About the Course:
The ability to preserve and analyse data found on digital storage media, computer systems and networks is essential for understanding and mitigating cyber attack against IT infrastructures. The ability to forensically analyse these devices and systems in a manner that preserves critical information is essential. The forensics professional must be highly competent in collecting, examining, analysing and reporting on digital evidence. The use of real-world scenarios would enable the target audience not only to learn the required skills, but also gain experience in their practical application.
Participants will learn techniques to identify suspect traffic pattern, identify a breached host, identify signs of Bots running in a network and the techniques to deal with and manage compromised machines.
Lectures with presentation slides and extensive hands-on exercises.
The core of the course will be focused on how an information security practitioner can identify, analyse and report malicious activities. The course does not assume prior knowledge of forensics investigations, and will cover basic topics from basics of digital forensics to malware analysis.
Lectures with presentation slides, extensive hands-on group exercises and case studies.
Participants are required to bring their own notebook.
- Driving factors behind modern malicious Internet activity
- Common attack vectors: from remote buffer overflow to Web 2.0
- Motivations of cyber attackers
- Botnets as a threat: A tool for Internet crime
- Botnet creation methods, attack vectors, and trends
- Hands-on exercises focused on initial infection vectors, propagation, and Botnet functions.
- Botnet functionality: banking credential theft, spam, phishing, DDoS attacks, proxies, network sniffing, malware hosting, key logging, etc.
- Create and administer IRC and HTTP Botnets
- Introduction to Network Forensics
- Identifying and analyzing botnet activity: Finding Botnet C&Cs and compromised hosts
- Effectively identify compromised hosts, malicious internet activity, and Botnets using:
- Intrusion Detection Systems
- Network Flow Analysis
- Host-based Monitoring
- Run and administer IDS, network flow, and host-based monitoring system
- Network Forensics: Hands-on Exercises
- Network traces of common attack vectors
- Collecting malware using Honeypots to find compromised hosts and Botnets
- Running server-side and client-side honeypots
- Malware analysis to investigate malicious activity
- Introduction to dynamic and static malware analysis
- Performing dynamic and static malware analysis