Abstract

Adversaries are rapidly adapting the convoluted offensive techniques that are focused tocircumvent the defence mechanism in order to accomplish their motive on the attacksurface. Whereas most of the organisation are not pretty much aware of the techniquesused by the threat actor to accomplish their motive which leaves the defensive mechanism of the organisation in a very fragile position.

"CyberWarFare: Red and Blue Team Joint Operations" aims to provide the trainees with the insights of the offensive techniques used by the red team and defensive techniques employed by the blue teams in an enterprise. From the Offensive perspective, trainees will simulate attacks on an enterprise environment. However, from Blue Team perspective, trainees will understand how to Monitor, Detect, Analyse and then Respond against the real-time attacks.

Training Details

In this training, we have a dedicated Lab environment where attendees can simultaneously perform offensive and defensive exercises. The attendee as a red teamer will perform a full cyber-attack cycle and as a blue teamer they will Monitor, Detect, Analyse and then Respond against the attacks.

This lab mimics realistic enterprise environment which includes multi-segregated networks, fully-patched servers, Host and Network level restrictions, Patched Active Directory Network, Dedicated Security Operations Centre (SOC environment).

● Red Team Highlights:

• - Custom Web Exploitation
• - Network Exploitation
• - Remote Access Services Exploitation
• - Exploiting Windows & Linux based Hosts
• - Exploiting Mis-Configured Active Directory Network
• - Exploitation of widely used enterprise automation software

● Blue Team Highlights:

• - Real Time Attack monitoring
• - Host and Network based security solution
• - Real Time Network Traffic Analysis
• - Digital Forensics and Incident Response
• - Using Enterprise Grade Open-Source Tools

Every attack which is discussed and demonstrated in the training is explained by breaking it into the following modules:

• - Identifying the Attack path vector based on the enumerating vulnerable loopholes.
• - Developing the Tradecraft & attacking the infrastructure.
• - Identifying IOC [Indicator of Compromise].
• - Analysing and demonstrating the Defensive Tactics, techniques

We will be using the MITRE ATT&CK, Shield & D3F3ND Framework in order to understand the adversarial actions at every stage and to correlate each attack with the known APT groups. This will surely help the attendees to know the exact usage of the offensive techniques on the attack surface.

● Module 4: Bypassing Security Defenses with Unconventional Methods
• o Common security defenses encountered by red teamers
• o Strategies for bypassing security defenses
• o Employing unconventional techniques to circumvent security controls

● Module 5: Hands-on Exercises: Applying Novel Initial Access Techniques
• o Practical exercises to apply novel initial access techniques
• o Real-world scenarios to test your skills and creativity
• - Technical skills: Learn about the latest tools and techniques for gaining initial access.
• - Problem-solving: Develop strategies for bypassing common security defenses.
• - Critical thinking: Analyze real-world scenarios to apply your knowledge.
• - Creativity: Think outside the box to find creative ways to gain initial access.
• - Communication: Effectively communicate your findings to stakeholders.

Call to Action

Don't miss this opportunity to learn from an experienced trainer and gain the skills you need to turbocharge your initial foothold in red teaming engagements. Register for the training today!

Additional Notes

• - This training is designed to be informative and engaging, with a mix of presentations, discussions, and hands-on exercises.
• - Participants will receive a comprehensive training manual and access to additional resources.

Lab Architecture:

To make the training hands-on in the real sense all the trainees will be provided with VPN access to the Lab. Lab Architecture is designed to cover all the attacks from both aspects that are demonstrated during the training sessions. Moreover, attendees will have dedicated access to the environment for 10 Days after completing the training.

Targeted Audience:

Targeted Audience may include the following group of people:
• - Penetration Testers
• - System Administrators
• - Security Analysts
• - Last but not the least, anyone who is interested in learning the nature of the adversaries against the enterprise infrastructure.

Pre-Requisites:

• - Fair Knowledge of Networking and Web Technology
• - An Open Mind

Trainees should bring:

• - System with at least 8GB RAM having Virtualization support (VMWare WorkStation)
• - Attacker Linux Machine (Kali / Parrot) with NAT based Internet Access

Trainees Takeaway:

• - Soft Copy of the Course Content along with 10 Days lab access
• - Great Knowledge about the Offensive Techniques used by adversaries
• - Defense Tactics & Techniques against the discussed offensive techniques
• - 2 Purple Team Analyst Exam Attempts & accredible digital badge upon completion

Trainers:

Manish Gupta  is Director of CyberWarFare Labs having 7.5+ years of expertise in offensive Information Security. Where he specialises in Red Teaming Activities on enterprise Environment. He was a part of Red Team during his tenure in Microsoft, Citrix & SOCGEN and helped build Enterprise Security. Previously he has presented his research & delivered trainings at reputed conferences like Blackhat USA, DEFCON, Nullcon, BSIDES Chapters, X33fcon, NorthSec & other corporate trainings etc.

Yash Bharadwaj,  Technical architect at CyberWarFare Labs with over 5.5 Years of Experience as Technologist. Highly attentive towards finding, learning and discovering new TTP's used during offensive engagements. His area of interest includes building Red / Blue team infrastructure, abusing enterprise solutions, lateral movement techniques etc.. Previously he has delivered hands-on red / blue / purple team trainings / talks / workshops at Nullcon, X33fCon, NorthSec, BSIDES Chapters, OWASP, CISO Platform, YASCON. You can reach out to him on Twitter @flopyash