This three-part series will provide a review of the intimate details of some of the most damaging malware attacks in recent months. Join our threat intelligence and malware reversal experts in dissecting samples and learning how these attacks can really impact you.

This online course will dig into the leaks and exploits in files, the intelligence behind them, and how they have impacted the world. Each session will run approximately 90 minutes. The course is available on the live dates, as well as on-demand recordings for the following six months.

Part 1: Shadow Brokers and the exploits

A Google search for Double Pulsar or Eternal Blue prior to the Shadow Brokers leak would have brought back only a handful of scientific or maybe science fiction hits. Today, these words return a virtual myriad of links to write-ups about their use in two of the most notorious attacks of 2017: WannaCry and Petya/NotPetya. Join us as we walk through samples and examine how these exploits were bundled and deployed. We will cover the key indicators and characteristics that proved these “ransomware” attacks were actually more diabolical in nature.

Part 2: Shamoon and back—a look at two destructive campaigns

How many of you have heard of the Saudi Aramco disaster? Shamoon wiped out more than 30,000 corporate machines and servers and took down an entire company, costing millions of dollars in the process. Saudi Arabia didn’t learn its lesson and suffered a second crippling attack using the same TTPs with only minor modifications. Join us as we walk through the malware and talk about the intelligence surrounding these two breaches.

Part 3: How is ransomware still a thing?

Ransomware TTPs—tactics, techniques, and procedures—have evolved very little since the first iteration in 1989. The vectors are generally the same, and yet we still see in the news large corporations being brought to their knees by this commonplace malware. Join us as we explore some of the TTPs and give you ideas on how to mitigate the chance of ransomware attacks affecting you.

Who should attend?

• Individuals new to or desiring a better understanding of how attacks can impact and cripple an organization

• Professionals who deal with technical issues, but feel they do not have enough background to deter and mitigate them successfully

• Technical professionals that need to be armed with greater knowledge of incident response and threat Intelligence and their role in resolving incidents

These sessions will be conducted online live using the ON24 platform. You can take this course via the on-demand recordings through May of 2018.

Course price: $495 (includes all three parts)

Attendees will earn 5 CPE credit hours. Each session will be approximately 90 minutes.

If you have any questions, please contact Tom Bechtold at or 503-303-7871.

speaker photo
Chris Rogers
Leader of Virtual SOC, CyberDefenses, Inc.

Chris Rogers is a 20-year industry security specialist who works with CyberDefenses Inc. as the virtual security operations center (SOC) team lead.

Chris is a passionate believer that while security is complicated, it is far from the wizard-like magic many vendors make it out to be.

Chris has worked as a forensic examiner and intrusion specialist, solving malware and large-scale intrusion mysteries throughout his career. His experience includes work at the Department of Defense Computer forensic laboratory, and building and managing the malware team at Bank of America.

Having worked in real-time against new and emerging threats or actors, Chris always loves the tactical aspect of the work and the immediacy of intrusion situations, not to mention the personal satisfaction of solving mysteries, protecting assets, and making the world a better place.

speaker photo
Monty St John
Security Intelligence Architect, CyberDefenses, Inc.

Monty St John is a computer science and information security expert, U.S. Navy and Air Force veteran, certified instructor, and author of dozens of classes for CyberDefenses Inc. He has assisted numerous companies build and accredit laboratories, threat teams, and security operations centers (SOCs). He’s also a game designer, speaker, and prolific writer, with two upcoming technical volumes set for 2018.

Monty’s investigative background began in the U.S. Navy, where he spent the better part of a decade seeking out prisoners-of-war and individuals missing in action. Working to resolve and close decades-old cold cases in foreign lands in other tongues crafted a skillset uniquely suited to infosec work. To prove it, Monty shifted from the U.S. Navy to the Air Force, switching uniforms and positions, to the Defense Cyber Crime Center (DC3). The work done at DC3 was pioneering in many ways, and some of the greatest talent in the industry can trace their history back to DC3.

Monty teaches a variety of classes and prefers an active learning approach. He holds a firm belief that critical thinking underpins all fields at some level, but especially in infosec. Every class he crafts sustains this belief and is geared to empowering students to walk away with the ability to sleuth—to outline the problem and then determine the solution. He says, “Once you learn the reason why—the concepts that underpin everything—you will quickly realize that you can take them and apply them to any case, any engagement, or any issue presented.”

He’s a regular speaker and trainer at industry conferences, including BSides, DerbyCon, ISSA Summits, OWASP Summits, and (ISC)2 Summits. He’s also presented security topics to a number of high-profile and Fortune 500 executives.

Get to know more about Monty: