BEGIN:VCALENDAR
PRODID:-//vBulletin 6//EN
VERSION:2.0
CALSCALE:GREGORIAN
BEGIN:VEVENT
UID:da4c13bf-7073-4cbc-8d0b-8d676b3f4725
DTSTAMP:20260428T175251Z
SUMMARY:Ryan Chapman\, Aaron Rosenmund\, Brandon DeVault - Active Directory
  Attacks: The Good\, The Bad\, and...
DESCRIPTION:Title: Ryan Chapman\, Aaron Rosenmund\, Brandon DeVault - Activ
 e Directory Attacks: The Good\, The Bad\, and The LOLwut\n\nScheduled Date
  and Time (Pacific Standard): Saturday\, August 12\, 2023\, at 0900 PDT\n\
 nEventBrite Link: https://www.eventbrite.com/e/ryan-chapman-active-directo
 ry-attacks-the-good-the-bad-and-the-lolwut-tickets-668395247177?aff=oddtdt
 creator\n\nMax Class Size: 80\n\n\n\n\nAbstract:\n\nThreat actors such as 
 ransomware affiliates around the world are carrying out attacks on Active 
 Directory (AD) at scale. When doing so\, such actors often stick to the ma
 instream in terms of attack methodologies and tooling. But… that’s lam
 e! Why borrow tactics\, techniques\, and procedures (TTPs) that are so wel
 l known and thus readily detectable?! Come hang out with us as we provide 
 an overview of AD\, show the most common attack scenarios\, then show you 
 how to detect and prevent those very attacks. Stick around as we then tran
 sition to covering what you could\, and should\, be doing instead.\n\nWe w
 ill be providing a remote network range to which you will connect. Once in
  the range\, you will be acting as the ransomware threat actor\, “pentes
 ter” as they like to call themselves. You will carry out attacks such as
  enumeration via Bloodhound\, credential discovery and compromise\, pass t
 he hash attacks\, and kerberoasting via common tools such as Mimikatz & Ru
 beus. After carrying out the attacks yourself\, you’ll then learn how to
  prevent and detect those very attacks. We’ll then show you custom-devel
 oped methods to carry out the same attacks without the reliance on well-kn
 own TTPs/tools. And even better\, we’ll show you how you could\, at leas
 t where it’s even possible\, detect the more custom/advanced methodologi
 es.\n\nJoin us if you are a blue teamer\, red teamer\, purple teamer\, cyb
 er defender\, DFIR analyst… basically anyone who wants (or needs!) to le
 arn to defend and/or attack Active Directory. Come for the tech\, stay for
  the humor. See ya there!\n\n\n\n\nSkill Level: Intermediate to Advanced\n
 \nPrerequisites for students: The primary requirement for this course is a
  desire to learn and the determination to tackle challenging problems. In 
 addition\, having some familiarization with the following topics will help
  students maximize their time in this course:\n\n- A general background in
  Digital Forensics & Incident Response (DFIR)\n\n- Familiarity with blue t
 eam-oriented tools\n\n- An understanding of general networking concepts\n\
 n- Familiarity with Active Directory – though we’ll cover everything s
 tudents need to know\n\n\n\n\nMaterials or Equipment students will need to
  bring to participate:\n\n- A laptop with Linux/Windows/Mac desktop enviro
 nment\n\n- Networking capability: Students will be connecting to a remote 
 network range – They will need a wireless NIC (assuming the workshop are
 a provides Wi-Fi\, not not we’ll need to know) that can be enabled along
  with administrator privileges on their system\n\n- IMPORTANT: This worksh
 op relies on network connectivity. Any student not able to connect to our 
 range will be unable to follow along with the hands-on portion of the work
 shop.\n\n\n\n\nBios:\n\nRyan Chapman is the author of SANS’ “FOR528: R
 ansomware for Incident Responders” course\, teaches SANS’ “FOR610: R
 everse Engineering Malware” course\, works as a principal incident respo
 nse consultant for $dayJob\, and helps run the CactusCon conference in Pho
 enix\, Arizona\, USA. Ryan has a passion for life-long learning\, loves to
  teach people about ransomware-related attacks\, and enjoys pulling apart 
 malware. He has presented workshops at DefCon and other conferences in the
  past and knows how to create a step-by-step instruction set to maximize h
 ands-on learning.\n\n\n\n\nAaron Rosenmund is the Director of Security Res
 earch and Content for Pluralsight\, where he has also authored over 115 co
 urses and technical labs across offensive and defensive security operation
 s topics. Part time work includes service as an Cyber Warfare Operations o
 ffice in the Delaware Air National guard\, where he has also lead a 100+ m
 ember red team for the largest cyber exercise in the Nation\, Cybershield.
  4 years of highly rated talks and workshops have earned him the Distingui
 shed speaker title from RSAC\, and he looks forward to returning for the 3
 rd year to Defcon Workshops to bring practical emulation and testing capab
 ilities to the people who need it most.\n\n\n\n\nBrandon DeVault is a secu
 rity researcher\, blue teamer\, and educator. Currently works as an author
  for Pluralsight and member of the FL Air National Guard. Prior experience
  includes work at Elastic and multiple deployments with Special Operations
  Command.\n​
URL:https://forum.defcon.org/node/246032
DTSTART:20230812T170000Z
DTEND:20230812T210001Z
LOCATION:Las Vegas\, NV\, DEF CON 31
END:VEVENT
END:VCALENDAR