shopping_cart$0.00 search menu Contact Us
Top Categories
Spotlight

todayMay 7, 2024

Cyber Security Hubbl3

Survivorship Bias and How Red Teams Can Handle It

Reporting is, by nature, only the threat actors that have been caught. What about all the ones that didn’t get caught? There is no way to examine that and It comes down to the fact that we don’t know what they did and therein lies the problem for threat emulation.

Week News
Top Voted

Advanced Threat Emulation: Evasion

September 13, 2023my_locationVirtual

Background
share close
Details
Date September 13, 2023 H 09:00
End September 14, 2023 H 17:00
Location Virtual
Book event
$2,999
Add to Google Calendar

Click here to add this event to your google calendar

About the event

Course Summary

This class will explore the theory behind malware obfuscation, starting with the Theory of Code Obfuscation and how it applies to Tactics, Techniques, and Procedures (TTPs) implemented by modern Advanced Persistent Threats (APTs). We will examine everything from standard variable obfuscation to control flow manipulation to data procedurization. Throughout the course, students will apply obfuscation theory to practical applications in hands-on labs.

Windows presents a vast attack surface and provides the Blue Team with many detection opportunities. Students will learn about evading Blue Team hunters by first learning how to build detections and then masking their signatures and exploiting indicators to decrease their detection probability. By the end of the course, students will be equipped with the knowledge to obfuscate open-source tools without necessitating custom tooling for use across a diverse and dynamic operations environment.

Course Schedule

Day 1:

Origin of Obfuscation

  • Detection Methodologies (AV 101)
  • Network vs Host indicators
  • Human vs Machine Analytics
  • Threat Specific Evasion TTPs

Code Obfuscation Theory

  • Layout Modification
  • Control Flow Manipulation
  • Data Masking and Transformation
  • Method substitution
  • Obfuscating Class Hierarchies

Practical Implementations of Obfuscation

  • Creating an Evasion Lab
  • Identifying “Known Bads”
  • Automated Obfuscation Tooling
  • Indicator Analysis

Day 2:

Windows Attack Surfaces

  • Overview of .NET Framework
  • PowerShell Security Features
  • Active Directory Basics
  • Offensive .NET
  • Implementing Windows Antimalware Scan Interface (AMSI) Bypasses
  • Evading Event Tracing for Windows (ETW) and Logging

.NET Security Features

  • Introduction to AMSI and FIleless Malware
  • Event Tracing for Windows (ETW)
  • Script Block & Module Logging
  • Offensive .NET (PowerShell, C#, DLR)

Evading Blue Team Hunt

  • Masking Network Traffic
  • Out of Band Communications
  • Leveraging Trust and Reputation
  • Prepping Your Panic Button
  • Distributive Architecture

Course Objectives

  • Understand the use and employment of evasion techniques
  • Demonstrate the concept of least obfuscation
  • Demonstrate obfuscation methodology for .NET payloads

What Students Will Be Provided With

  • 1-month lab access to our comprehensive course range through Immersive Labs
  • All course material
  • Course Swag & Coin
  • Certificate of Completion
  • Breakfast, Lunch, Beverages, and Snacks
  • Networking Social

Student Requirements

  • Intermediate knowledge of Offensive Security Tools
  • Familiarity with .Net (C#, PowerShell)
  • Willingness to learn in a fast-paced environment.

Hardware Requirements

  • Laptop with 8GB of RAM
  • Virtualization Software (VMware, VirtualBox, etc)
  • Up-to-date Kali Linux Virtual Machine
  • Modern Web Browser (Chrome, Firefox, etc)
  • Microsoft Office (any version) or OpenOffice
Rate it