Top Categories


todayFebruary 3, 2021

News + Malware + Botnet + Ransomware Mjolnir Security

Fall of Emotet

On January 27, 2021, news broke from Europol that a collaborative effort had effectively taken down and disrupted one of the most significant botnets in the past decade – Emotet. This global action and collaborative initiative incorporated authorities in the Netherlands, Germany, the United States, the United Kingdom, France, Lithuania, [...]

Introduction to Incident Response

May 3, 2021

share close
Date May 3, 2021 H 17:00
End May 12, 2021 H 20:00
Add to Google Calendar

Click here to add this event to your google calendar

About the event

The best way in our opinion to learn to how to respond to incidents is knowing how to cause one.

At Mjolnir Security, all training courses include Capture the Flag (CTF) games where learners get to practice hacking specialized systems. This helps learners understand how to compromise a system, once they learn how to perform the compromise, they can better see what the logs looked like on the defenders side, eventually performing the role of Incident Responders.

Our next batch of Incident Response training is scheduled to begin May 3rd 2021. It will run Monday – Friday till May 12th from 5pm – 8pm EST

Our standard agenda is:

  • Day 1: We will attack specially hosted class websites (and the servers they are hosted on) using different online and offline methods. Some are traceable in logs, some aren’t directly. We will also use custom built Kali linux installed as a virtual machine to attack the servers live during class. We will review the attacks as they happen in real-time against the target systems. You will be introduced to a SOC environment that is specifically setup for this class.
  • Day 2: We will review the attacker activities and track/trace the attacker’s activities. Now that you would have experienced how the attackers actually attack, you can see what you can understand and analyze from the investigators end. You will learn how to perform threat hunting.
  • Day 3: In our targets we have Windows logs, IIS logs, Apache logs and Linux logs. You will learn what each log is, what is the use,  the relevance and how to interpret/analyze them to find relevant and actionable intelligence. This will include threat intelligence correlation and attribution.
  • Day 4: While the attacks are ongoing (our attacks and worldwide random attackers), we will intermittently run packet capture which you will analyze to determine what is an attack and then trace it back to the attacker. You will learn how to identify threats over the network with Wireshark and OSINT tools.
  • Day 5: Malware code analysis before it is detonated and also after it is. Performing OSINT on the malware to identify Indicators of Attack before they become indicators of compromise.
  • Day 6: Malware analysis and signature creation (YARA and Sigma rules). You will learn how to create signatures for malware and attacks you have analyzed so far to run your own scans to detect threats. You will be introduced to industry standard tools for this analysis.
  • Days 7-8: Attribution and Correlation of all attack evidence collected to date. Followed by an Incident Response report. This report will not be same as the report you write, this will be the kind we write in private sector. The objective will be to help you implement learnings from both public and private sector.

The lab infrastructure includes VPN access to a secure training environment, Threat Intelligence aggregators, Big Data SOC tools, Virtual Machines (all tools pre-installed) that you can keep for reuse in your own investigations and more.

What you will get:

  • Our curriculum is a mix of what our lead trainer teaches in his role as a Professor at George Brown College’s (Toronto) Cyber Security Program and what we have experienced in our work during Incident Response investigations with clients.
  • Often when we are called for a cyber incident, we encounter clients and individuals who have never received any formal training on how security incidents are caused and thus do not know where to start from for the response. As a learning outcome of this training, you will learn all the common methodologies by which current threat actors infiltrate organizations and how to mitigate against their threats.
  • You will leave with your very own toolkit using which you can write security advisories, pull apart malware to write and run your own anti-malware signatures, perform the full extent of Incident Response analysis from your own private lab.
  • You will get the ability to write your own malware signatures to protect your organization instead of having to wait for your Security Providers/Vendors to take a few days to prepare mitigation measures for you. Thereby severely reducing the mean time to defend your network against the attacker by a matter of days!

Our training to Law Enforcement agencies is always FREE! But we do have costs to recoup, this is why we have made a pay what you can ticket option. Please goto the eventbrite link below and pick what you are comfortable with paying.

If you or a friend is in Law Enforcement and wants to sign up, please reach out to us [email protected] and mention what agency and unit you are with.

For everyone else, please use this link to sign up –