How Adversary Emulation Can Enhance Blue Team Performance

How Adversary Emulation Can Enhance Blue Team Performance

Hack In The Box Security Conference via YouTube Direct link

Why Adversary Emulation ?

3 of 31

3 of 31

Why Adversary Emulation ?

Class Central Classrooms beta

YouTube videos curated by Class Central.

Classroom Contents

How Adversary Emulation Can Enhance Blue Team Performance

Automatically move to the next video in the Classroom when playback concludes

  1. 1 Intro
  2. 2 Maturity level
  3. 3 Why Adversary Emulation ?
  4. 4 Our Adversary Emulator Goals
  5. 5 Agenda
  6. 6 Architecture
  7. 7 Infrastructure Builder
  8. 8 Attack Simulator
  9. 9 Playbook design
  10. 10 Playbook - Design Concept
  11. 11 Dogeza Playbook Scenario
  12. 12 Dogeza Red-Blue Team Step
  13. 13 Red Team Procedure: Step 3 Initial Acce • Use CVE-2019-9194 to exploit elFinder for www-data privilege shell . elFinder is a famous file manager for web, and many 3rd party integration
  14. 14 Red Team Procedure: Step 7
  15. 15 Escalate privilege from IIS to system • Use wehshell to trigger privilege escalation
  16. 16 12 • Red team uses several administrative tools to control Victim C
  17. 17 Red team collect top confidential information and send back to Victim B's web, then these stolen data exfiltrate via Victim A's tunnel.
  18. 18 Metasploit Integrated
  19. 19 Empire Integrated
  20. 20 Repurpose the APT malware
  21. 21 APT malware - DBGPRINT
  22. 22 DBGPRINT stager flow
  23. 23 The attack method want to detect
  24. 24 Detect from command line
  25. 25 Detect from process loaded library
  26. 26 Check PowerShell eventlog
  27. 27 04 Check called API
  28. 28 Data Sources Evolution
  29. 29 Investigation ! Not Just Detection
  30. 30 The key benefit for the Red Team
  31. 31 The key benefit for the Blue Team

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.