BEGIN:VCALENDAR
VERSION:2.0
PRODID:Data::ICal 0.24
BEGIN:VEVENT
DESCRIPTION:   'Title: Email Detection Engineering and Threat Hunting Inbox
 \n   (Pre-Registration Required)\n   When: Saturday\, Aug 12\, 09:00 - 12:
 59 PDT\n   Where: Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin - [1
 ]Map\n   Speakers:Alfie Champion\,Josh Kamdjou\n\n   SpeakerBio:Alfie Cham
 pion\n   Alfie specializes in the delivery of attack detection and adversa
 ry\n   emulation services\, actively contributing education content\, tool
 ing\n   and blogs to further the industry. He has previously worked with\n
    organisations across multiple industry verticals to uplift and\n   vali
 date their detective capability through red or purple team\n   engagements
 \, and now leads the global adversary emulation function at\n   a FTSE 250
  company. He has previously spoken at BlackHat USA\, RSA and\n   Blue Team
  Con 2022\, among others\, and is the co-founder of DelivrTo.\n\n   Speake
 rBio:Josh Kamdjou\n   Josh has been doing offensive security-related thing
 s for the past 12\n   years. He's spent most of his professional career br
 eaking into\n   networks via spear-phishing and other methods\, and buildi
 ng software\n   for both the public (Department of Defense) and private se
 ctors. Josh\n   is the Founder and CEO of Sublime Security\, and in his pr
 ivate life\n   enjoys weight lifting\, Martial Arts\, soccer\, and spendin
 g time with\n   his niece and nephew.\n\n   Description:\n   Email remains
  the #1 initial access vector for commodity malware and\n   nation state a
 ctors. Historically\, tackling email-based threats has\n   been considered
  the purview of black-box vendor solutions\, with\n   defenders having lim
 ited scope (or tooling!) to swiftly and\n   effectively respond to emergin
 g attacker activity and novel offensive\n   tradecraft.\n\n   In this work
 shop\, attendees will be given detailed insight into the\n   latest techni
 ques used to deliver prevalent malware strains\, including\n   QakBot and 
 Emotet\, and will hunt through email data to identify this\n   malicious a
 ctivity\, developing rules to detect and block these\n   attacks.\n\n   In
 itially attendees will be introduced to the foundational\n   technologies 
 that enable threat hunting\, detection engineering\, and\n   response in t
 he email domain\, before being given access to the email\n   data of a fic
 titious company seeded with benign and real-world attack\n   data. Through
 out the day\, participants will learn to hunt common\n   phishing techniqu
 es including:\n\n     * VIP Impersonations\n\n     * HTML smuggling via li
 nks/attachments\n\n     * Malicious VBA macros\n\n     * OneNote / LNK fil
 e malware (attachments\, and links to\n       auto-downloads)\n\n     * PD
 F attachments with embedded links to malware (PDF -> URL -> ZIP\n       ->
  WSF)\n\n     * Lookalike domains / homoglyph attacks\n\n     * Credential
  phishing\n\n     * Password protected archives\n\n     * Exploits (e.g. C
 VE-2023-23397\, CVE-2021-40444)\n\n     * Fake invoices (Geek Squad)\n\n  
  Attendees will be guided through the rule creation process\, utilizing\n 
   free and open detection engines including Sublime and Yara\, and will\n 
   be introduced to the signals and email attributes that can be used to\n 
   craft high-fidelity rules\, including targeted user groups\, sentiment\n
    analysis\, sender domain age\, and attachment analysis. Having complete
 d\n   the workshop\, attendees will have a strong understanding of the too
 ls\n   and techniques at their disposal to defend their organizations from
 \n   all manor of email threats.\n\n   Skill Level: Beginner. The training
  will cater to security\n   practitioners with any level of technical expe
 rience. While a general\n   understanding of email threats will be advanta
 geous\, all offensive and\n   defensive techniques and tools in the traini
 ng will be introduced at a\n   foundational level and built on throughout 
 the day.\n\n   Prerequisites for students:\n   - None\n\n   Materials or E
 quipment students will need to bring to participate: -\n   Attendees shoul
 d bring their own laptops in order to be hands-on\,\n   preloaded with Doc
 ker. Instructions to run the Docker images from\n   Github will be shared.
  All tools used in this lab are free and/or\n   open-source.\n\n   '\n\n  
  1. #FlamingoLowerLevel\n\n\n
DTEND:20230812T195900Z
DTSTART:20230812T160000Z
LOCATION:WS - Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin
SUMMARY:Email Detection Engineering and Threat Hunting Inbox (Pre-Registrat
 ion Required)
END:VEVENT
END:VCALENDAR