Cyber Security Workshop: RED / BLUE Team Pentest Kungfu Series
10009357
香港九龍達之路78號
2020-03-09
蔡小姐,電話:2788 5884
tracyc@hkpc.org
 查詢    打印  

課程內容

Download下載課程資料
只提供英語內容
In the ever-changing cyber world today, a better way to protect your network and defence-in-depth of your assets is to understand your adversary tactics and techniques. The primary aim of this workshop is to equip the participants with the necessary cyber security skill sets from both sides of the world: the RED Team and the BLUE Team. The RED Team focuses on penetration testing of different systems and the levels of security programmes, to detect, prevent and eliminate vulnerabilities, while the BLUE Team finds ways to defend, change and regroup defence mechanisms making incident response much stronger

Course content:

Day 1: Hands on Red Team & Metasploit Kung Fu
A lab with different types of clients and servers (e.g. web servers, mail servers, DNS servers, log servers, Windows client, etc.) is built to simulate real-life environment for Red Team and Blue Team to experience how attacks are launched and logs server / alert system will react. Lab Infrastructure and Environment Setup (0.5 hours)
  1. Introduction of the lab infrastructure
  2. Install Kali Linux on laptops
  3. Set up of environment (connect to lab server)
Red Team Exercise (total 7-8 hours in two days)
  1. Methodology of Red Team testing
  2. Reconnaissance of the targets in the lab
  3. Identifying the targets, e.g. ports, services, application version
  4. Exploitation
  5. SQL map attack
  6. Metasploit payload generation
  7. Deploying payload to different targets
  8. Writing payload to the target
  9. Maintaining access of the targets
  10. Reporting guidelines
Day 2: Hands on Blue Team & Final Challenge
Blue Team Exercise (3 hours)
  1. Familiarising with log servers and agents in the Lab
  2. Analysing the logs
  3. Differentiating attack logs from normal logs
  4. Setting up alerts of abnormal behaviour
  5. Setting up rules for actions on different type of attacks
  6. Generating charts for analysis
Final Challenge (2 hours)
  1. Given vulnerable servers, participants are required to attack the target and get the secret from it. At the same time, participants are required to analyse the logs to determine what sort of attacks are launched and set up alerts.
Day 3: Malware and Targeted Attack Analysis & Simulation
Introduction and Simulation
  1. What is targeted attack? (0.5 hours)
  2. What are their indicators? (0.5 hours)
  3. How can we simulate the attacks and what can the blue team see? (2 hours)
From indicators to deep analysis
  1. Malware analysis primitive: static and dynamic analysis with recent attack sample (1.5 hours)
  2. Yara rules primitives (1 hour)
  3. IOC primitives (0.5 hours)
Day 4: Advanced Blue Team Techniques: Attack
Malware Detection with Machine Learning
  1. What is machine learning?
  2. What kind of indicators do we have in malware and attack server logs? (Ken/Byron)
  3. How to train the machine learning model?
  4. Discussion and hands-on with machine learning for attack logs (Ken/Byron)
  5. Discussion and hands-on with machine learning framework for malware analysis

Duration

Date : 9 - 12 March 2020 (Mon - Thu) Time: 09:30 - 17:00

Course Fee

Training Fee: Normal price $17,600 Early Bird/ supporting organization: $16,800 (before 7 Feb 2020) The details for the supporting organization list, please refer to: https://www.issummit.org/supporting.asp?nav=5

Trainers

Mr Anthony LAI

Founder & Security Researcher, VX Research Limited Anthony LAI is the holder of SANS GREM (Gold Paper) since 2010 (Level 3 in Incident Response Management) and SANS GXPN (Level 3 of Penetration Test). He has over 15 years of experience in information security and quality assurance, including penetration test, exploitation research, malware analysis, threat analysis, reverse engineering, and incident response and management.

Mr Alan HO

Red Team Engineer, VX Research Limited Alan HO is the holder of OSCP and SANS GWAPT certified security professional. He has over 10 years of experience in the information security industry, including penetration testing, security assessment, incident response, security operation planning, and investigation.

Certificate of Training

Participants who have attained 75% or more attendance of lecture will be awarded an Attendance Certificate.