With proliferation of custom, targeted attacks it is essential for any CIRT team to be able to detect and rapidly respond to evolving network threats. In this workshop session Fyodor, Vitaly and Vladimir will demonstrate a practical approach of mining and identifying malicious activity patterns from raw network data, empowering machine learning algorithms and a number of hacks the authors will demonstrate practically usable platform for detecting on-going network exploitation activity (exploit kit sequence detection), time series analysis applied to compromised machines C2 calls.
In part 2 of this four hour workshop will cover following areas of advanced practical intrusion detection:
All the tools used in this workshop are to be shared and publicly released under Open Source (GPL) license.