ENISA TRAINING. Tentative agenda for workshop. Supported and co- organised by: TLP WHITE JANUARY 2016

Similar documents
Virtual Appliance Instructions for ENISA CERT Training TLP WHITE APRIL European Union Agency For Network And Information Security

How To Understand And Understand The European Priorities In Information Security

ENISA and Cloud Security

Supporting CSIRTs in the EU Marco Thorbruegge Head of Unit Operational Security European Union Agency for Network and Information Security

ENISA and Cloud Security

How To Write An Article On The European Cyberspace Policy And Security Strategy

ENISA What s On? ENISA as facilitator for enhanced Network and Information Security in Europe. CENTR General Assembly, Brussels October 4, 2012

ENISA and Cloud Security

Security Guide for ICT Procurement

Network Forensics. Toolset, Document for students. February

Incident Response. Six Best Practices for Managing Cyber Breaches. Nick Pollard, Senior Director Professional Services EMEA / APAC, Guidance Software

Prof. Udo Helmbrecht

ENISA: Cybersecurity policy in Energy Dr. Andreas Mitrakas, LL.M., M.Sc., Head of Unit Quality & data mgt

How to effectively respond to an information security incident

Contact details For contacting ENISA or for general enquiries on information security awareness matters, please use the following details:

Incident Response. Six Best Practices for Managing Cyber Breaches.

Intelligence Driven Security

ICS-SCADA testing and patching: Recommendations for Europe

Cyber Security and Digital Forensics Training Platform

GRC & Cyber Security Conference - Bringing the Silos Together ISACA Ireland 3 Oct 2014 Fahad Ehsan

Achieving Global Cyber Security Through Collaboration

Building Blocks of a Cyber Resilience Program. Monika Josi monika.josi@safis.ch

Cyber Security in Europe

Memory Forensics & Security Analytics: Detecting Unknown Malware

PCI Data Security Standard 3.0

HP TeamSite Developer - Training Agenda

Cyber Europe Key Findings and Recommendations

Network Forensics. Handbook, Document for teachers. February

An Introduction to Incident Detection and Response Memory Forensic Analysis

Detecting Unknown Malware: Security Analytics & Memory Forensics. Fahad Ehsan. Cyber Security #RSAC

ENISA s ten security awareness good practices July 09

Dr. Vangelis OUZOUNIS Senior Expert Security Policies ENISA.

Cooperation in Securing National Critical Infrastructure

TRAINING APPROACH INFO:

LabStats 5 System Requirements

Quick Deployment Step-by-step instructions to deploy Oracle Big Data Lite Virtual Machine

Copyright bizagi

Download Virtualization Software Download a Linux-based OS Creating a Virtual Machine using VirtualBox: VM name

Guidelines on Digital Forensic Procedures for OLAF Staff

Mobile Application Hacking for Android and iphone. 4-Day Hands-On Course. Syllabus

Digital Forensics Tutorials Acquiring an Image with FTK Imager

Security Intelligence Services. Cybersecurity training.

Frontiers in Cyber Security: Beyond the OS

Cyber Incident Forensic Response (CIFR) 2015

Cyber Security in Taiwan's Government Institutions: From APT To. Investigation Policies

Cloud and Critical Information Infrastructures

EU Priorities in Cybersecurity. Steve Purser Head of Core Operations Department June 2013

The EU approach to Cybersecurity and Cybercrime

To begin, visit this URL:

OUTCOME OF PROCEEDINGS

A New Era. A New Edge. Phishing within your company

BYOD Guidance: BlackBerry Secure Work Space

Memory Forensics: Collecting & Analyzing Malware Artifacts from RAM

Trusted e-id Infrastructures and services in EU

Mainstreaming European Military Cyber Defence Training & Exercises

Security Challenges in the Cloud

F-Secure Internet Gatekeeper Virtual Appliance

Creating a Linux Virtual Machine using Virtual Box

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist,

CESG Certification of Cyber Security Training Courses

Networks & Security Course. Web of Trust and Network Forensics

A White Paper from AccessData Group. Cerberus. Malware Triage and Analysis

Achieving Global Cyber Security Through Collaboration

Installing Ubuntu inside Windows using VirtualBox

NIS Direktive und Europäische sicherheitsrelevante Projekte Udo Helmbrecht Executive Director, ENISA

Data Mining in Incident Response Challenges and Opportunities

ASEAN Regional Forum Cyber Incident Response Workshop Republic of Singapore 6-7 September Co-Chair s Summary Report

Impact of Digital Forensics Training on Computer Incident Response Techniques

BlackBerry 10.3 Work and Personal Corporate

High-Performance, Low-Cost Computational Chemistry: Servers in a Stick, Box, and Cloud. Nathan Vance Polik Group Hope College February 19, 2015

Outline. Introduction. State-of-the-art Forensic Methods. Hardware-based Workload Forensics. Experimental Results. Summary. OS level Hypervisor level

Open Source Incident Management Tool for CSIRTs

DYNAMIC DNS: DATA EXFILTRATION

How To Perform A Large Scale Attack On A Large Network

Automating Linux Malware Analysis Using Limon Sandbox Monnappa K A monnappa22@gmail.com

Indian Computer Emergency Response Team (CERT-In) Annual Report (2010)

MSc Forensic Computing Project Proposal from Richard Howley

Security and privacy standardization for the SME community

Preventing identity theft

Transcription:

ENISA TRAINING Tentative agenda for workshop Supported and co- organised by: TLP WHITE JANUARY 2016 www.enisa.europa.eu European Union Agency For Network And Information Security

Tentative agenda for the ENISA training workshop 19-20th January 2016 Louizalaan 231. B- 1050 Brussels Belgium How to get to the place of venue can be found here: http://www.belnet.be/en/contact/contact To- do before the training: 1. Check if your laptop meets the following requirements: a. Computer that can run Virtual Images, by using either VirtualBox or a similar application b. The laptop should preferably have at least 4 GB of RAM, capable processor (i5 or i7), and at least 20 GB of free HD space c. You should be able to install applications and use USB memory sticks on your computer (preferably USB 3.0) 2. Download virtual images (Open virtualization format) from the following links. TO BE UPDATED Load the images into the virtualisation environment and test if they work properly by powering them on. More specific instructions and 'how- to' could be found here: https://www.enisa.europa.eu/activities/cert/training/training- resources/documents/virtual- image- how- to Participants will receive a certificate of attendance after completion of this training. 02

Day 1 (19 th January 2016) START TIME TITLE OF ACTIVITY ORGANISER 12:30 Welcome introduction Christian Van Heurck; CERT.be 12:45 Training introduction ENISA; Lauri Palkmets 13:00 Triage and Basic Incident Handling ENISA; Yonas Leguesse 15:00 Coffee break 15:15 Malware analysis and memory forensics ENISA; Lauri Palkmets 16:45 Wrap up discussion; Q/A ENISA; Yonas Leguesse 17:00 End of the training day The course of Memory Forensics is based on ENISA training material (https://www.enisa.europa.eu/activities/cert/training/training- resources/technical- operational#identification_handling, https://www.enisa.europa.eu/activities/cert/training/training- resources/technical- operational#advanced_artifact) and will introduce concepts, tools and techniques used for Memory Forensics. At the beginning, the trainer will introduce the basic concepts of memory forensics, such as acquisition of memory and its analysis. In the first part the participants will learn how to acquire memory images from Windows and Linux operating systems. During the second and third part, the students will perform basic analysis tasks while working with Windows and Linux memory dumps. Following the analysis tasks, the students are confronted with advanced analysis techniques, such as identifying and isolating a malware sample from a given memory image. Using the provided virtual machine, the participants will be able to follow a hands- on tutorial. Training objectives: Learn how to apply a classification scheme to incidents Concepts of triage and basic incident handling Familiarize with memory capture techniques and forensics Familiarisation with tools used for memory forensics Using memory captures to extract unpacked artefacts Perform malware analysis using memory dump Expected audience: Incident handlers with a good understanding of: Fundamentals of operating systems (Linux, Windows) Basic analysis skills Basic understanding of malware analysis 03

Day 2 (20 th January 2016) START TIME TITLE OF ACTIVITY ORGANISER 09:00 Incident handling 2.0 ENISA; Yonas Leguesse 11:00 Coffee break 11:15 Artifact Analysis ENISA; Lauri Palkmets 12.30 Lunch break 13:30 Artifact Analysis ENISA; Lauri Palkmets 15:00 Coffee break 15:15 Artifact Analysis ENISA; Lauri Palkmets 16:45 Wrap up discussion; Q/A ENISA; Lauri Palkmets 17:00 End of the training day The course of Artifact Analysis course is based on ENISA training material (https://www.enisa.europa.eu/activities/cert/training/courses#artifact) and will give the students an overview of the most common tools and methodologies used to perform malware analysis on artifacts, such as binary or documents, found on Windows systems. At the end of the session, students will learn how to configure an artifact analysis environment, store and process artifacts in order to extract host and network- based indicators from a malicious program using dynamic and static analysis techniques. During the training participants will be presented on behavioural analysis concepts and how these can be used to analyse a sample s interaction with its environment. The training will provide use cases on when such techniques should be used and their limitations. The goal is to train analysts on the basic rules of safe malware analysis and extraction of useful evidence, as part of a forensics investigation. Training objectives: Apply in practice of triage and basic incident handling concepts Use in practice artifact analysis environment Understand how static properties of suspicious programs can be used to detect malicious samples Perform behavioural analysis of malicious Windows executables using a sandboxed environment Extract actionable information out of a sample Understand the limitations of these techniques Expected audience: Incident handlers with a good understanding of: Operating System Concepts Fundamentals of networking Basic research skills 04

Trainers: Mr. Lauri Palkmets Lauri Palkmets is an Expert in Computer Security and Incident Response at ENISA. At ENISA he has been improving and extending CERT training material, and providing technical trainings for EU Member States. Before joining the agency he was working for the Estonian Defence Forces as head of Cyber Incident Response Capability. Lauri Palkmets holds MSc in the area of Cyber Security from the Tallinn University of Technology and University of Tartu. PGP Key ID: 0x490F50CF RSA 4096/4096 Fingerprint: 2054 FFAE DE3E 0278 6B04 F6B3 3A1B C911 490F 50CF Mr. Yonas Leguesse Yonas Leguesse is an Expert in Network and Information Security at ENISA. He is currently providing training on various topics, focusing mainly on Mobile Technologies and Incident Handling. Before joining the agency he was working for The Malta Information Technology Agency, and formed part of the Information Security Department. He also has experience in a Law Enforcement Agency, and has a background in software development. PGP KeyID: 0x57C9852C RSA 4096/4096 FP: A6A0 B8E3 19CF 1277 5E15 43CF 5B7F 9480 57C9 852C 05

ENISA European Union Agency for Network and Information Security Science and Technology Park of Crete (ITE) Vassilika Vouton, 700 13, Heraklion, Greece Athens Office 1 Vass. Sofias & Meg. Alexandrou Marousi 151 24, Athens, Greece PO Box 1309, 710 01 Heraklion, Greece Tel: +30 28 14 40 9710 info@enisa.europa.eu www.enisa.europa.eu

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information