Technical


Building artefact handling and analysis environment

Artifact

Target Audience

Duration

Download

Technical CERT staff.

7 hours

Handbook

Toolset

Virtual Image

Windows Tools

Windows Cuckoo

The main objective is to create safe and useful artifact analysis environment, based on current best practices.


Processing and storing artefacts

Threat

Target Audience

Duration

Download

Technical CERT staff.

5 hours

Handbook

Toolset

Virtual Image

Present the trainees various methods of malicious artifacts acquisition with emphasis on artifacts collected through spam e-mails monitoring. Teach how to correctly set up spam collecting environment and simple artifacts repository. Exercise also provides knowledge how to modify and patch created system to better suit lab environment needs.


Artefact analysis fundamentals

Evidence

Target Audience

Duration

Download

Technical CERT staff.

8 hours

Handbook

Toolset

Virtual Image

Present the trainees malicious artifact analysis fundamentals and various types of analyses. Present how to safely execute suspicious code in the controlled environment along with most important security precautions.


Advanced artefact handling

Artifact Handling

Target Audience

Duration

Download

Technical CERT staff.

8 hours

Handbook

Toolset

Virtual Image 1

Virtual Image 2

AQ Tools

Teach students how to obtain memory images from different sources and to analyse them. Both Windows and Linux systems will be covered.


Developing countermeasures

Countermeasures

Target Audience

Duration

Download

Technical CERT staff.

8 hours

Handbook

Toolset

Virtual Image

Learn how to leverage information gathered during analysis into actionable signatures. Both network and system oriented signatures will be discussed.


Common framework for artefact analysis activities

Common Framework

Target Audience

Duration

Download

Technical CERT staff.

8 hours

Handbook

Toolset

Virtual Image

Learn how to collect, store and correlate different types of information about samples and how to make use of this information with the assumption that having a structured and organised database is a good way to reaching synergy in the area of artifact analysis and incident investigation.


Introduction to advanced artefact analysis

binary1

Target Audience

Duration

Download

CSIRT staff and incident handlers involved in the technical analysis of incidents.

4 hours

Handbook

Toolset

This training presents the introduction to the advanced artefact analysis. It is the first part of a three-day course introducing assembly language and tools commonly used for the advanced artefact analysis.



Dynamic analysis of artefacts

binary2

Target Audience

Duration

Download

CSIRT staff and incident handlers involved in the technical analysis of incidents.

9 hours

Handbook

Toolset

This training presents methods and techniques of dynamic artefact analysis with the use of OllyDbg debugger package.


Static analysis of artefacts

binary3

Target Audience

Duration

Download

CSIRT staff and incident handlers involved in the technical analysis of incidents.

10 hours

Handbook

Toolset

The goal of this training is to introduce the participants to all aspects of static artefact analysis.


Processing and storing artefacts

Threat

Target Audience

Duration

Download

Technical CERT staff.

5 hours

Handbook

Toolset

Virtual Image

Present the trainees various methods of malicious artifacts acquisition with emphasis on artifacts collected through spam e-mails monitoring. Teach how to correctly set up spam collecting environment and simple artifacts repository. Exercise also provides knowledge how to modify and patch created system to better suit lab environment needs.


Using indicators to enhance defence capabilities

Indicator

Target Audience

Duration

Download

Technical CERT staff.

7 hours

Handbook

Virtual Image

Supporting Material

Learn how to create and deploy indicators of compromise using Collaborative Research into Threats (CRITs) platform. Additionally, demonstrate how to leverage CRITs to visualize relationships among different elements of a campaign, how to extract indicators from incident data, develop mitigation actions, and track those actions.


Identification and handling of electronic evidence

Evidence

Target Audience

Duration

Download

Technical CERT staff.

4 hours

Handbook

Toolset

Virtual Image

VM How To

Present the trainees with the principles of evidence gathering. Establish a common knowledge of the requirements regarding evidence admissibility in a court of law. This task also gives an overview of popular malware characteristics, methods of identification and tools that may be used at the scene.


Digital forensics

Network Forensics

Target Audience

Duration

Download

Technical CERT staff.

6 hours

Handbook

Toolset

Virtual Image

VM How To

Present the trainees with the principles of digital forensics and evidence gathering.             


Proactive incident detection

Proactive

Target Audience

Duration

Download

Technical and management CERT staff.

4 hours

Handbook

Toolset

Virtual Image

Setting up and working with AbuseHelper.                                                                        


Mobile threats incident handling

Mobile

Target Audience

Duration

Download

Technical CERT staff.

4 hours

Handbook

Toolset

Virtual Image

VM How To

Make the students familiar with special requirements and tools to do incident handling and forensics with mobile/smartphone computing platforms.


Mobile threats Incident handling (Part II)

smartphone w worms

Target Audience

Duration

Download

CSIRT staff and incident handlers involved in the technical analysis of incident.

24 hours

Handbook

Toolset

The goal of this training is to introduce the threats found in mobile environment, and to familiarise the participants with various tools and techniques used in Mobile Forensics and Incident Handling.


Automation in incident handling

Automation

Target Audience

Duration

Download

Incident handlers and technical staff.

2 hours

Handbook

Toolset

The purpose of this task is to develop students’ abilities to create custom scripts and filters dealing with large amounts of data such as IP addresses. After completing the exercise students should be able to extract useful information from bulk data, even in non-standard formats.


Network forensics

Network Forensics

Target Audience

Duration

Download

Technical CERT staff.

6 hours

Handbook

Toolset

Virtual Image

During the network forensics training the participants will familiarise themselves with the common methodologies and approaches on how the network forensic process could be conducted in practice. Students will work with packet capture files, follow DDoS traces in NetFlow data, and get familiar with countermeasures in order to better protect the digital services.


Honeypots

Honeypot

Target Audience

Duration

Download

Incident handlers and technical staff.

3 hours

Handbook

Toolset

Virtual Image

Familiarise students with two kinds of honeypots: server-side honeypots and client-side honeypots.


Vulnerability handling

Vulnerability

Target Audience

Duration

Download

Managers and incident handlers.

3 hours

Handbook

Toolset

To provide a practical overview of the vulnerability handling process and how vulnerabilities reported to a CERT team should be handled. Also, to provide some hands-on experience with difficult situations that may arise through the role of coordinator.


Presenting, correlating and filtering various feeds

ProcedureTesting

Target Audience

Duration

Download

CERT technical staff.

6 hours

Handbook

Toolset

Virtual Image 1

Virtual Image 2

Technical aspects of using visualisation to present, correlate and filter various feeds. The scenario will also cover the organisational aspects. In this scenario the students will be part of the CERT for a fictitious organisation which is analysing cybercrime activities.

We use cookies to ensure we give you the best browsing experience on our website. Find out more on how we use cookies and how you can change your settings.

Ok, I understand No, tell me more