Please Note: Separate Registration is required and both run from 1000-1550, by participating in a workshop your schedule will be Keynote, workshop (with a break for lunch) and then the Wrap-Up.
How to Write Malware
Instructor: Sean Pierce
Abstract: AVTest stated that there was more than 120,000,000 ‘New Malware’ families registered last year – if so many people are doing it, then coding malware can’t be that hard right? By learning to write our own basic malware, we will experience the common techniques attackers have been using for years to create fun, quick, and easy, single purpose software – because in the end, malware is in fact software like any other. This means we will mostly be working through the typical issues developers face: bugs, logging, networking, googling errors and copying and pasting from stackoverflow; and best of all – no witchcraft!
During this training we will cover the tips and tricks about reversing our malware for the primary purpose of extracting host and network-based Indicators of Compromise (IoC’s). Then after experiencing malware development we will discuss modern malware architecture and the recent source code leaks from the CIA, NSA, cybercrime malware.
Examples will also be given for python and powershell but we will be using .NET as a programing language because:
· It is Free
· It is Easy to Use
· It is Easy to Reverse Engineer
· It will demonstrate the traditional host IoC and other artifacts
Details: This is an all-day class: 10 – 4 with the last part of the day for competition.
Before coming to class:
· Bring a PC with VMware Workstation/Player to run the VM
· Download the Dev VM from here: https://rebrand.ly/writemalware
o I will have a few flash drives with copies of the VM along with a Mobile Hotspot but don’t expect the Hotspot to be reliable
o The Dev VM only contains Visual Studio (Free Edition here: https://www.visualstudio.com/downloads/ ), the basic starting source code (here: https://rebrand.ly/edurat), and DnSpy (https://github.com/0xd4d/dnSpy/releases/download/v4.5.3/dnSpy.zip ), Putty (for SSH/SCP), and Python. While this is a simple setup I would prefer everyone using the VM because I can’t anticipate IDE and debugging problems on your native host (so I will NOT help you debug your code if you aren’t using the VM)
Who should take this class?
· Familiar with programming techniques. C# Course for absolute beginners: https://mva.microsoft.com/en-US/training-courses/c-fundamentals-for-absolute-beginners-16169?l=p90QdGQIC_7106218949
· Should be able to Google, copy and paste from stackoverflow
Intro to Linux: Bootcamp for Security Professionals
Abstract: This hands on training is intended for users who may be new to Linux, or perhaps are interested in building their skill set further. The course will teach basic Linux command line skills, and will include coverage of Linux tools useful for both red team and blue team engagements.
Students will need a laptop, and the ability to run virtual machines
BrrCon OSXcollector Training
Abstract: Introductory Mac Forensics using OSXcolllector
This training will focus on collecting and analyzing artifacts from a Macintosh using osxcollector and its output filters. We will step through what osxcollector can collect and how to run it. Students will be given practical examples of osxcollector output for different infection scenarios, and we will walk through how output filters can be used to identify root cause.
A Mac with OS 10.*
Able to use command-line tools
Megan Carney is an Incident Handler at Target. Previous to working at Target, she has been an analyst at several companies. Even after over ten years of experience on the blue team side of infosecurity, she is still (mostly) sane.