Overview
Workshop Outcome:
Through a guided, hands-on experience, you will learn from this workshop from exposure to the following:
- Work as a team to respond to security incidents
- Communicate clearly and effectively for incident management
- Triage alerts and identify events that require immediate attention
- Test and automate incident detection techniques
- Reverse engineer procedurally generated malware
- Contain and recover from security breaches
- Analyse adversary infrastructure and hack them back
Workshop Format and Complexity
- Basic Level: 5 to 10 machines, 1 or 2 adversary groups
- Moderate Level: 25 to 60 machines, 2 to 4 adversary groups
- Complex: +250 machines, +10 adversary groups
Intended Audience
Incident responders, security engineers, forensics analysts and security managers. The course is also suitable for Red Teamers and penetration testers looking to learn from defensive techniques employed by Blue Teamers and defenders.
Instructor(s):
This course is taught by experienced Mossé Security’s instructors. Our instructors have over 10 years of experience delivering penetration testing, red teaming and incident response services for a multitude of industries that have involved complex and multi-faceted approaches. Our instructors each possess the right balance of corporate experience and are competently skilled in presenting and teaching to groups.
Beyond their technical abilities and years of professional experience, our instructors are also trained teachers and public speakers. Their manner of teaching easily conveys their passion for computer security to every one of our students.
Course Outline
This workshop is a time-boxed event where the participants attempt to achieve the best results within a pre-set time limit.
Incident Preparation
- Establishing a baseline
- Create traps to be triggered by intruders
- Backup information
Incident Discovery
- Events triage and analysis
- Automation for incident detection activities
Crisis Management
- Leadership crisis strategies
- Defining the organization’s stance on the breach(es)
- Communicating with employees and senior management
- Communicating with 3rd parties
- Preparing a reparation strategy
Containment and Isolation
- Determine the scope of the breach
- Predict potential future victims
- Isolate the incident to prevent spreading to healthy systems
Eradication
- Determine the origin of the incident(s)
- Remove backdoors from compromised systems
- Devise strategies and tactics to prevent adversaries from coming back
Recovery and Improvement
- Restore compromised systems to their original state
- Perform post-incident analysis
- Update the incident detection and response playbooks
- Report to senior management
Offensive Countermeasures
- Reverse engineering malware toolsets
- Analysing command and control infrastructure
- Producing threat intelligence
- Hacking back the adversaries
Requirements
Technical Requirement
You will need to install a VPN software on your training laptop. This will allow you to access the training environment in the cloud.
On Windows, you will install OpenVPN. On OSX or Linux, it will be Tunnelblick.
MCSI will provide you a step-by-step guide to test your VPN connection ahead of the workshop.