ONG-ISAC and Cloud Range
Title: Anomaly Detection
Abstract:
QUARTERLY INTERACTIVE CYBER ATTACK TRAINING WORKSHOP SERIES
Attendees we taught how to perform frequency analysis to detect malware across hundreds of computers. Cloud Range’s industry-leading cyber range was used to show how to enumerate processes, dynamic link libraries (DLLs), services, and users. We also demonstrated how to analyze the results and how to verify whether they are malware or benign.
Learned to:
- Identify Unusual Patterns in Computer Processes: Participants were shown how to list and analyze the frequency of computer functions across dozens of computer systems to identify anomalies.
- Differentiate Benign and Harmful Anomalies: Participants were shown how to analyze the results from the data collection and use techniques to improve malware detection accuracy.
- Apply analysis to other operating system functions: Participants were shown how to gather information to perform frequency analysis across systems using freely available tools.
Speakers:
Tom Marsland, Training and Project Manager at Cloud Range
Dr. Duane Dunston, Senior Adversarial Engineer at Cloud Range
Speaker Bios:
Tom Marsland is a cybersecurity professional with experience in information technology, the nuclear power industry, engineering drills and casualty response, and curriculum design. He served over 22 years in the US Navy as a Nuclear Reactor Operator and Instrumentation and Controls Technician, working in nuclear engine rooms on a myriad of Navy submarine platforms. His final tour of duty was as the head of the nuclear-powered engine room for a fast attack Navy submarine with oversight of the entire propulsion and electric plant, and then as the lead nuclear supervisor for a squadron of three submarines. He has a bachelor’s degree in IT security and a master’s degree in cybersecurity.
Dr. Duane Dunston
Duane Dunston is a Senior Adversarial Engineer at Cloud Range. A former Associate Professor of Cybersecurity at Champlain College, he has been in Information Security since 1997 working in both the education and government sectors. His specializations are in red teaming, blue teaming, threat intelligence, risk management, practical use of cryptography, security education, threat hunting, and using technology for social change. Duane also spent six years as an Incident Responder within the government, and he is a mentor for the Vermont Cyberpatriots Program. Duane holds a BA and MS from Pfeiffer University and earned his doctorate at Northeastern University. He is a frequent contributor to the cybersecurity industry having written dozens of articles, created courses and programs, and spoken at industry events.