Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Track 6 - Room 202 [clear filter]
Thursday, April 26


Workshop: Botnet Tracking and Data Analysis Using Open-Source Tools
Limited Capacity seats available

Fully understanding a botnet often requires a researcher to go beyond standard reverse-engineering practice and explore the malware’s network traffic. The latter can provide meaningful information on the evolution of a malware’s activity. However, it is often disregarded in malware research due to time constraints and publication pressures.
The workshop is about overcoming such constraints by providing a powerful workflow to conduct quick analysis of malicious traffic. The data science approach presented capitalizes on open-source tools (Wireshark/Tshark, Bash) and valuable python libraries (ipython, mitmproxy, pandas, matplotlib). During the workshop, participants will do practical technical labs with datasets from our recent botnet investigation. They will learn how to quickly find patterns, plot graphs and interpret data in a meaningful way. Although the exercises will focus on botnet’s data, the tools and skills learned will be useful to all sorts of context. Moreover, to ensure that participants take the most out of the workshop, it will be built in a way to allow them to easily replicate the data-analysis environment at home and reproduce similar analysis with their own traffic data.
Workshop Outline
The workshop will be divided in three sections. The first section will present the contextual information needed for participants to start the practical technical labs afterwards. The second section will focus on analyzing the botnet’s C&C traffic in Pcaps. The third section will emphasize on graphs and the use of the mitmproxy library to analyze decrypted traffic.
Lab 1 – Extract SOCKS Traffic with Wireshark
Lab 2 – Extract SOCKS Traffic with Tshark
Introduction to Jupyter Notebook and it’s shell integration
Lab 3 – Search in mitmproxy logs
Lab 4 – Manipulate Dataframes with Pandas
Lab 5 – Graph the Data using Plotly
Due to the short time allotted, we ask participants to download and install Wireshark locally on their computer (https://www.wireshark.org/download.html) during the introduction. For the other tools (tshark, bash, the anaconda package, mitmproxy, pandas, numby, plotly), we will provide a hosted environment in which the tools will be installed and the scripts, the data and the exercises will be available.

avatar for Masarah Paquet-Clouston

Masarah Paquet-Clouston

Security Researcher, GoSecure
Masarah Paquet-Clouston is a security researcher at GoSecure, a PhD student at Simon Fraser University in criminology and one of Canada’s decorated 150 scientific innovators. With her background in economics and criminology, she specializes in the study of markets behind illicit... Read More →

Thursday April 26, 2018 13:00 - 17:00
Track 6 - Room 202
Friday, April 27


Workshop: Orange is the new Hack - Introduction to Machine Learning with Orange
Limited Capacity seats available

Analyzing large number of security alerts can be repetitive and tedious. To help cope with the growing complexity of systems, analysts can use machine learning algorithms and other data analysis concepts. By doing prediction, machine learning algorithm can help prioritize and even reduce the amount of manual work needed. Data analysis can also help gain a better understanding of our data.

The workshop will introduce participants to the world of machine learning using the software Orange. A security-related scenario will be used for the hand-on exercises. For this scenario, a large dataset of vulnerabilities from web applications reported by a static analysis tool will be used. The dataset of vulnerabilities was enriched with key metadata that will help the algorithms. Some metadata will need transformation. Based on issues that were classified, it will be possible to predict which unclassified issues are likely to be actual vulnerabilities.

The attendants will be able to apply the same principles to the dataset in other contexts such as malware classification, system alert classification, vulnerability management, etc.
This workshop will cover the following topics:
  • Data visualization
  • Classification
  • Making predictions
  • Comparing features and models
  • Text classification
  • Bring your own laptop
  • Operating system compatible for Orange (Windows/Mac/Linux)

avatar for Philippe Arteau

Philippe Arteau

Security Researcher, GoSecure
Philippe is a security researcher working for GoSecure. His research is focused on Web application security. His past work experience includes pentesting, secure code review and software development. He is the author of the widely-used Java static analysis tool Find Security Bugs... Read More →

Friday April 27, 2018 13:00 - 16:00
Track 6 - Room 202