Red Team – Blue Team Operations, Red Team - Blue Team operasyonları hakkında derinlemesine bir eğitimdir: sistemin nasıl tehlikeye atıldığını veya çözüm, saldırı göstergelerini tanımlayan ve olay ele alma gibi görünen siber öldürme zinciri - keşif, saldırı planlaması ve sunumu, sistem sömürüsü, ayrıcalık yükselmesi ve yanal hareket, anormalliklerin tespiti, sanayi saldırılarının ve tehditlerini anlamak üzerine düzenlenmiş bir eğitimdir.
Bu eğitime katılmak için herhangi bir ön koşul yoktur.
Bu eğitime Red team - Blue team üyeleri, kurum yöneticileri, altyapı mimarları, güvenlik profesyonelleri, sistem mühendisleri, ağ yöneticileri, IT profesyonelleri, güvenlik danışmanları ve diğer ağ donanımdan ve perimeter güvenliğinden sorumlu olan kişiler katılabilir.
Bu eğitimi tamamladığınızda:
Agenda
Module 1: Identifying Areas of Vulnerability
This part introduces the new cybersecurity challenges and trends, emphasizing on data security and integration through and into the cloud and the challenges of the coordination of the cloud and on-premise security solutions. Security is a business enabler, and it is only when it is viewed from a business perspective that we can truly make the right decisions. You will learn how to define values of your company which needs to be protected or restricted. You will know how to find obvious and not so obvious sensitive information which can be monetized by adversaries. Having that scope defined and knowing your resources you will know where the biggest gaps in your security posture are.
Module 2: Modern Attack Techniques
In this world where most of the things happen online, hacking provides wider opportunities for the hackers to gain unauthorized access to the unclassified information like credit card details, email account details, and other personal information. So, every red teamer and blue teamer should know the modern hacking techniques that are commonly used to get your personal information in an unauthorized way.
Module 3: Reconnaissance
The term Cyber Kill Chain defines the steps used by cyber attackers in today’s cyber based attacks. The reconnaissance is the first phase, during which the attacker gathers information on the target before the actual attack starts. The data gathering is essential skill of every red teamer. From blue teamer perspective, it is crucial to understand what kind of information is publicly available and to learn how to protect that information.
Module 4: Weaponization
After successful data gathering, advanced attacker will prepare dedicated tools and attacks scenarios to increase chances of successful attack. For example, known vulnerability in identified product could be exploited in order to execute remote code or spawn remote shell into internal network.
Module 5: Delivery
Without remote code execution vulnerability even the most sophisticated payload needs to be delivered to the victim. There are plenty of ways to achieve that so blue team needs to ensure that payloads are detected and blocked at early stage.
Module 6: Exploitation and Installation
After successful delivery, malicious code exploits a vulnerability to execute code on victim’s system. There are many mechanisms that, if properly configured, significantly reduce attack scope.
Module 7: Privilege escalation
The successful exploitation attack often results in code execution with limited privileges. Both, red teamers and blue teamers should be familiar with common techniques and misconfigurations allowing for privilege escalation.
Module 8: Lateral movement
The next after gaining admin privileges on single host is lateral movement that gives access to additional resources within the company. Before red teamer can reach Domain Controller or other critical servers, blue team can implement numerous protections against that threat.
Module 9: Persistency
Even after attack is stopped and contained, the attacker will want to ensure persistency and possibility of returning to compromised host. Blue