Ransomware Attack Simulation and Investigation for Blue Teamers with Markus Schober
Overview
- Course Length: 16 hours
- Support from expert instructors
- Includes a certificate of completion
- 12 months access to Cyber Range
As a cyber security defender and investigator, understanding ransomware attacks is crucial foreffective response.
In this workshop, participants will learn how attackers operate, set up a C2 infrastructure with Empire, and execute a simulated attack, step-by-step, from initial access all the way throughout post-exploitation phases, each student in their own Active Directory enabled lab environment.
Following, we will perform a full investigation of the scenario at hand, covering log and endpoint analysis at scale as well as data collection and digital forensics concepts. For this, the tools we are going to use are Splunk, Velociraptor and several industry-established digital forensic utilities.
Upon completion of the training, participants will have a better understanding of the steps ransomware threat actors take to achieve their objectives, as well as the best practices for detecting and ultimately preventing ransomware attacks.
Day 1 (Offense):
- Ransomware Attacks Overview
- Attack Techniques and Fundamentals
- Ransomware Attack Simulation with Empire C2
Day 2 (Defense):
- DFIR Investigation Methodology
- Ransomware Scenario Investigation
Wild West Hackin’ Fest (Oct 8th – Oct 9th, 2024) – Deadwood, SD
- October 9th – 8:30 AM to 5:00 PM MDT
- October 8th – 8:30 AM to 5:00 PM MDT
Wild West Hackin’ Fest at Mile High (Feb 4th – Feb 5th, 2025) – Denver, CO
- February 4th – 8:30 AM to 5:00 PM MDT
- February 5th – 8:30 AM to 5:00 PM MDT
Who Should Take This Course
This training is designed for entry and intermediate-level cyber security professionals seeking hands-on experience in understanding the execution of end-to-end Ransomware attacks and learning best practices for investigating and responding to such incidents.
Student Requirements
- RDP access
- Online Lab Provided
Online Lab Setup
- Live response lab: Kali Linux, Windows Hosts, Splunk, Velociraptor
- Forensic tools
- Triage data collections and memory images
This class is available for training at both WWHF Deadwood 2024 and
WWHF Mile High 2025. For more information about our conferences, visit
Wild West Hackin’ Fest!