Skip to main content
    CONTACT

    This site is protected by hCaptcha and the hCaptcha Privacy Policy and Terms of Service apply.
    Anthony Rose & Jake Krasnov - APT Tactics: Lazarus, Ransomware, and Advanced Exploitation - DCTLV2025
    Anthony Rose & Jake Krasnov - APT Tactics: Lazarus, Ransomware, and Advanced Exploitation - DCTLV2025
    Anthony Rose & Jake Krasnov - APT Tactics: Lazarus, Ransomware, and Advanced Exploitation - DCTLV2025
    Anthony Rose & Jake Krasnov - APT Tactics: Lazarus, Ransomware, and Advanced Exploitation - DCTLV2025

    Anthony Rose & Jake Krasnov - APT Tactics: Lazarus, Ransomware, and Advanced Exploitation - DCTLV2025

    Las Vegas 2025

    Name of Training: APT Tactics: Lazarus, Ransomware, and Advanced Exploitation
    Trainer(s): Anthony "Coin" Rose and  Jake "Hubble" Krasnov
    Dates August 11-12, 2025
    Time: 8:00 am to 5:00 pm PT 
    Venue: Las Vegas Convention Center
    Cost: $1500

    Course Description: 

    APT Tactics: Lazarus, Ransomware, and Advanced Exploitation is an intermediate-level course designed to immerse participants in the sophisticated techniques and operations used by Advanced Persistent Threats (APTs) such as the Lazarus Group. This hands-on course provides deep insights into their tactics, including ransomware deployment, lateral movement, and data exfiltration, with a focus on real-world scenarios.

    Students will learn to leverage tools and techniques like RDP, PSExec, and SMB for lateral movement across enterprise networks, exploit vulnerabilities like Log4J (CVE-2021-44228), and deploy ransomware not just on systems but also on enterprise backups. The course includes training on stealing high-value assets, such as cryptocurrency wallets, and crafting comprehensive campaigns against both Windows and Linux environments.

    In addition to simulating ransomware attacks, participants will practice disabling Endpoint Detection and Response (EDR) systems, explore Bring Your Own Driver (BYOD) attack techniques, and emulate high-profile breaches, such as the WannaCry ransomware outbreak. Through engaging labs and carefully constructed emulation exercises, attendees will apply these techniques in realistic scenarios, gaining a thorough understanding of both offensive operations and the defensive strategies needed to counter them.

    Students Will Be Provided With: 

    • Lifetime Access to Course Material, plus 1-month Lab Access

    • Exclusive Course Swag

    • Certificate of Completion

    Course Outline: 

    • Introduction and Course Objectives 

      • Focus of course is to emulate APT techniques, particularly Lazarus Group’s TTPs

    • Overview of Lazarus Group and Empire Framework

    • Baseline Knowledge 

      • Red vs. Blue teams

      • What are APTs

      • Walkthrough of Red’s Kill Chain

      • What is C2? An overview of Command and Control servers

      • C2 Theory and  Communications mechanisms 

    • Lazarus Group 

      • In-depth analysis of WannaCry Ransomware Attack

      • Study of the SWIFT Banking System Breach

      • Other Notable Campaigns and their Techniques

    • Command and Control

      • Creating Listeners and Stagers 

      • Deploying and Managing Agents 

      • Exercise: Agent Deployment

    • Initial Access Techniques

      • Techniques for Gaining Initial Access (Spear-phishing, exploitation of vulnerabilities and supply chain attacks)

      • Analyzing Lazarus Group’s Initial Access Strategies (real world examples)

      • Exercise: Initial Access Techniques

    • Exploiting Log4j Vulnerability (CVE-2021-44228)

      • Overview of Log4Shell exploit and it's real-world implications

      • Exercise: Exploiting Log4j for Initial Access

    • Overview of Ransomware Tactics

      • Encryption, ransom notes, and propagation techniques.

      • Case Study: Lazarus Group's Ransomware Attacks

      • Exercise: Creating and Deploying a Simulated Ransomware Attack

    • Privilege Escalation Tactics

      • Understanding Privilege Escalation (Common methods: bypassing UAC, abusing scheduled tasks, etc.)

      • Bring Your Own Vulnerable Driver Overview and implementation

      • Exercise: Executing a Privilege Escalation Scenario


    • Lateral Movement Strategies

      • Lateral Movement Concepts (RDP, PSExec, SMB, and other techniques)

      • Lazarus Group’s Lateral Movement Techniques

      • Exercise: Implementing Lateral Movement on a network

      • Advanced TTPs

      • Bring Your Own Driver (BYOD) Attack Techniques (Leveraging vulnerable drivers to disable Endpoint Detection and Response (EDR) systems)

      • Exercise: Implementing a BYOD Attack

      • Advanced Listeners and Stagers (Customizing Agents for Specific Tasks)

      • Exercise: Custom Agent Deployment and Command Execution

    • Emulating Lazarus Group's TTPs

      • Scenario Introduction and Setup

      • Simulating a Complex Lazarus Group Attack, Step-by-step emulation of Lazarus Group tactics.

      • Exercise: Full-Scale Emulation of a Lazarus Group Campaign

    • Course Conclusion and Debrief

      • Key Takeaways

      • Recap of the techniques and lessons learned.

    Difficulty Level:

    Intermediate/Advanced

    • Familiarity with Linux and Windows command-line interfaces for executing tools and scripts.

    • Basic understanding of offensive security tools

    Suggested Prerequisites:

    https://github.com/BC-SECURITY/Beginners-Guide-to-Obfuscation

    What Students Should Bring: 

    • Laptop with 8GB of RAM

    • Modern Web Browser (Chrome, Firefox, etc.)

    Trainer(s) Bio:

    Jake "Hubble" Krasnov is the Red Team Operations Lead and Chief Executive Officer of BC Security, with a distinguished career spanning engineering and cybersecurity. A U.S. Air Force veteran, Jake began his career as an Astronautical Engineer, overseeing rocket modifications, leading test and evaluation efforts for the F-22, and conducting red team operations with the 57th Information Aggressors. He later served as a Senior Manager at Boeing Phantom Works, where he focused on aviation and space defense projects. A seasoned speaker and trainer, Jake has presented at conferences including DEF CON, Black Hat, HackRedCon, HackSpaceCon, and HackMiami.

    Dr. Anthony "Coin" Rose is the Director of Security Research and Chief Operating Officer at BC Security, as well as a professor at the Air Force Institute of Technology, where he serves as an officer in the United States Air Force. His doctorate in Electrical Engineering focused on building cyber defenses using machine learning and graph theory. Anthony specializes in adversary tactic emulation planning, Red and Blue Team operations, and embedded systems security. Anthony has presented at security conferences, including Black Hat, DEF CON, HackMiami, RSA, HackSpaceCon, Texas Cyber Summit, and HackRedCon. He also leads the development of offensive security tools, including Empire and Moriarty.

    Registration Terms and Conditions: 

    Trainings are refundable before July 8, 2025, minus a non-refundable processing fee of $250.

    Trainings are non-refundable after July 8, 2025.

    Training tickets may be transferred. Please email us at training@defcon.org for specifics.

    If a training does not reach the minimum registration requirement, it may be cancelled. In the event the training you choose is cancelled, you will be provided the option of receiving a full refund or transferring to another training (subject to availability).

    Failure to attend the training without prior written notification, will be considered a no-show. No refund will be given.

    By purchasing this ticket you agree to abide by the DEF CON Training Code of Conduct and the registration terms and conditions listed above.

    Several breaks will be included throughout the day. Please note that food is not included.

    $1,300.00
    $1,500.00
    DEF CON Communications, inc.

    1100 Bellevue way NE

    8A-85

    Bellevue, WA 98004

    Powered by Shopify