AUAS logo

International Security Summer Camp: 3 July - 7 July 2017

International Security Summer camp in Laval, France

Learn about information security, cyber warfare, incident response and ethics in the field of information security and join several challenges: hands‐on learning and practical exercises are central to this camp's teaching style.

  • participants learn by doing and experiencing information security threats, defenses, and investigation techniques.
  • The aim of this camp is to provide the highest possible quality of instructions on topics relevant to today’s information security threat landscape including ethical hacking and penetration testing, incident handling, and digital forensics.

Topics

  1. Introduction to information security, cyber warfare, incident response and ethics in the field of information security.
  2. Coverage of modern internet threats and attacks, case studies about threat actors and modern attacks.
  3. Introduction to security bugs, exploits, malware and modern problems from the infosec standpoint, security testing and testing methodologies.
  4. Right tools and methods for testing: networks, systems and web applications.
  5. Incident response and forensics, Indicators of compromise, Forensic data collection and analysis.
  6. Twelve-hour challenge: Save Laval from a terrorist attack. Who will find intelligence to stop the attack? Prizes available.

This is a draft of the contents of camp's programme in laval based on last'year's camp.

 

3-7-2017 | Opening Offensive Security

Time / Place

Topic

Evening

08:30-11:00

 

  • lecture: offensive security: introducing tools such as the metasploit framework

Canal trip

 

11:10-15:20

 

15:20-17:00

K

4-7-2017 | Exploit development and shell coding 

Time / Place

Topic

Evening

09:00-11:00

 

Exploit development and shell coding 

(Board) games night. Starts right after programme

11:10-15:20

 

15:20-17:00

 

5-7-2017| Challenge: 

Time / Place

Topic

Evening

08:00-20:00

 

Challenge: 12 Hours to save Amsterdam

Challenge: 12 Hours to save Laval

6-7-2017 | Malware forensics 

Time / Place

Topic

Evening

09:00-11:00

 

Malware forensics  

Farewell party / drinks

11:10-15:20

 

15:20-17:00

 

7-7-2017 | Wrap up

Time / Place

Topic

Evening

08:30-11:00

 

Final presentation per country / Farewell session: All partners

 

Ali Dehghantanha

Private Digital Investigator, Malware Analyst, Professional Trainer and Lecturer at University of Salford Manchester

Ali Dehghantanha is serving as a Mari-Curie International Incoming Research Fellow in cyber forensics (the Marie-Curie Fellowships are Europe’s most competitive and prestigious research awards) at University of Salford, Manchester, UK. He is one of lead editors for Elsevier book titled “Contemporary digital forensic investigations of cloud and mobile applications” and is a guest editor for a special issue on “Internet of Things: Security and Forensics Trends and Challenges” in the Elsevier Future Generation Computer Systems journal, guest editor for a special issue on "Big Data Applications in Cyber Security and Threat Intelligence" in IEEE Transactions on Big Data. Ali has served for several years in a variety of industrial and academic positions with leading players in Cyber-Security and Digital Forensics. He has long history of working in different areas of computer security as security researcher, malware analyzer, penetration tester, security consultant, and forensic analyst.  He regularly travels the globe on speaking, teaching, and consulting engagements and assist clients in securing their information assets. Ali is imminently qualified in the field of cyber-security; he holds Ph.D in Security in Computing and a number of professional qualifications namely GREM, CCFP,CISSP, CISM ISMS L.A, CEH, CHFI, ECSA, and ECIH and he is the founder of annual “International Conference in Cyber-Security, Cyber Warfare and Digital Forensics (CyberSec)”! He can be contacted at AliD@AliD.info

 

Tonimir Kišasondi

Head of Open Systems and Security Laboratory at Faculty of Organization and Informatics, University of Zagreb

Dr. Tonimir Kišasondi holds specialization in security testing, security analysis and penetration testing and also cryptography systems implementation and security analysis. His fields are as follows:

  • Active knowledge of methodologies: OSSTMM, OWASP, ISO27000 family, NIST SP800-115
  • Active knowledge of security tools: nmap, ncrack, nessus, openvas, metasploit framework, w3af, skipfish, sqlmap, wireshark, john, oclhashcat
  • Knowledgeable in creation of custom scripts and tools for security testing and analysis (Open source examples are available on my GitHub page) - Prefers development in Python
  • Knowledgeable in cryptographic software and systems development based on open source technologies or standards: OpenSSL, GnuPG, OpenPGP, OpenSSH, X509
  • Advanced knowledge of network security tools and techniques: VLAN's, L3,L4 i L7 filtering with iptables, pf, pfsense. IDS solutions: Snort, OSSEC and VPN's with OpenVPN and IPSec
  • Implementation of custom network filtering solutions
  • Advanced knowledge of biometric systems and biometrics system security testing.
  • Knowledgable in computer forensics and forensics procedures, active work with EnCase and other open source solutions: (TCTK, SleuthKit…)
  • System administration knowledge with special focus on security administration and hardening on GNU/Linux based distributions: (Debian, Ubuntu, CentOS)
  • Active knowledge of Python with a wide set of libraries: requests, nltk, beautifulsoup.

 

Eric Filiol 

Head of the Operational Cryptography and Computer Virology lab (C + V) O which is currently hosted by ESIEA in Laval, France

Does reseach on:

  • Symmetric encryption: design and evaluation of symmetric cryptosystems, design of cryptosystems with trapdoors (introduction of undetectable mathematical weaknesses allowing a less complex cryptanalysis for anyone who has knowledge of the trapdoor), cryptanalysis of symmetric cryptosystem based on the combinatorial properties (weaknesses) of those systems, reconstruction techniques of unknown algorithms (coding or encryption) using the intercepted stuff only (encoded streams, encrypted messages).
  • Analysis and design of steganographic systems. Encrypted data (COMSEC aspect only) exhibit a (too) typical statistical profile. Consequently any attacker can therefore easily identify an exchange of encrypted data. It is therefore crucial in some contexts to hide the very existence (storage, exchange) of data. It is the role of steganography (hiding the channel by considering the TRANSEC aspect). From a dual point of view, I am also interested in techniques for detecting steganographic contents (steganalysis). 
  • Computer virology: formal characterization of viral techniques (known and unknown techniques), study and design of new malware technologies, formalization and design of new antiviral techniques, malicious cryptography and steganography (potential use of encryption and/or steganographic techniques by Malware and use of malicious codes for applied cryptanalysis purposes), analysis and Evaluation (passive and active) of antivirus software.
  • Analysis and technical studies of the concept of computer warfare

https://sites.google.com/site/ericfiliol/

 

Michael Gilhespy 

Lecturer/Researcher, HvA

Michael Gilhespy joins the teaching staff at the HvA after spending the last 13 years in industry, specialising in security analysis and hardening of enterprise networks.  He has spent time in a variety of roles, from leading board level conversations as a consultant to observing bits and bytes on the wire as a SOC analyst, but has always placed knowledge acquisition and transfer at the top of his priority list.

Michael's deepest interests are in (software) reverse engineering and forensic investigations, particularly the growing field of DFIR (Digital Forensics in Incident Response). Michael graduated with an MSc in Information Security from Royal Holloway, University of London.

Venue

ESIEAi in Laval France.. 

 

Accommodation

Students are expected to book their own accommodation. We recommend:http://www.creflaval.net/youth-hostel. Oher options via Airbnb, Hotel F1

The accommodation is just across the street from a « social » cafeteria where I hope to negotiate some reasonably priced lunches. We also have a new bakery relatively close to the school, selling enormous pizzas for 8€ -- quite tasty and enough to feed 2 students easily.

 

 

 

Travel to Laval:

students are expected to book their own trip.

Sunday morning 2 July 2017: Fly or take the Thalys to Paris . Continue your journey to Laval via train (tickets from Paris to Laval cannot be booked yet).

Friday afternoon 7 July 2017: travel to Paris by train and from there continue onwards. Trains from Laval to Paris cannot be booked yet.

 

 

Application takes place via the contact person office of your home University.

Marlies Nijenhuis

Email: m.l.c.nijenhuis-stelder@hva.nl

Published by  Faculty of Digital Media and Creative Industries 14 February 2017