Written by Vitaly Kamluk

2 minute read

23-24 September! Threat Reconnaissance Using Remote Scoutware

Expert-led online bootcamp (only 20 seats)

Trainers: Vitaly Kamluk, Nicolas Collery

Training overview

Incident response to live cyberattacks requires silent navigation through compromised assets, sometimes in large distributed networks. The popular approach relies on EDR or other live agent-based solutions. However, the activation of security agents and obvious activities on live compromised systems may trigger alerts of advanced threat actors. Once alerted, a cleanup operation and destruction of evidence can happen. Moreover, offline system analysis may not be easy due to the physical distance to the compromised system or scale of the network. This is where remote stealthy threat discovery with “scoutware”, software for threat hunting and instant system analysis, becomes incredibly useful.

In our training you will be introduced to the free, open-source scoutware tool Bitscout developed by Vitaly Kamluk from Kaspersky GReAT in collaboration with INTERPOL, that has been successfully used by Kaspersky researchers for years. The cases demonstrated in the training were developed by Vitaly Kamluk and Nicolas Collery, Executive Director at DBS Bank, primary incident responder. During the training you will create your own remote analysis tool and practice it right away in the provided virtual lab!

• Extensive practice in the virtual lab
• Live interaction with the experts
• Crafting and practicing your own customised Bitscout tool
• Cloud forensics (New!)
• Remote iOS forensics (New!)

Timing

23rd and 24th September, 2021
9:00am to 2:00pm UTC

Class plan

1. Introduction and theory
2. Crafting your own scoutware
3. Exercises:
-> Discovering malware remotely
-> Finding the origins of infection
-> Disk image acquisition and live disk data streaming
-> Safely starting the analysed OS for interactive and dynamic analysis
-> Using Bitscout to train your team
-> Converting compromised host into a honeypot
-> Forensics at scale: analyzing a compromised cloud
-> Analyzing iOS remotely
4. Q&A

Prerequisites

• Knowledge of Linux CLI and Bash scripting
• Experience with virtualization and networking
• General understanding of popular OS architectures
• Understanding how to handle malware and compromised systems
• A modern browser to work in our virtual training environment

Price: $750 USD inc. tax per attendee

LEARN MORE AND REGISTER