HOPE Wiki - User contributions [en]

Red vs Blue -- Malware Workshop

2025-08-14T17:57:07Z

Stesla47:

= Red vs. Blue: Malware - Build It, Break It, Block It workshop =

== Abstract ==

A BEGINNER'S workshop to unleash your inner hacker and defender! Dive into the dark art of crafting a Linux user mode infostealer rootkit, then switch gears to learn basic malware analysis and basic reverse engineering of that rootkit. This workshop will go from static analysis with tools like Binary Ninja and DetectItEasy to dynamic analysis decrypting payloads and extracting critical IoCs. It doesn’t stop there - you’ll build detection rules with tools like YARA, ClamAV, OSQuery, Suricata, and OpenEDR to hunt down that rootkit. Cap it off by integrating your defenses into Elasticsearch and Kibana dashboard. Perfect for aspiring red and blue teamers to learn over a dozen different open-source tools. All code will be provided and the focus will be understanding how the malware and detections work and how to use a variety of tools, not deep diving into systems program.

== Day / Time / Location ==
Day 2, Saturday, 16-August-2025, 7:30pm - 11:30pm 
Tobin 223 (Workshop C)

== Full Description ==

== Registration -- NOT required ==

'''NOTE: You do NOT need to register to take this workshop -- please show up early to ensure a seat at Tobin 223 (Workshop C).''' 

== Presenter(s) ==

Scott Cook

== Materials ==

Any materials needed to participate in this workshop will be available at no-cost. 
Observers are welcome at no cost. 
'''To do the hands-on portion for this workshop: 
'''Materials Cost: None''' 

== Required Software / What to bring ==

Basic python and C programming skills. At a basic level, understand when a program is compiled it uses libraries. Comfortable with bash. Should have entry level cyber experience.

== Links ==
A VM will be available for download soon that contains everything you will need to follow along in the workshop !!! Please Check Back.

Red vs Blue -- Malware Workshop

2025-08-14T17:54:43Z

Stesla47:

= Red vs. Blue: Malware - Build It, Break It, Block It workshop =

== Abstract ==

A BEGINNER'S workshop to unleash your inner hacker and defender! Dive into the dark art of crafting a Linux user mode infostealer rootkit, then switch gears to learn basic malware analysis and basic reverse engineering of that rootkit. This workshop will go from static analysis with tools like Binary Ninja and DetectItEasy to dynamic analysis decrypting payloads and extracting critical IoCs. It doesn’t stop there - you’ll build detection rules with tools like YARA, ClamAV, OSQuery, Suricata, and OpenEDR to hunt down that rootkit. Cap it off by integrating your defenses into Elasticsearch and Kibana dashboard. Perfect for aspiring red and blue teamers to learn over a dozen different open-source tools. All code will be provided and the focus will be understanding how the malware and detections work and how to use a variety of tools, not deep diving into systems program.

== Day / Time / Location ==
Day 2, Saturday, 16-August-2025, 7:30pm - 11:30pm 
Tobin 223 (Workshop C)

== Full Description ==

== Registration -- NOT required ==

'''NOTE: You do NOT need to register to take this workshop -- please show up early to ensure a seat at Tobin 223 (Workshop C).''' 

== Presenter(s) ==

Scott Cook

== Materials ==

Any materials needed to participate in this workshop will be available at-cost. 
Observers are welcome at no cost. 
'''To do the hands-on portion for this workshop: 
'''Materials Cost: None''' 

== Required Software / What to bring ==

Basic python and C programming skills. At a basic level, understand when a program is compiled it uses libraries. Comfortable with bash. Should have entry level cyber experience.

== Links ==
A VM will be available for download soon that contains everything you will need to follow along in the workshop !!! Please Check Back.