Skip to content

Details

• Introduction & Announcements

• "A primer on Memory Forensics" by Bart Inglot (45 mins)

• "DFIR on "malicious" powershell" by Yue Meng Chan (45 mins)

• "Case study of poor planning" by Joshua Au (10 mins)

• How to train more cyber-security experts in SoC, NoC, CIRT by Gregory FRESNAIS (20 mins)

Abstract

Title: A primer on Memory Forensics

Memory forensics is a powerful analysis and investigative technique used in digital forensics and incident response. With adversaries becoming more sophisticated and carrying out advanced malware attacks, detecting, responding and investigating such intrusions becomes critical to infosec professionals. This presentation introduces you to the topic of memory forensics, it explains how to acquire a memory image, perform analysis using Volatility Framework and demos a few plugins that the speaker developed himself to aid his investigations.

Title: DFIR on "malicious" powershell

Title: Case study of poor planning

One common reason for project failures is poor planning (lack of foresight). The speaker will use the illustration of a case study on how poor planning may have unintended consequences for the stakeholders

Bio(s) of Speakers:

Bart Inglot is an Incident Response and Forensics Specialist in MANDIANT's Security Consulting Services team helping clients restore confidence in an event of a breach. He holds a degree in Computer Forensics, is a keen developer, enjoys inspecting network traffic and specialises in Windows forensics.

Yue Meng Chan likes to learn from the attackers and beside his mentors in current and previous workplace, he also treat them with respect and awe on the stuff they taught him when he's doing DFIR on compromised host. He's currently working as a CIRT analyst doing DFIR as well as picking up skill in malware analyst and looking into threat hunting for stuff which kinda bypass most conventional boxes/protection.

Gregory FRESNAIS is the co-Founder of Cyber Test Systems a French
cybersecurity company proposing Network Traffic Generator from 10 Mbps
up to 400 Gbps and building Cyber Range a Cyber Defense Training Center.
Gregory has 17 years of expertise in the test industry, working with
network equipment manufacturers, broadband and mobile service providers,
system integrators, enterprises, defense contractors and governments
across Europe, Asia, the US, Australia, New Zealand and Canada.
Gregory’s expertise of testing the performance, security and stability
of capabilities spans networking (Switches, Routers, load balancing,
etc.), Security (Next Generation Firewalls, WAF’s, IDS/IPS, UTMs, to APT
sandboxes), Mobile (Mobile 3G SGSN and GGSN, Mobile 4G LTE SGW and PGW),
SCADA Systems, Lawful Intercept, Data Retention, and Public and Private
Clouds.

In the area of cyber defense training session, he has delivered Cyber
Range Cyber Defense Training Sessions and Exercises (Green, Yellow, Red,
Blue and White Teams) for IT, NoC, SoC and CIRT teams since 2007. With
his team he has deployed large number of Cyber Test Ranges and Cyber
Ranges, Information Assurance (IA) and Security Operation Center (SoC)
infrastructure. For the military, he has supported numerous national and
international military exercises like Combined Endeavors from 2003-2014,
Cyber Endeavors at Pacific Endeavors 2012-2016 and DEFNET 2017.

Joshua Au is an admin manager and a security enthusiast.

Members are also interested in