Workshop 9 - Red/Blue Team Testing Kungfu
Tactics and Techniques in Technical and Machine Learning Analysis
|Speakers:||Mr. Anthony Lai and Mr. Alan Ho||
|HKPC Building, 78 Tat Chee Avenue, Kowloon, Hong Kong|
|Date:||6 - 9 Jan 2020 (4 days)||
|09:30 - 17:00|
||HK$17,600 (Early Bird: HK$16,800)|
|Member Fee for Organiser/Supporting Organisation||HK$16,800 (Early Bird: HK$16,800)|
Medium of Instruction
Cantonese with handout in English
Nature & Objectives
In the ever-changing cyberworld today, the only way to truly protect your network and defend-in-depth of your assets is to understand your adversary tactics and techniques.
The primary aim of this workshop is to train up the participants to equip with the necessary skillsets from both sides of the world: the RED Team and the BLUE Team. The RED Team focuses on penetration testing of different systems and the levels of security programs, to detect, prevent and eliminate vulnerabilities, while the BLUE Team finds ways to defend, change and re-group defense mechanisms to make incident response much stronger!
Day 1: Hands on Red Team and Metasploit KungFu
A lab with different types of clients and servers (e.g. web servers, mail servers, DNS servers, log servers, Windows client, etc.) is built to simulate real-life environment for Red Team and Blue Team to experience how attacks can be launched and logs server / alert system will react, so as to build up the mindset of being the Red Team and the Blue Team
- Lab Infrastructure and Environment setup
- Introduction of the lab infrastructure
- Student installing Kali Linux on their laptop
- Setting up Environment (students connect to instructor’s Lab server)
- Methodology of Red Team testing
- Reconnaissance of the targets in the lab
- Identifying the targets, e.g. ports, services, application version
- SQL map attack
- Metasploit payload generation
- Deploying payload to different targets
- Students writing their own payload to the target
- Maintaining access of the targets
- Reporting guidelines
Day 2: Hands on Blue Team and Final Challenge
- Blue Team Exercise
- Familiarising with log servers and agents in the Lab
- Analyzing the logs
- Differentiating attack logs from normal logs
- Setting up alerts of abnormal behavior
- Setting up rules for actions on different type of attacks
- Generating charts for analysis
- Given vulnerable servers, students are required to attack the target and get the secret from it. At the same time, students are required to analyze the logs to determine what sort of attacks are launched and set up alerts.
Day 3: Malware and Target Attack Analysis & Simulation
- Introduction and Simulation
- What is targeted attack?
- What are their indicators?
- How can we simulate the attacks and what can the blue team see?
- Malware analysis primitive: static and dynamic analysis with recent attack sample
- Yara rules primitives
- IOC primitives
Day 4: Advanced Blue Team Techniques: Attack
- Malware Detection with Machine Learning
- What is machine learning?
- What kind of indicators do we have in malware and attack server logs?
- How to train the machine learning model?
- Discussion and hands-on with machine learning for attack logs
- Discussion and hands-on with machine learning framework for malware analysis
Who Should Attend
Target on participants desire to acquire in-depth technical knowledge
- Blue team members
- Red team members
- IT auditor
- Penetration Tester
- Incident Responder
Mr. Anthony Lai
Founder & Security Researcher
VX Research Limited
Holder of SANS GREM (Gold Paper) since 2010 (Level 3 in Incident Response Management) and SANS GXPN (Level 3 of Penetration Test). Over 15 years experience in information security and quality assurance, including penetration test, exploitation research, malware analysis, threat analysis, reverse engineering, and incident response and management.
Mr. Alan Ho
Red Team Engineer
VX Research Limited
10+ years of experience in the cybersecurity industry. Experience in penetration testing, security assessment, incident response, security operation planning, and investigation. OSCP and SANS GWAPT certified security professional.