Why Are They Asking Me to Do This? or Adventures in IR Land

Overview

Syllabus

• Introduction to Incident Response (IR)
Basics of Incident Response
Overview of Linux systems in IR
Understanding Linux Malware: Current Threat Landscape
• Preparation Phase
Building an Incident Response Team
Essential Tools and Software for Linux IR
Documentation and Policy Development
Training and Awareness Programs
• Detection and Monitoring
Setting Up System and Network Monitoring
Use of Intrusion Detection Systems on Linux
Identifying Anomalous Behavior and Indicators of Compromise
• Analysis Techniques
Forensic Analysis of Linux Systems
Log Analysis and Management
Memory and Disk Imaging
Utilizing Linux-native Analysis Tools
• Containment Strategies
Quarantine Methods for Infected Systems
Network Segmentation and Isolation
Eradication Procedures for Linux Malware
• Recovery and Post-Incident Actions
System Restoration Techniques
Reinforcement of Security Measures
Incident Reporting and Documentation
• Case Studies and Practical Exercises
Analyzing Real-world Linux IR Cases
Hands-on Lab Sessions: Simulated Incident Response
Group Debrief and Lessons Learned
• Final Assessment and Course Wrap-up
Review of Key Concepts
Final Project Presentation
Course Feedback and Future Learning Paths

---

Subjects

Conference Talks