Workshops

Important notices:

  • Workshops are limited to 15 participants each.
  • Registration will be only possible on-site at the day of the conference, on a first-come, first-served basis.
  • Please check all requirements (laptop, etc) detailed on the workshops you’re interested in participating, so you’ll be ready to take the most advantage of the sessions.
Workshops
11:00 – 13:00 Malware Investigations 101
Valter Santos
14:45 – 16:45 Breaking bad apps
Cláudio André, Dalila Lima, Herman Duarte
17:15 – 19:40 DataScience and Internet Scanning 101
Tiago Henriques, Florentino Bexiga, Filipa Rodrigues, Ana Barbosa

Valter Santos

Valter Santos

Workshop – Malware Investigations 101

This is an introductory workshop to the fascinating world of malware investigations that aims to provide students with concepts, tools and techniques needed to perform malware analysis and threat indicators collection.

You will learn about the following:

  • The malware ecosystem
  • Investigation concepts
  • Sources of malware
  • Tools for initial analysis (sandboxing, behaviour and memory analysis)
  • Categorization rules using Yara
  • Command and Control (C2) identification and tracking using OSINT
  • Techniques for telemetry collection

The workshop is constituted by two parts, a small theory briefing followed by a hands-on exercise where students will put the concepts in to practice by analysing a malware sample, extract all threat indicators available and use them to track the command and control infrastructure.

Students are expected to bring their own laptop with VMWare or Virtualbox installed. VM images will be provided in the class.

About the Speaker:

Valter Santos is a threat intelligence researcher at AnubisNetworks with more years of experience than all his fingers if he loses a hand. With background in digital forensics, malware analysis, botnet tracking, incident response and penetration testing.

Valter likes to attack live malware in the morning, kill it and autopsy it by noon. He also enjoys to track bad guys in collaborative efforts with law enforcement.

He holds the GCFA, GCIA, GCIH and GSEC certifications.

Cláudio André, Dalila Lima, Herman Duarte

Cláudio André, Dalila Lima, Herman Duarte

Workshop – Breaking bad apps

iOS and Android are the main mobile operating systems being used today. In this workshop you will go from zero to hero, where you will learn the basics of each platform and start pentesting mobile applications that we use on a daily basis. You can expect 2h of pure fun and knowledge between apples and droids.

Requirements:

  • Android
    • Laptop (Windows/Mac OSX/Linux) and guarantee all the requirements in the instructions
  • iOS
    • iOS device jailbroken and usb cable (mandatory to run the iOS demos)
    • iOS version >= 8

About the Speaker:

Cláudio (@clviper) IT Geek with love for technology since his first baby steps. Currently working as Security Professional (OSCP and eMAPT certified) on the best place to be, Integrity S.A.

On the daily basis I am doing pentest in Web applications, Infrastructure and Mobile applications. On my free time I am focusing on Android Applications Security.

I’m also addicted to landscape photography and a Muse fanatic.

Dalila (@Dcrypt3d) has been working as a penetration tester at Integrity S.A since 2015. Main areas of interest are social engineering, mobile pentesting and finding business logic flaws in general. She was convinced to give this talk at Bsides after being promised there would be lots of pancakes, waffles and ovos moles de Aveiro.

Herman (@hdontwit) is an infosec professional by day and an infosec ninja by night, he loves everything that is security related, from hardware devices, web apps and mobile applications. Working in the infosec field with Integrity S.A., HD is a lead consultant that helps his clients in security engagements from penetration testing to consultancy related projects, in different countries around the globe. HD is a 2 times speaker at codebits, confraria segurança and 2 times winner (alongside with his cool teammates) of the codebits CTF.

Cláudio André, Dalila Lima, Herman Duarte

Tiago Henriques, Florentino Bexiga, Filipa Rodrigues, Ana Barbosa

DataScience and Internet Scanning 101

In this workshop we will go through the problems of scanning the internet space (ipv4) from a data size perspective. We will show you how you can do it yourself and after you’ve acquired some data we will teach you how to use specific python libraries used for data science to treat the data and extract knowledge.

Requirements:

  • Latest version of VirtualBox

About the Speaker:

Tiago, Filipa, Ana and Florentino swim in data every single day. From looking at what people are downloading to how they are exposing themselves, we LOVE DATA!

Tiago (@Balgan) is the CEO and Data necromancer at BinaryEdge however he gets to meddle in the intersection of data science and cybersecurity by providing his team with lovely problems that they solve on a daily basis.
Filipa (@filipacsr) is the Data Diva at BinaryEdge, she dances the macarena with numbers to get them to tell her all their dirty secret.
Florentino (@fbexiga) is the Data MacGyver at BinaryEdge, on a daily basis he needs to deploy infrastructure used to analyse big and realtime data.When not doing that he can be found creating models to analyse data,give me an orange, i’ll give you a skynet. Why an orange you ask? I’m hungry and like oranges, there!
Ana (@ana_barbosa90) is the Data Ferret at BinaryEdge. She is small and hides between the 110th and 111th characters of the ascii code to see and show data in that unique perspective of someone who can’t reach the box of cookies stored on top of the capitol ‘I’