#IICSG2019 Conference Workshop Track
Day 1 (19 Jun 2019)
3.00pm—4.45pm
@ Breakout Room 3
Overview
This workshop will help improve both red and blue skillsets through a series of live hacks, where you as an attendee will have to identify malicious activities on a series of targets.
The trainer (Red Team) will perform a series of attacks on the hosts within the in.security LAB, running commands, tools and utilising techniques used in the field. You (the Blue Team) will then need to use the in-LAB ELK stack to identify the malicious activities and raise the alarm! This will up-skill both attackers in understanding the various attack flows that can compromise their cover and defenders in understanding how to detect them.
“The best defence is a good offence” applies as much in cyber as it does in sport. Understanding the attack flow is important in consolidating knowledge, so you’ll get to see every attack the trainer carries out before you’re set off to hunt down the evidence. This heightened mindset will then up your game in the field to better detect the traces, logs and data that can give an attacker away.
What To Expect In the Intensive 120-minute Workshop
Lab & Scenario Introduction
Connectivity and network overview
Auditing Windows, Linux and network devices
Intro to the ELK stack, Sysmon, logging, alerting and monitoring
Phase #1
RED:
* Port/vulnerability scans
* Brute-force attacks
BLUE:
* Identify targeted hosts and the associated services
* Identify compromised user accounts
Phase #2
RED:
* Sending emails with malicious content
* Landing a shell!
BLUE:
* Catching a Phish!
Phase #3
RED:
* Credential theft (identifying Mimikatz, Kerberoasting, LSASS attacks)
* Lateral movement and pivoting within the enterprise
BLUE:
* Identifying credential attacks
* Identifying compromised hosts
Phase #4
RED
* Using Out of Band (OOB) channels
* Exfiltrating data
BLUE:
* Identifying suspicious connections
* Raising the alarm!
This Workshop Is Suited To a Variety of Students, Including
Blue/Red team members
SOC analysts
Penetration testers
Security professionals
IT support, administrative & network personnel
Technical/Hardware/Software Requirements
Students will need to bring a laptop with a web browser installed
Comments