hack.lu 2023

Full Stack Forensics with FOSS
10-19, 14:00–16:00 (Europe/Luxembourg), Schengen 1 and 2

This workshop will showcase a suite of free and open source tools to leverage
threat intelligence in DFIR investigations. Participants will be setting up a
full forensics pipeline, including collection (GRR), processing
(Plaso) and analysis (Timesketch), and orchestration
(dfTimewolf). In addition to that, they'll be using Yeti to augment
their processing and analysis with threat intelligence.

Thw workshop will last two hours and is open for anyone to attend. Experience
installing packages on Linux and using the Linux CLI in general is required.
Experience running and managing Docker containers would be a nice addition.

Participants will be given an initial list of Docker containers to pull and set
up before the workshop

[UPDATE] Here's the list! https://docs.google.com/document/d/1TKqOleH2rdtPjybUt3PYybJ7RrH59kqaHnmywJhRPGk/preview

[UPDATE2] Here's the slides with the links to everything: https://docs.google.com/presentation/d/1_IIhazlZF4Nxa_fn4YJ0SieFPJGzP91OwuAO4LIUWOg/edit#slide=id.g24fcb0d3240_0_70


  • Introduction
  • What to expect of the workshop
  • Quick tour / install / configuration
  • Timesketch
  • Yeti
  • Adding some forensics intelligence to Yeti
  • Your first forensic analysis with Timesketch!
  • Adding threat intelligence to the mix

Optional (if time permits)
- dfTimewolf
- Configuring all these tools to work together, triggering a first analysis
using dfTimewolf.
- Tweaking Timesketch analyzers

Thomas has been a DFIR practitioner for 10+ years. He's currently a Security Engineer in the DFIR team at Google who loves running towards the proverbial cyber fires. He enjoys detective work and poking malware with a long stick, and has given talks about DFIR, malware analysis, and threat intelligence at many conferences throughout Europe and the US

This speaker also appears in:

A lecturer and researcher at ESIEA and an independent consultant in Threat Intelligence, he contributes to numerous open source projects such as MISP and Yeti. He is also the author of numerous articles, an international speaker and lecturer on malware analysis, digital forensics and Cyber Threat Intelligence at ESIEA, and co-author of the book "Cybersécurité et Malwares
Détection, analyse et Threat Intelligence (4e édition)".

This speaker also appears in: