Home / Categoria Summer Bootcamp / CSIRTs operations
Subscribe to RSS - CSIRTs operations

CSIRTs operations


Threat detection at scale using osquery and osctrl

Posted on 06/14/2021
  • Speaker: Javier Marcos de Prado
  • Topic: Digital Forensics and Incident Response (DFIR).
  • Content of the workshop:
    • Introduction to the need to deploy detection infrastructure, in both corporate and production environments, using practical examples. 
    • List of the steps necessary for the automation and deployment of osquery as an agent within a distributed and scalable network.

Identifying vulnerabilities and exploitation in Windows applications

Posted on 06/14/2021
  • Speaker: Pablo San Emeterio
  • Topic: security advisories and vulnerability identification.
  • Content of the workshop:
    • Introduction X86 Architecture.
    • Introduction disassemblies.
    • Searching for vulnerabilities in the code.
    • Vulnerability verification.
    • Exploitation of the vulnerability.
    • Bypassing protections.

DFIR on Windows: What do I extract?

Posted on 06/14/2021
  • Speaker: Lorenzo Martínez Rodríguez
  • Topic: Digital Forensics and Incident Response (DFIR).
  • Content of the workshop:
    • Security incidents.
    • Live response vs. post-mortem.
    • Types of forensic artefacts: user, system and file system.
    • Triage with Wintriage!
    • Artifact analysis in Windows: Registry, Trash, Navigation and MFT.

Proactive cybersecurity for Blueteams, ninja techniques for new threats

Posted on 06/14/2021
  • Speaker: Jose Luis Navarro Adam
  • Topic: security advisories and vulnerability identification
  • Index:
    • Description of the workshop and objective to be achieved
    • Deployment of the infrastructure and segmentation of perimeter zones on virtual machines
    • Perimeter Firewall configuration 
    • Deployment and configuration of the SIEM server
    • Installation and configuration of the detection and response scripts 
    • Wargames
    • Questions

Practical research procedure in hacktivism cases

Posted on 06/14/2021
  • Speakers: Iván Portillo Morales and Gonzalo Espinosa Lázaro
  • Topic: cyber threat intelligence.
  • Content of the workshop:
    • The threat to be addressed (Hacktivism).
    • Development of the case study:
      • Phase 1: Direction and Planning.
      • Phase 2: Procurement.
      • Phase 3: Analysis and Elaboration.
      • Phase 4: Dissemination
    • Conclusions and summing up.

Research techniques using Open Source INTelligence techniques

Posted on 06/14/2021
  • Speaker: Carlos Seisdedos
  • Topic: Open Source INTelligence (OSINT).
  • Content of the workshop:
    • Intelligence.
    • Securing the working environment.
    • Website research.
    • Investigation of natural persons.
    • Investigation of legal persons.
    • Gathering information on social networks.
    • Social network analysis.
    • Presentation of results.
    • Final online test.