Security Education
OffSec
iNE
Antisyphon
EC-Council
Applied Network Defense
Kaspersky
Sektor7
CompTIA
TCM Security
BlackHat
13Cubed
Dark Vortex
Enciphers
Forty North
Cyber warfare Labs
Maltrak
Scorpio Software
Security Onion
Zero Point Security
SentinelOne
Altered Security
SpecterOps
Pentester Academy
CQURE
PluralSight
StationX
Cybr
موسسههای دیگر
In Adversary Tactics: Tradecraft Analysis, we present and apply a general tradecraft analysis methodology for offensive TTPs, focused on Windows components. We discuss Windows attack techniques and learn to deconstruct how they work underneath the hood. For various techniques, we identify the layers of telemetry sources and learn to understand potential detection choke points. Finally, the course culminates with participants creating their own technique evasion and detection strategy. You will be able to use the knowledge gained to both use your telemetry to create robust detection coverage across your organization, and truly assess the efficacy of that coverage.
Syllabus
- Day 1
- Understanding Abstraction
- Attack and Detection Strategies
- Naive PSExec Overview
- Tradecraft Analysis Process
- Capability Identification
- Capability Deconstruction
- IPC Mechanisms
- Day 2
- Understanding Telemetry
- Securable Objects
- Identifying Choke Points
- Telemetry Source Identification
- How EDR Tools Work
- Organic Logging
- SACLs
- Function Hooking
- Kernel Callback Functions
- ETW
- Day 3
- Operationalizing Detection and Evasion Concepts
- Operationalizing Telemetry
- Understanding Attacker Controlled Fields
- Operationalizing Detection Research
- Operationalizing Evasion Research
- Understanding the Triage, Investigation, and Remediation Process
- Evading the Response Process
- Documentation and Evaluation Metrics
- Detection Documentation
- Evasion Documentation
- Day 4
- Capstone
- Defensive Capstone
- Offensive Capstone
