Skip to main content
    CONTACT

    This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
    Federico Pacheco & Diego Staino - Active Cyber Defense - $1,500
    Federico Pacheco & Diego Staino - Active Cyber Defense - $1,500

    Federico Pacheco & Diego Staino - Active Cyber Defense - $1,500

    Las Vegas 2024
    $1,500.00

    Trainer bios:
    - Federico Pacheco: Cybersecurity professional with background in electronics engineering and several industry renowned certifications. 20+ years of teaching experience at the most prestigious universities in Argentina. Published 4 books and several research whitepapers. Has worked for the public and private sector, including regional roles in global companies. He currently works as I+D+i & Offensive Operations Manager at BASE4 Security.

    - Diego Staino: Cybersecurity professional with background in Information Security & Telecommunications and several industry renowned certifications. 15+ years in IT consulting and information security fields. He has experience in information security management, disaster recovery, and security incident response. He has published 2 whitepapers. He currently works as Cybersecurity Innovation Leader at BASE4 Security.



    Trainer social media links:
    https://www.linkedin.com/in/federicopacheco
    https://twitter.com/FedeQuark
    https://www.linkedin.com/in/diegostaino


    Full description of the training:

    Active Cyber Defense (ACD) is a course for technical cybersecurity professionals, that emphasizes the need for a dynamic and proactive approach to cybersecurity where traditional defenses often fail to prevent sophisticated cyber threats. It explores active intelligence gathering, deception operations, proactive threat hunting, and adversary emulation. Participants learn to disrupt attackers' advantages by integrating ACD tactics into cybersecurity strategies. It also includes purple teaming exercises, which facilitate collaborative learning and the application of theoretical knowledge in practical scenarios.

    Hands-on labs include an experience in a simulated organizational environment where participants apply active defense tactics and threat hunting techniques. A comprehensive analysis of a real cyber attack case is presented, enabling participants to evaluate the effectiveness of active cyber defense strategies in the current cybersecurity landscape. The course leverages different well-known tools and frameworks, including a new Open Source tool for Cyber Deception Operations (DOLOST) created by the team.

    The course was originally based on a peer-reviewd whitepaper authored by one of the instructors, and published in an argentinian academic congress in 2022, titled "Active cyber defense: service model for defensive strategies based on the adversary's error" (https://doi.org/10.33414/ajea.1146.2022). An english version is available at the author's ResearchGate and Google Scholar profiles. The 2nd version of the course was then upgraded and updated to add more practical exercises, and the current version (v3.0) includes a new own tool, more refined contents, and better labs.

    Objectives of the course include understanding the fundamentals of active defense, implementing such strategies within an organization, countering adversarial techniques, enhancing traditional defense mechanisms, and utilizing threat intelligence. The course aims to provide attendees with the skills needed for real-time interaction with attackers and the prevention of cyberattacks. The course is designed for individuals with a firm grounding in cybersecurity and technology knowledge. The sessions are highly interactive, involving a blend of theoretical instruction, practical exercises, and continuous collaboration. Participants' knowledge level is assessed at the beginning to tailor the depth of content. Common tools are used, such as Velociraptor and RITA for endpoint and network hunting respectively, and platforms like Vectr, MITRE CALDERA, and MITRE ATT&CK Navigator.

    The labs are organized so participants start from a specially designed fictional organizational environment, upon which active defense scenarios are applied. Subsequently, an understanding of the actions of a group of threats or APTs (Advanced Persistent Threats) relevant to the proposed environment is conducted, and the analysis of this threat actor is included in the dynamic. Subsequently, they will be guided in conducting mapping, along with understanding, of the requirements necessary for threat detection and hunting in relation to the tactics, techniques, and procedures (TTPs) employed by attackers. It is expected that participants will acquire skills to identify hidden advanced threats, using resources and tools to proactively search for potential security breaches. This practical approach extends to the analysis of events collected in SIEM platforms, where real-time threat hunting takes place. The dataset is specially tailored based on the scenario and the analyzed threat actor.

    Additionally, participants will be guided to design effective cyber deception strategies, applying theoretical skills to a specific scenario and focusing on a relevant threat group. This enables them to acquire skills for deploying realistic operations and understanding the risks involved in this type of practice. To complete the learning experience, the course includes a detailed analysis of a real cyberattack case, which serves as the structural basis for the preceding activities. In this analysis, the discussion revolves around how the lack of active cyber defense measures can result in an attacker remaining undetected in the infrastructure for an extended period. Finally, a critical analysis of these strategies in the current cybersecurity landscape is conducted.


    Short description of what the student will know how to do, after completing the class:

    Active Cyber Defense (ACD) is a course for technical cybersecurity professionals, that emphasizes the need for a dynamic and proactive approach to cybersecurity where traditional defenses often fail to prevent sophisticated cyber threats. It explores active intelligence gathering, deception operations, proactive threat hunting, and adversary emulation. Participants learn to disrupt attackers' advantages by integrating ACD tactics into cybersecurity strategies. It also includes purple teaming exercises, which facilitate collaborative learning and the application of theoretical knowledge in practical scenarios.

    Hands-on labs include an experience in a simulated organizational environment where participants apply active defense tactics and threat hunting techniques. A comprehensive analysis of a real cyber attack case is presented, enabling participants to evaluate the effectiveness of active cyber defense strategies in the current cybersecurity landscape. The course leverages different well-known tools and frameworks, including a new Open Source tool for Cyber Deception Operations (DOLOST) created by the team.

    Outline of the class:

    Introduction to CDA
    - Evolution of defensive security
    - Fundamentals of active defense
    - Active cyber defense strategies
    - Integration into the cybersecurity strategy
    - Game-theoretic approaches based on game theory
    - Ethical and legal considerations

    Cyber Threat Intelligence for CDA
    - Understanding the objective
    - Threat landscape
    - Identification of adversaries
    - Compilation
    - Extraction of procedures
    - Analysis and organization
    - Report and proposals
    - Artificial intelligence for CTI

    Cyber Deception
    * Fundamentals
    - Cyber Denial and Deception
    - Adversary commitment
    - Integration with cybersecurity strategy
    - Elements of an operation
    - OPSEC Considerations

    * MITRE Engage Framework
    - Objectives, Approaches and Activities
    - Strategic and commitment actions
    - Objectives
    - Approaches
    - Activities
    - Mapping against ATT&CK
    - Operationalization

    * Design of operations
    - Commitment process
    - Training and organization
    - Roles and responsibilities
    - Task list

    * Operations development
    - Life cycle and phases
    - Planning and preparation
    - Deployment and Operation
    - Monitoring and Analysis
    - Completion and improvements

    Threat Hunting
    * Fundamentals
    - Concept and benefits
    - OODA Loop
    - Requirements
    - Monitoring
    - Visibility
    - General process

    * Elements to consider
    - Detection and Hunting
    - Indicator of Attack (IoA)
    - Indicator of Compromise (IoC)
    - Search environments

    * Hunting in organizations
    - Professional profile
    - Roles and responsibilities
    - Capacity building
    - Hunting program
    - HT Tools
    - Maturity Model
    - Artificial intelligence for HT

    * Hunting methods
    - Crown Jewels
    - Patterns and signatures
    - Based on CTI
    - Hypothesis-based
    - Unstructured hunting

    * Endpoint hunting
    - Operating System
    - Hidden malware
    - Internal recognition
    - Lateral movement
    - Data acquisition
    - Tools: Velociraptor

    * Networking hunting
    - Network review
    - Tunneling techniques
    - Suspicious traffic
    - Data acquisition
    - Tools: RITA

    Purple Teaming
    * Fundamentals
    - Concepts and benefits
    - Offensive security maturity
    - Evolution of processes
    - Blue Team Operations
    - Red Team Operations
    - Frameworks
    - CTI for Red and Blue Teams

    * Preparation
    - Roles and responsibilities
    - Participating teams

    * Plan of attack
    - Initial proposal
    - Logistics and organization
    - Profiling of adversaries
    - Threat modeling
    - Stage preparation

    * Emulation of attacks
    - Capacity building
    - Emulation process
    - Detection and response

    * Exercise Closing
    - Completion criteria
    - Final Report
    - Retrospective

    * Tools
    - Vectr
    - MITRE CALDERA
    - MITRE ATT&CK Navigator

    * Advanced topics
    - PT Maturity Model
    - Automation of PT activities
    - Purple Teaming continuous
    - Detection engineering
    - Artificial intelligence for PT


    Technical difficulty of the class:
    Intermediate

    Suggested prerequisites for the class:
    - Familiarity with cybersecurity fundamentals.
    - Proficiency in cybersecurity tools and techniques.
    - Competence in both Windows and GNU/Linux system administration.
    - Understanding of Internet, networks, infrastructure, and protocols.

    Items students will need to provide:
    Laptop with RDP client available (the labs are cloud-based).

     

    DATE: August 12th-13th, 2024

    TIME: 8am to 5pm PDT

    VENUESahara Las Vegas

    TRAINER: Federico Pacheco, Diego Staino

    - 16 hours of training with a certificate of completion.
    - 2 coffee breaks are provided per day
    - Note: Food is not included

    Registration terms and conditions:

    Trainings are refundable before July 1st, the processing fee is $250.

    Trainings are non-refundable after July 10th, 2024.

    Training tickets may be transferred. Please email us for specifics.

    Failure to attend the Training without prior written notification, will be considered a No-Show. No refund will be given.

    By purchasing this ticket you agree to abide by the DCT Code of Conduct and the registration terms and conditions listed above.

     

    DEF CON Communications, inc.

    1100 Bellevue way NE

    8A-85

    Bellevue, WA 98004

    Powered by Shopify