1. InfoconDB
  2. HOPE
  3. HOPE 2020 Virtual Rescheduled
  4. Incident Response and the ATT&CK Matrix

Incident Response and the ATT&CK Matrix

Presented at HOPE 2020 Virtual Rescheduled, July 25, 2020, 9 a.m. (240 minutes)

This workshop will help you practice techniques to detect, analyze, and respond to intrusions. You will construct targets and attackers on the Google cloud, and send attacks using Metasploit and Caldera to emulate APT attackers. Participants will monitor and analyze the attacks using Splunk, Suricata, Sysmon, Wireshark, Yara, and online analysis tools including PacketTotal and VirusTotal. The ATT&CK Matrix will be covered in detail, which enumerates threat actors, tactics, and techniques, so red and blue teams can better communicate and work together to secure networks. The workshop is structured in a Capture the Flag format. Each participant works at their own pace. The techniques will be demonstrated, with complete step-by-step instructions to lead beginners through the easy challenges. There are also harder challenges for more experienced participants. We will help participants as needed, to ensure that everyone learns new techniques. Participants need a credit card and a few dollars to rent Google Cloud servers. Debian Linux and Windows Server 2016 systems will be used. All the tools used are freely available, and all the training materials will remain available to everyone after the workshop ends. https://wiki.hope.net/index.php?title=Incident\_Response\_workshop

Presenters:

  • Elizabeth Biddlecome
    **Elizabeth Biddlecome** is a consultant and instructor, delivering technical training and mentorship to students and professionals. She is a senior instructor for infosec and leverages her enthusiasm for architecture, security, and code to design and implement comprehensive information security solutions for business needs. Elizabeth enjoys wielding everything from soldering irons to scripting languages in cybersecurity competitions, hackathons, and CTFs.
  • Sam Bowne
    **Sam Bowne** has been teaching computer networking and security classes at City College San Francisco since 2000, and is the founder of Infosec Decoded, Inc.

Links:

Similar Presentations: