Ransomware Attack Simulation and Investigation for Blue Teamers w/ Markus Schober
March 14 @ 9:00 am – March 15 @ 6:00 pm EDT
Instructor: Markus Schober
Course Length: 16 Hours
Includes: Twelve months of complimentary access to the Antisyphon Cyber Range, certificate of participation, six months access to class recordings.
|Thursday, March 14, 2024:
|9:00 AM – 5:00 PM*
|Friday, March 15, 2024:
|9:00 AM – 5:00 PM
All times are Eastern.
This class is part of the The Most Offensive Con that Ever Offensived March 2024 Summit. Registration for any The Most Offensive Con that Ever Offensived March 2024 Summit class includes registration for the summit and all of its presentations, talks, and streams.
Clicking on the button above will take you
to our registration form.
As a cyber security defender and investigator, understanding ransomware attacks is crucial for
effective response. In this workshop, participants will learn how attackers operate, set up a C2
infrastructure with Empire, and execute a simulated attack, step-by-step, from initial access all
the way throughout post-exploitation phases, each student in their own Active Directory
enabled lab environment.
Following, we will perform a full investigation of the scenario at hand, covering log and
endpoint analysis at scale as well as data collection and digital forensics concepts. For this, the
tools we are going to use are Splunk, Velociraptor and several industry-established digital
Upon completion of the training, participants will have a better understanding of the steps ransomware threat
actors take to achieve their objectives, as well as the best practices for
detecting and ultimately preventing ransomware attacks.
This training is designed for entry and intermediate-level cyber security professionals seeking
hands-on experience in understanding the execution of end-to-end Ransomware attacks and
learning best practices for investigating and responding to such incidents.
- RDP access
- Online Lab Provided
Online Lab Setup
- Live response lab: Kali Linux, Windows Hosts, Splunk, Velociraptor
- Forensic tools
- Triage data collections and memory images
Day 1 (offense):
- Ransomware Attacks Overview
- Attack Techniques and Fundamentals
- Ransomware Attack Simulation with Empire C2
Day 2 (defense):
- DFIR Investigation Methodology
- Ransomware Scenario Investigation
Trainer & Author
Markus Schober is the founder of a blue team training and consulting company named Blue Cape Security. Prior to that, he served as a manger and Principal Security Consultant at IBM X-Force Incident Response. Over the past decade he has led numerous cyber security breach investigations for major organizations, where he specialized in Incident Response, Digital Forensics and Crisis Management. He also advised organizations on building strong cyber security programs and conducted trainings, workshops and exercises for technical as well as executive audiences. He also has a background in software engineering in both the United States and Europe.
Instructor Twitter Handle: @mascho