Completed
Data Sources Evolution
Class Central Classrooms beta
YouTube videos curated by Class Central.
Classroom Contents
How Adversary Emulation Can Enhance Blue Team Performance
Automatically move to the next video in the Classroom when playback concludes
- 1 Intro
- 2 Maturity level
- 3 Why Adversary Emulation ?
- 4 Our Adversary Emulator Goals
- 5 Agenda
- 6 Architecture
- 7 Infrastructure Builder
- 8 Attack Simulator
- 9 Playbook design
- 10 Playbook - Design Concept
- 11 Dogeza Playbook Scenario
- 12 Dogeza Red-Blue Team Step
- 13 Red Team Procedure: Step 3 Initial Acce • Use CVE-2019-9194 to exploit elFinder for www-data privilege shell . elFinder is a famous file manager for web, and many 3rd party integration
- 14 Red Team Procedure: Step 7
- 15 Escalate privilege from IIS to system • Use wehshell to trigger privilege escalation
- 16 12 • Red team uses several administrative tools to control Victim C
- 17 Red team collect top confidential information and send back to Victim B's web, then these stolen data exfiltrate via Victim A's tunnel.
- 18 Metasploit Integrated
- 19 Empire Integrated
- 20 Repurpose the APT malware
- 21 APT malware - DBGPRINT
- 22 DBGPRINT stager flow
- 23 The attack method want to detect
- 24 Detect from command line
- 25 Detect from process loaded library
- 26 Check PowerShell eventlog
- 27 04 Check called API
- 28 Data Sources Evolution
- 29 Investigation ! Not Just Detection
- 30 The key benefit for the Red Team
- 31 The key benefit for the Blue Team