Barry van Kampen

By the end of the workshop, participants will:

• Understand the infection chain

• Perform basic triage + light dynamic analysis

• Extract useful IOCs quickly

This two-hour workshop walks participants through a simple, realistic malware case from start to finish, beginning with a phishing email and ending with a list of useful IOCs.

After a short intro and safety check, they look at a phishing example to spot anything suspicious, then move into a hands-on exercise where they analyze a sample file and pull out basic indicators like hashes and domains. Depending on their level they can use or already pre-analysed samples, presented in a movie. Or start analyses themself with own tools with some direction ofcourse.Next, they watch (or briefly try depending on their knowledge) how the malware behaves in a controlled environment, focusing on things like processes and network traffic.

In the final part, they bring everything together into a clear IOC list and discuss what is actually useful, keeping the whole session practical, fast, and easy to follow.