Session 9: Analysing Malware samples using Forensics Analysis Tools

Trainer

            Christos Apostolakis, Zelus

Session Details

  1. Session Title:
    Analyzing Malware samples using Forensics Analysis Tools
  2. Session Description:
    This session will focus on identifying malware and analyzing its processes using memory analysis tools. Participants will learn techniques for dumping processes to facilitate malware analysis
  3. Key Learning Objectives:
    Understand the methodology for initiating an analysis of a malware infection incident.
    Learn to identify malicious processes and extract critical information about the methods used to infect system.
    Gain insights into how malware functions, enabling participants to recover and mitigate its impact.

Lab Details

  1. Lab Title:
    Malware Infection Incident analysis with Volatility and other State of the Art Digital Forensics Tools
  2. Lab Description:
    Lab focuses on the use of Digital Forensics Tools, that will help the participants to understand the methodologies we use to identify malware infections and how to analyze the evidence and perform Malware Analysis
  3. Key Learning Objectives:
    Utilize memory forensics tools to identify and analyze processes of an infected system in order to locate and isolate malicious software.
    Perform process dumping to capture malware and evaluate its functionality
  4. Tools/Software Required:
    Volatility 3, hex editor (xxd), aeskeyfind
    Virtual Environment: Kali Linux or other preferred Linux Distro with the essential tools installed

Session 10: Log Management and Threat Modelling

Trainer

            Penelope Kyranoudi, Technical University of Crete

Session Details

  1. Session Title:
    Log Management and Threat Modelling
  2. Session Description:
    This session provides an introduction to Security Information and Event Management (SIEM) and its role in cybersecurity as well as to the threat modelling process and its use. Participants will explore log management principles, understand SIEM configurations, and learn how it can be connected with the threat modelling process.
  3. Key Learning Objectives:
    Understand the core functionalities of SIEM systems and their importance in cybersecurity.
    Learn the fundamentals of log management.
    Discover how to use threat modelling in connection with a SIEM.

Lab Details

  1. Lab Title:
    SIEM Platform and Threat Modelling Tool Setup
  2. Lab Description:
    This hands-on lab guides participants through the setup and configuration of a SIEM system as well as a Threat Modelling Tool. Participants will ingest and analyze logs and simulate threat detection scenarios to understand how SIEM systems work in practice. They will also understand in practice how these two processes can be useful to each other.
  3. Key Learning Objectives:
    Set up and configure a SIEM platform for log ingestion and monitoring.
    Log analysis
    Threat Modelling tool setup and use
  4. Tools/Software Required:
    SIEM platform
    Sample log datasets (to be provided)
    Threat Modelling tool