Skip to content
defcontrainings
Shopping Cart 0
Close Back
  • Call for Trainers 2023
  • Training Review Board
  • Code of Conduct
    • Login
    Close
    Your cart is currently empty.
    0

    Total: $0.00

    Shipping & taxes are calculated at checkout.
    View Cart
    Continue browsing
    Anthony Rose, Kevin Clark & Jake Krasnov - Empire Operations Tactics (APT28) $1,800

    DEF CON Training

    Anthony Rose, Kevin Clark & Jake Krasnov - Empire Operations Tactics (APT28) $1,800

    Training Description:

    Empire Operations: Tactics (APT28) is an intermediate-level course that focuses on executing Advanced Persistent Threat (APT) Tactics, Techniques, and Procedures (TTPs) using Empire. In this hands-on course, students will evaluate the 2021-2022 exploitation campaign from Fancy Bear (APT28) using MSHTML RCE (CVE-2021-40444) in macro-enabled docs, OneDrive C2 communications, and C# payloads. Next, attendees will learn the individual components of Empire and how to apply them to execute a red team operation. Key topics that will be taught are building C2 infrastructure, deploying customized payloads in C# and PowerShell, and creating tailored scripts for engagements. Finally, the Empire TTPs learned throughout the course will be tested on a comprehensive range using an emulation plan provided on APT 28.

     

    Course Overview:

    Day 1

    - Introduction, Background, & C2 Theory

    - Fancy Bear (APT 28)

    - Empire Basics

    - Attack Infrastructure

    - Malicious Macros & CVE-2021-40444

    Day 2

    - .NET Tradecraft

    - C# and DLL Exploitation

    - Privilege Escalation, Lateral Movement, & Exfiltration

    - Student Topics

    - Debrief

    - Conclusion

    Student Skill Level:

    Intermediate – Basic understanding of Empire or another C2 framework is preferred.

     

    Students Will Be Provided With:

    - 30-day access to the course labs on ImmersiveLabs

    - Course Swag and Coin

     

    What should students bring to the Training?:

    - Laptop with 8GB of RAM

    - Virtualization Software (VMware, VirtualBox, etc)

    - Up-to-date Kali Linux Virtual Machine

    - Modern Web Browser (Chrome, Firefox, etc)

    - Microsoft Office (any version) or OpenOffice

     

    Bios:

    Anthony "Coin" Rose, CISSP, is a Security Researcher and Chief Operating Officer at BC Security, where he specializes in adversary tactic emulation planning, Red and Blue Team operations, and embedded systems security. He has presented at numerous security conferences, including Black Hat, DEF CON, and RSA conferences. Anthony is the author of various offensive security tools, including Empire and Starkiller, which he actively develops and maintains. He is recognized for his work, revealing wide-spread vulnerabilities in Bluetooth devices and is the co-author of a cybersecurity blog at https://www.bc-security.org/blog/.

    Social Media: @ Cx01N_, @BCSecurity1

     

    Jake "Hubble" Krasnov is the Red Team Operations Lead and Chief Executive Officer of BC Security. He has spent the first half of his career as an Astronautical Engineer overseeing rocket modifications for the Air Force. He then moved into offensive security, running operational cyber testing for fighter aircraft and operating on a red team. Jake has presented at DEF CON, where he taught courses on offensive PowerShell and has been recognized by Microsoft for his discovery of a vulnerability in AMSI. Jake has authored numerous tools, including Invoke-PrintDemon and Invoke-ZeroLogon, and is the co-author of a cybersecurity blog at https://www.bc-security.org/blog/.

    Social Media: @ _Hubbl3, @BCSecurity1

     

    Kevin Clark is a Security Consultant with TrustedSec and Red Team Instructor with BC Security. His previous work includes Penetration Testing and Red Team Operator, focusing on initial access and active directory exploitation. Kevin contributes to open-source tools such as PowerShell Empire and publishes custom security toolkits such as Badrats and WindowsBinaryReplacements. Kevin authors a cybersecurity blog at https://henpeebin.com/kevin/blog.

    Social Media: @GuhnooPlusLinux

     

    DATE: August 14th-15th 2023
    TIME: 8am to 5pm PDT
    VENUE: Caesars Forum, Las Vegas, NV
    TRAINER: 
    Anthony Rose, Kevin Clark, Jake Krasnov

    - 16 hours of training with a certificate of completion

    - 2 coffee breaks are provided per day
    - Note: Food is not included

     

    Registration terms and conditions:

    Trainings are refundable before July 1st, the processing fee is $250.

    Trainings are non-refundable after July 10th, 2023.

    Training tickets may be transferred. Please email us for specifics.

    Failure to attend the Training without prior written notification, will be considered a No-Show. No refund will be given.

    By purchasing this ticket you agree to abide by the DCT Code of Conduct and the registration terms and conditions listed above.

     

    $2,000.00

    DEF CON Communications, Inc.

    1100 Bellevue way NE

    8A-85

    Bellevue, WA 98004

    American Express Apple Pay Diners ClubDiscoverMeta Pay Google Pay MastercardShop PayVisa
    Copyright © 2023 defcontrainings. Powered by Shopify
    Attention!

    This site uses cookies to provide you with the best user experience possible. By continuing to use this site, you accept our use of cookies.

    Read our privacy policy.

    }