15-19 May 2017
15-19 May 2017
6 Mar 2017
300 € (no fee for the Sponsoring Nations, Contributing Partners and NATO bodies)
This training focusses on infiltration and mitigation of botnets. This very hands‐on 5‐day intermediate course introduces state‐of‐the‐art botnet concepts and teaches how the botnet threat can be countered. Since most modern botnets are designed as spyware, this course focusses on the detection of data‐exfiltration and modern IDS evasion techniques.
After an initial briefing on botnet concepts and structures reflecting the history of botnets and their role in cyber conflict, practical examples of easy botnet structures are demonstrated and tested in practice. Modern botnets usually hide their traffic by blending and encryption techniques, and so concepts of crypto breaking and polymorphic blending attacks are introduced and shown from recently detected malware samples such as Operation Red October, Zeus and Zero Access Botnet.
Having detected botnet activity, the challenge of botnet infiltration is a botnet takeover which requires a detailed understanding of the command and control (C&C) functions implemented. On this course, we decode real botnet traffic and show the botnet C&C functionality bycreating our own classroom botnet with the help of construction kits.
The course demonstrates how modern botnets work. Attendees gain practical experience on how malware analysts work in a lab environment and how challenging the re‐engineering process can be. During hands‐on exercises, students learn the basic concepts of both data‐exfiltration and infiltration. The course focusses on dynamic analysis approaches such as applied black boxing and protocol re‐engineering.
In this course, we work with real malware. Samples of existing botnets are analysed and obfuscation techniques are experienced with very challenging examples.
Cyber security technical staff (CERT, IT departments, etc.) seeking to become familiar with malware analysis and related topics.
NB! Please be aware of the strong technical nature of this course. It is not intended for inexperienced IT security specialists.