SIMARGL provides a series of modular training courses in cyber attack management, advanced assurance and protection aimed at the LEA community and other stakeholders with an interest in learning about threats that use information hiding techniques, such as stegomalware.
The following 8 courses will provide relevant training of SIMARGL innovative solutions - The SIMARGL Toolkit - and raise awareness of the risks of information hiding capable threats.
|S1||Introduction to Cyber Threats||2021-10-01||Enrol|
|S2||Introduction to Cyber Attack Management||2021-12-01||Enrol|
|S3||Introduction to Malware Analysis||2021-12-01||Enrol|
|S4||Cyber Attack Simulation and Cyber Range by Airbus||2021-11-30||Enrol|
|S5||Information Sharing, Analysis and CTI||2021-12-15||Enrol|
S1: Introduction to Cyber Threats
This introductory course for LEA's and interested stakeholders presents an entry-level overview of the cyber threat scene. It covers a broad spectrum of topics including the identification of, and the differentiation between, the top cyber threats, and provides an outline of new and emerging threats and trends. The course looks at how the risk from threats can be managed and explores different strategies for effective threat prevention. Real case studies are used to illustrate and highlight the objectives of the course within the context of the borderless nature of the cyber space and law enforcement needs.
S2: Introduction to Cyber Attack Management
The course "Introduction to Cyber-Attack Management" will provide attendees with insight into emerging cyber threats, introduction to cyber-attack analysis, and the concept and rules of digital forensics. In the first part, basic terms and types of cyber-attacks will be explained (e.g., cyber-attack, cyber-crime, cyber-warfare, cyber-hacktivism). Attendees will learn about the pillars of cybersecurity, vulnerable components of information-technology infrastructure, where the emphasis will also be put on human factors in cybersecurity, and actual trends in cybersecurity (e.g., the role of social media to cybersecurity, cloud computing, mobile smart devices, and critical infrastructure vulnerability).
The second part will focus on cyber-attack modelling analysis in which different attack modelling techniques will be discussed. Several essential techniques and models will be described in detail (e.g., their purpose, visualization, source, strengths, and weaknesses). The last part will demonstrate the core of digital forensics by focusing on what digital forensics is, its processes, main actors, and rules. Recorded lectures, written materials, and quizzes will be available for the attendees.
S3 Introduction to Malware Analysis
This course will introduce the Airbus file analysis platform Orion Malware which is part of the SIMARGL Toolkit. After a short review of the threat landscape we will focus on real life samples and demonstrate how to leverage Orion file analysis capabilities to qualify, analyse and respond to malware threats.
This course is divided in 2 parts, one demonstrating the analysis capabilities of Orion, and a second part (optional) which involve hands on the tool and labs. This practical session will be delivered remotely through video conferencing and access to an Orion Malware instance for the attendees.
S4 Cyber Attack Simulation and Cyber Range by Airbus
The general and unprecedented crisis caused by the WannaCry/NotPetya or RAAS ransomware shows the importance of multiple and evolving cyber risks constantly present for businesses, individuals, public institutions and States. It is therefore essential today to rely on diversified and innovative Cyber Security Training programs to take into account all types of existing attacks. In order to meet these needs, the cyber range provided to SIMARGL by Airbus Cybersecurity offers Ethical Hacking the S4 Cyber Attack Simulation and Cyber Range by Airbus module provides Awareness training to introduce IT threats with practical exercises.
S5 Information Sharing, Analysis and CTI
Cybersecurity breaches are commonplace today. Organisations and individuals face numerous challenges from increasingly sophisticated attacks as well as information flooding from, sometimes, disparate sources; disconnected security systems; a skills shortage within the industry, etc. Cyber threat intelligence provides cost effective and customer focused solutions but few organisations can proactively anticipate cyber threats and implement preventative strategies. Good cyber threat intelligence is more than just acquiring data feeds with even more burdensome information that need analysis. It’s acquiring the right knowledge that helps in the making of informed decisions about security.
The course Information Sharing, Analysis and CTI will provide attendees with a clear understanding of CTI and its use and advantages. Attendees will learn the importance of threat information sharing through structured languages such as STIX (Structured Threat Information eXpression), TAXII (Trusted Automated eXchange of Indicator Information) and analysis with MITRE ATT&CK®, a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations.
This module will introduce the attendants to the topic of malicious software that utilize various types of information hiding techniques. First, the fundamentals of data hiding will be outlined for various types of hidden data carriers (e.g., digital media content, network traffic, files meta-data, etc.). Then real-life cases of stegomalware will be described and explained in detail. Next, potential countermeasures as well as potential future trends for stegomalware will be highlighted. Finally, several, carefully chosen and important tools used by cybercriminals as well as detection solutions will be showcased through demonstrations.
S7 Hidden Networks
This module will focus on characterizing one of the most ephemeral type of hidden data carriers that can be used for information hiding purposes, i.e., network covert channels. First, the fundamentals of covert channels as well relevant facts on information hiding will be introduced. Then, various types of techniques used to perform covert data exchange exploiting network traffic and applications will be discussed. Next, potential countermeasures as well as potential future trends for information hiding will be highlighted. Finally, several, carefully chosen and important tools for network covert channels creation and utilization will be showcased through demonstrations.
S8 SIMARGL Toolkit
SIMARGL is a cybersecurity toolkit that aims to protect from different types of malware, including information hiding methods, network anomalies, stegomalware, ransomware and mobile malware. It contains various security tools that can be configured for one's needs. You can find more information regarding SIMARGL on the website: simargl.eu.
This course aims to present the deployment steps and system requirements for the toolkit. Some components may not be available in the base version, as some SIMARGL modules may require a paid subscription. The modular implementation of SIMARGL is meant to allow companies to shape the functionality to their needs and budget constraints.
This course presents the high-level architecture of the SIMARGL H2020 toolkit. It covers a variety of topics, including the idea behind the project and its objectives, how each component works and how it is integrated into the framework and interacts with other components. Moreover, to demonstrate how the SIMARGL toolkit can be used, the course presents some use-case scenarios, including specific data visualization.