We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.

Accept and Close

Contact us

Ask a question?

If you want to know anything about the course, we’re here to help.

Course

29TH -30TH JUNE - DON”T MISS OUR BOOTCAMP ON REMOTE THREAT RECONNAISSANCE! FIND OUT MORE HERE

Threat reconnaissance using remote scoutware

Expert-led online bootcamp (only 10 places!)

Incident response to live cyberattacks require silent navigation through compromised assets, sometimes in large distributed networks. The popular approach relies on EDR or other live agent-based solutions. However, the activation of security agents and obvious activities on live compromised systems may trigger alerts of advanced threat actors. Once alerted, a cleanup operation and destruction of evidence can happen. Moreover, offline system analysis may not be easy due to the physical distance to the compromised system or scale of the network. This is where remote stealthy threat discovery with “scoutware", software for threat hunting and instant system analysis, becomes incredibly useful.

In our bootcamp you will be introduced to the free, open-source scoutware tool Bitscout developed by Vitaly Kamluk from Kaspersky GReAT in collaboration with INTERPOL, that has been successfully used by Kaspersky researchers for years. During the bootcamp you will create your own remote analysis tool and practice it right away in the provided virtual lab!

BitScout

Extensive practice in the virtual lab

Live interaction with Vitaly Kamluk - Kaspersky GReAT

Crafting and practicing your own customised Bitscout tool

All Levels

Mid-level to advanced

Cost

$990 inc. tax per attendee (credit card payment only)

Register

Applicable for

Attendees will learn how to build their own remote analysis tool, package with their own arsenal and how to handle customizations to apply for the below:

  • Incident response system triage.
  • Malware samples collection on remote system.
  • Rootkit stealth techniques bypass and deactivation.
  • Remote system repair, remediation and recovery.
  • Budget-aware forensics operations.
  • Cross-border law-enforcement investigations.
  • Traceless probing and system analysis for highly sensitive cases.
  • Instant situation analysis for time-critical events when you don't have time to wait for expensive tools to be delivered and need to do firefighting now.
  • Strict forensically-sound remote data acquisition.
  • Collaborative multi-user analysis.
  • Internal incident response trainings and master-classes.
  • Proof and reproduction of chain-of-custody where required.
  • Data acquisition where required hardware or disk drive adapters are not available.
Vitaly

Your bootcamp leader

Vitaly Kamluk,

Director of Kaspersky GReAT, APAC.

Small Play IconBitScout on GitHub

Small Play IconBitScout website

Vitaly has been involved in research at Kaspersky since 2005. In 2008, he was appointed Senior Antivirus Expert, before becoming  Director of the EEMEA Research Center in 2009. In 2014 he was seconded to INTERPOL, where for two years he worked in the Digital Crime Center, specializing in malware reverse engineering, digital forensics and cybercrime investigation. Currently Vitaly is based in Singapore and is leading a team of APAC threat researchers focused on targeted attacks investigation. He is the author of Kaspersky’s first open-source project, a remote digital forensics tool called Bitscout, made available on Github.

Vitaly has presented at many international security conferences as well as multiple invite-only security events. He is a trainer in malware analysis, YARA for malware hunters, and remote digital forensics.

Who it's for

  • Threat hunters
  • Malware analysts
  • Incident responders
  • Law Enforcement digital forensics examiners
  • Cybersecurity officers
  • Cybersecurity consulting companies and freelancers

Prerequisites

  • You should be comfortable working with Linux command line
  • Understanding of Bash scripting
  • Experience with virtualization and networking
  • Understanding of Linux, Windows and basics of macOS
  • Experience with infected or compromised systems
  • You’ll be provided access to the virtual environment with everything set up for you

Technical requirement: Minimum internet bandwidth for one RDP session is 150 Kbps. Please check your connection speed with a remote access test: https://use.cloudshare.com/Ent/Machine.mvc/testpage#/ (choose the data center named EU Amsterdam).

Bootcamp dates and agenda

Bootcamp learning takeaways

Pace Icon
Scoutware
Learn how to build your own scoutware for emergencies Bullet Tick
Certification Icon
Incident response
Improve your skills in remote incident response, malware hunting, and data acquisition Bullet Tick
Course Author
Local > remote
Apply your favourite local tools (from Windows, macOS, Linux) to any remote system Bullet Tick
Course Duration
Live monitoring
Learn how to thoroughly live-monitor an attacked system with almost no footprint that the attacker can discover Bullet Tick
Access Icon
Remote analysis
Practice remote dynamic malware analysis and see for yourself how a powerful rootkit can evade regular tools (but not Bitscout!) Bullet Tick
Mobile Access
Reproduce results
Reproduce your findings or train your team to use Bitscout Bullet Tick
Virtual Lab Icon
Simultaneous analysis
Work on the same analysis simultaneously with your colleagues or an external expert Bullet Tick

$990 inc. tax per attendee (credit card payments only)

Register