Automating Detection, Investigation and Mitigation with LimaCharlie

WorkShop Duration: 3 Hours.

The workshop will begin with an overview of the various detection and automation mechanisms available in LimaCharlie.
Afterwards we will create Detections and Hunters for LimaCharlie that will automate the detection and investigation of specific malware samples (provided for the Workshop, attendees can also bring their own).

Work will be done on the local development environment of each attendee (help will be provided setting it up).

  • Setting up development/playground environment.
  • Overview of Stateless, Stateful and Hunter automation mechanisms.
  • Interactive investigation of the malware samples.
  • Assisted Development of automation mechanisms.
  • Discussion on production deployment of the code developed.

Maxime Lamothe-Brassard

Maxime currently works for Google. His career has been centered around advanced computer attacks. He worked for the Canadian Intelligence apparatus in functions ranging from development of cyber defence technologies through Counter Computer Network Exploitation and Counter Intelligence. Maxime led the creation of an advanced cyber security program for the Canadian government and received several Director’s awards for his service. Leaving the government, Maxime provided direct help to private and public organisations in matters of cyber defence, working at CrowdStrike and eventually co­founding Arcadia, architecting advanced cyber defense solutions. For the past few years Maxime has also been providing analysis and guidance to major Canadian media organisations.
This talk represents my own opinions and not necessarily those of my employer.