Ransomware Attack Simulation and Investigation for Blue Teamers w/ Markus Schober
June 20 @ 9:00 am – June 21 @ 6:00 pm EDT
Instructor: Markus Schober
Course Length: 16 Hours
Includes: Twelve months of complimentary access to the Antisyphon Cyber Range, certificate of participation, six months access to class recordings.
Class Dates | Class Times |
---|---|
Thursday, June 20, 2024: | 9:00 AM-6:00 PM* |
Friday, June 21, 2024: | 10:00 AM-6:00 PM |
This class is part of the Incident Response Summit. Registration for any Incident Response Summit class includes registration for the summit and all of its presentations, talks, and streams.
Clicking on the button above will take you
to our registration page on the website.
Pricing:
Course Description
As a cyber security defender and investigator, understanding ransomware attacks is crucial for
effective response. In this workshop, participants will learn how attackers operate, set up a C2
infrastructure with Empire, and execute a simulated attack, step-by-step, from initial access all
the way throughout post-exploitation phases, each student in their own Active Directory
enabled lab environment.
Following, we will perform a full investigation of the scenario at hand, covering log and
endpoint analysis at scale as well as data collection and digital forensics concepts. For this, the
tools we are going to use are Splunk, Velociraptor and several industry-established digital
forensic utilities.
Upon completion of the training, participants will have a better understanding of the steps ransomware threat
actors take to achieve their objectives, as well as the best practices for
detecting and ultimately preventing ransomware attacks.
Audience
This training is designed for entry and intermediate-level cyber security professionals seeking
hands-on experience in understanding the execution of end-to-end Ransomware attacks and
learning best practices for investigating and responding to such incidents.
Requirements
- RDP access
- Online Lab Provided
Online Lab Setup
- Live response lab: Kali Linux, Windows Hosts, Splunk, Velociraptor
- Forensic tools
- Triage data collections and memory images
Agenda
Day 1 (offense):
- Ransomware Attacks Overview
- Attack Techniques and Fundamentals
- Ransomware Attack Simulation with Empire C2
Day 2 (defense):
- DFIR Investigation Methodology
- Ransomware Scenario Investigation
Trainer & Author
Markus Schober is the founder of a blue team training and consulting company named Blue Cape Security. Prior to that, he served as a manger and Principal Security Consultant at IBM X-Force Incident Response. Over the past decade he has led numerous cyber security breach investigations for major organizations, where he specialized in Incident Response, Digital Forensics and Crisis Management. He also advised organizations on building strong cyber security programs and conducted trainings, workshops and exercises for technical as well as executive audiences. He also has a background in software engineering in both the United States and Europe.