Ransomware Attack Simulation and Investigation for Blue Teamers Training

OVERVIEW

As a cyber security defender and investigator, we mostly only get to see a backwards perspective on how attacks unfolded, typically from impact and ransomware execution we are trying to make our way back in time to understand the scope and initial infection vectors of a breach. This is why it can help tremendously to be familiar with the typical TTPs that often employed by ransomware threat actors. This workshop will provide hands-on training on performing a typical ransomware attack in a Windows lab environment, using PowerShell Empire.

Participants will gain an understanding of the techniques and tactics used by ransomware attackers, from initial access and reconnaissance to privilege escalation, credential dumping, lateral movement, defense evasion, data exfiltration, and encryption. Individual online lab access will be provided via RDP to follow along with the instructor throughout the workshop. By the end of the workshop, attendees will have a better understanding of the ransomware attack lifecycle, the tactics used by ransomware attackers and how to detect, respond and ultimately prevent them.

STUDENT PREREQUISITES

  • Students will need a laptop with a modern browser.
  • Students will need to connect to the provided WiFi and access cloud resources in order to do the labs.
  • This course is designed for beginner and intermediate level professionals in blue teaming roles and may also be valuable to seasoned professionals who have not had an opportunity to work with attack tools.
  • The workshop assumes basic knowledge of Windows systems, fundamental knowledge of networking, and an understanding of how Command and Control infrastructure works.
  • Students should also be familiar with the forensic process, basic forensic artifacts, and basic knowledge of using SIEMs for log analysis.

Presented By

MARKUS SCHOBER
MARKUS SCHOBER
Founder,
Blue Cape Security