REVERSING SKILLS
(EXPLOIT KITS, MALICIOUS DOCUMENTS & RANSOMWARE)
This intensive two-day course is designed to teach how to think like an attacker, understand the advanced techniques used in real attacks and how to build and simulate advanced TTPs.
Day 1
Environment Setup
Create a vulnerable Virtual machine with open source tools as well as exploit detection drivers. Collect and analyze events collected from these tools.
Exploit Kit Introduction
Overview of latest exploit kits, redirection gates, evasion techniques.
De-obfuscating Landing Page
Introduction to Exploit Kits landing pages. Understanding the obfuscation techniques and tools to decode.
Exploit under debugger
Understand the exploit techniques used – ROP/Shellcode/APIs/Delivery mechanism
DAY2
Understanding Flash Exploits
In this section, students will learn how to deobfuscate malicious SWF files and extract interesting information.
Introduction to Macro Malware
A deep look at latest targeted attacks along utilizing macros. The students will dissect and execute samples in a safe environment.
Introduction to Ransomware techniques
Dissecting a POC ransomware.
Introduction to File-less attack
In this section, students are introduced to advanced file-less attacks. Students will go through Angler’s file-less shellcode along with few interesting macros attacks.
INTEL & INCIDENT RESPONSE
(INCIDENT RESPONSE, THREAT HUNTING & ATTRIBUTION)
This intensive two-day course is designed to teach the investigative techniques needed to respond to latest threats. The class is built upon a series of hands-on labs that highlight the phases of a targeted attack.
DAY 1
The Incident Response Process
An introduction to the threat landscape, targeted attack life-cycle, initial attack vectors used by different threat actors, and the phases of an effective incident response process
Introduction to Key Concepts
A deep dive will be taken into file system metadata, registry, event logs, services, common persistence mechanisms, and artifacts of execution
Memory Forensic
The students will get introduced to memory forensic and perform hunting to look for interesting information.
DAY 2
Enterprise Investigations
Apply the lessons-learned from the previous modules to proactively investigate an entire environment, at-scale, for signs of compromise. An in-depth analysis of how attackers move from system-to-system in a compromised Windows environment
Remediation
The remediation phase of an enterprise investigation is an important part of the incident response process. Discussion on longer term strategic posturing to improve the resiliency of the organization as a whole.
Introduction To Threat Hunting
Students are introduced to threat hunting concepts using threat intelligence, anomaly detection and known threat actor techniques, tactics and procedures (TTPs)
RED TEAM SKILLS
(ADVANCED ATTACK TECHNIQUES & TTP SIMULATION)
This intensive two-day course is designed to teach how to think like an attacker, understand the advanced techniques used in real attacks and how to build and simulate advanced TTPs.
DAY 1
REDTEAM GOALS
This session explains the goals of red team. How to manage a red team engagement.
KILLCHAIN TAXONOMY & DEFENSE
An introduction to targeted attack stages. Enumeration of techniques in each stage. How next generation security products detect stuff. What it takes to bypass state of art security controls
TTP SIMULATION – INITIAL COMPROMISE TECHNIQUES
Hands on lab to achieve initial compromise through spear phishing, exploits and server attacks.
DAY 2
TTP SIMULATION – BUILDING MALICIOUS BINARY COMPONENTS
In this hands on session, students build state of the art attack components on top of a core library to achieve covert dropping, persistence, c&c, RAT bahavior , lateral movement and data theft
TTP SIMULATION – BUILDING SCRIPTING COMPONENTS
This session focuses on building malicious components using PowerShell, WMI etc
END TO END APT ATTACK CHALLENGE
Students have to leverage the components built to perform an end to end APT attack in a simulated environment.