CA$1,495

Introduction to Cyber Incident Response and Forensic Investigations: Huntin...

Event Information

Share this event

Date and Time

Location

Location

Maison du développement durable

50 Rue Sainte-Catherine Ouest

Montréal, QC H2X 3V4

Canada

View Map

Friends Who Are Going
Event description

Description


Introduction to Cyber Incident Response and Forensic Investigations:

This 3-day hands-on training will provide security professionals, IT personnel, incident responders, police investigators and intelligence analysts an in-depth understanding of how to identify and respond to network breaches by working through a series of red, blue and purple team exercises. The trainers will demonstrate how to effectively leverage cyber intelligence to identify targeted attacks from generic threats. The participants will work through a series of red team exercises where they will use Advance Persistent Threat (APT) tradecraft to evade Anti-Virus (AV), gain host level persistence and move laterally across a network using techniques such as Pass-the-Hash. The participants will also learn how to effectively use Microsoft Windows tools to forensically investigate network breaches through a series of blue team exercises. In particular, they will learn how to effectively use Powershell to hunt down cyber attackers across a network at scale. Finally, the participants will work through a series of purple team exercises to identify the artefacts produced by cyber attackers at each step of the cyber attack life cycle.


Overview of the Cyber Threat Landscape

In this session the trainers will cover the following topics:

Recent Cyber Attacks:

o Office of Personnel Management (OPM) breach
o Democratic National Committee (DNC) hack
o Blackout in Ukraine

In-depth analysis of the threat actor known as APT1:

o FBI Criminal Investigation
o Corporate Espionage Operations
o Battle Field Shaping Operations

Understanding the difference between targeted and generic cyber attacks:

o Targeted vs Generic cyber attacks
o Extracting IOCs metadata to identify threat type
o Threat Actor Based Cyber Incident Response Process

Overview of Offensive Techniques

In this session the trainers will expose the cyber attack life cycle process:

Cyber Attacks Life Cycle:

o Initial Foothold
* Exploiting unpatched
* Leveraging Microsoft features

o Persistence
* Autoruns
* Registry Keys

o Privilege Escalation
* Weak Service DACL
* DLL Hijacking

o Credential Harvesting
* SAM Database
* LSASS process

o Lateral Movement
* Pass-the-Hash
* Golden Ticket


Red Team Exercise: APT operation using traditional exploitation techniques

In this hands-on exercise session the participants will perform an APT type operation using the following tools and techniques:

* Tools:
o Social Engineering Toolkit (SET)
o Metasploit with Armitage
o Meterpreter reverse TCP shell

* Cyber Attack Techniques:
o Spear-phishing email with attached PDF
o Embed executable backdoor into PDF
o Escalate privileges using named pipes
o Extract password hashes from SAM database
o Lateral movement across the network by exploiting remote vulnerability


Overview of Defensive Techniques

In this session the trainers will expose the cyber intelligence life cycle process:

Cyber Intelligence Life Cycle:

o Identifying Network Breaches using:
* Indicators of Compromise (IOCs)
* Identifying anomalous behaviour

o Uncovering Persistence using:
* Autoruns
* Points of Persistence

o Tracking Lateral Movement using:
* Wireshark
* Powershell


Blue Team Exercise: Forensic Investigation of a Network Breach

In this hands-on exercise session the participants will respond to a targeted cyber attack using the following tools and techniques:

* Tools:

o Windows Native: cmd, regedit, and Powershell
o System Internals: TCP View and Process Explorer
o Wireshark

* Incident Response Techniques:

o Investigating: IOCs, live connections and running processes
o Network traffic analysis
o Creating network traffic filters


Red Team Exercise: Evasion, Persistence and Escalation

In this hands-on exercise session the participants will perform an advanced cyber intrusion operation using AV evading backdoor, registry persistence and service escalation with the following tools and techniques:

* Tools:

o Psexec
o Veil Framework
o MS Office Macros
o Metasploit with Armitage
o Meterpreter reverse HTTP shell

* Cyber Attack Techniques:

o Spear-phishing email with attached excel spreadsheet
o Embed executable backdoor into Speadsheet
o Persistence using registry Autostart location with VBS script
o Escalate privileges using vulnerable services
o Extract password hashes from LSASS process
o Cracking password hashes
o Pivoting laterally across the network using psexec


Blue Team Exercise: Forensic Investigation of a Breach

In this hands-on exercise session the participants will respond to a targeted cyber attack using the following tools and techniques:

* Tools:

o Pretecher
o Powershell
o MS Event Viewer
o System Internals:
-Autoruns
-TCP View
-Process Explorer

* Incident Response Techniques:

o Investigating:

-Points of Persistence
-Prefetch files
-Correlating Events
-Creating Incident Timeline


Purple Team Exercise:

In this freeform exercise session the students will pit their newly acquired skills against either pre-fabricated exercises scenarios, or against each other, where they will be given both offensive and defensive challenges.


3 day training.

Instructors : Tiago de Jesus, PhD & Antoine Lemay, PhD

Organized by the Infrastructure Resilience Research Group (IRRG), Office of the Dean, Faculty of Engineering and Design, Carleton University.

Share with friends

Date and Time

Location

Maison du développement durable

50 Rue Sainte-Catherine Ouest

Montréal, QC H2X 3V4

Canada

View Map

Save This Event

Event Saved