»The Hive / MISP«
2018-10-17, 13:30–17:30, Hollenfels

This workshop will take participants through a journey to familiarise themselves with common activities related to incident response, digital forensics, and cyber threat intelligence using the popular FOSS stack composed of MISP, the Malware Information Sharing Platform, TheHive, a Security Incident Response Platform, and Cortex, a powerful observable analysis and automated response engine.

The workshop organisers will briefly walk participants through the guiding principles of DFIR and CTI and describe the software stack that will be used throughout the workshop. Participants will then have to work on an incident and try to investigate and respond to it by analyzing various artifacts and leveraging cyber threat intelligence.

Participants are expected to bring laptops running either VMware Workstration/Fusion or VirtualBox. Laptops must be powerful enough to run two VMs simultaneously. Limited familiarity with Python is a plus to work on advanced case where automation will be used to speed up the investigation.