2021-08-07, 14:00–15:30, Workshops Track 2
Forensics Station - Workshop 1
A walkthrough of triaging "compromised" Capstone servers.
In this workshop we will walk through a quick forensic triage of the "compromised" BTV Capstone servers.
Capstone is a Blue Team Village initiative to build and attack servers (and workstations) in a controlled environment, using common attacker techniques and tools in a safe way. We then use common Blue Team defender tools to gather information and review those machines, in order to train defenders on detecting, handling, and understanding common attacks.
This is the forensics workshop, and it will cover forensic triage. It's goal is to quickly answer some basic questions like:
- Did Something Happen?
- If So, When Did it Happen?
- What Artifacts Can Help Us?
- What Forensic Tools Can Help Us?
- What Should We Look at Next?
The Capstone Project will provide the Telemetry and Artifacts to the community so they can use their own tools to explore the data and share findings. We encourage everyone at every level to participate and share findings - so everyone can learn and collaborate.
I do stuff. Sometimes it works.