Attendee：20

Course Description

Historically, digital extortion has been carried out with malicious emails, compromised websites, or malvertisements, which infect victims' computers with ransomware. But as multiple recent cases have shown, cybercriminals are beginning to leverage targeted attack techniques in digital extortion. They compromise corporate systems from the outside and gain access to the systems and sensitive data. Then, they navigate across corporate networks with lateral movement techniques while encrypting files on critical servers along the way using legitimate tools to prevent the security teams from effectively investigate their attacks.

Faced with increasingly rampant cybercrime, how can security teams actively look for signs of attacks and discover how their systems are breached, while at the same time helping their companies build an investigative defense mechanism and promote security awareness?

This workshop will show you:

• Why hackers can easily break into outward facing servers
• The common techniques that hackers use to gain privileged system access and move laterally within corporate networks, plus the counter measures from system administrators' perspective
• How IT security or network administration teams can investigate into such activities in order to deploy defenses and set up security alerts

Course objectives

Through hands-on experience, this workshop will allow students to quickly understand and learn how hackers can attack a system without using malware and the investigative defense measures to counter the attacks.

Course Outline

• Demonstration of intrusion techniques
• Privilege escalation and lateral movement techniques
• Root cause analysis
• Timely response mechanisms

Suggested equipment specifications for Attendee

• All equipment is prepared by the co-organizers "Trend Micro".

Attendee Prerequisite Skills for the Course

• IT security administrators with experience in Windows administration and command-line operations (MS-DOS prompt)

Attendee：20; Auditor：10

Course Description

The main Purpose of this course is to deliver to our attendees of an introduction and demonstration in  how to use AlienVault to analysis event correlations and find out the real threat. Users will be experiment from evaluating a risk to generating a real alarm and steps of incident report.

Course Benefits:

1. Understand the current security monitoring is no longer only SIEM
2. Enhance the concept of security and understand how to find out the real threat of security through comprehensive event analysis
3. How to use the Alienvault platform to achieve SOC self-monitoring

Course objectives

This integration platform is based on meeting the compliances of the National Cybersecurity Law. Therefore, this course will provide attendees with information of security concepts and basic maintenance knowledge by experiencing our automated information security management platform.

Course Outline

• The introduction of LogMaster, a big data collection platform.
• The capabilities of AlienVault
• AlienVault data analysis implementation                   
• Report system implementation

Suggested equipment specifications for Attendee

• Notebook, hardware specifications CPU: CORE i5 or more, RAM: 8G

Attendee Prerequisite Skills for the Course

• Preferred with a slight cybersecurity concept and some Linux basic foundation

Attendee：20; Auditor：10

Course Description

Malware is getting more and more complicated and they are overwhelming everywhere, posing serious threats to your organization. It is true challenge to security officer to adapt new technology to tackling the treat.

In this session, we will analyze couple notorious malware tools damaging the community, and you will learn not only the behavior of the tool but also the ecosystem why the tool is prevailing. Not just lecturing, during the hands-on lab you will witness the tool in action and learn how Zyxel advanced multilayer technology mitigating the threat – spotting the threat at the first place and destroy it!

Course objectives

• Mastering the countermeasure against cyber threat by analyzing malware behavior and hacking methodology

Course Outline

• Cyber threat ecosystem
• Malware behavior analysis
• Demonstration of the attacking scenario
• Detecting and preventing the malware
• Advantage of cloud analytics

Suggested equipment specifications for Attendee

• Laptop, Win7 for basic OS or later.
• Browser: Firefox and Chrome
• VMware
• Wireshark
• Make sure the laptop have wireless connection module on it

Attendee Prerequisite Skills for the Course

• Basic TCP/IP knowledge
• Basic network protocol knowledge.

Attendee：30

Course Description

Introduce recent several important security incidents, and how to investigate / control incident by log management.

Introduce importance of log management in information security

Base on some real incident , to review whole picture of incident, and introduce ALog「detect internal fraud in advance」, and「how to trace when incident occurred」

By hands on and basic operation to easily understand how to use ALog, also introduce some software management /maintenance.

• Exercise #1「Hands on! How to trace incident!」
• Exercise #2「How to Utilization and understand current situation by report!」
• Exercise #3「Create and Utilization report for monitoring/management purpose!」
• Exercise #4「Utilization to prevent unknown problem, Ultimate file of ALog!」

Course Outline

• Windows server system
• How to achieve Information security by Log management , and Audit access record to keep management.
• Install and configure ALog to collect log in Windows AD environment from ADDC / Fileserver .
• Introduce several scenario and how to analyses by ALog.

Suggested equipment specifications for Attendee

• Hardware
  • CPU: I5 or higher
  • RAM: 16G or higher
  • HDD: 500G or higher
• Software (either)
  • With Windows Server for ALog Install
      or
  • With Browser for ALog Report Handso

Attendee Prerequisite Skills for the Course

• Must know about Windows AD architecture, knowing about Auditing on Information Security, and knowledge about Windows and other system’s log management.

Attendee：25; Auditor：5

Course Description

Give attendees a general idea of unknown malware, and then inject and run a sample on the virtual machine. Teach them how to use various free tools with iForensics eDetector for to detect malware, analyze and retrieve the evidence. Then use Magnet AXIOM, the professional forensics software, with simulated sandbox for forensics investigation.

Malware detection and analysis：Explain how to identify a malware by analyzing its behavior in the memory, such as：internet connection, program injection, start-up sequence, whether it’s service, auto-run program, hidden…, etc.
Evidence Collection and Forensics: Using the complete tracing and evidence collection functions of eDetector with other tools to retrieve various samples associated with the malware, such as files and memory blocks. Next, teach the attendees how to conduct a deep investigation with AXIOM or sandbox software to draw the contextual map of malware infection.

Course objectives

• Getting a general idea of unknown malware
• Collect the evidence using eDetector with the assistance of other tools
• Conduct the forensics investigation using Magnet AXIOM, the professional forensics software

Course Outline

• General Idea of Unknown Malware   
• Sample Test of Unknow Ｍalware
• Detect Malware with iForensics eDetector
  • Install and Start the Server
  • Set-up the Server and Install eDetector on the Client
  • Detect Malware in the memory
  • Dump the memory block and the sample
  • Download and Search the Data of Windows Explorer
  • Collect and View Evidence
  • Other Functions and Disconnect the Server
• Collect the evidence using eDetector and other tools
• Conduct the forensics investigation using Magnet AXIOM, the professional forensics software, and the Sandbox tool.

Suggested equipment specifications for Attendee

• CPU： I5 of 6th Generation and above
• RAM： 8GB
• Disk Size：500GB and above
• Computer with Virtual Machine Software installed

Attendee Prerequisite Skills for the Course

• Basic Computer Skills
• Know how to use Virtual Machine software
• Know how to use Command-line in CMD
   

Attendee：30

Course Description

The threat of business is rapidly evolving. The number of targeted threats such as malware, ransomware, data theft, and phishing is increasing, and the ability of malicious attackers to circumvent traditional security measures has intensified. Coupled with the adoption of SaaS, the cloud and the Internet of Things, the more sophisticated methods of threat delivery have triggered new challenges, control point complexity and security gaps that cannot be ignored.

With Akamai's global insights into the Internet and the Domain Name System (DNS), Enterprise Threat Protector enables security teams to proactively block and mitigate targeted threats and enforce the principles of proper use across the enterprise for security. The team is proactive in identifying, blocking, and defending against targeted threats such as malware, ransomware, phishing, data breaches, and more using the Domain Name System (DNS). Leverage real-time intelligence from Akamai Cloud Security Intelligence and Akamai's proven, recursive DNS platform around the world to deliver enterprise security, control and visibility efficiently, while easily integrating with your existing network defenses.

This hands-on course will give you an in-depth understanding of Akamai ETP's operating mechanism and hands-on experience to experience the speed, convenience, and high availability of Akamai ETP.

Course objectives

• This hands-on course will give you an in-depth understanding of Akamai ETP's operating mechanism and hands-on experience to experience the speed, convenience, and high availability of Akamai ETP.

Course Outline

• ETP operation process
• ETP advantage
• ETP main function
• ETP background operation
• ETP report view

Suggested equipment specifications for Attendee

• Laptop

Attendee Prerequisite Skills for the Course

• Basic network knowledge

Attendee：20; Auditor：10

Course Description

Recently, we face a lot of cyber attack all around, especially APT is persist to increase.

Due to the issue, we are using security products and services to reduce cyber security losses.

But these products and services will increase our loading in daily work.

In order to solve the problem, we provide a service which canl do a wide range of incident response in time.

The service we named IPaaS.

In this lesson, you will know how to hunting threat, tracing hacker’s behaviors, analysis malware, do incident response with cloud and get cyber security incident response of experience.

Course objectives 

• Learning Incident Response with Cloud Service(IPaaS), feeling IPaaS convenient.

Course Outline

• Do Incident response with EDR.
• Threat hunting with MDR.
• Hands on training: Analysis with IPaaS.

Suggested equipment specifications for Attendee

• A Laptop which can access wifi and installed chrome or firefox.

Attendee Prerequisite Skills for the Course

• Experience in cyber security and operating system(Windows).

Attendee：30

Course Description

Did you feel lost and doesn’t know where to start when dealing cyber-attacks? This course is designed for personnel who is new to Information Security and covers the fundamental techniques and tools to digital forensics, includes information analysis to locate malicious connections and malwares. Practices involve with memory blocks extraction of malicious process for potential C&C(Command & Control) server and furthermore, the attacker’s tactics and techniques.

Course objectives

• Summarize all assembled information for attacker’s tactics

Course Outline

• Initiative of investigation
• Investigation to malicious connections
• Investigation to malwares
• Memory blocks extraction of malicious process

Suggested equipment specifications for Attendee

• Notebook / VM
• 2GB of RAM
• Vmware Workstation for Windows (Trial)
• Cellular phone for Wifi Hotspot (other wireless or wired connection is prohibited)

Attendee Prerequisite Skills for the Course

• Familiar to common Operation Systems, knowledge to Information Security is recommended

Attendee：20

Course Description

The number of disclosures of vulnerabilities in industrial control systems has risen sharply in recent years. The industrial control environment and even the critical incidents of critical infrastructure intrusion in the country have been frequently occurred. However, compared with the IT environment, the industrial control environment mostly uses proprietary protocols, proprietary equipment (such as PLC, RTU). For the security researchers, the entry threshold is relatively high. Through this course, students can not only quickly acquire the basic knowledge of industrial control system information security, but also learn how to penetrate into the industrial control network, and analyze industrial control system protocol packets, industrial control system protocol attacks and so on.

Course objectives

• Understand industrial control system components
• Understand the widely used industrial control system protocol packet analysis method
• Understand the techniques and tools of industrial control system protocol attacks

Course Outline

• Overview of industrial control systems
• ICS proprietary protocols packet analysis
• Industrial control system service identification
• Industrial control system protocol attack implementation: Modbus, Ethernet/IP, Siemens S7

Suggested equipment specifications for Attendee

• Need to bring your own notebook
• Need to bring your own Kali Linux

Attendee Prerequisite Skills for the Course

• Basic packet analysis capabilities
• Basic Linux operating capabilities
• Basic network knowledge

Attendee：30

Course Description

This course takes leads you to understand the various hacking attacks in the form of hacking games, and experience the hacker economy.

Course objectives

The course shows how the hacker completes the thinking and process of a successful attack, and defends each endpoint from the various attack points of the hacker to enhance the security awareness.

Course Outline

• Steganography analysis
• Learn basic Cryptography
• Dark net for the first time
• Web Hacking skills

Suggested equipment specifications for Attendee

• notebook
• Kali Linux VM installed

Attendee Prerequisite Skills for the Course

• Basic Linux command
• Basic network knowledge

Attendee：30

Course Description

From time to time we need to provide evidence after attacks but wonder where to look. This course is designed for personnel involved in incident investigation, to locate attacker’s traces and entry points for corresponding records as well as attacker’s tactics and techniques.
Course objectives

• Verify the attack trace by logs analysis

Course Outline

• Windows Security Logs Analysis
• Web Logs Analysis
• Hacker’s Trace Analysis

Suggested equipment specifications for Attendee

• Notebook / VM
• 2GB of RAM
• Vmware Workstation for Windows (Trial)
• Cellular phone for Wifi Hotspot (other wireless or wired connection is prohibited)

Attendee Prerequisite Skills for the Course

• Familiar to common Operation Systems, knowledge to Information Security is recommended