Full-Stack Incident Response

"Understand attacks and defenses at a high level, with SIEMs, intrusion detection, attribution and the ATT&CK matrix, and at a low level with malware analysis, debugging in user-land and the kernel, DLL injection, and exploring the Windows API. We will use Splunk, WinDbg, Zeek, IDA, Ghidra, and many other tools. We will construct vulnerable systems on public clouds, attack them, and detect the attacks. After this workshop, you will understand the stages of an attack, and how they are performed, detected, and prevented. Previous experience with C and assembly language is helpful but not required. Participants will need a laptop with a Web browser and a credit card to reserve cloud servers, at little or no cost."