On October 17 and 18th there is a training opportunity. The list of trainers and course topics are below:
$50 registration fee
Tired of telling your boss that you need better security and nothing gets done? Your boss keeps telling you that there is no money in the security budget. Well why not create your own incident response system to prove that you need better security. This training will help you to create visibility into your endpoint systems across the enterprise using Sysmon from Sys Internals and using a SIEM like Splunk to work with your results. The training also includes some PowerShell that will interact automatically with Virus Total.
Pre-requisites
This is a technical class and students are expected to know how to setup a VM, have knowledge of incident response, Windows inner workings such as parent child process, basic networking skills, and exposure to PowerShell.
Requirements
Students are expected to bring their own laptop (Preferably Windows 10) that has sufficient resources to run an instance of Splunk Enterprise with a trial license and a virtual machine with a Windows 7 or comparable client for collection of logs. Coming with Splunk installed is a bonus.
Technical Level Moderate
Kenneth has been working in security for the last 18 years and before that spend 10 years in IT. He has shifted from the red team and now works primarily as a blue teamer. Kenneth spends most of his time in incident response and analyzing log files for intrusions and automating that with PowerShell. He is familiar with centralized log collection on both Linux and Windows systems and has several years’ expertise with ArcSight and Splunk. He currently holds these certifications. CISSP, GCWN, QSA
$25 registration fee
Your organization has an incident response plan, but has anyone read it? How about practiced it?
This session will start with an introduction to the Incident Response cycle, and will walk through a cyber incident based on real-world examples, concluding with a lessons learned session to round-up all the take-aways.
Pre-requisites None
Requirements None
Technical Level Moderate
Shelly is a Team Lead with Cisco's Security Incident Response Services Team.
After many years in the help desk/desktop support trenches learning her craft, Shelly has been focused on Enterprise Security Operations and Incident Response both as an internal employee and as a consultant for the past 10 years. She is a frequent contributor to the Cisco Security blog, and spoke at the inaugural BSides Calgary in 2016. Shelly tries to learn one new thing every day, and is a firm believer in the bow-tie.
$50 registration fee
Join us for a day of security investigation training and competition. We'll spend the morning covering security investigation fundamentals including data collection, basic and intermediate search, event correlation, data enrichment, regular expressions, and how to incorporate freely available intelligence sources into your investigation. You will practice what we preach using data sources including Microsoft Windows event logs, Windows Registry, IIS, Microsoft Sysmon, Splunk Stream, Suricata, Bro, Fortinet Fortigate, and more.
After lunch, you will put your new skills to work by competing in a Splunk boss of the SOC (BOTS) competition. BOTS is a blue-team capture the flag-esque (CTF) competition that puts you in the role of quirky SOC analyst Alice Bluebird. You will be tasked with investigating various security incidents, earning points along the way by answering questions about your findings. The competition includes something for all levels, and automated hints (and real-life coaches) will be available to make sure no competitors are left behind. We’ll wrap up the afternoon by awarding the coveted BOTS trophy to the winner, and rest assured nobody will leave empty-handed.
Splunk is proud to serve the security community by providing this day of training at no cost to BSides Calgary. All registration fees will remain entirely with BSides Calgary.
Pre-requisites: The morning session should be sufficient to prepare any competitor for the BOTS competition. Please arrive with a willingness to learn and be ready to have a lot of fun.
Requirements: Please bring a laptop computer equipped with WIFI and running a modern web browser like Chrome (preferred), Firefox, or Safari. The day's events (both morning and afternoon) are highly dependent on access to the Internet. Though not required, it's never a bad idea to have the ability to tether your laptop to the Internet via your phone or other wireless device should some unforeseen problem with the event WIFI come up.
Dave is a co-creator of Splunk Boss of the SOC, and is currently performing field research in the areas of SOC automation, all the while helping Splunk customers solve advanced security problems. Previously Dave has held various security roles including SE, consultant, penetration tester, security architect/engineer/analyst, and information security officer. Dave holds a number of security certifications including GIAC Security Expert (GSE) #79.
$50 registration fee
Gone are the days of digital forensics with a hex editor. There are so many tools and so many artifacts, that sadly, a great deal of evidence is being missed, either through bad tools, or lack of fundamental knowledge. The Digital Forensics Stew will spend a day teaching attendees about the artifacts that you are not immediately being shown to the examiner. We will explore many tools (the vast majority of which are FREE), which ones work and which ones don’t, and we will explore some little known and often misunderstood artifacts that could be crucial to an investigation. What are your challenges in today’s forensics world as regards acquisition? How do you plan on imaging ReFS or that 14TB RAID? We have you covered. A great deal of training today has no focus at all (or very inadequate focus) on unallocated file space (where data goes to die). We will rebuild data from these areas that is beyond the capability of file carving recovery. Bring your questions. You will be provided with a couple of different evidence files that we will be working with throughout the day, and this is intended to be a hands-on experience.
Prerequisites
This is an intermediate class, so people with no experience in digital forensics or computers will be at a disadvantage. It is expected that attendees understand the Windows operating system, and are at least a bit familiar with the Registry, Event Logs, and basic layout. You should also have at least a basic working knowledge of digital forensics principles.
Requirements
Attendees will learn a great deal by simply being there, so a computer is not absolutely necessary. If you wish to participate though, this is designed to be a hands-on experience, and you will need a laptop with a minimum of 8 GB RAM, 64 bit processor, 200 GB of free drive space, and running minimum of Windows 7. Microsoft Office will also be useful.
Kevin Ripa, is the owner of Computer Evidence Recovery, Inc. He is a former member of the Department of National Defence serving in both foreign and domestic postings. He is now providing superior service to various levels of law enforcement, Fortune 500 companies, and the legal community, and has assisted in many complex cyber-forensics investigations around the world. Mr. Ripa is a respected and sought after individual for his expertise in IT investigations, and he has been qualified as an expert witness on numerous occasions. He also gives training and lectures to industry and law enforcement around the world, and teaches SEC301, SEC401, and FOR500 for the SANS Institute. Mr. Ripa has authored numerous articles and chapters in circulation, for a number of manuals, books, and training texts on the subjects of Computer Security and Forensics.