English | Size: 15 MB
Genre: eLearning
In Adversary Tactics: Tradecraft Analysis, we present and apply a general tradecraft analysis methodology for offensive TTPs, focused on Windows components. We discuss Windows attack techniques and learn to deconstruct how they work underneath the hood. For various techniques, we identify the layers of telemetry sources and learn to understand potential detection choke points. Finally, the course culminates with participants creating their own evasion technique and detection strategy. You will be able to use the knowledge gained to both use your telemetry to create robust detection coverage across your organization, and truly assess the effectiveness of that coverage.
Syllabus
Day 1
Understanding Abstraction
Attack and Detection Strategies
Naive PSExec Overview
Tradecraft Analysis Process
Capability Identification
Capability Deconstruction
IPC Mechanisms
Day 2
Understanding Telemetry
Securable Objects
Identifying Choke Points
Telemetry Source Identification
How EDR Tools Work
Organic Logging
SACLs
Function Hooking
Kernel Callback Functions
Etw
Day 3
Operationalizing Detection and Evasion Concepts
Operationalizing Telemetry
Understanding Attacker Controlled Fields
Operationalizing Detection Research
Operationalizing Evasion Research
Understanding the Triage, Investigation, and Remediation Process
Evading the Response Process
Documentation and Evaluation Metrics
Detection Documentation
Evasion Documentation
Day 4
Capstone
Defensive Capstone
Offensive Capstone
tbit.to/6vj5aifiqjgq/SpecterOps-AdversaryTactics-TradecraftAnalysis.rar.html
If any links die or problem unrar, send request to
forms.gle/e557HbjJ5vatekDV9