Menu
logo
Book Now

OVERVIEW

CONFERENCE

SCHEDULE

ARCHIVE

Awards

CONTACT US

BUY NOW

Advanced Threat Emulation & Detection

bgimage

Training

Buy Now

11 October 2024

Advanced Threat Emulation & Detection (1 day)

Abstract :

As adversarial attacks against enterprises continue to rise, the need for effective detection and investigation strategies has become critical for organizations. This training program is designed to equip participants with in-depth knowledge and practical experience, enabling them to effectively understand and counter various attack vectors that target clouds and hosts. Additionally, the program covers sophisticated evasion techniques employed by Advanced Persistent Threat (APT) groups, which are often the most challenging to detect. By the end of the training, attendees will have developed a robust set of skills that allow for proactive threat identification, thereby strengthening their organization's overall security posture.

Red Team Highlights

  • Simulate Attacks Across Various Environments:
  • On-Premises & Cloud

Blue Team Highlights

  • Hands-onInvestigations
  • Understand Offensive Operations
  • EnhanceReal-Time Investigation Skills

Format :

On-Site

Trainers :

Manish Gupta & Yash Bharadwaj

Table of Content

  • 1. Introduction to Enterprise Cyber Defense

    • a. Architectural Overview of Enterprise Cyber Defense
    • b. Joint Offensive & Defensive Operations over Cloud/On-Premises

  • 2. Offense and Defense in AWS

    • a. Reconnaissance and Enumeration:
      • i. Enumerating AWS Resources: Public, Cross-Account, and Internal
    • b. Initial Access Techniques:
      • i. Cross-Account Role Assumption
      • ii. Leveraging SSRF to Access the Metadata Service
    • c. Privilege Escalation and Persistence
      • i. Exploiting Overly Permissive IAM Policies for Privilege Escalation
      • ii. Establishing Persistence via Backdoors
    • d. Data Exfiltration
      • i. Data Exfiltration Through Replication Activity

  • 3. Offense and Defense in Azure

    • a. Reconnaissance and Enumeration:
      • i. Enumerating Entra ID & Azure ARM Resources & Permissions
    • b. Initial Access Techniques:
      • i. Phishing- MITM | Device Code
      • ii. Leveraging SSRF to Access the Metadata Service
    • c. Privilege Escalation and Persistence
      • i. Exploiting Excessive Entra ID/ARM Permissions for Privilege Escalation
    • d. Data Exfiltration
      • i. Extracting secret information from keyvault

  • 4. Deceptive Defense Mechanisms for Cloud threat detection [AWS/Azure]

  • 5. Offense and Defense in On-Premise Environment

    • a. Fileless malware
      • i. Registry resident malware
      • ii. Living-off-the-land attacks
      • iii. In-Memory only malware
    • b. Basic process injection techniques
      • i. Process hollowing
      • ii. Process doppleganging
    • c. Host evasion
      • i. AMSI
      • ii. Constrained language mode
      • iii. Applocker Bypass
    • d. Implant disguise tips
      • i. RTLO technique
      • ii. Extension / Extension spoofing

Deliverable :

  • Comprehensive 150+ Page PDF
  • 7 Days of Lab Access
  • Lab command reference
  • Cloud / On-Premise investigation & detection rules

NOTE :

Teamwill share specific setup requirements 10 days before the training

Pre-Requisites :

  • Kali / Parrot VM in VMWare workstation Pro / VirtualBox (NAT mode) internet access
  • An OpenMind :)

Attendees Takeaway :

  • Premium training materials + lab access (during training)
  • Direct technical support over discord channel
  • Investigative Mind Maps
  • Detective mindset to tackle complex on-premise attacks
Sponsors Image

Manish Gupta

Manish Gupta is Director of CyberWarFare Labs having 8.5+ years of expertise in offensive Information Security. His Research interest includes Real World Cyber Attack Simulation and Advanced persistent Threat (APT). Previously he has delivered hands-on red / blue / purple team training / talks / workshops at Blackhat USA, DEFCON, Nullcon, BSIDES Chapters, X33fcon, NorthSec & other corporate training etc. You can reach out to him on Twitter @cyberwarfarelab

  • Linkedin
Sponsors Image

Yash Bharadwaj

Yash Bharadwaj, Technical director at CyberWarFare Labs, With a sharp focus on building and optimizing Red and Blue team infrastructures, evading advanced security controls, and exploiting complex systems. His expertise extends to conducting and delivering hands-on Red, Blue, and Purple team trainings, talks, workshops, and research presentations at some of the most prestigious conferences in the industry, including Black Hat (Asia, USA), Nullcon, X33fCon, NorthSec, BSIDES chapters, OWASP, CISO Platform, YASCON, and more. You can reach out to him on Twitter @flopyash

  • X
  • Linkedin