Command and Control is one of the most used tactics by adversaries in intrusions. Without command and control, you have to write a worm, and worms can get out of control. For this reason, 95% or more of attacks use Command and Control. We will leverage cyber threat intelligence to develop procedural emulations to attack target systems and then cover how to detect the attacks. The workshop will begin with a brief lecture to introduce cyber threat intelligence, threat emulation development, and detection engineering. The rest will be hands-on keyboard exercises.
We will supply individual labs using the VMware Learning Platform. The lab environment will include an attack system and a target Windows system. Please bring a laptop with internet access so that you can connect to the cloud-hosted VMware lab environment.
Attendees will be able to follow the self-paced guide to set up emulations, create payloads, and gain execution for assumed breach payloads. From there, various adversary behaviors will be walked through to meet adversary objectives. From the defensive side, the guide will walk the attendee through setting up data sources for detection using free tools and cover common detection types.