Workshop Types
- One Day Workshop on IoT Security
- Red Team – Recon, Exploitation, Post exploitation, Breach Attack Simulation
- Deep Web, Dark Web, and Threat Hunting
Description
The One-Day Workshop on IoT Security is a comprehensive and hands-on training event designed to equip participants with the knowledge and skills necessary to secure Internet of Things (IoT) devices and networks. In this workshop, participants will explore into the world of IoT and learn about the unique security challenges associated with connected devices
This workshop offers a blend of theoretical concepts and practical exercises to ensure a good learning experience. Participants will gain a solid understanding of IoT architecture, protocols, and communication frameworks, along with an awareness of the vulnerabilities and risks prevalent in IoT ecosystems. They will explore industry best practices and techniques to mitigate these risks effectively.
Through interactive demonstrations and hands-on exercises, participants can apply their knowledge and practice securing real-world IoT devices. This workshop is ideal for cybersecurity professionals, IoT developers, network administrators, and anyone interested in understanding and addressing the security challenges posed by the rapidly expanding world of IoT.
By the end of this workshop, participants will have gained the confidence and skills required to assess and enhance the security posture of IoT systems in their organizations. They will be equipped with practical tools and techniques to protect against unauthorized access, data breaches, and other security incidents.
Topics to be covered
- Overview of IoT security challenges
- Tools and technologies used in IoT security.
- Introduction to Offensive and defensive Operations .
- Penetration testing methodology
- Techniques for exploiting IoT vulnerabilities.
- Threat intelligence and monitoring
- Incident response planning
Practical
- Setting up and configuring an IoT device
- Identifying vulnerabilities in an IoT device
- Conducting a penetration test on an IoT device
- Analysing network traffic for suspicious activity
Prerequisite
- Knowledge in Internet of Things and Cyber security
- Programming Skill – Python / C / C++/Java
- Information Managers
- Fundamentals of Linux OS
- Laptop with Kali Linux installed.
Time Schedule
09.30AM – 10.00AM : Inauguration
10.00AM – 11.15AM : Session 1 - Introduction & Security Challenges in IoT
11.15AM – 11.30AM : Tea Break
11.30AM – 01.00PM : Session 2 – IoT Attacks & Exploits
01.00PM – 02.00PM : Lunch
02.00PM – 03.30PM : Session 3 – Practical - Vulnerability Assessment & Penetration Testing (VAPT)
03.30PM – 03.45PM : Tea Break
03.45PM – 05.00PM : Session 4 – Practical - IoT Device Security
Date: 7 September 2023
Red Team – Recon, Exploitation, Post exploitation, Breach Attack Simulation Red Team: A group authorized and organized to emulate a potential adversary’s attack against an enterprise’s security posture. The Red Team is a group that pretends to be an enemy, attempts a physical or digital intrusion, then reports back to the organization so that the organization can improve their defenses.
Why Red Team? The Red Team’s objective is to improve enterprise cybersecurity by demonstrating the impacts of successful attacks and by demonstrating what works for the defenders (i.e., the Blue Team) in an operational environment. Also known as Cyber Red Team.
Part 1: 3 hours
- Recon – tools including OSINT for recon
- Vulnerability Assessment
- How to assess for large internal network
- Exploitation
- Post exploitation
Part 2: 3 hours
Breach Attack Simulation - network devices and security controls
Breach Attack Simulation: a type of advanced computer security testing method that aims to identify different vulnerabilities in security environments by simulating the attack paths and techniques likely to be used by malicious actors.
The simulation involves the process of safely attempting threat activities (tactics, techniques, and procedures) in production environments to validate security control effectiveness.
- How to simulate network event
- Can we create a botnet activity simulation at night 3am and see how your devices and team respond
- How end point responds to breach attack simulation
Laptop – Intel i5, 8GB RAM, 100 GB free space
Session will be mixed – Part 1 & 2 (3 hours each)
Theory is limited. Session will involve more installation and practice activities Basic requirements – Laptop, etc. Hands on experience with Linux command, windows.
Objective
To provide delegates with an in-depth understanding of the Deep Web, Dark Web, and the fundamentals of threat hunting, followed by a hands-on workshop where they can apply their newly acquired knowledge to real-world scenarios.
The workshop involves leveraging the practical experience of participants in analyzing the day-to-day
About the Workshop
The fast-paced advancements in technology have exposed organizations to vast, uncharted areas of the inter- net - the Deep Web and the Dark Web. While these internet sections bring forth new opportunities, they also present unique cybersecurity and data protection challenges.
The Deep Web, Dark Web, and Threat Hunting Workshop provide participants the tools to navigate these spaces safely and effectively. The workshop focuses on understanding these environments, assessing poten- tial threats, and applying proactive risk mitigation strategies.
As data breaches and cyber threats become more frequent and sophisticated, being able to identify and re spond to these threats is not only crucial for regulatory compliance but also for protecting the integrity and reputation of an organization. This workshop aims to equip professionals with the skills and knowledge needed to stay ahead of potential cyber threats in these complex digital environments.
Who should attend?
Professionals looking to expand their knowledge of the Deep Web, Dark Web, and threat-hunting strategies, or those with a role in cybersecurity and need to comprehend these less-explored realms of the internet will significantly benefit from this workshop.
Those with limited knowledge in Deep Web, Dark Web, and threat hunting but with the ambition to become cybersecurity experts or threat hunters, will find the workshop particularly useful. The same goes for those who have some foundational knowledge and wish to delve deeper.
Individuals who need to understand their responsibilities in securing digital environments from various de partments that handle sensitive data and information - including legal, risk and compliance, IT services, mar keting, financial and accounting, and human resources - will gain critical insights from this workshop.
Suggested job roles and their teams include:
- Cybersecurity professionals
- Threat intelligence analysts
- IT and network security professionals
- Corporate governance professionals
- Risk and compliance professionals
- Human Resource teams dealing with sensitive data
- Internal legal teams dealing with cyber laws and regulations
- Digital forensic teams
- Incident response teams
- Teams handling sensitive online data and records
Workshop agenda and schedule:
9:30 AM – 10:00 AM: Introduction and Opening Remarks
- Welcome and Workshop Overview
- Definition of Key terms: Deep web, Surface Web, Dark Web
10:00 AM – 10:45 AM: Understanding the Deep Web
- What is the Deep Web?
- Legitimate uses and challenges in accessing and navigating the Deep Web
- .Deep Web security concerns and mitigation strategies
10:45 AM – 11:00 AM: Networking Break
11:00 AM – 12:30 PM: Understanding the Dark Web
- What is the Dark Web?
- How to access the Dark Web
- Cybersecurity implications of the Dark Web
12:30 PM – 1:30 PM: Lunch break
1:30 PM – 2:15 PM: Introduction to Threat Hunting
- What is Threat Hunting and why is it important?
- Proactive vs. reactive approaches to cybersecurity
- The Threat Hunting process: Hypothesis generation, data collection and analysis, TTPs identification, and remediation
2:15 PM – 3:15 PM: Practical and Group Session: Navigating the Deep Web and Dark Web (Hands on)
- What is Threat Hunting and why is it important?
- Accessing and exploring the Deep and Dark Web safely and responsibly
3:15 PM – 3:30 PM: Networking break
3:30 PM – 4:15 PM: Practical and Group Session: Threat Hunting (Hands-on)
- Conducting threat hunting exercises using real-world scenarios
- Analysing network traffic and log data
- Identifying and tracking adversaries
- Developing and implementing remediation strategies
- Exposure to Cyber Threat Intelligence
- Basic understanding of FAIR Model and its components
4:15 PM – 4:45 PM: Threat Hunting Tools and Techniques
- Overview of tools and techniques used in threat hunting
- Practical examples of using Endpoint Detection and Response (EDR), Security Information and Event Management (SIEM), and Threat Intelligence Platforms
4:45 PM – 5:00 PM: Closing Remarks and Vote of Thanks
Note : This schedule is indicative and there might be changes due the hands-on sessions