2025-10-23 –, Schengen 1 & 2
This is the second part, or deep dive, of the Sysdiagnose Analysis Framework Workshop.
We will continue on the topics discussed in the first workshop, but here the focus is on diving DEEP in lots of the data that is present in the sysdiagnose archive.
Please ONLY attend this workshop if you either attended previous year's session or attended the beginners session, or already used the sysdiagnose analysis framework before.
We will get our hands dirty and dive deeper into advanced Splunk queries digging into data and better understanding what is in the Sysdiagnose archive.
We will also develop a parser and/or analyser for the sysdiagnose analysis framework
Prerequisites for attending the workshop are:
- Having downloaded the workshop material beforehand, prepared the Splunk docker, and have a python development environment ready.
- Solid experience with Splunk Query Language
- Solid experience with grep, sed, awk and jq (or their alternatives)
- Experience with development in python
- Familiarity with the sysdiagnose analysis framework
David Durvaux is active in the incident response field for more than a decade. He has work on many IT security incidents and especially on computer forensics aspects. Since 2015 he is actively preparing the FIRST CTF. David presented in numerous conferences including hack.lu.
In addition to providing his services as an independent cybersecurity expert, Christophe actively serves as a Belgian Cyber Reservist and contributes significantly to open-source projects. He is the founder of the MISP Threat Sharing Platform. His contributions to the community also include the creation of MISP-maltego and pystemon, the active development of the sysdiagnose framework, as well as his previous involvement in organizing the FOSDEM conference.
When not immersed in the world of cybersecurity, Christophe enjoys outdoor pursuits such as hiking, climbing, mountaineering, and sailing, finding solace in the beauty of nature.