Course Description
The red team’s goal is to breach the organization by any means – whether it is by finding some long ago forgotten exposed FTP server, forging an employee badge or pretending to be the pizza delivery guy. The blue team needs to do all in its power to prevent that breach by thinking like an attacker and trying to prevent them from taking the next step.
In this training we’ll show why threat intelligence is critical for both sides – red and blue, and teach concrete tools and techniques for intelligence gathering and analysis that will make your work more effective – regardless of who you are.
“If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.”
-Sun Tzu, The Art of War
For quite some time now, an understanding exists in the Infosec world that you have to combine offensive and defensive techniques in order to achieve the best defense for your organization. We have been employing blue teams in the form of SOC, Network and IR teams and red teams who try to challenge them and the organizations to test the defenses.
In this training we’ll show why threat intelligence is critical for both sides – red and blue, and teach concrete tools and techniques for intelligence gathering and analysis that will make your work more effective – regardless of who you are.
You will learn:
- What is intelligence, how it translates to infosec and models such as the cyber kill chain
- Useful models of attackers’ thinking and behavior
- Techniques for collecting pre-operational intelligence for red teams such as usage of passive DNS, scanners and other data sources
- Techniques for collecting data and turning it into information and shareable knowledge about an attacking botnet infrastructure and tools such as MISP and CIF to support that.
- What is OPSEC, why you need it, and how to:
- Prevent the defenders from detecting you
- Prevent the attackers from noticing that you’ve detected them
- How to leverage different tools and technologies for your daily tasks both in the red and blue teams
Upon course completion, students will acquire offensive and defensive tools that will enable them to think both as attackers and defenders and immediately utilize the lessons and techniques to proactively integrate intelligence into their daily workflow.
Course contents
Day 1:
- Introduction to CTI & CTI models
- The Intelligence process
- Data Collection
Day 2:
- Data Sharing
- Search and Google hacking
- DNS
The following topics are spread throughout the different modules:
- Types of adversaries and ecosystems
- Introduction to attribution
- OPSEC
- Sinkholes
- Introduction to Underground forums/IRC
- Pastebin and data leaks
- Usage of Yara
- Overview of different events and war stories
- and more…
Target audience
Network analysts and defenders, SOC analysts, Incident responders, Red teamers and pen testers
Anyone who is interested in learning a new skillset that will allow them to get ahead of their adversaries
Trainer Biography
Irena Damsky is the founder of Damsky.tech – CTI Research, Training and Consulting. She is a security and intelligence researcher and developer based in Israel. Her focus is on threat intelligence, networking, malware & data analysis and taking out bad guys as she is running the company and provides the different services.
Prior to starting Damsky.tech, Irena held different roles in the industry from ranging from Threat intelligence leader to VP of Security Research and served over six years in the Israeli Intelligence Forces, where she now holds the rank of Captain in the Reserve Service. She is a frequent speaker at security events, holds a BSc and MSc in Computer Science, and is fluent in English, Russian, and Hebrew.
Website: https://damsky.tech
Twitter: @DamskyIrena
