This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Thursday, October 27 • 13:30 - 17:30
Incident Response Workshop FULL

Sign up or log in to save this to your schedule and see who's attending!

Limited Capacity full
Adding this to your schedule will put you on the waitlist.

This workshop will confront participants with a state-of-the-art security incident. During the workshop, they will learn how to deal with this situation step-by-step by challenging them in their knowledge of various infosecurity topics. The goal of this workshop is to provide the participants with a structured approach on how to spot malware and how to deal with incidents caused by modern adversaries. Virtual machines will be provided so that the participants can practice at their own pace and even continue at a later point in time. Two instructors will be assisting the students towards the full mapping of the incident and will provide a typical solution at the end of the workshop.

The situation that the students will have to handle is as follows: “You are part of your company’s Incident Response team. On some idle Friday afternoon, your manager barges in. He has just been notified by the authorities that they have compromised a Command-and-Control server and that they have found systems communicating to that server originating from your company. The board of directors is breathing down his neck to find out what has happened and has asked him to contain this problem as soon as possible. How come we haven’t noticed this? What systems have been compromised? What data is exfiltrated? Are there still active connections? You immediately coordinate with the authorities and receive an extract of the information they have pulled from the compromised server. And so you quest begins…”

The students will work in teams of 2 and will have 4 hours to find out what has happened and to verify if there is still any active connections. During the workshop, the instructors will switch between guiding the participants and challenging them by assuming various positions in the company.


Erik Van Buggenhout

Erik is a co-founder of the Belgian cyber security company NVISO, where he is responsible for the Cyber Resiliency service line. He coordinates the delivery (read: finds people to do work for him while he enjoys a Duvel in the sunshine) of highly technical services such as penetration testing, digital forensics, incident response and malware analysis. | | Next to his activities at NVISO, Erik is also an Instructor for the SANS Institute where... Read More →
avatar for Maxim Deweerdt

Maxim Deweerdt

Incident Response and Digital Forensics Analyst, NVISO
Max is one of Erik’s minions who has to work day and night to ensure Erik can drink his Duvel in the sun without interruption. During these devilishly long workdays, he focusses on Incident Response and Forensics and occasionally rocks some penetration testing. Max has several SANS certifications and is currently pursuing a track to become a SANS mentor. Rumor has it that Max lost his hair due to his incredible brain size and that sleep needs... Read More →

Thursday October 27, 2016 13:30 - 17:30
04. Orval Novotel