Training

We offer a range of inspiring training courses delivered by top researchers. Most of the training is conducted exclusively at the SAS conference. You can participate in legendary courses such as the Yara hands-on from world-renowned security experts: Costin Raiu, Vitaly Kamlyuk, Brian Bartholomew and others. Any questions? Just let us know!

Main Classes

Hunt APTs with Yara like a GReAT Ninja

Trainers:

Costin Raiu, Sergey Mineev, Kaspersky

Price

$ 2800*

Have you ever wondered how Kaspersky Lab discovered some of the world’s most famous APT attacks? Now, the answer is within your reach. This training will lead you through one of the essential tools for the APT hunter: the Yara detection engine.

If you’ve wondered how to master Yara and how to achieve a new level of knowledge in APT detection, mitigation and response, it all breaks down to a couple of secret ingredients. One of them is our private stash of Yara rules for hunting advanced malware.

During this training you will learn how to write the most effective Yara rules, how to test them and improve them to the point where they find threats that nobody else does. During the training you will gain access to some of our internal tools and learn how to maximize your knowledge for building effective APT detection strategies with Yara.

INTENDED AUDIENCE

Security researchers and incident response personnel, malware analysts, security engineers, network security analysts, APT hunters and IT security staff. The training is suitable for both beginners and experienced Yara users.

TOPICS COVERED

* Brief intro into Yara syntax
* Tips & tricks to create fast and effective rules
* Using Yara-generators
* Testing Yara rules for false positives
* Hunting new undetected samples on VT
* Using external modules within Yara for effective hunting
* Anomaly search
* Lots (!) of real-life examples
* A set of exercises for improving your Yara skills

CLASS REQUIREMENTS

Level: medium and advanced

Prerequisites: knowledge of the Yara language and basic rules

Class: limited to max 15 participants

Hardware: Own laptop

Minimum Software to install: Yara v. 3.6.0

Duration: 2 days

Date: April 5-6, 2020

*price includes hotel accommodation April 5-6, breakfast, lunch and coffee breaks, and does not include SAS 2020 pass

The God-Mode Practical Training in Static Analysis of APT Malware - SOLD OUT!

Trainers:

Igor Soumenkov, Kaspersky

Price

SOLD OUT!

Every flashy new computer incident involving previously unseen malicious code boils down to one question: ‘what are the attackers trying to do?’ Answering this question requires a keen investigative mind and skills to match in order to determine the functionality of that code and boil it down into actionable artifacts: either a basic set of IOCs or a complete technical description that reveals the TTPs of the attackers. With these products in hand, an organization can proactively defend against the most cutting-edge attackers.

Easier said than done. Organizations affected by a true APT-level attack will require a deep understanding of the APT toolkit to truly understand the extent of the capabilities and intentions of the determined intruders. Only with this can they ever be sure that their damage assessment and incident response efforts are accurate and effective. The only way to reach this level of understanding with true fidelity is to statically analyze the malicious code (no “if’s”, “and’s”, or dynamic “but’s” about it).

Unlike easier dynamic analysis techniques, Advanced Static Analysis allows to produce high fidelity descriptions of the executable code regardless of execution flow and tricky runtime checks. It allows analysts to produce an extensive set of actionable items, including lists of C&C servers, file and memory signatures, crypto implementations and more. A combined understanding of unique code sequences and algorithm employed by the malware developers is key in malware classification, toolset attribution, and the creation of the most advanced hunting signatures.

This course will cover most of the steps required to analyze a modern APT toolkit, from receiving the initial sample, all the way to producing a deep technical description with IOCs. The course material is based on many years of experience analysing the most complex threats ever discovered in-the-wild, including: Equation, Red October, Sofacy, Turla, Duqu, Carbanak, ShadowPad, and many more. It’s time to set your static analysis game to God-Mode.

TOPICS COVERED

* Unpacking
* Decryption
* Developing own decryptors for common scenarios
* Byte code decompilation
* Code decomposition
* Disassembly
* Reconstruction of modern APT architectures
* Recognizing typical code constructs
* Identification of cryptographic and compression algorithms
* Classification and attribution based on code and data
* Class and structure reconstruction
* APT plugin architectures (based on recent APT samples)

PREREQUISITES

* Understanding of x86 and x86_64 assembly, Python
* Basic knowledge of C/C++
* Experience with analysing code in IDA Pro

Level: medium and advanced

Hardware & Software requirements:

* Laptop with VMWare / VirtualBox virtualization solution
* Legitimate copy of IDA Pro (latest version preferred)
* Working C/C++ compiler toolset: clang, g++, mingw

Class: limited to max 15 participants

Duration: 2 days

Date: April 5-6, 2020

*price includes hotel accommodation April 5-6, breakfast, lunch and coffee breaks, and does not include SAS 2020 pass

The Good and the GReAT— Stepping up your Threat Intelligence Game

Trainers:

Brian Bartholomew, Kaspersky Brian Candlish, Telstra Threat Labs

Price:

$2800*

In the past decade, ‘threat intelligence’ has become one of the hottest commodities in the infosec market for companies to either purchase or create. As a threat intel analyst, one must be a Jack-Of-All-Trades, without over-specializing in any one thing. Unfortunately, there are few guidelines and fewer training courses for analysts to obtain a solid foundation. Even seasoned threat intel analysts find themselves creating specific tools to accomplish a task, only to find out that someone else has already done so. And in those rare cases where expert analysts are stumped, who can they turn to for guidance? This course is designed to serve threat intel analysts of all levels of experience, providing a solid foundation for beginner-to-intermediate intel analysts, as well as showing more advanced analysts how the Global Research and Analysis Team (GReAT) conducts their research in special fringe cases.

The course will span two full days and cover the entire gamut of threat intelligence. Some of the topics covered include:

* Concepts of threat intelligence
* Intelligence life cycle
* Defining intelligence requirements
* Collecting and processing data
* Maximizing data through automation
* Open source / custom tools
* Threat hunting in large security datasets
* Intelligence reporting
* Dealing with biases
* Using estimative language
* Each day will end with large hands-on labs (approx. 2 hrs each)

CLASS REQUIREMENTS

Level: Intermediate or above

Prerequisites:
Students should be interested in learning about the many aspects of threat intelligence. Preferably, the student should be part of a threat intel team as an analyst or lead. Familiarity with commercial and open source tools such as VirusTotal, PassiveTotal, or DomainTools is helpful. Experience hunting threats and analyzing malware considered a plus.

Each student should have their own laptop with access to whatever tools they use on a daily basis. Students will be provided access to other tools as needed during the class.

Class: limited to max 15 participants

Hardware: Laptop with a minimum 20GB free space HD and 8GB RAM capable of running VMs.

Minimum Software to install: Windows / MacOS / Linux equivalent. VMWare / Virtualbox

Duration: 2 days

Date: April 5-6, 2020

*price includes hotel accommodation April 5-6, breakfast, lunch and coffee breaks, and does not include SAS 2020 pass

Nonverbal skills for security professionals

Trainers:

Alex Frappier, Tyler McLellan, CanCyber Foundation, Canada

Price

$750*

Learn how to master and detect nonverbal skills used by social engineers and red teams during physical engagements. While you may be a master hacker when you are able to get your hands on the technology or keyboard, you will not have success if you are not able to get the physical access you require.
Body language plays an essential role in human communication and interactions. This skill if often overlooked by security professionals and cyber security experts, yet it is such an important skill to master. 

Understanding nonverbal communication will allow you to look more confident, convincing, charismatic, while avoiding common indicators of deception. These skills will have a major impact as a social engineer should you be doing impersonation, voice elicitation (vishing) or physical access. Perhaps more importantly, you will also learn how to decode when someone uses these skills against you and if the other person may be lying to gain access to your company. Combined with core knowledge in influence and elicitation, this training will empower you to take your skills to a whole new level.
You will learn science based laws of nonverbal communication, including : trust indicators, negative nonverbal, vocal power, and deception detection. See how these can be successfully applied to cybersecurity and physical security, but also learn how use them in your day to day work in making you a better presenter and negotiator. Be prepared for a hands-on training that will include core knowledge, fun activities, and opportunities to practice. It will be valuable and adapted to both introverts and extroverts.

INTENDED AUDIENCE

Security researchers and incident response personnel, malware analysts, security engineers, network security analysts, APT hunters and IT security staff.

TOPICS COVERED

Body Language Laws
* Introduction to body language
* Nonverbal foundation
* Trust indicators
* Haptics
* Gazing
* Proxemics
* Power nonverbal
* Vocal laws
* Facial macro and micro expressions
* Micro positives
* Micro Negatives

Applications
* Impersonation
* Voice elicitation
* Deception detection
* Pitching
* Negotiations
* Presentation skills

CLASS REQUIREMENTS

Level: Suitable for beginner to advanced 

Prerequisites: There are no prerequisites for this training

Class: limited to max 20 participants

Hardware: Own laptop

Minimum Software to install: none

Duration: 1 day

Date: April 6, 2020

*price includes hotel accommodation April 6, breakfast, lunch and coffee breaks, and does not include SAS 2020 pass

We use cookies to make your experience of our websites better. By using and further navigating this website you accept that some of your browsing activity can be recorded in cookies. Detailed information about the use of cookies on this website is available by clicking on more information.