Tweet
Title: (Beginner) Incident Response and the ATT&CK Matrix
Description:
Practice techniques to detect, analyze and respond to intrusions on cloud servers. We will emulate APT attacks and detect them with Splunk, Suricata, Sysmon, Wireshark, Yara and other tools. We will use the ATT&CK Matrix to enumerate threat actors, tactics and techniques.
Beginners are welcome. No previous experience with these techniques is required. Participants need a credit card and a few dollars to rent Google Cloud servers.
Practice techniques to detect, analyze and respond to intrusions. We will construct targets and attackers on the Google cloud, and send attacks using Metasploit and Caldera to emulate APT attackers. We will monitor and analyze the attacks using Splunk, Suricata, Sysmon, Wireshark, Yara and online analysis tools including PacketTotal and VirusTotal.
We will cover the ATT&CK Matrix in detail, which enumerates threat actors, tactics and techniques, so red and blue teams can better communicate and work together to secure networks.
The workshop is structured in a CTF format. Each participant works at their own pace. The techniques will be demonstrated, with complete step-by-step instructions to lead beginners through the easy challenges. There are also harder challenges for more experienced participants. We will help participants as needed, to ensure that everyone learns new techniques.
Participants need a credit card and a few dollars to rent Google Cloud servers. We will use Debian Linux and Windows Server 2016 systems. All the tools we will use are freely available, and all the training materials will remain available to everyone after the workshop ends.
Speaker(s): Sam Bowne
Location: Blue Team Vlg / Blue Team Vlg - Workshop Track 2
Discord: https://discord.com/channels/7082082...54317658734613
Event starts: 2020-08-09 10:30 (10:30 AM) PDT (UTC -07:00)
Event ends: 2020-08-09 12:00 (12:00 PM) PDT (UTC -07:00)
For the most up-to-date information, please either visit https://info.defcon.org, or use HackerTracker, which is available for iOS and Android. This is an automated message, and this data was last modified 2020-08-03T00:19 (UTC).
Description:
Practice techniques to detect, analyze and respond to intrusions on cloud servers. We will emulate APT attacks and detect them with Splunk, Suricata, Sysmon, Wireshark, Yara and other tools. We will use the ATT&CK Matrix to enumerate threat actors, tactics and techniques.
Beginners are welcome. No previous experience with these techniques is required. Participants need a credit card and a few dollars to rent Google Cloud servers.
Practice techniques to detect, analyze and respond to intrusions. We will construct targets and attackers on the Google cloud, and send attacks using Metasploit and Caldera to emulate APT attackers. We will monitor and analyze the attacks using Splunk, Suricata, Sysmon, Wireshark, Yara and online analysis tools including PacketTotal and VirusTotal.
We will cover the ATT&CK Matrix in detail, which enumerates threat actors, tactics and techniques, so red and blue teams can better communicate and work together to secure networks.
The workshop is structured in a CTF format. Each participant works at their own pace. The techniques will be demonstrated, with complete step-by-step instructions to lead beginners through the easy challenges. There are also harder challenges for more experienced participants. We will help participants as needed, to ensure that everyone learns new techniques.
Participants need a credit card and a few dollars to rent Google Cloud servers. We will use Debian Linux and Windows Server 2016 systems. All the tools we will use are freely available, and all the training materials will remain available to everyone after the workshop ends.
Speaker(s): Sam Bowne
Location: Blue Team Vlg / Blue Team Vlg - Workshop Track 2
Discord: https://discord.com/channels/7082082...54317658734613
Event starts: 2020-08-09 10:30 (10:30 AM) PDT (UTC -07:00)
Event ends: 2020-08-09 12:00 (12:00 PM) PDT (UTC -07:00)
For the most up-to-date information, please either visit https://info.defcon.org, or use HackerTracker, which is available for iOS and Android. This is an automated message, and this data was last modified 2020-08-03T00:19 (UTC).