Catch Me If You Can — Seeing the Red Through the Blue — by Owen Shearing & Will Hunt
#IICSG2019 Conference Workshop Track
Day 1 (19 Jun 2019)
@ Breakout Room 3
This workshop will help improve both red and blue skillsets through a series of live hacks, where you as an attendee will have to identify malicious activities on a series of targets.
The trainer (Red Team) will perform a series of attacks on the hosts within the in.security LAB, running commands, tools and utilising techniques used in the field. You (the Blue Team) will then need to use the in-LAB ELK stack to identify the malicious activities and raise the alarm! This will up-skill both attackers in understanding the various attack flows that can compromise their cover and defenders in understanding how to detect them.
“The best defence is a good offence” applies as much in cyber as it does in sport. Understanding the attack flow is important in consolidating knowledge, so you’ll get to see every attack the trainer carries out before you’re set off to hunt down the evidence. This heightened mindset will then up your game in the field to better detect the traces, logs and data that can give an attacker away.
What To Expect In the Intensive 120-minute Workshop
Lab & Scenario Introduction
Connectivity and network overview
Auditing Windows, Linux and network devices
Intro to the ELK stack, Sysmon, logging, alerting and monitoring
* Port/vulnerability scans
* Brute-force attacks
* Identify targeted hosts and the associated services
* Identify compromised user accounts
* Sending emails with malicious content
* Landing a shell!
* Catching a Phish!
* Credential theft (identifying Mimikatz, Kerberoasting, LSASS attacks)
* Lateral movement and pivoting within the enterprise
* Identifying credential attacks
* Identifying compromised hosts
* Using Out of Band (OOB) channels
* Exfiltrating data
* Identifying suspicious connections
* Raising the alarm!
This Workshop Is Suited To a Variety of Students, Including
Blue/Red team members
IT support, administrative & network personnel
Students will need to bring a laptop with a web browser installed