BEGIN:VCALENDAR PRODID:-//vBulletin 6//EN VERSION:2.0 CALSCALE:GREGORIAN BEGIN:VEVENT UID:0e6a1cad-4e4b-4d68-8a30-a60cb8ee2a9f DTSTAMP:20260517T001406Z SUMMARY:Angus Strom\, Troy Defty - Flipping the Coin: Red and Blue Teaming in Windows Environments DESCRIPTION:Title: Angus Strom\, Troy Defty - Flipping the Coin: Red and Bl ue Teaming in Windows Environments\n\nScheduled Date and Time (Pacific Sta ndard): Thursday\, August 10\, 2023\, at 1400-1800 PDT\n\nEventBrite Link: https://www.eventbrite.com/e/angus-strom-red-and-blue-teaming-in-windows- environments-tickets-668367353747?aff=oddtdtcreator\n\nMax Class Size: 40\ n\n\n\n\nAbstract:\n\nRed and blue are two sides of the same coin. Offensi ve and defensive teams deliver the best results when working together\; sh aring knowledge\, ideas\, and understanding with each other. And a core pa rt of this information exchange is understanding each respective perspecti ve. This is the overarching theme of the workshop\; attackers thinking lik e defenders\, and defenders thinking like attackers.\n\nBy the end of the workshop\, attendees will:\n\n1. Understand and perform common offensive a ttacks (supported by the Metasploit Framework) against Windows Domains\, i ncluding:\n\n Pass the Hash attacks\;\n ADCS abuse\;\n PrintSpoofer exploi ts\;\n LSASS exploitation (using Mimikatz)\;\n AD enumeration (using Blood Hound)\;\n DACL abuse\;\n Kerberos golden tickets\; and\n DLL hijacking.\n \n2. Understand the process of detecting attacks against Windows infrastr ucture\, including how to design and implement their own detection rules b ased on attendees’ previous attacks\, using:\n\n Sigma/Yara rules.\n Log ingestion/normalization platforms\, and query engines (e.g. ELK).\n \n3. Understand and appreciate how the actions and processes of red and blue te ams are interlinked\, for the greater collective good. Recommended (but no t required) prior reading:\n\n https://nooblinux.com/metasploit-tutorial/h ttps://posts.specterops.io/introducing-bloodhound-enterprise-attack-path-m anagement-for-everyone-39cfd8d6eb7c\n https://learn.microsoft.com/en-us/wi ndows-server/identity/ad-ds/get-started/virtual-dc/active-directory-domain -services-overview\n https://socprime.com/blog/sigma-rules-the-beginners-g uide/\n https://github.com/socprime/SigmaUI\n https://blog.netwrix.com/202 1/11/30/how-to-detect-pass-the-hash-attacks/\n https://posts.specterops.io /certified-pre-owned-d95910965cd2\n https://www.elastic.co/guide/en/securi ty/current/suspicious-print-spooler-point-and-print-dll.html\n \n\n\n\nSki ll Level: Beginner to Intermediate\n\nPrerequisites for students:\n\nBasic understanding of the Linux and Windows command line\, and some basic know ledge of IP networking and routing. A basic understanding of Active Direct ory and exposure to the Metasploit Framework/Meterpreter are beneficial\, but not required.\n\n\n\n\nMaterials or Equipment students will need to br ing to participate:\n\nLaptop\, 8GB RAM\, OpenVPN Client\, Remote Desktop Protocol (RDP) client. It is strongly recommended that attendees have loca l administrative rights to their device.\n\nAn Internet connection is also required\; DEF CON’s (authenticated) WiFi network will suffice\, howeve r attendees should consider alternative options in favour of resiliency (e .g. tethering/hotspotting cell phones).\n\n\n\n\nBios:\n\nAngus (0x10f2c_) is currently a Senior Security Engineer working at a tech company. He obt ained a love for all things computers by scavenging computer parts from lo cal garbage pickups as a kid\, and then trying to make them work together without blowing up. Angus eventually realised that a career could be made out of his skills hacking together poorly written LUA code in Garry’s mo d\, and finished a Bachelors in Network Security. In his professional care er Angus has 5+ years working in Security Consulting\, working across many industries and gaining many shells. More recently Angus has made the move to a security engineer focused role. When not hacking he loves to ski on the little snow that Australia has\, and loves to paint small miniatures w hile listening to Drone Metal.\n\n\n\n\nHaving worked in the UK and Austra lian InfoSec industries for just over a decade\, and following 8 and a hal f years of red teaming\, Troy jumped the proverbial fence from red to blue \, and is currently a Security Engineering Manager at a tech company. His interest and experience is in detection engineering\, red teaming\, threat modelling\, hardware\, and assessing ICS environments. Other interests in clude music\, electronics\, the outdoors\, travel\, rugby\, CTF\, and bein g bad at golf.\n​ URL:https://forum.defcon.org/node/246019 DTSTART:20230810T220000Z DTEND:20230811T020001Z LOCATION:Las Vegas\, NV\, DEF CON 31 END:VEVENT END:VCALENDAR