Explore adversary emulation techniques on Windows systems in this 27-minute conference talk from DefCamp 2021. Delve into penetration testing, red teaming, and the MITRE Framework while examining a practical scenario. Learn about the Cyberkill Chain, delivery methods, and mitigation strategies. Discover system information gathering techniques and test procedures. Gain insights into threat simulator terminology, template injection, and secure user behavior. Analyze Microsoft Office vulnerabilities and Nginx container indicators. Conclude with a comprehensive understanding of calculated processes in adversary emulation for Windows environments.
Overview
Syllabus
Intro
Mona
Presentation Outline
Penetration Testing
Retaining Red Teaming
Mitre Framework
Scenario
Framework
Cyberkill Chain
Delivery
Mitigation
System Information Discovery
Test Procedure
System Info Discovery
Next Demo
Threat Simulator Terminology
Template Injection
Secure User Behavior
Microsoft Office
Nginx Container
Indicators
Calculated Process
Conclusions
Outro
Taught by
DefCamp
