Technical

Published under Online training material

Building artefact handling and analysis environment

Artifact

Target Audience

Duration

Download

Technical CERT staff.

7 hours

Handbook

Toolset

Virtual Image

Windows Tools

Windows Cuckoo

The main objective is to create safe and useful artifact analysis environment, based on current best practices.


Processing and storing artefacts

Threat

Target Audience

Duration

Download

Technical CERT staff.

5 hours

Handbook

Toolset

Virtual Image

Present the trainees various methods of malicious artifacts acquisition with emphasis on artifacts collected through spam e-mails monitoring. Teach how to correctly set up spam collecting environment and simple artifacts repository. Exercise also provides knowledge how to modify and patch created system to better suit lab environment needs.


Artefact analysis fundamentals

Evidence

Target Audience

Duration

Download

Technical CERT staff.

8 hours

Handbook

Toolset

Virtual Image

Present the trainees malicious artifact analysis fundamentals and various types of analyses. Present how to safely execute suspicious code in the controlled environment along with most important security precautions.


Advanced artefact handling

Artifact Handling

Target Audience

Duration

Download

Technical CERT staff.

8 hours

Handbook

Toolset

Virtual Image 1

Virtual Image 2

AQ Tools

Teach students how to obtain memory images from different sources and to analyse them. Both Windows and Linux systems will be covered.


Forensic analysis: Local Incident Response

Network Forensics

Target Audience

Duration

Download

Incident handler and investigator

3 days

Handbook

Toolset

Virtual Image I

Virtual Image II

 

This three-day training module will follow the tracks of an incident handler and investigator, teaching best practices and covering both sides of the breach. It is technical in nature and has the aim to provide a guided training for both incident handlers and investigators while providing lifelike conditions. Training material mainly uses open source and free tools.


Forensic analysis: Network Incident Response

Network Forensics

Target Audience

Duration

Download

Incident handler and investigator

 

Handbook

Toolset

Virtual Image

The main goal of this training is to teach trainees network forensic techniques and extend trainees operating system forensic capabilities beyond Microsoft Windows systems to include Linux. Trainees will follow traces in the workstation and discover that analysed network captures together with logs, lead to another machine on the network.


Forensic analysis: Webserver Analysis

Network Forensics

Target Audience

Duration

Download

Incident handler and investigator

 

Handbook

Toolset

Virtual Image I

Virtual Image II

Virtual Image III

Memory dump

This training requires the students to perform a forensic analysis of three (web) servers, identified during the first two exercises as taking part in a malicious campaign.


Developing countermeasures

Countermeasures

Target Audience

Duration

Download

Technical CERT staff.

8 hours

Handbook

Toolset

Virtual Image

Learn how to leverage information gathered during analysis into actionable signatures. Both network and system oriented signatures will be discussed.


Common framework for artefact analysis activities

Common Framework

Target Audience

Duration

Download

Technical CERT staff.

8 hours

Handbook

Toolset

Virtual Image

Learn how to collect, store and correlate different types of information about samples and how to make use of this information with the assumption that having a structured and organised database is a good way to reaching synergy in the area of artifact analysis and incident investigation.


Introduction to advanced artefact analysis

binary1

Target Audience

Duration

Download

CSIRT staff and incident handlers involved in the technical analysis of incidents.

4 hours

Handbook

Toolset

This training presents the introduction to the advanced artefact analysis. It is the first part of a three-day course introducing assembly language and tools commonly used for the advanced artefact analysis.



Dynamic analysis of artefacts

binary2

Target Audience

Duration

Download

CSIRT staff and incident handlers involved in the technical analysis of incidents.

9 hours

Handbook

Toolset

This training presents methods and techniques of dynamic artefact analysis with the use of OllyDbg debugger package.


Static analysis of artefacts

binary3

Target Audience

Duration

Download

CSIRT staff and incident handlers involved in the technical analysis of incidents.

10 hours

Handbook

Toolset

The goal of this training is to introduce the participants to all aspects of static artefact analysis.


Processing and storing artefacts

Threat

Target Audience

Duration

Download

Technical CERT staff.

5 hours

Handbook

Toolset

Virtual Image

Present the trainees various methods of malicious artifacts acquisition with emphasis on artifacts collected through spam e-mails monitoring. Teach how to correctly set up spam collecting environment and simple artifacts repository. Exercise also provides knowledge how to modify and patch created system to better suit lab environment needs.


Using indicators to enhance defence capabilities

Indicator

Target Audience

Duration

Download

Technical CERT staff.

7 hours

Handbook

Virtual Image

Supporting Material

Learn how to create and deploy indicators of compromise using Collaborative Research into Threats (CRITs) platform. Additionally, demonstrate how to leverage CRITs to visualize relationships among different elements of a campaign, how to extract indicators from incident data, develop mitigation actions, and track those actions.


Identification and handling of electronic evidence

Evidence

Target Audience

Duration

Download

Technical CERT staff.

4 hours

Handbook

Toolset

Virtual Image

VM How To

Present the trainees with the principles of evidence gathering. Establish a common knowledge of the requirements regarding evidence admissibility in a court of law. This task also gives an overview of popular malware characteristics, methods of identification and tools that may be used at the scene.


Orchestration of CSIRT Tools

automatization

Target Audience

Duration

Download

CSIRT technical staff involved in setting up tools and analysts for incident handling.

Modular approach with 16 hours of total duration. Each module has an indication of its duration.

Trainers Handbook

Administration Modules

Analyst Modules  

Training Slides

Virtual Machine Orchestration

The purpose of this training material is to help CSIRTs and Incident Response teams to manage the constant stream of cyber security events in an efficient way and share back their data to their peers. The course materials consist of independent modules, each covering a particular combination of popular CSIRT tools. The modules not only cover the configuration aspects of interconnecting the tools but also show how security analysts in their daily duties can use these orchestrated tools.


Digital forensics

Network Forensics

Target Audience

Duration

Download

Technical CERT staff.

6 hours

Handbook

Toolset

Virtual Image

VM How To

Present the trainees with the principles of digital forensics and evidence gathering.             


Proactive incident detection

Proactive

Target Audience

Duration

Download

Technical and management CERT staff.

4 hours

Handbook

Toolset

Virtual Image

Setting up and working with AbuseHelper.                                                                        


Mobile threats incident handling

Mobile

Target Audience

Duration

Download

Technical CERT staff.

4 hours

Handbook

Toolset

Virtual Image

VM How To

Make the students familiar with special requirements and tools to do incident handling and forensics with mobile/smartphone computing platforms.


Mobile threats Incident handling (Part II)

smartphone w worms

Target Audience

Duration

Download

CSIRT staff and incident handlers involved in the technical analysis of incident.

24 hours

Handbook

Toolset

Virtual Image

The goal of this training is to introduce the threats found in mobile environment, and to familiarise the participants with various tools and techniques used in Mobile Forensics and Incident Handling.


Automation in incident handling

Automation

Target Audience

Duration

Download

Incident handlers and technical staff.

2 hours

Handbook

Toolset

Virtual Image

The purpose of this task is to develop students’ abilities to create custom scripts and filters dealing with large amounts of data such as IP addresses. After completing the exercise students should be able to extract useful information from bulk data, even in non-standard formats.


Introduction to network forensics

Network Forensics

Target Audience

Duration

Download

CSIRT staff and incident handlers involved in the technical analysis of incident.

24 hours

Handbook

Toolset Ex1
Toolset Ex2
Toolset Ex3

Virtual Image 1
Virtual Image 2

Virtual Image 3

Virtual Image 4

The training materials are based on good practices, and include all needed methodologies, tools and procedures. The training includes the performance indicators and means, supporting those who use it to increase their operational competence. It is made available in a ready-to use version.  The training consists of an extensive introduction (sections 1–4) and three exercises (section 5). The updated scenarios also include content that is in line with the current technologies and methodologies.


Honeypots

Honeypot

Target Audience

Duration

Download

Incident handlers and technical staff.

3 hours

Handbook

Toolset

Virtual Image

Familiarise students with two kinds of honeypots: server-side honeypots and client-side honeypots.


Vulnerability handling

Vulnerability

Target Audience

Duration

Download

Managers and incident handlers.

3 hours

Handbook

Toolset

Virtual Image

To provide a practical overview of the vulnerability handling process and how vulnerabilities reported to a CERT team should be handled. Also, to provide some hands-on experience with difficult situations that may arise through the role of coordinator.


Presenting, correlating and filtering various feeds

ProcedureTesting

Target Audience

Duration

Download

CERT technical staff.

6 hours

Handbook

Toolset

Virtual Image 1

Virtual Image 2

Technical aspects of using visualisation to present, correlate and filter various feeds. The scenario will also cover the organisational aspects. In this scenario the students will be part of the CERT for a fictitious organisation which is analysing cybercrime activities.

Browse the Topics

This site uses cookies to offer you a better browsing experience.
Aside from essential cookies we also use tracking cookies for analytics.
Find out more on how we use cookies.

Accept all cookies Accept only essential cookies