Are you tired of JupyterLab notebooks with single-threaded, unoptimized, PoC code that does not scale in real-world scenarios? Do you have a C2 beaconing problem on your network? Well, look no further! This workshop can fit so much data science for C2 detection! *slaps roof of a pile of code*
If you always wanted to know how tools like Flare or RITA work, how to do C2 detection with frequency analysis, or how to use probability theory to spot beaconing traffic, then this is the workshop for you!We are going to be obsessing over the nitty-gritty details of spotting beaconing traffic using data science methods. However, this time, we will not use JupyterLab notebooks! We want to show you how to do these detections in real network environments, and at scale. We will use solutions that can ingest network data and then provide meaningful outputs in a reasonable amount of time. The main goal of this workshop is to give you the understanding you need to apply these techniques the next day at work.
You can just attend this workshop and get your hands dirty with bits and bytes, but if you want to have a better understanding of the underlying theories, concepts, and technical considerations, then you should also come to our talk! Yes, we are sort of cheating here, hoping that you will attend both! :P So, are you coming to the talk?
Requirements for the workshop: - A laptop with at least 16 GB of RAM and more than 50 GB of free disk space (VT-x support must be enabled on the host system).
- Application to run Virtual Images (type-2 hypervisor): VMWare Workstation Pro (recommended), VMWare Workstation Player, VMWare Fusion, or VirtualBox.
- Only 64-bit Intel-compatible (Intel or AMD) processors are supported.
WARNING: ARM-based devices (such as Apple Silicon, Qualcomm Snapdragon, and some Microsoft Surface laptops) cannot perform the necessary virtualization and therefore cannot be used for the workshop.
