TRAINER: JÁNOS PALLAGI
/ Security Researcher – White Hat IT Security
János is a security researcher who specializes in malware analysis and digital forensics. Holds GREM and CHFI certificates and has master’s degree in mathematics. He does vulnerability research, incident response, adversary removal and malware analysis at White Hat IT Security. Guest lecturer of ‘Blue Team & Security Operations I-II.’ courses at Óbuda University.
Defending a single computer from malicious software or malicious actors can be a demanding task, let alone protecting a whole enterprise IT infrastructure. While attackers only have to find one weakness for a successful intrusion, defenders have to be ready for all attempts.
The aim of the training is to give attendees hands‑on, real-life oriented practical knowledge that can instantly be used by those who play – or wish to play – a role in the security team of an enterprise environment. Throughout the training, we illustrate and analyze the individual steps of the defence procedure through the incident management of a life‑like APT attack. We showcase each step of the attackers’ kill chain with hands‑on exercises.
Attendees will learn how an enterprise Blue Team operates, with a strong focus on the roles and special skills required to understand the steps of Incident Response procedures and incident‑driven investigations.
This training is a compressed variant of our White Hat Certified Defender training that spans a whole academic year in university cooperation, with classes held typically once every other week. Attendees of our compressed training receive the price of this training as a discount from the total sum of the full-year long course.
Day 1 – SOC analysts
- SOC architecture and principles: what do we protect in enterprise environments and how?
- Tasks and responsibilities of analysts: the life of L1 and L2 analysts.
- Indicators of compromise and their role in detection: kill chain from the defensive standpoint, pyramid of pain, use of IoC in the SOC: consumption, creation.
- Network‑based intrusion detection: IDS/IPS, NSM systems, the anatomy of Suricata rules.
- Host‑based pattern matching: finding malicious code on hosts, the power of Yara.
- Incident Response: Incident response lifecycle, defensive tactics, techniques, procedures.
Day 2 – Digital Forensics, Network Forensics
- Evidence gathering: chain of custody, cloud acquisition, best practices.
- Data recovery: platforms, methods, RAID recovery.
- Memory forensics: acquisition, analysis, Volatility, artifacts in memory, malware hunting.
- Packet analysis: packet capturing modes, wireless capture, Wireshark primer.
- Enterprise protocols: NTLM authentication, SMB, Kerberos.
Day 3 – Malware analysis, Threat hunting
- Malware static analysis: PE header, Windows loader, static imports, exports, strings, obfuscation.
- Injection techniques: Classic injections, process hollowing, registry‑based techniques, reflective injections.
- Malware dynamic analysis: Debugger, anti-debugging techniques, automated dynamic sandboxes, dynamic analysis.
- Lateral movement: Common attacks against enterprise protocols – Pass‑the‑hash, SMB relay, DCSync, DCShadow, Kerberos Golden ticket.
- C2 communication: C2 types, C2 in targeted attacks, C2 communication tactics and techniques.
WHO SHOULD TAKE THIS COURSE:
- SOC analysts who would like to know more about enterprise defence
- IT security students and enthusiasts who want to stop hackers instead of being one
- IT security professionals who wish to see a full‑featured APT attack from the perspective of the Incident Response team
- Red Team members who are interested in improving Blue Teams
- Security software developers
- Blue Team members
- Anyone who is keen on knowing more about IT security
- Laptop with a browser of your choice
ATTENDEES WILL BE PROVIDED WITH:
- Training presentation slides
- Account to the platform hosting the training exercises
- Eligibility for taking the WHCD exam