In the ever-changing cyber world today, a better way to protect your network and defence-in-depth of your assets is to understand your adversary tactics and techniques.
The primary aim of this workshop is to equip the participants with the necessary cyber security skill sets from both sides of the world: the RED Team and the BLUE Team. The RED Team focuses on penetration testing of different systems and the levels of security programmes, to detect, prevent and eliminate vulnerabilities, while the BLUE Team finds ways to defend, change and regroup defence mechanisms making incident response much stronger.
Course Introduction and Objectives
Day 1: Hands on Red Team & Metasploit Kung Fu
A lab with different types of clients and servers (e.g. web servers, mail servers, DNS servers, log servers, Windows client, etc.) is built to simulate real-life environment for Red Team and Blue Team to experience how attacks are launched and logs server / alert system will react.
Lab Infrastructure and Environment Setup
1. Introduction of the lab infrastructure
2. Install Kali Linux on laptops
3. Set up of environment (connect to lab server)
Red Team Exercise
1. Methodology of Red Team testing
2. Reconnaissance of the targets in the lab
3. Identifying the targets, e.g. ports, services, application version
5. SQL map attack
6. Metasploit payload generation
7. Deploying payload to different targets
8. Writing payload to the target
9. Maintaining access of the targets
10. Reporting guidelines
Day 2: Hands on Blue Team & Final Challenge
Blue Team Exercise
- Familiarising with log servers and agents in the Lab
- Analysing the logs
- Differentiating attack logs from normal logs
- Setting up alerts of abnormal behaviour
- Setting up rules for actions on different type of attacks
- Generating charts for analysis
- Given vulnerable servers, participants are required to attack the target and get the secret from it. At the same time, participants are required to analyse the logs to determine what sort of attacks are launched and set up alerts.
Day 3: Malware and Targeted Attack Analysis & Simulation
Introduction and Simulation
- What is targeted attack?
- What are their indicators?
- How can we simulate the attacks and what can the blue team see?
From indicators to deep analysis
- Malware analysis primitive: static and dynamic analysis with recent attack sample
- Yara rules primitives
- IOC primitives
Day 4: Advanced Blue Team Techniques: Attack
Malware Detection with Machine Learning
- What is machine learning?
- What kind of indicators do we have in malware and attack server logs? (Ken/Byron)
- How to train the machine learning model?
- Discussion and hands-on with machine learning for attack logs (Ken/Byron)
- Discussion and hands-on with machine learning framework for malware analysis
Date : 3 – 4 & 10 – 11 Jun 2021 (Every Thurs – Fri)
Time: 09:30 – 17:00
Early bird price on or before 3 May 2021
-Non-member: HK$17,200 per person
-Member of Supporting Organisations: HK$16,800 per person
-Non-member: HK$17,600 per person
-Member of Supporting Organisations: HK$17,200 per person
This course is an approved Reindustrialisation and Technology Training Programme (RTTP), which offers up to 2/3 course fee reimbursement upon successful applications. For details: https://rttp.vtc.edu.hk.
Participants desire to acquire in-depth technical knowledge:
- Blue Team Members
- Red Team Members
- IT Auditor
- Penetration Tester
- Incident Responder
Mr Anthony LAI
Founder & Security Researcher, VX Research Limited
Anthony LAI is the holder of SANS GREM (Gold Paper) since 2010 (Level 3 in Incident Response Management) and SANS GXPN (Level 3 of Penetration Test). He has over 15 years of experience in information security and quality assurance, including penetration test, exploitation research, malware analysis, threat analysis, reverse engineering, and incident response and management.
Mr Alan HO
Red Team Engineer, VX Research Limited
Alan HO is the holder of OSCP and SANS GWAPT certified security professional. He has over 10 years of experience in the information security industry, including penetration testing, security assessment, incident response, security operation planning, and investigation.
Certificate of Training
Participants who have attained 75% or more attendance of lecture will be awarded an Attendance Certificate.