FIRST Conference: (Advanced) Purple Teaming - BlueTeam Edition

Table of Contents

Abstract

How do the bad guys can breach our defenses so fast? In this training, we will touch on different advanced topics that will give you a better understanding of how attacks are carried out and how we can protect ourselves better against them.

  • Windows Credentials: The various forms of credentials and how they are used during authentication. We will learn how attackers can steal these credentials and move laterally with these credentials.
  • Active Directory: Advanced attacks like Abusing GenericALL / WriteDACL and Delegations
  • AV Evasion: It’s easier than you might think
  • AMSI: Background and internals of the mighty Anti-Malware-Scan-Interface
  • Meet the Shellcode Runners: How to create malicious documents and files which will infect our lab machines
  • Process Injection: And how to stay under the radar once the infection occurred
  • Bypassing Applocker: If time permits, we will dig into the art of bypassing Applocker to learn how to protect it better.

Source: FIRST

(Advanced) Purple Teaming - BlueTeam Edition

Figure 1: (Advanced) Purple Teaming - BlueTeam Edition

Training

No slides and or video material publicly available.