3-DAY TRAINING 3 – APT Wargames – Long Term Operations

THIS CLASS IS NOW BEING HELD ONLINE FOLLOWING SINGAPORE TIMEZONE (CET +6)

DURATION: 3 DAYS

CAPACITY: 15 pax

SEATS AVAILABLE: 15


USD2599


Overview

APT Wargames: Long Term Operations prepares a team of operators, responsible for organizing and carrying out offensive operations, to plan, implement and conduct simulations and offensive missions in the enemy environment, with particular emphasis on survival and long-term, hidden presence, out of reach of Blue Teams.

Key Learning Objectives

  • Grasping the difference between pentesting, red teaming and LTOs vs reality
  • Building a mental model of a long term attacker and his objectives
  • Understanding operation security in post-exploitation activities
  • Learning how to remain hidden for a long periods of time (months/years)

Who Should Attend

  • Red team operators
  • Penetration testers
  • All security engineers/professionals wanting to learn advanced offensive tactics

Prerequisite Knowledge

  • Understanding of operating system architecture
  • Decent experience with Linux/Windows OS
  • Experience with scripting programming (ie. Python, VBScript, Bash, etc.)
  • Basic TCP/IP networking skills
  • Strong will to learn and have fun

Hardware / Software Requirements

  • Modern laptop with administrative access to host OS
  • Min. 8 GB of RAM + 60 GB of free disk space
  • VirtualBox 6.0+ installed

Agenda :

Introduction

Pentesting vs Red Teaming

OPSec in Red Teaming

  • LOLBAS
  • Builtins

Attacks models – CA/LM/E

Reconnaissance

  • Local vs “Remote”
  • Passive vs Active

Persistence

  • “Autoruns”
  • Task Scheduler
  • Service Control Manager
  • WMI eventing
  • Image File Execution Options
  • DLL load hijacking
  • COM hijacking

Privilege Escalation

  • Passwords: dictionary attacks, password reuse, patterns, “stealer”
  • “Passwords around”: files, shares, GPP
  • Weak permissions to objects: folders, registry, services, AlwaysInstallElevated, DLL hijacking

Credential Access

  • Local Security Authority Subsystem
  • Device Guard, Credentials Guard
  • Extracting Credential Material
  • Credential Manager/Vault
  • Bypassing Credentials Guard

Lateral Movement

  • Schedule Service
  • Task Scheduler
  • Service Control Manager
  • SysInternals
  • Windows Management Instrumentation
  • Remote Desktop
  • Windows Remote Management
  • Distributed Component Object Model

Actions on Objectives

  • Deep Recon
  • Built-in: screenshots
  • Built-in: sniffing
  • Keylogging

Exfiltration

  • Built-in mechanisms
  • Mail
  • WebDAV
  • “Cloud”
  • Abusing existing protocols

Modus Operandi

OPSec Best Practices

  • Introduction
  • Situational Awareness
  • Infrastructure
  • Tradecraft
  • Counter Detection

TRAININGS
Location: Training Rooms Date: July 20, 2020 Time: 9:00 am - 6:00 pm Błażej Kantak