Advanced Network Archaeology
5/23/2022 - 5/26/2022 : Online
Registration for this event has closed.

This online event will have participants creating their own Domain Generation Algorithm (DGA) decoder based on data from the Solarwinds compromise (UNC2452: SUNBURST/TEARDROP).

We will cover a history of the intrusion, and then dive deep into the structure of the protocol, techniques for decoding the protocol, and the computer science concepts underlying various aspects of the protocol. This is all taught with the goal of creating a custom decoder.

Participants will be using Python (or another language of their choice) to create decoders from provided "generic" pieces. Participants will also learn how to integrate published research from other investigators, and how to peer-review these published findings by reimplementing and examining statements with a critical eye.

At the conclusion of the event, participants will be able to explain the minute details of the protocol. Mastery of the course results in a working decoder created by the participant.