SANS SEC565: Red Team Operations and Adversary Emulation

در دوره دوره SEC565: Red Team Operations and Adversary Emulation، یاد خواهند گرفت که چگونه تعاملات Red Teaming را که از تقلید دشمن استفاده می کنند، برنامه ریزی و اجرا کنند.، از جمله مهارت‌های سازمان‌دهی تیم قرمز، استفاده از هوش تهدید برای نقشه‌برداری در برابر تاکتیک‌ها، تکنیک‌ها و رویه‌های دشمن (TTP) استفاده می‌کند. به عنوان بخشی از این دوره، دانش‌آموزان شبیه‌سازی دشمن را علیه یک سازمان هدف که بر اساس یک محیط سازمانی مدل‌سازی شده است، انجام می‌دهند، از جمله اکتیو دایرکتوری، ایمیل‌ها، فایل سرورها و ویندوز و لینوکس. در دوره SANS SEC565، شما یاد خواهید گرفت که چگونه Red Teaming و به صورت شبیه سازی، موارد امنیتی را که دشمن برای یک سازمان به وجود می آورد را مشخص کنید. وظیفه اصلی یک تیم قرمز این است که به تیم آبی کمک کند. حمله به دفاع و دفاع از حمله خبر می دهد.

SANS SEC565 اپراتورهای Red Team را توسعه می‌دهد که قادر به برنامه‌ریزی و اجرای تعهدات مداوم و تکرارپذیر هستند که بر آموزش و اندازه‌گیری اثربخشی افراد، فرآیندها و فناوری مورد استفاده برای دفاع از محیط‌ها متمرکز هستند. در این دوره از هوش تهدید برای مطالعه دشمنان برای تقلید استفاده می کنید،یک طرح شبیه سازی دشمن میسازید، نقشه اقدامات MITRE® ATT&CK™ برای کمک به برقراری ارتباط با تیم آبی، زیرساخت انعطاف پذیر و پیشرفته C2 را ایجاد میکنید،امنیت عملیاتی را در طول یک تعامل حفظ میکنید، از دسترسی اولیه برای ارتقا و انتشار از طریق شبکه استفاده میکنید، اکتیو دایرکتوری را بررسی می کنید و به آن حمله میکنید، داده های حساس را به روشی ایمن جمع آوری و استخراج میکنید، یک تعامل را ببندید، ارزش ارائه دهید و برای آزمایش مجدد برنامه ریزی میکنید و …

Date: 2023
Price: $8,275 USD
Publisher: SANS
Format: Video + PDF
By: Jean-François Maes, Barrett Darnell, Jorge Orchilles

What You Will Learn

Penetration testing is effective at enumerating vulnerabilities, but less effective in addressing personnel and processes on the defense side. This can leave Blue Teams or defenders without sufficient knowledge of what offensive input to improve, in turn leaving organizations stuck in a cyclical process of just focusing on vulnerabilities in systems rather than on maturing defenders to effectively detect and respond to attacks.

In SEC565, students will learn how to plan and execute end-to-end Red Teaming engagements that leverage adversary emulation, including the skills to organize a Red Team, consume threat intelligence to map against adversary tactics, techniques, and procedures (TTPs), emulate those TTPs, report and analyze the results of the Red Team engagement, and ultimately improve the overall security posture of the organization. As part of the course, students will perform an adversary emulation against a target organization modeled on an enterprise environment, including Active Directory, intelligence-rich emails, file servers, and endpoints running in Windows and Linux.

SEC565 features six intensive course sections. We will start by consuming cyber threat intelligence to identify and document an adversary that has the intent, opportunity, and capability to attack the target organization. Using this strong threat intelligence and proper planning, students will follow the Unified Kill Chain and multiple TTPs mapped to MITRE® ATT&CK™(Adversarial Tactics, Techniques, and Common Knowledge) during execution. During three course sections, students will be immersed in deeply technical Red Team tradecraft ranging from establishing resilient and advanced attack infrastructure to abusing Active Directory. After gaining initial access, students will thoroughly analyze each system, pilfer technical data and target intelligence, and then move laterally, escalating privileges, laying down persistence, and collecting and exfiltrating critically impactful sensitive data. The course concludes with an exercise analyzing the Blue Team response, reporting, and remediation planning and retesting.

In SEC565, you will learn how to show the value that Red Teaming and adversary emulations bring to an organization. The main job of a Red Team is to make a Blue Team better. Offense informs defense and defense informs offense. SEC565 develops Red Team operators capable of planning and executing consistent and repeatable engagements that are focused on training and on measuring the effectiveness of the people, processes, and technology used to defend environments.

You Will Be Able To:

• Consume threat intelligence and plan a Red Team engagement
• Set up the required infrastructure to have a successful operation taking into account operational security
• Create weaponization that will allow you to infiltrate an organization
• Enumerate and extract valuable data required to achieve your objectives using automated tooling, but also manually, if required
• Move laterally and persist in a corporate network
• Elevate privileges using a variety of attack vectors and misconfigurations that you will now be able to identify
• Report your findings in a meaningful way to bring maximum value to your client

You Will Learn How To:

• Use threat intelligence to study adversaries for emulation
• Build an adversary emulation plan
• Map actions to MITRE® ATT&CK™ to aid in communicating with the Blue Team
• Establish resilient, advanced C2 infrastructure
• Maintain operational security throughout an engagement
• Leverage initial access to elevate and propagate through a network
• Enumerate and attack Active Directory
• Collect and exfiltrate sensitive data in a safe manner
• Close an engagement, deliver value, and plan for retesting

Syllabus

SECTION 1: Planning Adversary Emulation and Threat Intelligence
SECTION 2: Attack Infrastructure and Operational Security
SECTION 3: Getting In and Staying In
SECTION 4: Active Directory Attacks and Lateral Movement
SECTION 5: Obtaining the Objective and Reporting
SECTION 6: Immersive Red Team Capture-the-Flag