Workshops Bsides Cape Town 6 December 2024
Fri Dec 6, 09:00 - Fri Dec 6, 18:00
UCT GSB Conference Centre - V&A Waterfront
ABOUT
_ __ __ __
| | /| / /__ ____/ /__ ___ / / ___ ___ ___
| |/ |/ / _ \/ __/ '_/(_-</ _ \/ _ \/ _ \(_-<
|__/|__/\___/_/ /_/\_\/___/_//_/\___/ .__/___/
/_/
Please note that all three workshop tracks run simultaneously.
Track 1:
- [Evening] Better open-source investigations with Ubikron. (SOLD OUT)
- [Morning] Elastic Security Analyst Workshop.
Track 2:
- [Full-day] Binary Instrumentation with Frida.
Track 3:
- [Full-day] You Can't Hide in Memory: The Importance of Memory Forensics.
BINARY INSTRUMENTATION WITH FRIDA
========================================
Full-day "Binary Instrumentation with Frida" Workshop
[6 December - Friday 8:30-16:00]
Presented by: Leon Jacobs & Isak van der Walt
========================================
This full-day workshop gives attendees the skills necessary to perform binary instrumentation using Frida.
Making changes to software when you have source code is usually simple. Get a test environment up, make the change, compile and test. Best case, you make a Pull Request to include your feature/bug fix!
However, what happens when you *don't* have access to source code, or building a target is not simple.
How do you add features? How do you change logic?
Workshop Content
- Lab environment setup and familiarisation.
- Frida introduction - components of Frida.
- Connecting to targets for instrumentation.
- Frida operating modes (i.e., frida-server, gadget mode)
- Getting to know frida-tools like frida-ls, frida-trace etc.
- Writing your own instrumentation logic in JavaScript.
- Instrumenting binary programs (various languages) with and without symbols.
Requirements:
- Laptop with Wi-Fi adapter.
- Modern browser.
- SSH client.
ELASTIC SECURITY ANALYST WORKSHOP
========================================
Half-day "Elastic Security Analyst Workshop" Workshop
[6 December - Friday 8:30-12:30]
Presented by: Roberto Arico
========================================
The Elastic Security Analyst Workshop aims to provide participants with common daily workflows and analyses that a security analyst would leverage.
Requirements:
- A laptop with a modern browser.
- An understanding of endpoint and network fundamentals is recommended.
- Experience working in an IT or security operations role, such as in SOC or incident response, is strongly preferred but not a hard requirement.
- Good vibes and a willingness to have fun with other like-minded people.
YOU CAN'T HIDE IN MEMORY: THE IMPORTANCE OF MEMORY FORENSICS
========================================
Full-day "You Can't Hide in Memory: The Importance of Memory Forensics" Workshop
[6 December - Friday 8:30-16:00]
Presented by: Jason Jordaan
========================================
RAM is crucial in all computer systems, and literally everything that happens on a computer system must pass through RAM. RAM is thus a crucial source of digital evidence, especially when dealing with compromised systems.
There is a paradox when it comes to malware that it wants to hide but it has to run to be useful, and it is in the process of running that it becomes detectable in memory. As a result, any type of investigation into a possible system compromise should consider memory forensics.
This workshop will explore the nature of RAM and its importance in a forensic investigation. It will look at the various methods and techniques that can be used to obtain a forensic image of RAM, and finally look at how RAM can actually be examined, and forensic analysis performed on it. We will be doing this using the tool MemProcFS which has fundamentally changed the way that we do memory forensics.
Requirements:
- Each attendee to bring own laptop.