As a follow-up of our previous workshop, we will continue building our purple team stack by emulating a number of different techniques and looking at different options for detection. In this particular workshop we will focus on the following topics:
- Stealing Credentials from LSASS
- COM Object Hijacking
- Office Persistence
We will introduce the topics using a short lecture and afterwards get our hands dirty with lab exercises!
Prerequisites: Familiarity with Linux and Windows is mandatory
System Requirements: Prior to the workshop participants should prepare the following -
- Download and install the workshop VM: https://sansurl.com/purple-team-stack-workshop-vm
- Installed 64-bit host operating systems (Windows is recommended)
- Download and install VM Workstation Pro 15.5 or higher, VMware Fusion 11.5 or higher, or VMware Workstation Player 15.5 or higher versions on your system prior to the start of the workshop
- Adobe Acrobat or other PDF reader
- Important! An AWS account is required to do hands-on exercises during the workshop. The AWS account must be created prior to the workshop.
- A credit card should be linked to the AWS account that was created. Estimated usage costs for the AWS account during the workshop are a maximum of $10. For detailed instructions on these preparation steps, please refer to the following URL: https://sansurl.com/purple-team-stack-workshop-readme
* Please note that this WILL NOT be recorded. Due to the nature of these workshops, many have a capacity limit and will not be made available for archive. To help us offer this opportunity to as many people as possible, we are asking that you please only register if you plan to attend live.
