Skip Main Navigation
Eventbrite
Browse Events
Organize
Help
Log InSign Up
Menu
Page Content
This event has ended.
Adversary Tactics - Tradecraft Analysis Training - SO-CON 2021 (GMT-7)

Actions Panel

Nov 01

Adversary Tactics - Tradecraft Analysis Training - SO-CON 2021 (GMT-7)

This course will take place online, using virtual software to stream live instructors during the scheduled delivery hours.

By SpecterOps

When and where

Date and time

Mon, Nov 1, 2021, 8:00 AM – Thu, Nov 4, 2021, 4:00 PM PDT

Location

Online

Refund Policy

Refunds up to 7 days before event
Eventbrite's fee is nonrefundable.

About this event

Online Event

This course will take place online, using virtual software to stream live instructors during the scheduled delivery hours of 8:00AM to 4:00PM PDT (GMT-7) / 11:00AM to 7:00PM EDT (GMT-4). Confirmed attendees will receive logistics information one week prior to the event.

-----------------------------------------------------------------------------

Your organization has just implemented the leading detection and response products. Are they configured with default configuration? How much faith should you have in your ability to detect sophisticated attacks? How would you simulate attacks to ensure robust detections are in place? This course will teach the importance of understanding the inner workings of attack techniques and telemetry availability and provide a workflow for developing robust detection analytics or data driven evasion decisions. Focusing on various Windows components and attacker TTPs, you will dive deep into how software abstracts underlying capabilities and how attackers can interact with deeper layers to bypass superficial detection capabilities.

Course Summary

Knowledgeable detection engineers and red team operators know that while there are many effective products, all of them have gaps that can be exploited by a sophisticated adversary. A mature security program must continuously test and enhance product detection configurations to have an effective response capability. Unfortunately, they often run into a number of limitations, primarily in a lack of understanding of the:

  1. attack technique itself
  2. telemetry used for each detection
  3. effectiveness of the detection

The result often leads to blind spots within the detection and response capabilities, ineffective detection strategy, and a false sense of security in the organization's ability to respond to advanced threat actors. When simulating sophisticated attacks, red team operators need to truly understand how a given technique works, the telemetry/artifacts it generates, and the strategies and biases that a defender might use to detect a technique. How organizations may respond to attackers is crucial in red team attack planning, technique selection, and evasion.

In Adversary Tactics: Tradecraft Analysis, we will present and apply a general tradecraft analysis methodology for offensive TTPs, focused on Windows components. We will discuss Windows attack techniques and learn to deconstruct how they work underneath the hood. For various techniques, we will identify the layers of telemetry sources and learn to understand potential detection choke points. Finally, the course will culminate with students creating their own technique evasion and detection strategy. You will be able to use the knowledge gained to both use your telemetry to create robust detection coverage across your organization, and truly assess the efficacy of that coverage.

Whether you are a red team operator or detection engineer, you will have a comprehensive understanding of several attack chains. Red team operators will learn an approach to analyzing their own tools, a better understanding of which techniques to select to evade detection, and how to better describe to defenders why an evasion was successful. Detection engineers will understand how to craft a strategy to create robust detections and better detect families of attacks.

Course Syllabus

Day 1:

  • Attack and Detection Strategies
  • Native PSExec Overview
  • Tradecraft Analysis Process
  • Capability Identification
  • Capability Deconstruction
  • IPC Mechanisms

Day 2:

  • Securable Objects
  • Identifying Choke Points
  • Telemetry Source Identification
  • How EDR Tools Work
  • Organic Logging
  • SACLs
  • Function Hooking
  • Kernel Callback Functions
  • ETW

Day 3:

  • Operationalizing Telemetry
  • Understanding Attacker Controlled Fields
  • Operationalizing Detection Research
  • Operationalizing Evasion Research
  • Understanding the Triage, Investigation, and Remediation Process
  • Evading the Response Process
  • Documentation and Evaluation Metrics
  • Detection Documentation
  • Evasion Documentation

Day 4:

  • Capstone Exercise

Student Requirements

This course is intended for expert blue teamers, detection engineers, and red team operators. Participants should be familiar with detection engineering and/or red team operations, and be generally comfortable with Windows internals, attack technique analysis, offensive tools and techniques

Hardware Requirements

The course lab is accessed through a browser with connectivity to the internet. Participants will need to bring a laptop with a browser that can connect to a publicly routed Apache Guacamole instance over ports 80/443. An internet connection speed of at least 15Mbits is preferred.

FAQs

How can I contact the organizer with any questions?

Please email info@specterops.io with any questions.  

What's the refund policy?

Full refunds will be provided up to 7 days before the course start date.

Tags

  • Online Events
  • Online Classes
  • Online Science & Tech Classes
Event ended

Adversary Tactics - Tradecraft Analysis Training - SO-CON 2021 (GMT-7)


Follow this organizer to stay informed on future events

SpecterOps

Event creator

Events you might like

  • PROFESSIONAL FOOTBALL - TACTICAL SCOUTING AND ANALYSIS WORKSHOP - LEVEL 1

    PROFESSIONAL FOOTBALL - TACTICAL SCOUTING AND ANALYSIS WORKSHOP - LEVEL 1
    PROFESSIONAL FOOTBALL - TACTICAL SCOUTING AND ANALYSIS WORKSHOP - LEVEL 1

    Wed, Feb 22, 2023 7:00 PM GMT (+00:00)
    £65.71 - £76.55
  • Social Media Marketing Tactics

    Social Media Marketing Tactics
    Social Media Marketing Tactics

    Thu, Feb 2, 2023 10:00 AM PST (-08:00)
    Free
  • Team Leader Tactics - Leadership Workshop

    Team Leader Tactics - Leadership Workshop
    Team Leader Tactics - Leadership Workshop

    Thu, Feb 9, 2023 9:00 AM EST (-05:00)
    CA$35
  • Fraud and Crypto Asset Investments; Criminal Tactics, Recovery Options?

    Fraud and Crypto Asset Investments; Criminal Tactics, Recovery Options?
    Fraud and Crypto Asset Investments; Criminal Tactics, Recovery Options?

    Wed, Feb 8, 2023 3:00 PM GMT (+00:00)
    Free
  • Boost Your Vehicle Service Contract Sales without High Pressure Tactics!

    Boost Your Vehicle Service Contract Sales without High Pressure Tactics!
    Boost Your Vehicle Service Contract Sales without High Pressure Tactics!

    Tue, Feb 7, 2023 1:00 PM EST (-05:00)
    $39
  • Advanced Text Analysis with Python

    Advanced Text Analysis with Python
    Advanced Text Analysis with Python

    Wed, Feb 15, 2023 1:00 PM EST (-05:00)
    Free
  • Global Financial Market Analysis

    Global Financial Market Analysis
    Global Financial Market Analysis

    Sun, Feb 5, 2023 8:00 PM +08 (+08:00)
    Free
  • Principles and Practices of Qualitative Data Analysis

    Principles and Practices of Qualitative Data Analysis
    Principles and Practices of Qualitative Data Analysis

    Thu, Feb 2, 2023 1:30 PM GMT (+00:00)
    £130 - £160
  • Script Analysis Workshop

    Script Analysis Workshop
    Script Analysis Workshop

    Sun, Feb 5, 2023 1:00 PM EST (-05:00)
    Free
  • R for Text Analysis

    R for Text Analysis
    R for Text Analysis

    Thu, Feb 2, 2023 1:00 PM EST (-05:00)
    Free

Site Navigation

Use Eventbrite

  • Create Events
  • Pricing
  • Eventbrite Boost
  • Eventbrite Mobile Ticket App
  • Eventbrite Check-In App
  • Eventbrite App Marketplace
  • Event Registration Software
  • Content Standards
  • FAQs
  • Sitemap

Plan events

  • Sell Tickets Online
  • Event Planning
  • Sell Concert Tickets Online
  • Event Payment System
  • Solutions for Professional Services
  • Event Management Software
  • Community Engagement
  • Virtual Events Platform
  • QR Codes for Event Check-In
  • Post your event online

Find events

  • Browse Online Events
  • Get the Eventbrite App

Connect with us

  • Report This Event
  • Help Center
  • Terms
  • Privacy
  • CA Privacy Notice
  • Accessibility
  • Community Guidelines
Eventbrite + Ticketfly

© 2023 Eventbrite