BEGIN:VCALENDAR PRODID:-//vBulletin 6//EN VERSION:2.0 CALSCALE:GREGORIAN BEGIN:VEVENT UID:5f785a9d-9d7e-4908-928b-ae0f00ddd7bc DTSTAMP:20260421T195044Z SUMMARY:(Beginner) Incident Response and the ATT&\;CK Matrix DESCRIPTION:Title: (Beginner) Incident Response and the ATT&CK Matrix\n\nDe scription:\nPractice techniques to detect\, analyze and respond to intrusi ons on cloud servers. We will emulate APT attacks and detect them with Spl unk\, Suricata\, Sysmon\, Wireshark\, Yara and other tools. We will use th e ATT&CK Matrix to enumerate threat actors\, tactics and techniques.\n\nBe ginners are welcome. No previous experience with these techniques is requi red. Participants need a credit card and a few dollars to rent Google Clou d servers.\n\nPractice techniques to detect\, analyze and respond to intru sions. We will construct targets and attackers on the Google cloud\, and s end attacks using Metasploit and Caldera to emulate APT attackers. We will monitor and analyze the attacks using Splunk\, Suricata\, Sysmon\, Wiresh ark\, Yara and online analysis tools including PacketTotal and VirusTotal. \n\nWe will cover the ATT&CK Matrix in detail\, which enumerates threat ac tors\, tactics and techniques\, so red and blue teams can better communica te and work together to secure networks.\n\nThe workshop is structured in a CTF format. Each participant works at their own pace. The techniques wil l be demonstrated\, with complete step-by-step instructions to lead beginn ers through the easy challenges. There are also harder challenges for more experienced participants. We will help participants as needed\, to ensure that everyone learns new techniques.\n\nParticipants need a credit card a nd a few dollars to rent Google Cloud servers. We will use Debian Linux an d Windows Server 2016 systems. All the tools we will use are freely availa ble\, and all the training materials will remain available to everyone aft er the workshop ends.\n\nSpeaker(s): Sam Bowne\n\nLocation: Blue Team Vlg / Blue Team Vlg - Workshop Track 2\n\nDiscord: https://discord.com/channel s/708208267699945503/732454317658734613\n\nEvent starts: 2020-08-09 10:30 (10:30 AM) PDT (UTC -07:00)\n\nEvent ends: 2020-08-09 12:00 (12:00 PM) PDT (UTC -07:00)\n\nFor the most up-to-date information\, please either visit https://info.defcon.org\, or use HackerTracker\, which is available for i OS and Android. This is an automated message\, and this data was last modi fied 2020-08-03T00:19 (UTC). URL:https://forum.defcon.org/node/234108 DTSTART:20200809T183000Z DTEND:20200809T200001Z LOCATION:Blue Team Vlg / Blue Team Vlg - Workshop Track 2 END:VEVENT END:VCALENDAR