Technical Hands-On Workshop
27 July 2016 (Wed) | 09:00 - 18:00 | US$260 per seat (inclusive of lunch buffet and tea breaks)
(ISC)2 Members can earn up to 7 CPEs
Morning Session: Hands-on Threat Modeling
Threat Modeling has long been a practice reserved for software development project but it has most recently proven its value in the systems engineering field as well. During this workshop we will learn the basic principles of threat modeling and how it can help organizations to build more secure and resilient systems. While putting the theoretical knowledge into practice with hands-on exercises we will learn how threat modeling :
- helps you make better design choices
- decreases the amount of vulnerabilities in post-release code
- facilitates more focused and effective penetration testing
- makes security a business asset instead of a burden
Wim Remes, CISSP
Manager, Strategic Security Services, EMEA, Rapid 7
Chair, Board of Directors, (ISC)2
Afternoon Session: Building Your Own Threat Intelligence Platform for Your Actionable Defence
In May 2014, an article in Wall Street Journal quoted a senior executive from a top anti-virus software pioneer, who declared that anti-virus software was “dead” because their product missed 55% of attacks. Back 15-years ago, anti-virus detection could defense against most of the malicious software attacks with 'signatures'. The bad guys then launched significant amount of malicious attacks with their advance and evolving innovations which forced the defenders to acquire 'new' defensive technologies to build a supposedly smarter intelligence solutions. That were later described as 'heuristic-based detection'. Malware becomes increasingly complex in the post-APT period as adversaries adopted an attack pattern like the 'Cyber Attack Kill Chain'. Take for an example, the current wide-spreading ransomeware, the Locky and its variances, pushed the detection rates even lower for both enterprise and domestic version of anti-virus software/security products. In this presentation, we first discuss a bit about malware IOCs and threat intelligence. Then investigate the possibilities to build an automated threat intelligence platform by using Maltelligence and other open source tools to collect, store and processing of the identified artifacts (or obverables). Instead of paying high cost to buy the threat feeds, we illustrate how to use the collected intelligence to detect various malicious attacks, including APT and stealthy malware.
Cyber Threat Intelligence, Malware IOCs
Minimal requirements for the participants' laptop:
Intel-compatible dual-core CPU i5, 8 GB RAM, 20+ GB of available disk space, USB port 2.0, Ethernet network interface card (NIC) or built-in Wi-Fi network card for accessing the Internet and Virtualization support enabled in the BIOS. The participants are required to pre-install VMWare Workstation/VM Fusion/VM Player or VIrtualBox on their laptop if they want to work with me on the demo.
In addition, if you would like to use Maltelligence, please register (or “Join our community”) with VirusTotal and obtain your API before coming to the workshop. You may register at https://virustotal.com/. You will find you own API key after clicking your login name under the option of “My API Key” [View Sample].
Frankie Li, CISSP
Dragon Threat Labs
For any inquiries, please contact email@example.com or (852) 28506957.
Registration & Setup
Session 1.1 (Instructor: Wim Remes)
Session 1.2 (Instructor: Wim Remes)
Session 2.1 (Instructor: Frankie Li)
Session 2.2 (Instructor: Frankie Li)
Orlando, Florida USA • September 12-15
Dublin, Ireland • October18-19
Sao Paulo, Brazil • November 29-30
Registration & Pricing
Hotel & Travel
Become a Sponsor