Red vs. Blue: Malware - Build It, Break It, Block It workshop

Abstract

A BEGINNER'S workshop to unleash your inner hacker and defender! Dive into the dark art of crafting a Linux user mode infostealer rootkit, then switch gears to learn basic malware analysis and basic reverse engineering of that rootkit. This workshop will go from static analysis with tools like Binary Ninja and DetectItEasy to dynamic analysis decrypting payloads and extracting critical IoCs. It doesn’t stop there - you’ll build detection rules with tools like YARA, ClamAV, OSQuery, Suricata, and OpenEDR to hunt down that rootkit. Cap it off by integrating your defenses into Elasticsearch and Kibana dashboard. Perfect for aspiring red and blue teamers to learn over a dozen different open-source tools. All code will be provided and the focus will be understanding how the malware and detections work and how to use a variety of tools, not deep diving into systems program.

Day / Time / Location

Day 2, Saturday, 16-August-2025, 7:30pm - 11:30pm
Tobin 223 (Workshop C)

Full Description

Registration -- NOT required

NOTE: You do NOT need to register to take this workshop
-- please show up early to ensure a seat at Tobin 223 (Workshop C).

Presenter(s)

Scott Cook

Materials

Any materials needed to participate in this workshop will be available at no-cost.
Observers are welcome at no cost.
To do the hands-on portion for this workshop:
Materials Cost: None

Required Software / What to bring

Basic python and C programming skills. At a basic level, understand when a program is compiled it uses libraries. Comfortable with bash. Should have entry level cyber experience.

Links

A VM will be available for download soon that contains everything you will need to follow along in the workshop !!! Please Check Back.