Home > IT-Pro Speaker Training > Paula Januszkiewicz > AME2020 pre-con: Red Team - Blue Team Operations -- 2 day Masterclass by Paula Januszkiewicz

Course information

AME2020 pre-con: Red Team - Blue Team Operations -- 2 day Masterclass by Paula Januszkiewicz

LocationDateDaysPrice
Culemborg (NL) or RemoteWednesday 7 October 20202€ 1.495,00Register now

This is a deep dive course on Red Team – Blue Team Operations: the cyber kill chain - reconnaissance, attack planning and delivery, system exploitation, privilege escalation and lateral movement, anomalies detection, discovery of industry attacks and threats, understanding how compromised system or solution looks like, defining the indicators of the attack, and incident
handling.

On completion of this course you will be able to:
1. Analyze emerging trends in attacks
2. Identify areas of vulnerability within your organization
3. Prepare a risk assessment for your organization
4. Report and recommend countermeasures
5. Develop a threat management plan for your organization
6. Organize Red Team – Blue Team exercises

Materials:
Author’s unique tools, presentations slides with notes, workshop instructions.

Certification:
At the end, participants will receive the online Certificate of attendance signed by Paula Januszkiewicz.

Course prerequisites:
To attend this training, you should have a good understanding of basic security concepts, as well as, good hands-on experience in working with Windows and Linux infrastructure (as administrator or developer). At least 5 years in the field is recommended.

Who should attend this course:
Red team and blue team members, enterprise administrators, infrastructure architects, security professionals, systems engineers, network administrators, IT professionals, security consultants and other people responsible for implementing network and perimeter security.

This is a 2-day training with demos,material, pragmatic, reasonable and smart explanations from the leading global security expert with access to the Windows source code: Paula Januszkiewicz.

 

Class Content:

Module 1: Identifying Areas of Vulnerability
This part introduces the new cybersecurity challenges and trends, emphasizing on data security and integration through and into the cloud and the challenges of the coordination of the cloud and on-premise security solutions. Security is a business
enabler, and it is only when it is viewed from a business perspective that we can truly make the right decisions. You will learn how to define values of your company which needs to be protected or restricted. You will know how to find obvious and not so obvious sensitive information which can be monetized by adversaries. Having that scope defined and knowing your resources you will know where the biggest gaps in your security posture are.

1. Defining the assets which your company needs to protect
2. Defining the other sensitive information that needs to be protected

Module 2: Reconnaissance
The term Cyber Kill Chain defines the steps used by cyber attackers in today’s cyber based attacks. The reconnaissance is the first phase, during which the attacker gathers information on the target before the actual attack starts. The data gathering is essential skill of every red teamer. From blue teamer perspective, it is crucial to understand what kind of information is publicly available and to learn how to protect that information.
1. Open Source Intelligence (OSINT)
2. Google hacking
3. DNS
4. Shodan
5. Physical reconnaissance
6. Port scanning

Module 3: Weaponization
After successful data gathering, advanced attacker will prepare dedicated tools and attacks scenarios to increase chances of successful attack. For example, known vulnerability in identified product could be exploited in order to execute remote code or spawn remote shell into internal network.
1. Generating malicious payload
2. Hiding malicious content in Office Suite documents
3. Reverse shells
4. Metasploit
5. AV evasion techniques

Module 4: Delivery
Without remote code execution vulnerability even the most sophisticated payload needs to be delivered to the victim. There are plenty of ways to achieve that so blue team needs to ensure that payloads are detected and blocked at early stage.
1. Building phishing campaign
2. Enabling phishing protection
3. Smart Screen
4. Secure proxy
5. Sinkholing

 

Module 5: Exploitation and Installation
After successful delivery, malicious code exploits a vulnerability to execute code on victim’s system. There are many mechanisms that, if properly configured, significantly reduce attack scope.
1. Types of vulnerabilities
2. Anti-Virus
3. Firewall
4. Application Whitelisting
5. Living Off the Land Binaries
6. Exploit Guard
7. AMSI

Module 6: Privilege escalation
The successful exploitation attack often results in code execution with limited privileges. Both, red teamers and blue teamers should be familiar with common techniques and misconfigurations allowing for privilege escalation.
1. Privileged accounts
2. System services security
3. Common misconfigurations
4. Security tokens

Module 7: Lateral movement
The next after gaining admin privileges on single host is lateral movement that gives access to additional resources within the company. Before red teamer can reach Domain Controller or other critical servers, blue team can implement numerous protections against that threat.
1. Credential harvesting
2. Mimikatz
3. Responder
4. Pass-the-hash
5. LAPS
6. Defender ATP

Module 8: Persistency
Even after attack is stopped and contained, the attacker will want to ensure persistency and possibility of returning to compromised host.
1. Sleeping agents
2. Piggybacking on network packets
3. Sysinternals

 

 

 

Facilities and catering:

The training classrooms are equiped with state-of-the-art systems which are fully preconfigured for the concerning training.

During the trainingcourse coffee, tea and softdrinks are available. The lunchbreak includes fresh sandwiches of your own choice. This lunch is included in the trainingscourse price.

About the trainer - Paula Januszkiewicz

Paula Januszkiewicz is the CEO and Founder of CQURE Inc. and CQURE Academy. She is also Cloud and Datacenter Management MVP, honorable Microsoft Regional Director for CEE and a world class cybersecurity expert, consulting Customers all around the world.

In 2017, she graduated from Harvard Business School. Her quality-driven approach, extreme attention to details and conference speaking publicity have brought CQURE, at its early stage, to the never-ending world of hacks, forensics, data theft and other security challenges. Paula established CQURE in 2008 and since then she has continued to build the team’s professional image and cybersecurity skills, currently owning and managing CQURE departments in New York (US), Dubai (UAE) and Zug (Switzerland), additionally to headquarters in Warsaw (Poland). Currently, CQURE Team’s exceptional quality, unique cybersecurity knowledge, great experience as well as excellent skills are in high demand on the enterprise market.

Paula has 15 years of experience in the cybersecurity field, performing penetration tests, architecture consulting, trainings and seminars. She has performed hundreds of security projects, including those for governmental organizations and big enterprises, at the same time being a top speaker and a keynote speaker at many well-known conferences, including Microsoft Ignite (rated No 1 Speaker among 1100 speakers at a conference with 26000 attendees), RSA (in 2017 in San Francisco her session was one of the 5 hottest sessions), Black Hat, TechEd North America, AppManagEvent, TechEd Europe, TechEd Middle East, CyberCrime etc., where she is often rated as No 1 speaker. Her presentations gather thousands of people. In 2019, Paula’s presentation was voted best of Black Hat Asia 2019 Briefings!

She also creates security awareness programs for various organizations, including awareness sessions for top management (telecoms, banks, government etc.). In private, she enjoys working with her research team, converting the results of her findings to authored leading-edge trainings and tools used in practice in projects. She wrote a book about Threat Management Gateway and she’s currently working on the next one. Recently, Paula has become a member of the Technical Advisory Board at Royal Bank of Scotland - helping to keep its security at the highest level possible.

She was granted access to a source code of Windows, an honor that just a few people around the world have!

Paula's presentations at Microsoft events:
https://channel9.msdn.com/Events/Speakers/Paula-Januszkiewicz

Paula Januszkiewicz



Reviews ...

"Your presentation made a huge impression on me not only from technical side, but most of all because of your passion. Whole meeting has been so inspiring for me, but at the same time I’ve felt that painfully lack of knowledge. Your presentation showed me how true is saying that “The more you know, the less you know” J But it only gives me big kick to work even harder and to acquire new knowledge. Right now I dream of 48-hours-days. Thank you so much for being with us!"

"Paula Januszkiewicz is a legend and probably the best speaker in the world. Each session on MTS always drawn a crowd and it makes it even more appreciated. The skills and knowledge with a pinch of humor is the best combination – and many people are forgetting about it. Subject of the session is always up to date, useful. We can feel after it like real IT-pros, because we can see by ourselves whether issue works. And everything what Paula shows, we can easily introduce into our life and be safer. We are looking forward to you next year!"

"I really enjoyed Paula’s humor and presentation skills. Besides being scared out of my mind about the vulnerabilities that exist in my environment, she was very intelligent and presented ideas and information very well. I will be looking for more sessions that she is leading. Great job!"

"I wanted to thank you again for the amazing course I had the chance to be part of! I was so bluffed all the time. You might have felt that sometime we where not to be concentrated in the exercises and a bit quiet… but what you did for me is lot’s more than just giving us labs. You gave me back the passion and the fire to want to learn every day more. You had yourself that light in your eyes that made it so interesting to listen to, and I loved all your fabulous inside stories. More, not only are you a passionate ‘geek’ and very professional IT person, also do you share the joy to live and to travel and see the world! For all that and the positive energy I keep from this week, I wanted to say a big THANK YOU!!!!!  I wish you all the best and very good time both in IT and in life."

LocationDateDaysPrice
Culemborg (NL) or RemoteWednesday 7 October 20202€ 1.495,00Register now