NEW SANS Stay Sharp Training - Live Online: Quickly sharpen your skills with 2-day management courses. Save 25% thru tomorrow!


To attend this webcast, login to your SANS Account or create your Account.

Tech Tuesday Workshop - C2Matrix - Know Your Tool CTF

  • Tuesday, August 25, 2020 at 1:00 PM EDT (2020-08-25 17:00:00 UTC)
  • Jorge Orchilles

You can now attend the webcast using your mobile device!



Red Team needs to know what their tools and payloads do before they deploy them in target environments. How can offensive security professionals understand the Indicators of Compromise without understanding a little bit of the Blue Team side? This workshop will introduce the C2 Matrix, the various tools, capabilities, and features as well as the detective tools one can use to monitor and understand what the generated payloads do. Students will take a look at a few payloads that were generated with various C2 frameworks. They will then answer questions in a CTF format. We will show how to install and setup both Sysmon and Wireshark on your Windows virtual machine, how to create your own payloads, and then identify the Indicators of Compromise in your own environment. The CTF will be optional if you would like to challenge yourself and a full walk-through will be provided at the end.

System Requirements:

  • Virtualization Software capable of running†VMWare 14 Workstation compatible†VMs
  • 30 GB Free Hard Drive Space
  • 8 GB Memory
  • Your†VMs will require access to the internet if playing the CTF
  • Please setup BEFORE THE WORKSHOP: 2 Virtual Machines - an attacker and a victim
  • The attacking system will be the SANS Slingshot C2 Matrix Edition virtual machine. Download and start it up before the workshop:†
  • You will need to bring your own Windows virtual machine to play the role of victim. Please download and install Wireshark on your Windows system beforehand:†

*Please note that this WILL NOT be recorded.†Due to the nature of these workshops, many have a capacity limit and will not be made available for archive. To help us offer this opportunity to as many people as possible, we are asking that you please only register if you plan to attend live.

Speaker Bio

Jorge Orchilles

Jorge Orchilles is the Chief Technology Officer of SCYTHE and co-creator of the C2 Matrix project. He is a SANS Certified Instructor and the author of Security 564: Red Team Exercises and Adversary Emulation. He was a founding member of MITRE Engenuity Center of Threat-Informed Defense. He is a Fellow at the Information Systems Security Association (ISSA) and National Security Institute. Prior, Jorge led the offensive security team at Citi for over 10 years.

He also co-authored Common Vulnerability Scoring System (CVSS) and A Framework for the Regulatory Use of Penetration Testing in the Financial Services Industry, and author of Microsoft Windows 7 Administratorís Reference. Jorge holds post-graduate degrees from Stanford and Florida International University in Advanced Computer Security & Master of Science. Jorge speaks English, Spanish, and Portuguese, in decreasing levels of fluency. When heís not hacking, teaching, or writing, youíll find him watching and playing soccer.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.