How Adversary Emulation Can Enhance Blue Team Performance
Offered By: Hack In The Box Security Conference via YouTube
Course Description
Overview
Syllabus
Intro
Maturity level
Why Adversary Emulation ?
Our Adversary Emulator Goals
Agenda
Architecture
Infrastructure Builder
Attack Simulator
Playbook design
Playbook - Design Concept
Dogeza Playbook Scenario
Dogeza Red-Blue Team Step
Red Team Procedure: Step 3 Initial Acce • Use CVE-2019-9194 to exploit elFinder for www-data privilege shell . elFinder is a famous file manager for web, and many 3rd party integration
Red Team Procedure: Step 7
Escalate privilege from IIS to system • Use wehshell to trigger privilege escalation
12 • Red team uses several administrative tools to control Victim C
Red team collect top confidential information and send back to Victim B's web, then these stolen data exfiltrate via Victim A's tunnel.
Metasploit Integrated
Empire Integrated
Repurpose the APT malware
APT malware - DBGPRINT
DBGPRINT stager flow
The attack method want to detect
Detect from command line
Detect from process loaded library
Check PowerShell eventlog
04 Check called API
Data Sources Evolution
Investigation ! Not Just Detection
The key benefit for the Red Team
The key benefit for the Blue Team
Taught by
Hack In The Box Security Conference
Related Courses
Computer SecurityStanford University via Coursera Cryptography II
Stanford University via Coursera Malicious Software and its Underground Economy: Two Sides to Every Story
University of London International Programmes via Coursera Building an Information Risk Management Toolkit
University of Washington via Coursera Introduction to Cybersecurity
National Cybersecurity Institute at Excelsior College via Canvas Network