recruitment for AUSCF.
José Fernández is the President of CompSec Direct. Jose's background in CNO, CND, and engineering has allowed him to work in some of the most technically demanding environments in both private and public sector. Mr. Fernandez is a Puertorican Hacker Dude, Veteran, Vice-president of Obsidis Consortia Inc which does the BSides in Puerto Rico, and the Director of Recruitment for AUSCF.