Top Categories

Spotlight

todayMarch 28, 2020

Case Study Mjolnir Security

Attack Type – Exploitation of novel / 0-day vulnerability

Scenario: Org2 is a specialist technology company based in the UK. The Org2 IT security operations team responded to an alert from its corporate anti-virus provider that a copy of password stealing malware had been found on three of its domain controllers. This was a serious incident, and an investigation [...]

Top Voted
Sorry, there is nothing for the moment.

Introduction to Incident Response

September 17, 2020

Background
share close
Details
Date September 17, 2020 H 15:00
End November 5, 2020 H 19:00
Add to Google Calendar

Click here to add this event to your google calendar

About the event

The best way in our opinion to learn to how to respond to incidents is knowing how to cause one.

At Mjolnir Security, all training courses include Capture the Flag (CTF) games where learners get to practice hacking specialized systems. This helps learners understand how to compromise a system, once they learn how to perform the compromise, they can better see what the logs looked like on the defenders side, eventually performing the role of Incident Responders.

Our next batch of Incident Response training is tentatively scheduled to begin Sept 18th 2020.  Our 8 week bootcamp spread over 6-8 weeks in multiple 4 hour sessions (primarily held in EDT), allows you to have adequate breaks between sessions so you can keep practicing.

Our standard agenda is:

  • Week 1: We will attack specially hosted class websites (and the servers they are hosted on) using different online and offline methods. Some are traceable in logs, some aren’t directly. We will also use Kali linux installed as a virtual machine to attack the servers live during class. We will review the attacks as they happen in realtime against the target systems. You will be introduced to a SOC environment that is specifically setup for this class.
  • Week 2: We will review the attacker activities and track/trace the attacker’s activities. Now that you would have experienced how the attackers actually attack, you can see what you can understand and analyze from the investigators end. You will learn how to perform threat hunting.
  • Week 3: In our targets we have Windows logs, IIS logs, Apache logs and Linux logs. You will learn what each log is, what is the use,  the relevance and how to interpret/analyze them to find relevant and actionable intelligence. This will include threat intelligence correlation and attribution.
  • Week 4: While the attacks are ongoing (our attacks and worldwide random attackers), we will intermittently run packet capture which you will analyze to determine what is an attack and then trace it back to the attacker. You will learn how to identify threats over the network with Wireshark and OSINT tools.
  • Week 5: Malware code analysis before it is detonated and also after it is. Performing OSINT on the malware to identify Indicators of Attack before they become indicators of compromise.
  • Week 6: Malware analysis and signature creation (YARA and Sigma rules). You will learn how to create signatures for malware and attacks you have analyzed so far to run your own scans to detect threats. You will be introduced to industry standard tools for this analysis.
  • Week 7-8: Attribution and Correlation of all attack evidence collected to date. Followed by an Incident Response report. This report will not be same as the report you write, this will be the kind we write in private sector. The objective will be to help you implement learnings from both public and private sector.

The lab infrastructure includes VPN access to a secure training environment, Threat Intelligence aggregators, Big Data SOC tools, Virtual Machines (all tools pre-installed) that you can keep for reuse in your own investigations and more.

What you will get:

  • Our curriculum is a mix of what our lead trainer teaches in his role as a Professor at George Brown College’s (Toronto) Cyber Security Program and what we have experienced in our work during Incident Response investigations with clients.
  • Often when we are called for a cyber incident, we encounter clients and individuals who have never received any formal training on how security incidents are caused and thus do not know where to start from for the response. As a learning outcome of this training, you will learn all the common methodologies by which current threat actors infiltrate organizations and how to mitigate against their threats.
  • You will leave with your very own toolkit using which you can write security advisories, pull apart malware to write and run your own anti-malware signatures, perform the full extent of Incident Response analysis from your own private lab.
  • You will get the ability to write your own malware signatures to protect your organization instead of having to wait for your Security Providers/Vendors to take a few days to prepare mitigation measures for you. Thereby severely reducing the mean time to defend your network against the attacker by a matter of days!

If you are interested, please reach out to training@mjolnirsecurity.com . There are sessions planned dedicated to training North American Law Enforcement officers at no cost (limited seats available), if you are a North American Law Enforcement officer and would like to sign up, please send an email to training@mjolnirsecurity.com and indicate your Agency name, Unit name and Agency email address.