CyberWarOps: Red and Blue Team Joint Operations

Trainer Name: Manish Gupta , Yash Bharadwaj

Title: CyberWarOps: Red and Blue Team Joint Operations

Duration: 4 Days

Dates: Sept. 23, 2021 To Sept. 26, 2021

Time: 10 a.m. To 2 p.m.


Objective:
Adversaries are rapidly adapting the convoluted offensive techniques that are focused to circumvent the defense mechanism in order to accomplish their motive on the attack surface.


"CyberWarOps: Red and Blue Team Joint Operations" aims to provide the attendees with insights into the offensive techniques used by the red team and defensive techniques employed by the blue teams in an enterprise. From the Red Team perspective, attendees will not only understand the advanced Real-World Cyber Attacks but also simulate Tactics, Techniques, and Procedures (TTP's) widely used by APT groups. However, from the Blue Team perspective, the trainee will understand how to Monitor, Detect, Analyse and then Respond against the real-time attacks performed by the red team.


CyberWarOps Red Team Highlights:

  • Extensive OSINT activities
  • Custom Web Exploitation
  • Remote Access services exploitation
  • Multiple segregated networks with updated Linux & Windows operating servers/workstations
  • Exploiting combination of Linux & Windows machines under Active Directory environment
  • Abusing mis-configurations of enterprise security solutions etc.
  • The exploitation of widely used enterprise automation software’s
  • Manipulating active users browsing (User Simulation)
  • Bypassing Enterprise Security Solutions

CyberWarOps Blue Team Highlights:

  • Real-Time Attack monitoring
  • Host and Network-based security solution
  • Real-Time Network Traffic Analysis
  • Endpoint Detection and Response solution
  • Digital Forensics and Incident Response
  • Analyzing and Detecting corresponding Multi-Hybrid Threats

Course Outline:

Day 1:
1. Introduction to Purple Teaming

  • Cyber Threat Intelligence and Mitre ATT&CK Framework
  • Red Teaming and Cyber Kill Chain
  • Blue Teaming and Mitre Shield Framework

2. Adversary Attack Simulation - Red Team

  • Active Directory Environment
  • Containerized Environment
  • CI/CD Pipeline Environment
  • Automated Attack Simulation

3. Adversary Attack Detection - Blue Team

  • Host-Based Attack Detection & Analysis
  • Network-Based Attack Detection & Analysis
  • Active Directory-Based Attack Detection & Analysis
  • Digital Forensics & Incident Response
  • Threat Hunting

Day – 2
4. Purple Team Exercise - Red & Blue Team Joint Operation

  • IOC, MTTC, MTTP and MTTD
  • APT Groups TTPs Simulation and Detection - Initial Access to Data Exfiltration
    • Linux
    • Window
    • Multi-Cloud

5. Cyber Range Lab

  • Lab Architecture
  • How to access the lab?
  • How to execute the Red / Blue Team operations?

Trainees should bring:

  • A system with at least 4GB RAM having Virtualization support.
  • Open VPN Client
  • Updated Web Browser.

Pre-Requisites:

  • Fair Knowledge of Networking and Web Technology
  • An Open mind

Target Audience:
The targeted Audience may include the following group of people:

  • Penetration Testers
  • System Administrators
  • Security Analysts
  • Blue & Red Teamers
  • Last but not least, anyone who is interested in learning the nature of the adversaries

Trainees Takeaway:

  • Soft Copy of the Course Content.
  • Great Knowledge about the Offensive Techniques used by adversaries.
  • Defense Tactics & Techniques aligned with MITRE shield framework.
  • 7 Days access to Purple Team Adversary Simulation Lab or Red Team Adversary Simulation Lab

About the Trainer

Manish Gupta is a Red Team Security Engineer at Citrix in India. Where he specializes in Offensive Security and Red Teaming Activities on enterprise Environment. A part-time Bug Bounty Hunter and CTF Player. His Research interest includes Real World Cyber Attack Simulation and Advanced persistent Threat (APT). Previously he has spoken at reputed conferences like Blackhat USA 19, DEFCON 19, Nullcon 2020, BSIDES CT 20 where he showcased his red teaming toolkit "PivotSuite". He is currently working on developing Open-Source Offensive Security Toolkit which helps Red Teamers / Penetration Testers.

Yash Bharadwaj is currently working as Red Team Security Researcher at CyberWarFare Labs. He is highly attentive towards finding, learning and discovering new TTP’s used during offensive engagements. His area of interest includes (not limited to) evading AV & EDR, Securing Active Directory infrastructure and Advance Windows & cloud-based attacks. Previously he has delivered hands-on Trainings / Workshops at BSIDES Ahmedabad 19, OWASP Seasides 19, BSIDES Delhi 20, BSIDES Connecticut 20, OWASP APPSEC Indonesia 20, CISO Platform 21.