ROOTCON 18 will be on September 25, 26 & 27, 2024 at Taal Vista Hotel in Tagaytay.
Combating Cyber Extortion
ACCESS
Human+
This comprehensive training provides a deep dive into the multifaceted landscape of ransomware attacks and equips cybersecurity professionals with the necessary knowledge and skills to effectively mitigate this pervasive threat.
Participants will gain insights into the evolution and history of ransomware, understanding its origins and the transformation into a highly profitable criminal enterprise. Delving into the mechanics of ransomware attacks, including the various types such as encrypting ransomware, locker ransomware, and mobile ransomware, participants will grasp the breadth of techniques employed by malicious actors.
Additionally, the training examines the top targeted organizations and the emergence of Ransomware-as-a-Service (RaaS), shedding light on the evolving nature of ransomware tactics.
Student Requirements
- Basic knowledge of computers and networking
- Familiarity with the Windows operating system
Target Audience
Defenders, Sysadmins, Security Researchers, IT Managers, Developers
Trainer Bio
To be updated....
Cyber Defense Analyst (OSDA SOC200) r
ACCESS
Human+
The OffSec workshop will be covering the key topics in the SOC200 course. It consists of four x 45 minute teaching sessions and three one-hour hands-on exercises. The teaching topics
- An understanding of the NICE framework of skills, knowledge and tasks expected of a Cyber Defense Analyst
- An introduction to the internal features of Windows endpoints, and in particular the event logs which are generated
- An introduction to the internal features of Linux endpoints and the system logs which are generated
An understanding of cyber attack methodologies and specific forms of attack against Windows and Linux endpoints and how these can be diagnosed through log analysis
Student Requirements
- Linux Basics
- Windows Basics
- Networking Basics
Target Audience
Security Operations Center (SOC) Tier 1, Tier 2 and Tier 3 Analysts
Anyone interested in detection and security operations, and/or committed to the defense or security of enterprise networks
Trainer Bio
To be updated....
Cyber Threat Intelligence 101
ACCESS
Human+, Human (Limited Slots)
Dive into the dynamic world of Cyber Threat Intelligence (CTI), a pivotal realm where cyber security meets strategic foresight. CTI is not just about guarding digital frontiers; it is an intricate dance of understanding and outmaneuvering adversaries in cyberspace. By analyzing threats based on adversary intent, capability, and potential opportunities for disruption, CTI empowers defenders to anticipate attacks and enhance their defensive strategies. This proactive approach transforms knowledge into a strategic asset, enabling organizations to bolster their response and detection capabilities against the vast array of sophisticated, modern cyber threats.
At the heart of every security team, CTI is indispensable. It guides the Security Operations Center (SOC) in prioritizing threats demanding immediate action. It equips the Incident Response (IR) team with crucial, actionable insights to swiftly address and mitigate breaches. For the Vulnerability Management team, it highlights critical vulnerabilities needing urgent attention, assessing the associated risks, and correlating their usage against adversary tradecraft. Meanwhile, the Threat Hunting team gains a deeper understanding of adversary behaviors, essential for effective and targeted operations across the organization's network. Similarly, the Red Team leverages this intelligence to mimic real-world attacks, testing and refining the organization's readiness against contemporary threats.
Despite its critical role, CTI is often a misunderstood and under-explored field within the broader cyber security landscape. Motivated by this gap, we have crafted this engaging 101 course to unravel the mysteries and core principles of CTI. Our mission is to democratize knowledge in this burgeoning discipline, making it accessible and understandable for cyber security professionals at all levels. Join us to transform how your organization perceives and responds to cyber threats, turning intelligence into a formidable tool in your cyber security arsenal.
Student Requirements
- Foundational understanding of cyber security
- Anyone with an interest in learning more about CTI
Target Audience
Anyone new to, or unfamiliar with CTI
Trainer Bio
Scott Jarkoff
Scott is the Director, Threat Intelligence Strategy, APJ & META at CrowdStrike, directing the Threat Intelligence business across Asia-Pacific & Japan (APJ) and Middle East, Turkey, and Africa (META), leading the charge in selling advanced government-grade intelligence and around-the-clock threat hunting capabilities. Entrusted with the stewardship of CrowdStrike’s Counter Adversary Operations (CAO) suite in these regions, Scott plays a pivotal role in enabling sales, providing unrivaled insights, and offering protection against sophisticated adversaries.
Scott is currently orchestrating the inception of a stealth startup. This enigmatic venture targets a niche previously untouched by conventional frameworks. Shrouded in secrecy, the startup is stirring considerable intrigue within industry circles. As anticipation builds, insiders speculate this endeavor will not only transform the industry, but also illuminate dark corners of the digital world with unprecedented clarity and precision, marking a new epoch in innovation.
In his current role, Scott presents all across APJ, focusing on specialized threat landscape presentations delving into regional and industry-specific security challenges at numerous international security conferences and events. He is regularly sought after by APJ-based news outlets for expert commentary on global security threats, nation-state and e-crime activities, geopolitical movements, and international cyber security developments
Scott is based in Tokyo where he masterminds all facets of the CrowdStrike APJ & META threat intelligence business. He has over twenty-five years cyber security and intelligence experience, working for the US Department of Defense, and the private sector.
Aaron Aubrey Ng
Aaron is a Senior Systems Engineer at Crowdstrike where he advises customers on their security needs and solutions. He is currently based in Dubai, and is responsible for the Crowdstrike business across the Middle East, Turkey, and Africa (META) region. Prior to his current stint, Aaron served as a Strategic Threat Advisor where he actively evangelised for the value and pertinence of Cyber Threat Intelligence to organisations across the public and private sectors in the Asia Pacific (APAC) and META regions. Aaron represented Crowdstrike Intelligence, speaking at various Security Conferences including BlackHat MEA, MENA ISC, GovWare, RootCon, AVAR, BSides SG, and SINCON.
Prior to joining the Cybersecurity industry, Aaron served 12 years of Active Duty in the Singapore Armed Forces as a Military Intelligence Officer. He served in multiple command appointments in classified Intelligence units, and garnered staff experience in the areas of strategic planning and policy development. In his penultimate tour of duty, Aaron was instrumental in developing the masterplan for the Digital and Intelligence Service (DIS), the military branch responsible for providing military intelligence to the armed forces, building up Singapore's digital defence capabilities, and protecting the psychological defence of its military personnel.