Warsztaty 2019

DFLabs Workshop: A Deep Dive into Security Orchestration, Automation and Response (SOAR)


Date and Time: 11th September, 8am-2pm
Breaks (coffee, tea, soft drinks, cakes): 10:00-10:20 ; 12:00-12:20
Price: free for SCS19 participants
Concerto I Conference Room, Sound Garden Hotel

Host and Presenter: Victor Popescu, Solutions Engineer at DFLabs

Victor Popescu Biography

Solutions Engineer, DFLabs

Currently holding the position of Solutions Engineer at DFLabs, Victor supports prospects and customers by providing in-depth and hands on demonstrations and training of DFLabs’ award-winning and innovative SOAR platform, IncMan SOAR, covering the full range of integrations, industry use cases and scenarios.

As a former SOC analyst and security consultant, responsible for security monitoring and incident response for some of the largest companies in Italy, Victor has experienced first-hand many of the challenges and pain points security operations are suffering from today and worked on initiatives to improve their effectiveness and efficiency. Victor holds a Computer Science degree from the University of Turin.

About the Workshop:

The aim of this workshop is to provide cyber security professionals with theoretical knowledge and hands-on experience of a SOAR solution and how it can help to overcome common security operations and incident response challenges and pain points which are being faced today. These challenges include, but are not limited to, a growing volume of alerts, increased workloads and repetitive tasks, a shortage and competition for skilled analysts, a lack of knowledge transfer, as well as more and more disparate tools and technologies being added to the security tool stack.

The main reason why organizations are increasingly implementing a SOAR solution is to ultimately improve their incident response efficiency and effectiveness, by seamlessly orchestrating and automating their security operations and incident response processes and tasks.  SOAR acts as a force multiplier for security teams, enabling them to do more with less. It helps to reduce the risk resulting from incidents, while increasing the return on investment for existing security technologies, also enabling organizations to meet legal and regulatory compliance.

Covering the basic principles to more in-depth processes, the workshop will discuss and demonstrate how a SOAR solution works, showcase a number of essential features and functionality, highlight its capabilities, as well as show how it seamlessly fits within an organizations’ existing security tool stack and environment.

Experience for yourself the benefits of automated and orchestrated security operations and incident response, enabling every security incident to be detected, responded to and remediated in the fastest possible time frame, before becoming a full-on security breach, improving overall operational performance.

Requirements and Prerequisites:

  1. Expected requirements and preparation of the participants.

Knowledge of cyber security is required with a specific interest and/or experience in automation and orchestration, incident response and innovative incident response methodologies that could be used within the security operations environment.

All participants will need to be equipped with their own laptop to carry out the hand-on practical tasks.

  1. For whom the workshop is for?

The workshop will be aimed at cyber professionals from all levels and backgrounds including SOC Analysts, SOC Managers, CISOs, Security Engineers, Cyber Security Consultants, Cyber Security and any other figure involved in cyber security incident response, looking to learn more about the fundamentals of SOAR and the benefits it can have on any security program.

Workshop Content:

  1. Program of the workshop

The workshop will consist of several areas broken down into the following sections. All of the topics will be covered with theoretical explanation and hands on experience.

  • An overview of cyber incidents and the challenges security programs currently face
  • How automation and orchestration can effectively be used within security operations and incident response
  • Introduction to SOAR and how it fits into SOC, CSIRT and MSSP environments
  • Implementation of incident response workflows through the use of playbooks and runbooks
  • Dashboard and reporting capabilities for the importance of performance measurement
  • Q&A session
  1. Will the participants receive any materials?

Demonstration slides and a hands-on booklet will be provided to all participants during the event.

  1. Will the participants receive any certificates?

All participants will receive a DFLabs SOAR Workshop certificate of attendance which will be emailed to them shortly afterwards.

About DFLabs:

DFLabs is an award-winning and recognized global leader in security orchestration, automation and response (SOAR) technology. The company’s management team has helped shape the cyber security industry, which includes co-editing several industry standards such as ISO 27043 and ISO 30121. Its flagship product, IncMan SOAR, has been adopted by Fortune 500 and Global 2000 organizations worldwide. DFLabs has operations in Europe, North America, and EMEA. For more information, visit www.dflabs.com or connect with us on Twitter @DFLabs.

About IncMan SOAR:

The DFLabs IncMan Security Automation and Orchestration (SOAR) platform automates and orchestrates security operations and incident response tasks including threat qualification, triage and escalation; hunting and investigation; and containment. IncMan SOAR uses machine learning and automated rapid response runbook capabilities as a force multiplier that has enabled security teams to reduce average incident resolution times by up to 90% and increase incident handling by 300%.

Możliwości wykrywania i analizy incydentów bezpieczeństwa za pomocą platformy „threat hunting” RSA NetWitness w formie turnieju Capture The Flag


Data: 11.09.2019
Czas trwania: 4h (10:00 – 14:00)
Prowadzenie w języku: polskim lub/i angielskim
Cena: bezpłatne
Miejsce: Hotel Sound Garden
Oczekiwane przygotowanie uczestników: rozumienie tematyki bezpieczeństwa informacji, wykrywania zagrożeń i rozwiązywania incydentów.

Marcin Filipiak/Arrow ECS 

Marcin Filipiak Inżynier Technicznego Wsparcia Sprzedaży w Arrow ECS, od roku 2007 związany z rozwiązaniami z obszaru bezpieczeństwa IT.
Szczegóły informacyjne:
RSA NetWitness Platform to unikalne narzędzie dla zespołów bezpieczeństwa, pozwalająca wykrywać zagrożenia oraz prowadzić śledztwa, korzystając w tym celu ze wspólnej analizy danych pochodzących z logów, ruchu sieciowego (Full Packet Capture) oraz aktywności w systemach końcowych. Warsztaty dedykowane są dla pracowników SOC, CIRC, wszystkich zajmujących się problematyką  Incident Response,  mile widziane są również  osoby zaczynające przygodę z tego typu tematyką. Uczestnicy będą mieli możliwość:
•  Zapoznania się z platformą RSA NetWitness:
   o  RSA NetWitness® Logs
   o  RSA NetWitness® Network
   o  RSA NetWitness® Endpoint
•  Samodzielnego przetestowania narzędzi NetWitness na bazie realnych scenariuszy ataków
•  Zapoznania się architekturą rozwiązań mających zastosowanie w SOC i CIRC
Do kogo: warsztat kierowany jest do osób, które na co dzień zajmują się zapewnieniem bezpieczeństwa informacji i komunikacji.
Wymagania dla uczestników: Uczestnicy powinni posiadać ze sobą laptopy z przeglądarką internetową (preferowany Chrome)

Speedrun Penetration Testing and Mitigations: All you need to know to take off


Kiedy: 11 Września, 9-16
Cena: 1900 PLN netto – cena regularna, 1600 PLN netto – dla uczestników części płatnej konferencji SCS 2019

Język: polski lub/i angielski
Concerto II, Sound Garden Hotel

Prowadzący: Adrian Denkiewicz Ekspert CQURE

Adrian Denkiewicz Biography

Adrian Denkiewicz to Ekspert CQURE, Penetration Tester, Cybersecurity Specialist i Software Developer z prawie dziesięcioletnim doświadczeniem pracy w IT. Współpracował między innymi z branżą finansową, sektorem bankowym, przemysłem czy e-commerce. Blisko setka projektów, testów penetracyjnych i audytów bezpieczeństwa pomagającym podmiotom z całego świata… to dopiero początek. Ambicje Adriana sięgają znacznie dalej. Obok certyfikatów OSCE i OSCP na jego półce znajduje się certyfikat ukończenia kursu astrofizyki!

Ostatnie certyfikaty Adriana: Offensive Security Certified Expert (OSCE) – Offensive Security (2019), Offensive Security Certified Professional (OSCP) – Offensive Security (2018), Penetration Testing Training with Kali Linux – Offensive Security (2018), Black Ops Hacking for Pentesters – Master Level – Sensepost (2017), Enterprise Incident Response – Mandiant (2017), Android Security – Reverse Engineering & App Pentesting – Quarkslab (2015).

Adrian jest także autorem świetnie przyjętego, mocno technicznego artykułu Alternate Data Streams (LINK )

About the Workshop:

Welcome to the speedrun simulation of penetration test! During this workshop you will get familiar with red teaming tricks that surely speed up penetration test. There are plenty of shortcuts to do if you want to attack fast and efficiently, and it doesn’t mean you cannot be stealth at the same time! The workshop will cover all typical penetration test phases, starting from initial recon using modern OSINT and phishing tricks, through weaponization and delivery of payloads, to the escalation on local system and lateral movement opportunities. If you want to take the next step into the world of pentesting, then this is the right course for you. You will learn how to conduct effective, in-depth penetration tests, focused on demonstrating risks posed by modern attackers.
Topics covered:
 Malicious payloads,
 Privileged escalation,
  Lateral Movement.
Dla kogo: Specjaliści ds. Bezpieczeństwa z doświadczeniem w systemach operacyjnych Windows i Linux.