Black Friday Sale Happening Now! Learn More

Ransomware Attack Simulation and Investigation for Blue Teamers

Course Authored by .

Ransomware Attack Simulation and Investigation for Blue Teamers with Markus Schober

As a cyber security defender and investigator, understanding ransomware attacks is crucial for effective response.

Course Length: 16 Hours

Includes a Certificate of Completion



Description

As a cyber security defender and investigator, understanding ransomware attacks is crucial for effective response.

In this workshop, participants will learn how attackers operate, set up a C2 infrastructure with Empire, and execute a simulated attack, step-by-step, from initial access all the way throughout post-exploitation phases, each student in their own Active Directory enabled lab environment.

Following, we will perform a full investigation of the scenario at hand, covering log and endpoint analysis at scale as well as data collection and digital forensics concepts. For this, the tools we are going to use are Splunk, Velociraptor and several industry-established digital forensic utilities.

Upon completion of the training, participants will have a better understanding of the steps ransomware threat actors take to achieve their objectives, as well as the best practices for detecting and ultimately preventing ransomware attacks.

  • Student Requirements
    • RDP access
    • Online Lab Provided
  • Online Lab Setup
    • Live response lab: Kali Linux, Windows Hosts, Splunk, Velociraptor
    • Forensic tools
    • Triage data collections and memory images

Syllabus

Day 1 (Offense):

    • Ransomware Attacks Overview

    • Attack Techniques and Fundamentals

    • Ransomware Attack Simulation with Empire C2

Day 2 (Defense):

    • DFIR Investigation Methodology

    • Ransomware Scenario Investigation

FAQ

Who Should Take This Course

This training is designed for entry and intermediate-level cyber security professionals seeking hands-on experience in understanding the execution of end-to-end Ransomware attacks and learning best practices for investigating and responding to such incidents.

About the Instructor

Pixel splash background
"I run a blue team training company"
Bio

Markus Schober is the founder of a blue team training and consulting company named Blue Cape Security. Prior to that, he served as a manger and Principal Security Consultant at IBM X-Force Incident Response. Over the past decade he has led numerous cyber security breach investigations for major organizations, where he specialized in Incident Response, Digital Forensics and Crisis Management.

Related products

Shopping Cart

No products in the cart.