Attack Detection Fundamentals

A NEW 4-PART WORKSHOP SERIES | JUNE 24 - JULY 15 2020

Improve how you use the detection techniques in your existing enterprise stack and get to grips with some you’ve probably not heard of. Our consultants will refer to live attack examples (like Emotet), explain how each detection technique is effective against different attacks, and map detection techniques to the cyber kill chain. Expect hands-on demonstrations that you can start using straight away.

Workshop 4

15 Jul 2020

16:00 - 17:00 BST

Online

C2/C3 and exfiltration - with Jordan LaRose and Derek Stoeckenius

  • Learn about commonly-used Command and Control (C2) channels including HTTP and DNS. 
  • Make use of open-source tools to detect C2 traffic. 
  • Explore how threat actors use legitimate services, like Dropbox, to hide C2 traffic, through demonstrations with F-Secure's C3 framework.  

Past workshops

WORKSHOP #1: INITIAL ACCESS - WITH ALFIE CHAMPION AND RICCARDO ANCARANI | June 24 2020

Alfie and Riccardo kicked off Attack Detection Fundamentals with a workshop on initial access. In this video:

  • Learn the techniques threat actors use to bypass mail filtering controls and obtain foothold 
  • Make use of open-source tools to emulate the initial access vectors of Emotet and those used in Operation Cobalt Kitty 
  • Learn how to detect these attacks using endpoint logs or memory analysis

WORKSHOP #2: Code execution and persistence - with Anartz Martin | July 1 2020

In workshop #2, Anartz Martin helps you get to know code execution and persistence tactics. Follow along with demos that illustrate the techniques used by attackers in the wild to: 

  • Run malicious code to gain foothold on a target’s system (code execution) 
  • Maintain this system access consistently through reboots, credential changes, and other operational interruptions (persistence) 
  • Consultants will also cover how code execution and persistence can be detected before attackers advance further down the kill chain. 

WORKSHOP #3: Discovery and lateral movement - with Alfie Champion | July 8 2020

Alfie Champion is back for workshop #3 to explore and demo opportunities to detect attackers, in a session focused on discovery and lateral movement.

  • Detect an attacker as they seek to discover high-value assets within your environment, including file shares and Active Directory groups. 
  • Observe how attackers could pivot through open shares to hide their lateral movement, using C3 as an example. 
  • Identify detection strategies for lateral movement using legitimate system administration tools. 

Find out more