Supsec Winter Workshop

Supsec Winter Workshop: Log Analysis Exercise

The exercise consists in the analysis of logs and pcaps of an information system that was compromised following an APT-style attack (at a small scale). The exercise is mainly intended for students in cybersecurity. Registration is mandatory (see below). It will take place on the 24th of January at Inria in the rooms "Petri" and Turing".

The exercise is organized by Amossys and Malizen. Prizes will given to the best students on the 25th of January at noon in the "salle de conférence" of Inria. Amossys and Malizen will give some insights of the different attack steps and what can be found in the logs and pcaps. [slides] [slides]

The students must bring their own computer for the exercise. Each student will have have two hours to analyze what happened on the system and write a small report about what they found. To analyse the logs, students will have to choose between the platform developed by Malizen or the tools put in place by Amossys. Students can also use their favorite tools if needed.

Version française

Cet exercice d'analyse de logs est principalement dédié aux étudiants en cybersécurité. L'inscription est obligatoire (voir plus bas pour les modalités). L'exercice aura lieu le 24 janvier à Inria dans les salles "Petri" et "Turing".

L'exercice est organisé par Amossys et Malizen. Des lots seront remis aux meilleurs étudiants le lendemain (25 janvier) à 12h dans la salle de conférence d'Inria. Amossys et Malizen donneront également des éléments sur le scénario d'attaque et ce que l'on pouvait observer dans les logs. [transparents] [transparents]

Les étudiants doivent apporter leur propre ordinateur. Chaque étudiant aura deux heures pour analyser ce qui s'est passé sur le système d'information et écrire un rapport succinct. Pour analyser les logs, les étudiants pourront choisir entre la plateforme de Malizen ou les outils mis en place par Amossys. Il sera tout à fait possible d'utiliser ses propres outils si besoin.

Registration (free but mandatory)

By email to lydie.mabil@inria.fr

Last/Family NAME:

First name:

Affiliation/Institution:

Email:

Phone:

Time slot (please precise 9h-11h, 11h-13h, 13h-15h or 15h-17h):

Tools (please precise Malizen or Amossys):

"On site" or "remote" (please precise):

Free comments:

Information

Location

The Supsec Winter Workshop Exercise is located in Inria centre at Rennes University on the University Campus (called “Campus de Beaulieu”), in the east of Rennes.

When you are at Inria centre at Rennes University, enter building 12G “Accueil Inria – IRISA”. The exercise will take place in the rooms "Petri" and "Turing".

Context and organization

The DGA has entrusted Inria, on behalf of all the partners of the PEC research centre (Pôle d’excellence cyber), with the organisation of “thematic semesters” dedicated to cybersecurity.

Led by one or several researchers from PEC partners, a thematic semester has the following objectives:

To this end, a thematic semester is made up of a series of scientific events such as colloquia, conferences and working group meetings. There is a with thematic coherence between these events that are organized over a period of 3 to 6 months. These activities are complemented by short or longer term invitations of researchers and other events that may be organized in cooperation with the Rennes ecosystem.