Didier is Senior Analyst, working for NVISO.
Next to his professional activities, Didier is also a Microsoft MVP (2011-2016 awarded MVP Consumer Security, 2016-2023 awarded MVP Windows Insider) and a SANS Internet Storm Center Senior Handler.
He is an expert in malicious documents (PDF and Microsoft Office), pioneering research into maldocs?and authoring free, open-source analysis tools and private red team tools.
In this 2 hour workshop, we will use new tools developed by Didier Stevens to deal with malicious Cobalt Strike beacons.
There used to be a time, that a blue teamer could say: "this sample I just analyzed is a Cobalt Strike beacon: I'm sure this is a pen test".
That is no longer the case: Cobalt Strike has become very popular with common criminals, and even some APT crews. Nowadays, if you encounter a Cobalt Strike sample, your organization is more likely to be under real attack than under simulated attack.
In this 2 hour workshop, Didier will start with a quick intro to CyberChef, with some simple exercises, and then we will setup a development environment for CyberChef.
In this environment, we will start with simple exercises (enhancing existing operations) and then move on to creating your own operations from scratch.
The operations will focus on blue team activities, like assisting with the analysis of malware.