Red vs Blue -- Malware Workshop: Difference between revisions
Created page with "= Red vs. Blue: Malware - Build It, Break It, Block It workshop = == Abstract == Unleash your inner hacker and defender in this hands-on workshop! Dive into the dark art of crafting Windows and Linux rootkits, then switch gears to learn malware analysis and reverse engineering of those rootkits. This workshop will go from static analysis with tools like Binary Ninja and DetectItEasy to dynamic analysis decrypting payloads and extracting critical IoCs. It doesn’t stop..." |
No edit summary |
||
| Line 3: | Line 3: | ||
== Abstract == | == Abstract == | ||
A BEGINNER'S workshop to unleash your inner hacker and defender! Dive into the dark art of crafting a Linux user mode infostealer rootkit, then switch gears to learn basic malware analysis and basic reverse engineering of that rootkit. This workshop will go from static analysis with tools like Binary Ninja and DetectItEasy to dynamic analysis decrypting payloads and extracting critical IoCs. It doesn’t stop there - you’ll build detection rules with tools like YARA, ClamAV, OSQuery, Suricata, and OpenEDR to hunt down that rootkit. Cap it off by integrating your defenses into Elasticsearch and Kibana dashboard. Perfect for aspiring red and blue teamers to learn over a dozen different open-source tools. All code will be provided and the focus will be understanding how the malware and detections work and how to use a variety of tools, not deep diving into systems program. | |||
== Day / Time / Location == | == Day / Time / Location == | ||
| Line 28: | Line 28: | ||
== Required Software / What to bring == | == Required Software / What to bring == | ||
Basic python and C programming skills. Comfortable with | Basic python and C programming skills. At a basic level, understand when a program is compiled it uses libraries. Comfortable with bash. Should have entry level cyber experience. | ||
== Links == | == Links == | ||
A VM will be available for download soon that contains everything you will need to follow along in the workshop !!! Please Check Back. | |||
Revision as of 17:54, 14 August 2025
Red vs. Blue: Malware - Build It, Break It, Block It workshop
Abstract
A BEGINNER'S workshop to unleash your inner hacker and defender! Dive into the dark art of crafting a Linux user mode infostealer rootkit, then switch gears to learn basic malware analysis and basic reverse engineering of that rootkit. This workshop will go from static analysis with tools like Binary Ninja and DetectItEasy to dynamic analysis decrypting payloads and extracting critical IoCs. It doesn’t stop there - you’ll build detection rules with tools like YARA, ClamAV, OSQuery, Suricata, and OpenEDR to hunt down that rootkit. Cap it off by integrating your defenses into Elasticsearch and Kibana dashboard. Perfect for aspiring red and blue teamers to learn over a dozen different open-source tools. All code will be provided and the focus will be understanding how the malware and detections work and how to use a variety of tools, not deep diving into systems program.
Day / Time / Location
Day 2, Saturday, 16-August-2025, 7:30pm - 11:30pm
Tobin 223 (Workshop C)
Full Description
Registration -- NOT required
NOTE: You do NOT need to register to take this workshop
-- please show up early to ensure a seat at Tobin 223 (Workshop C).
Presenter(s)
Scott Cook
Materials
Any materials needed to participate in this workshop will be available at-cost.
Observers are welcome at no cost.
To do the hands-on portion for this workshop:
Materials Cost: None
Required Software / What to bring
Basic python and C programming skills. At a basic level, understand when a program is compiled it uses libraries. Comfortable with bash. Should have entry level cyber experience.
Links
A VM will be available for download soon that contains everything you will need to follow along in the workshop !!! Please Check Back.
