Reporting is, by nature, only the threat actors that have been caught. What about all the ones that didn’t get caught? There is no way to examine that and It comes down to the fact that we don’t know what they did and therein lies the problem for threat emulation.
| Date | July 1, 2023 H 08:00 |
|---|---|
| End | July 1, 2023 H 17:00 |
| Location | Defcon Las Vegas |
| Address | Caesars Forum, Las Vegas |
Click here to add this event to your google calendar
Empire Operations: Tactics (APT28) is an intermediate-level course that focuses on executing Advanced Persistent Threat (APT) Tactics, Techniques, and Procedures (TTPs) using Empire. In this hands-on course, students will evaluate the 2021-2022 exploitation campaign from Fancy Bear (APT28) using MSHTML RCE (CVE-2021-40444) in macro-enabled docs, OneDrive C2 communications, and C# payloads. Next, attendees will learn the individual components of Empire and how to apply them to execute a red team operation. Key topics that will be taught are building C2 infrastructure, deploying customized payloads in C# and PowerShell, and creating tailored scripts for engagements. Finally, the Empire TTPs learned throughout the course will be tested on a comprehensive range using an emulation plan provided on APT 28.
Day 1
Day 2
Intermediate – Basic understanding of Empire or another C2 framework is preferred.
