2024 Workshops
Cloud Forensics Workshop - AI Edition
Now in its seventh iteration since the initial launch at BSides DC in October 2017, the Cloud Forensics Workshop has been a regular feature at multiple security conferences where students new to the industry or individuals interested in cross-training learn core concepts about digital forensics in the Cloud. The latest version of this training session - dubbed the "AI Edition" - now focuses on how artificial intelligence and automation can assist with a digital forensic investigation; including securing a compromised account, creating the necessary artifacts for forensic analysis; log indexing, correlation, and analysis to help identify suspicious activity or other unusual behaviors to generate a timeline of events.The workshop will also feature plenty of group discussions on recent advancements in forensic automation, how the Cloud has evolved from large-scale virtual servers to smaller scalable containers, how IoT devices have extended the logical boundaries of the Cloud, and key similarities and differences between the three major Cloud Service Providers. There will also be hands-on labs where students can learn more about automating tasks, mirroring and capturing packet data, and open-source tools and techniques that are commonly used in the field. Requirements: Students will need to bring their laptops with them. Minimum specs should be at least an 8th or 9th generation Intel i5 processor (or AMD equivalent) and 16GB of RAM. A Windows environment is preferred, but attendees are welcome to use MacOS or Linux. Students should create a free tier account in AWS and install the following software tools: Wireshark, TSK/Autopsy, Volatility (or LiME), & CFF Explorer. Cost: $20 + Admission Ticket (purchase from EventBrite) Duration: 8 hours |
Purple Teaming with Detection-as-Code for Modern SIEM
One of the challenges for security teams is writing and deploying detections that generate actionable alerts with rich context while also reducing noisy alerts. This hands-on workshop will teach the fundamentals of Purple Teaming and detection-as-code to help build new detections. This session will show how to leverage Purple team techniques to develop hypotheses for new detections and strengthen their defenses against future attacks. The session will show how to use open-source offensive security tools to simulate attacks against lab infrastructure and use an investigative approach to learn and build new detections & manage them using detection-as-code principles to eliminate noise and false positives.
Requirements: Students will need to bring a laptop. Some Python experience is helpful but not required, we will teach the basics.
Cost: $20 + Admission Ticket (purchase from EventBrite)
Duration: 2 hours
One of the challenges for security teams is writing and deploying detections that generate actionable alerts with rich context while also reducing noisy alerts. This hands-on workshop will teach the fundamentals of Purple Teaming and detection-as-code to help build new detections. This session will show how to leverage Purple team techniques to develop hypotheses for new detections and strengthen their defenses against future attacks. The session will show how to use open-source offensive security tools to simulate attacks against lab infrastructure and use an investigative approach to learn and build new detections & manage them using detection-as-code principles to eliminate noise and false positives.
Requirements: Students will need to bring a laptop. Some Python experience is helpful but not required, we will teach the basics.
Cost: $20 + Admission Ticket (purchase from EventBrite)
Duration: 2 hours
Intro to C2 Class for Beginners
C2 training class for people that are beginner red teamers or are threat hunters looking to learn how adversaries leverage C2s using Sliver. The course will cover the following: Sliver Server setup, Sliver client setup, working with multiple operators, implant creation (Windows/Linux), interacting with an implant, creating and leveraging stagers, persistence in an operation, introduction to credential theft, introduction into implant pivoting, and bonus levels with Android implants.
Requirements: Students will need a basic understanding of Linux and Windows. They need to bring a laptop and have an Azure subscription.
Cost: $20 + Admission Ticket (purchase from EventBrite)
Duration: 4 hours
C2 training class for people that are beginner red teamers or are threat hunters looking to learn how adversaries leverage C2s using Sliver. The course will cover the following: Sliver Server setup, Sliver client setup, working with multiple operators, implant creation (Windows/Linux), interacting with an implant, creating and leveraging stagers, persistence in an operation, introduction to credential theft, introduction into implant pivoting, and bonus levels with Android implants.
Requirements: Students will need a basic understanding of Linux and Windows. They need to bring a laptop and have an Azure subscription.
Cost: $20 + Admission Ticket (purchase from EventBrite)
Duration: 4 hours