Workshops


Workshop 9 - Red/Blue Team Testing Kungfu
Tactics and Techniques in Technical and Machine Learning Analysis


Speakers: Mr. Anthony Lai and Mr. Alan Ho

Venue:

HKPC Building, 78 Tat Chee Avenue, Kowloon, Hong Kong
Date: 6 - 9 Jan 2020 (4 days)

Time:

09:30 - 17:00
Non-member Fee
HK$17,600 (Early Bird: HK$16,800)
Member Fee for Organiser/Supporting Organisation HK$16,800 (Early Bird: HK$16,800)

Medium of Instruction

Cantonese with handout in English


Nature & Objectives

In the ever-changing cyberworld today, the only way to truly protect your network and defend-in-depth of your assets is to understand your adversary tactics and techniques.

The primary aim of this workshop is to train up the participants to equip with the necessary skillsets from both sides of the world: the RED Team and the BLUE Team. The RED Team focuses on penetration testing of different systems and the levels of security programs, to detect, prevent and eliminate vulnerabilities, while the BLUE Team finds ways to defend, change and re-group defense mechanisms to make incident response much stronger!


Course Outline

Day 1: Hands on Red Team and Metasploit KungFu

A lab with different types of clients and servers (e.g. web servers, mail servers, DNS servers, log servers, Windows client, etc.) is built to simulate real-life environment for Red Team and Blue Team to experience how attacks can be launched and logs server / alert system will react, so as to build up the mindset of being the Red Team and the Blue Team

  • Lab Infrastructure and Environment setup
    1. Introduction of the lab infrastructure
    2. Student installing Kali Linux on their laptop
    3. Setting up Environment (students connect to instructor’s Lab server)
  • Red Team Exercise
    1. Methodology of Red Team testing
    2. Reconnaissance of the targets in the lab
    3. Identifying the targets, e.g. ports, services, application version
    4. Exploitation
    5. SQL map attack
    6. Metasploit payload generation
    7. Deploying payload to different targets
    8. Students writing their own payload to the target
    9. Maintaining access of the targets
    10. Reporting guidelines

Day 2: Hands on Blue Team and Final Challenge

  • Blue Team Exercise
    1. Familiarising with log servers and agents in the Lab
    2. Analyzing the logs
    3. Differentiating attack logs from normal logs
    4. Setting up alerts of abnormal behavior
    5. Setting up rules for actions on different type of attacks
    6. Generating charts for analysis
  • Final Challenge
    1. Given vulnerable servers, students are required to attack the target and get the secret from it. At the same time, students are required to analyze the logs to determine what sort of attacks are launched and set up alerts.

Day 3: Malware and Target Attack Analysis & Simulation

  • Introduction and Simulation
    1. What is targeted attack?
    2. What are their indicators?
    3. How can we simulate the attacks and what can the blue team see?
  • From indicators to deep analysis
    1. Malware analysis primitive: static and dynamic analysis with recent attack sample
    2. Yara rules primitives
    3. IOC primitives

Day 4: Advanced Blue Team Techniques: Attack

  • Malware Detection with Machine Learning
    1. What is machine learning?
    2. What kind of indicators do we have in malware and attack server logs?
    3. How to train the machine learning model?
    4. Discussion and hands-on with machine learning for attack logs
    5. Discussion and hands-on with machine learning framework for malware analysis


Who Should Attend

Target on participants desire to acquire in-depth technical knowledge

  • Blue team members
  • Red team members
  • IT auditor
  • Penetration Tester
  • Incident Responder


Speaker

Mr. Anthony Lai
Founder & Security Researcher
VX Research Limited

Mr. Anthony Lai | Information Security Summit - Over the Horizon Cyber Security | issummit.org align=

Holder of SANS GREM (Gold Paper) since 2010 (Level 3 in Incident Response Management) and SANS GXPN (Level 3 of Penetration Test). Over 15 years experience in information security and quality assurance, including penetration test, exploitation research, malware analysis, threat analysis, reverse engineering, and incident response and management.





Mr. Alan Ho
Red Team Engineer
VX Research Limited

10+ years of experience in the cybersecurity industry. Experience in penetration testing, security assessment, incident response, security operation planning, and investigation. OSCP and SANS GWAPT certified security professional.

Copyright © 2019 Hong Kong Productivity Council. All Rights Reserved.