Topic of Workshop: "Hacking Active Directory: From Reconnaissance to Exploitation"
Topic of Workshop: “Forensic Triage: Rapid Incident Assessment Through RAM Analysis”
Topic of Workshop: “Are you falling into a trap?”
Topic of Workshop: “Ultimate Test Drive: ML-Powered Next-Generation Firewall ”
Topic of Guest Lecture: “Effective Detection of File-Based Attacks on the Email Perimeter Using tLab Anti-APT: Customizing Yara and Sigma”
Igor Senushin, Product/Project manager, Head of R'n'D at TSARKA.
Topic of Guest Lecture: "Development of protected devices".
Topic of Guest Lecture: “Digital Forensics Tools: What's new”
Topic of Guest Lecture: ""
by Arnur Tokhtabayev
In this workshop, participants will dive into the world of cybersecurity and learn how to leverage the innovative capabilities of the tLab Anti-APT platform to detect and block file-based attacks on the email perimeter. The focus will be on developing custom Yara and Sigma rules that account for the attack context, minimize false positives, and ensure robust protection.
A unique feature of the tLab Yara module is its ability to incorporate additional attribute-based data, including attack vectors (sender/recipient) and indicators from the tLab sandbox static engines, significantly improving detection accuracy. Additionally, participants will learn how to use the integrated SigmaHQ engine to identify complex attack scenarios
- Train participants in developing custom Yara rules that consider the attack vector (sender, recipient, attachments) and indicators provided by the tLab sandbox’s static engines.
- Demonstrate the capabilities of the SigmaHQ engine, integrated into tLab Anti-APT, for writing rules that respond to activity log events.
- Analyze false positive scenarios occurring in legitimate processes (e.g., adding macros to documents) and teach participants how to minimize them using context-aware Yara rules.
- Detecting Real File-Based Attacks
- Participants will receive information about an attack (Indicators of Compromise, behavioral description of the file).
- Task: Create an effective Yara or Sigma rule to block an email containing a malicious attachment.
- Handling Legitimate Behavior Resembling Malicious Activity
- Participants will examine cases where legitimate activity (e.g., adding macros to documents) resembles malicious actions.
- Challenge: Develop a Yara rule that considers the attack context (e.g., sender/recipient) to reduce false positives.
- Participants receive attack data and typical false-positive scenarios.
- Writing rules to identify threats.
- Discussion of results, error analysis, and rule optimization.
- Information security professionals.
- Cyberattack protection system administrators
- SOC developers and analysts
- Anyone interested in writing custom rules for infrastructure protection
-
Hands-on experience with tLab Yara and SigmaHQ -
Understanding approaches to minimizing false positives -
Recommendations for implementing tLab Anti-APT in their organization -
Ready-to-use rule templates for detecting complex attacks.
by Almas Zeinullin
This seminar provides participants with hands-on experience in compromising corporate networks and demonstrates the full attack cycle on an Active Directory infrastructure. During the session, attendees will explore initial access techniques from an external network, pivoting methods, internal infrastructure reconnaissance (enumeration), and privilege escalation to the level of a domain administrator.
Special emphasis is placed on using specialized tools, including:
- BloodHound – Analysis of trust relationships within the domain
- Netexec – Automated exploitation of vulnerabilities
- Impacket scripts – Authentication attack execution
- Kerbrute – Kerberos credential brute-forcing
- OpenSSH + ProxyChains – Pivoting into the internal network
- Introduce participants to key aspects of penetration testing
- Explain common attack techniques on domain infrastructure
- Teach practical application of tools for corporate network compromise
Full Domain Infrastructure Takeover
Initial Access: Exploiting RCE via Out-of-Band methods, obtaining a reverse shell
- Cybersecurity specialists
- SOC Analysts
- Junior penetration testers
- Anyone Interested in Penetration Testing
-
Hands-on experience with Red Team tools. -
Pivoting and internal network reconnaissance skills -
Knowledge of key attack vectors on Active Directory. -
Understanding of the full corporate infrastructure compromise process
TSARKA Group Workshop
by Amir Temir
During this workshop, participants will learn key techniques and tools for rapid cyber incident response. They will acquire skills in extracting critical indicators of compromise from the memory of attacked systems, applying the QuickScan approach, and effectively investigating modern attacks.
- Train participants to quickly and efficiently conduct forensic triage of incidents.
- Demonstrate how to extract critical system memory data in real time.
- Showcase methods for detecting fileless attacks and Living-off-the-Land techniques
- Introduction to forensic triage: principles and approaches to rapid assessment.
- QuickScan method: identifying the most significant indicators within the first 10 minutes.
- Case analysis: detecting fileless malware, Living-off-the-Land attacks, and process injections.
- Practical session: hands-on exercises in extracting key indicators and analyzing volatile memory.
- Incident response specialists
- SOC analysts and cybersecurity professionals
- Security system and IT infrastructure administrators
- Anyone interested in rapid cyber incident investigation techniques
- Hands-on experience in rapid incident assessment (forensic triage).
- Understanding of volatile memory analysis methods.
- Ready-to-use tools and workflows for swift incident response.
- Ability to apply acquired knowledge within their organization for quick threat identification.
-
Proficiency in detecting key indicators of compromise for effective investigations.
TSARKA labs Workshop
by Igor Senushin
Participants will learn the principles of developing secure electronic devices, including hardware and software protection methods against hacking and reverse engineering. We will cover key aspects of microcontroller protection and the use of cryptographic modules.
We will briefly go through all stages of development to understand where and what to pay attention to.
- Learn about microcontroller hacking methods: side-channel attacks, firmware attacks, data extraction, buffer overflow.
- Understand hardware attack methods and protection techniques: JTAG/SWD protection, firmware encryption, secure PCB design.
- Gain knowledge of the overall device development process and the stages where security must be considered.
- Learn about different classes of specialized security chips.
- Development Stages
- Attack and Hacking Methods for Hardware Devices
- Physical Access: JTAG/SWD, firmware reading, PCB analysis.
- Side-Channel Attacks: Electromagnetic analysis, timing attacks.
- Software Attacks: Firmware reverse engineering, buffer overflow.
- How to Protect a Device
- Disabling and securing JTAG/SWD.
- Firmware and data encryption.
- Memory protection methods (Flash, EEPROM, RAM).
- Use of secure bootloaders and trusted execution environments.
- Practical Part
- Enabling hardware security features using STM32/NXP microcontrollers.
- Configuring firmware encryption mechanisms.
- Developers of embedded systems and microcontrollers.
- Cybersecurity specialists
- Information security engineers.
- Anyone interested in securing hardware solutions.
- Understanding of key threats and vulnerabilities in hardware solutions.
- Practical knowledge of developing secure devices.
- Methods for countering reverse engineering and firmware extraction.
- Analysis of real-world attack scenarios and protection solutions.
Palo Alto Networks Workshop
by Bakytzhan Bakrambek
Today’s zero-day attacks are sophisticated and persistent. Palo Alto Networks changed the game by making network security intelligent and proactive. See firsthand the impact of hardware and software firewalls powered by Precision AI™.
The NGFW workshop gives prospects the opportunity to learn firsthand the impact of hardware and software firewalls powered by Precision AI®. Get insights on security policies that quickly restore visibility and control over applications, users, and content after a cyber intrusion.
This event involves the use of computers by participants. Therefore, we kindly ask you to come to the workshop with your own laptop to get the best experience.
ICCSDFAI-25 Team
- Use App-ID™ to gain granular control over OpenAI/ChatGPT.
- Leverage Precision AI for malware and phishing prevention.
- Block and control post-quantum computing ciphers.
- Configure decryption to inspect and allow TLSv1.3 traffic.
In this activity, you will:
• Log in to the Ultimate Test Drive Workshop from your laptop
• Understand the layout of the environment and its various components
• Enable the Firewall to facilitate connectivity
- Granular Control of Applications and Enabling Sanctioned SaaS Applications
- Applications on Non-Standard Ports
- Policy Optimizer and Decryption
- Post-Quantum Computing
- Modern Malware Protection with ML-Powered Analysis
- ML-Powered Advanced URL Filtering
- GlobalProtect: Safely Enable Mobile Devices
- Control Application Usage with User-ID
- GlobalProtect Clientless VPN
- AIOps for NGFW
- ACC and Custom Reports.
- Network Security Architectures/Engineers
- Head of Infrastructure
- IT Generic
The Ultimate Test Drive is a great opportunity to get hands-on experience with Palo Alto Networks' next-generation machine-learning-based firewall.
