نویسنده: Admin

As a cyber security defender and investigator, we often just get to analyze an environment that suffered a ransomware attack after the ransomware execution, where we are trying to make our way back in time to understand the scope and initial infection vectors of a breach. However, knowing how attackers operate and having an understanding of their tools can help tremendously to conduct a more effective analysis and response and ultimately lower the impact of such attacks. This is why in this workshop we will teach you how to perform the common steps of every phase in a ransomware attack scenario as the attacker, from initial infection to impact.

We will set up a basic C2 infrastructure with PowerShell Empire, and execute attack phases such as initial access and reconnaissance, persistence mechanisms, privilege escalation, credential dumping, lateral movement, defense evasion, data exfiltration, and encryption with ransomware. In every step you will also learn about the fundamental concepts that are required to conduct the attack and defend against those including hands-on analysis using Splunk, Velociraptor and forensic tools as needed. In the last part of the workshop, you will learn best practices on how to effectively conduct investigations of the attacked environment using various tools that are part of the lab setup. Upon completion of the workshop, participants will have a better understanding of the steps ransomware threat actors take to achieve their objectives, as well as the best practices for detecting and ultimately preventing ransomware attacks.

Antisyphon: Ransomware Attack Simulation and Investigation for Blue Teamers

ادامه مطلب

For most security teams, high operational tempo (measured in dumpster fire lumens) incentivizes analysts to stick to well-tailored playbooks that prioritize remediation at the expense of proper incident scoping and root cause analysis. Though modern endpoint security products have significantly improved host visibility, most critical incidents will require the acquisition and analysis of additional endpoint data. This course focuses on four core investigative competencies: endpoint data collection, investigative triage, incident response pivots, and root cause analysis.

Antisyphon: Advanced Endpoint Investigations

ادامه مطلب

Active Defenses have been capturing a large amount of attention in the media lately. There are those who thirst for vengeance and want to directly attack the attackers. There are those who believe that any sort of active response directed at an attacker is wrong. We believe the answer is somewhere in between. In this class, you will learn how to force an attacker to take more moves to attack your network. These moves may increase your ability to detect them. You will learn how to gain better attribution as to who is attacking you and why. You will also find out how to get access to a bad guy’s system. And most importantly, you will find out how to do the above legally.

Active Defense & Cyber Deception w/ John Strand

ادامه مطلب

This is  a collection of Offensive Security’s curated cyber security learning paths These learning paths are designed to provide a comprehensive understanding of various cyber security domains, such as network penetration testing, web application security, wireless security, secure software development, and cloud security . Each learning path is tailored to suit the needs of cyber security enthusiasts, from beginners to advanced learners

ادامه مطلب

Learn the foundations of cybersecurity defense with Foundational Security Operations and Defensive Analysis (SOC-200), a course designed for job roles such as Security Operations Center (SOC) Analysts and Threat Hunters. Learners gain hands-on experience with a SIEM, identifying and assessing a variety of live, end-to-end attacks against a number of different network architectures. Learners who complete the course and pass the exam earn the OffSec Defense Analyst (OSDA) certification, demonstrating their ability to detect and assess security incidents.

Syllabus

  • Attacker Methodology Introduction
  • Windows Endpoint Introduction
  • Windows Server Side Attacks
  • Windows Client-Side Attacks
  • Windows Privilege Escalation
  • Windows Persistence
  • Linux Endpoint Introduction
  • Linux Server Side Attacks
  • Network Detections
  • Antivirus Alerts and Evasion
  • Network Evasion and Tunneling
  • Active Directory Enumeration
  • Windows Lateral Movement
  • Active Directory Persistence
  • SIEM Part One: Intro to ELK
  • SIEM Part Two: Combining the Logs

SOC-200: Foundational Security Operations and Defensive Analysis

ادامه مطلب

Advanced macOS Control Bypasses (EXP-312) is our first macOS security course. It’s an offensive logical exploit development course for macOS, focusing on local privilege escalation and bypassing the operating system’s defenses. EXP-312 is an advanced course that teaches the skills necessary to bypass security controls implemented by macOS, and exploit logic vulnerabilities to perform privilege escalation on macOS systems. Learners who complete the course and pass the exam earn the OffSec macOS Researcher (OSMR) certification.

Syllabus

  • Introduction to macOS internals
  • Debugging, Tracing   Hopper
  • Shellcoding in macOS
  • Dylib Injection
  • Mach and Mach injection
  • Hooking
  • XPC exploitation
  • Sandbox escape
  • Attacking privacy (TCC)
  • Symlink attacks
  • Kernel code execution
  • macOS Pentesting

EXP-312: Advanced macOS Control Bypasses

ادامه مطلب