Botnet Mitigation Course

 

Botnet Mitigation Course

Date:

4-8 Apr 2016

Registration deadline:

8 Feb 2016

Course dates may be changed until 3 months before the course

Location:

Tallinn, Estonia

Number of participants:

16

Participation fee:

300€ (no fee for Sponsoring Nations)

This training is focused on malware reverse engineering and other methods applicable to botnet infiltration.

This very hands-on oriented 4,5 days intermediate course introduces state-of-the-art botnet concepts and teaches how the botnet threat can be countered. Since most of modern botnets are designed as spyware, this course focusses on the detection of data-exfiltration and modern IDS evasion techniques.

After an initial briefing on botnet concepts and structures reflecting also the history of botnets and their role in cyber conflict, first practical examples of easy botnet structures are demonstrated and tested in practice. Realizing modern botnets usually hide their traffic by blending and encryption techniques, concepts of crypto breaking and polymorphic blending attacks are introduced and shown at recently detected malware samples such as Operation Red October, Zeus and Zero Access Botnet.

Finally, having detected botnet activity, the challenge of botnet infiltration is a botnet takeover – which required detailed understanding of the command-and-control functions implemented. In this course, we decode real botnet traffic and show the botnet C&C functionality by creating an own classroom botnet with the help of construction kits.

Prerequisites

  • Good work/administration experience in Linux (as the work environment) and Windows (as the malware environment).
  • Basic understanding of network traffic and malware.
  • Able to use virtual machine technology (Virtual Box or similar).
  • Experience with firewalls and network traffic analysis (Wireshark and similar tools).
  • Basic understanding of assembler and higher programming languages (optional).
  • Programming experience in assembler, C(++) or PYTHON (optional).
  • English language skill comparable to STANAG 6001, 2.2.2.2

NB! Please be aware of the strong technical nature of this course, it is not intended for inexperienced IT security specialists.

Registration info

To sign up for the course, please complete the registration form before the deadline.