top of page
  • Writer's pictureInfosec In the City (IIC)

Catch Me If You Can — Seeing the Red Through the Blue — by Owen Shearing & Will Hunt

#IICSG2019 Conference Workshop Track


Day 1 (19 Jun 2019)

3.00pm—4.45pm

@ Breakout Room 3



Overview

This workshop will help improve both red and blue skillsets through a series of live hacks, where you as an attendee will have to identify malicious activities on a series of targets.

The trainer (Red Team) will perform a series of attacks on the hosts within the in.security LAB, running commands, tools and utilising techniques used in the field. You (the Blue Team) will then need to use the in-LAB ELK stack to identify the malicious activities and raise the alarm! This will up-skill both attackers in understanding the various attack flows that can compromise their cover and defenders in understanding how to detect them.

“The best defence is a good offence” applies as much in cyber as it does in sport. Understanding the attack flow is important in consolidating knowledge, so you’ll get to see every attack the trainer carries out before you’re set off to hunt down the evidence. This heightened mindset will then up your game in the field to better detect the traces, logs and data that can give an attacker away.

What To Expect In the Intensive 120-minute Workshop

Lab & Scenario Introduction

  • Connectivity and network overview

  • Auditing Windows, Linux and network devices

  • Intro to the ELK stack, Sysmon, logging, alerting and monitoring

Phase #1

RED:

* Port/vulnerability scans

* Brute-force attacks

BLUE:

* Identify targeted hosts and the associated services

* Identify compromised user accounts

Phase #2

RED:

* Sending emails with malicious content

* Landing a shell!

BLUE:

* Catching a Phish!

Phase #3

RED:

* Credential theft (identifying Mimikatz, Kerberoasting, LSASS attacks)

* Lateral movement and pivoting within the enterprise

BLUE:

* Identifying credential attacks

* Identifying compromised hosts

Phase #4

RED

* Using Out of Band (OOB) channels

* Exfiltrating data

BLUE:

* Identifying suspicious connections

* Raising the alarm!


This Workshop Is Suited To a Variety of Students, Including

  • Blue/Red team members

  • SOC analysts

  • Penetration testers

  • Security professionals

  • IT support, administrative & network personnel​

Technical/Hardware/Software Requirements

Students will need to bring a laptop with a web browser installed

45 views0 comments

Comments


Post: Blog2_Post
bottom of page