![Cover Image for [Black Hat] Mastering the SecOps Platform: LimaCharlie 101 Workshop](https://images.lumacdn.com/cdn-cgi/image/format=auto,fit=cover,dpr=2,background=white,quality=75,width=400,height=400/event-covers/3p/7b66cb18-dc60-45ed-9d02-9d552327ea0e.png)
[Black Hat] Mastering the SecOps Platform: LimaCharlie 101 Workshop
This workshop will cover the basics of the LimaCharlie SecOps platform. You will learn how to deploy EDR agents, gather additional telemetry and write detection and response rules, and integrate threat intelligence and YARA rules to detect and mitigate threats.
Key Learning Objectives:
Endpoint Detection and Response (EDR) Agent Deployment and Management: Learn the best practices for deploying LimaCharlie EDR agents across diverse environments. Understand the various deployment methods, agent configurations, and how to effectively manage agent health and status at scale.
Comprehensive Telemetry Collection and Analysis: Discover how to leverage LimaCharlie to gather a rich array of telemetry from your endpoints. This includes process execution, network connections, file system changes, registry modifications, and user activity. Participants will learn how to analyze this telemetry to identify anomalous behavior and potential indicators of compromise (IOCs).
Crafting Robust Detection and Response Rules: This section focuses on the heart of LimaCharlie's power: its flexible and powerful rule engine. Participants will learn to write custom detection rules using LimaCharlie's D&R language, covering a wide spectrum of threats from commodity malware to advanced persistent threats (APTs). We will also explore how to build automated response actions, enabling rapid containment and remediation of detected threats.
Integrating Threat Intelligence for Proactive Defense: Understand how to seamlessly integrate external threat intelligence feeds into LimaCharlie. Learn to operationalize IOCs from various sources, automatically enriching your telemetry and enhancing your detection capabilities. This includes exploring different threat intelligence formats and how to prioritize and manage incoming intelligence.
Leveraging YARA Rules for Malware Identification: Gain practical experience with YARA rules, a powerful tool for identifying malware based on textual or binary patterns. Participants will learn how to import and manage YARA rules within LimaCharlie, and how to create custom YARA rules to detect specific threats relevant to their organization. We will cover the nuances of writing effective YARA rules and integrating them into your overall detection strategy.
By the end of this workshop, attendees will possess the practical skills and theoretical knowledge necessary to effectively utilize the LimaCharlie SecOps platform to detect, investigate, and mitigate a wide range of cyber threats, significantly enhancing their organization's security posture.
Interested in our advanced session instead? Register for our LimaCharlie Advanced workshop: https://lu.ma/lc-black-hat-workshop-advanced-2025