November 3rd: 9:30-17:30

November 4th: 9:30-16:30

This workshop is divided in six modules:

  • My CSIRT
  • Incident Response
  • Coordination and Colaboration
  • Tools
  • Training
  • Auditing and Forensics

The modules include several activities, in a total of fifteen.

  • Fill-in a RFC2350 template
  • Using SIM3-Checker to evaluate a team’s maturity
  • Evaluating SMISHING messages
  • Incident taxonomy analysis
  • Quiz: Incident classification
  • WHOIS exercise
  • Document classification using TLP
  • Using a SIEM
  • Flow analysis
  • Using the Virustotal tool
  • E-mail messages evaluation
  • Onboarding process
  • Building a phishing campaign for training
  • Audit (pentesting)
  • Forensics

These activities are held individually or in small groups.