Reporting is, by nature, only the threat actors that have been caught. What about all the ones that didn’t get caught? There is no way to examine that and It comes down to the fact that we don’t know what they did and therein lies the problem for threat emulation.
| Date | May 19, 2023 |
|---|---|
| End | May 19, 2023 |
| Location | HackMiami 2023 |
| Address | Marenas Beach Resort 18683 Collins Avenue Sunny Isles Beach, FL 33160 |
| Link | https://hackmiami.com/empire-operations-tactics-turla-with-anthony-cx01n-rose-and-jake-hubbl3-krasnov/ |
Click here to add this event to your google calendar
Description:
Empire Operations: Tactics is an intermediate-level course series that focuses on executing Advanced Persistent Threat (APT) Tactics, Techniques, and Procedures (TTPs) using Empire. In this hands-on course, students will evaluate Turla’s 2020 campaign for deploying backdoors and stealing sensitive documents in a targeted cyber-espionage campaign against high profile targets. Students will learn to execute specially crafted emulation plans to gain initial access using a Microsoft Office Remote Code Execution Vulnerability – Follina (CVE-2022-30190), Reflectively Load DLLs, and Dropbox C2 Communications. Students will learn the basics of IronNetInjector, Turla’s .NET injector built-in IronPython, and deploy Empire’s ultra-modern IronPython agent for emulation. Finally, attendees will master the individual components of Empire and apply them to executing a red team operation. The Turla TTPs learned throughout the course will be tested on a comprehensive range using a provided emulation plan.
Course Outline:
What will students be provided with:
Minimum Course Requirements:
Prerequisites:
Target Audience:
This course is aimed at intermediate red team operators who are looking to upgrade their skills in executing modern Advanced Persistent Threat (APT) Tactics, Techniques, and Procedures (TTPs).
