{"id":13621,"date":"2024-02-07T02:34:08","date_gmt":"2024-02-07T02:34:08","guid":{"rendered":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/product\/practical-linux-attack-paths-bkk2024\/"},"modified":"2024-07-29T04:17:42","modified_gmt":"2024-07-29T04:17:42","slug":"practical-linux-attack-paths-bkk2024","status":"publish","type":"product","link":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/product\/practical-linux-attack-paths-bkk2024\/","title":{"rendered":"Practical Linux Attack Paths and Hunting for Red and Blue Team"},"content":{"rendered":"

ATTEND IN-PERSON<\/span><\/strong>: <\/span><\/strong>Onsite in Bangkok, Thailand<\/strong><\/h4>\n
\n
\n
\n

DATE: 26-28 August 2024<\/strong><\/h4>\n<\/div>\n

TIME: 09:00 to 17:00 ICT\/GMT+7<\/strong><\/h4>\n\n\n\n\n\n\n
Date<\/strong><\/td>\nDay<\/strong><\/td>\nTime<\/strong><\/td>\nDuration<\/strong><\/td>\n<\/tr>\n
26 Aug<\/td>\nMonday<\/td>\n0900-17:00 ICT\/GMT+7<\/td>\n8 Hours<\/td>\n<\/tr>\n
27 Aug<\/td>\nTuesday<\/td>\n0900-17:00 ICT\/GMT+7<\/td>\n8 Hours<\/td>\n<\/tr>\n
28 Aug<\/td>\nWednesday<\/td>\n0900-17:00 ICT\/GMT+7<\/td>\n8 Hours<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n
\n
Full access to the PurpleLabs environment for 30 days post-training and lifetime material access (180+ labs) with updates included!<\/em><\/span><\/h5>\n
\n
<\/h5>\n
Dive into the world of Linux attack paths, local and remote exploitation, process injection, process hiding, tunneling, network pivoting, and syscall hooking techniques. See hands-on how Linux malware, userspace, and kernel space rootkits work in well-prepared Detection PurpleLabs Cyber Range, analyze and modify the source codes, find interesting behavior patterns in binaries and logs, learn what telemetry is needed to catch modern Linux threat actors, and find how to proactively validate and improve detection coverage with step-by-step Linux adversary emulations. On top of that, run your VMs RAM acquisition \u2018on click\u2019 and analyze memory images with Volatility Framework 2\/3 at any stage of the course.<\/h5>\n
\n
\n
\n
\n

This training is a walkthrough of the Open Source Linux offensive and defensive techniques and tooling in 2023\/2024 that allows for chaining these TTPs together and understanding better the threat ecosystems in Linux. I trust this training compilation and hands-on experience will change the way you look at hardening and low-level monitoring of your critical Linux-based ecosystems.<\/p>\n

This course takes on An \u201cAttack vs. Detection\u201d approach in a condensed format. This class is intended for students who have a basic understanding of Linux and have to deal with advanced threats. Furthermore, the course is also interesting for experienced DFIR\/SOC\/CERT Players who aim to dig deeper into understanding Linux internals and corresponding network attack analysis techniques, detection, and response.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n

 <\/p>\n

\n
\n
\n
\n
Learn Linux Internals with PurpleLabs<\/strong><\/h5>\n

\u201cPractical Linux Attack Paths and Hunting for Red and Blue Team” training has been created with a focus on realistic hands-on experience in analyzing user space and kernel space Linux rootkits, including recent Linux APT campaigns, C2 frameworks for Linux with a focus on Sliver\/Metasploit overview\/behavior vs hunting\/DFIR tooling in Linux ecosystem. This training helps create and understand low-level Linux attack paths, improve your Linux detection coverage, see in action many Open Source DFIR\/defensive projects, and understand the need for Linux telemetry, especially including Docker\/Kubernetes clusters where Runtime Security solutions are a must these days. The techniques and attack paths covered in this training include many different implementations of loading LKM remotely, eBPF, XDP, FTRACE, KPROBE, UPROBE, NETFILTER, SYSTEMTAP, PAM, SSHD, HTTPD\/NGINX, LD_PRELOAD-based code samples and PoCs. Detection and forensics layers include LKRG, BPFTOOL, VELOCIRAPTOR IR, OSQUERY, Elastic Security, cli-based \/proc\/ and \/sys\/ analysis, memory forensics with VOLATILITY FRAMEWORK with the semi-automated RAM acquisition, SYSMON4Linux, FALCO, TRACEE, SYSDIG, TETRAGON, SANDFLY SECURITY, ZEEK, SURICATA, MOLOCH\/ARKIME, YARA and more.<\/p>\n

During the training, we are going to make a custom combo of both red and blue parts and we will achieve that by utilizing an Attack Flow Builder, Defender, Workbench, and Navigator for a structured format of training suitable for production uses immediately after the course.<\/p>\n

We will actively discuss and play with a set of real Linux offensive use cases vs detection\/forensics view. The hands-on content has been divided into user-space and kernel-space sub-sections. When you are done, dig deeper and create your own custom attack paths, then improve your detection coverage. Purple teaming for life!<\/p>\n

If you want to enhance your understanding of Linux x86\/x64 internals and stay prepared for Linux threats, this training is a must-attend! #LinuxSecurity #LiveForensics #CybersecurityTraining<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n

 <\/p>\n

 <\/p>\n

\n
\n
\n
\n
Agenda \/ Topics Covered \/ Lab Index<\/strong><\/h5>\n

 <\/p>\n

1. Current Linux threat landscape<\/strong><\/h5>\n
2. Linux Appliances Exploitation Cases<\/strong><\/h5>\n
3. Purple teaming approach<\/strong><\/h5>\n
4. Threat Hunting vs Incident Response<\/strong><\/h5>\n
5. Linux MITRE ATT&CK<\/strong><\/h5>\n
6. Linux EDR\/Security\u00a0 Products<\/strong><\/h5>\n
7. Basic Linux Investigation tools<\/strong><\/h5>\n
8. General root kits behavior<\/strong><\/h5>\n
9. Hands-on Blue\/DFIR\u00a0 components:<\/strong><\/h5>\n

A. HOST:<\/strong><\/p>\n