Defcon 28 - Red Team Village - Applied Purple Teaming - Why Can't We Be Friends

Class Title: Atomic Purple Team Framework in Azure - Deploy, Attack, Detect, Defend

Defcon 28 - Red Team Village - Workshop

Defensive Origins was invited to present a 2 hour workshop at Defcon 28 - Safe Mode for the Red Team Village. The scheduled time for workshop was August 9th, 2:00 PM MST.

Content

• About The Instructors
• The 4 Day / 16 Hour Course:
• Slide Decks
• Workshop Tooling
  • Workshop Venue & Hosts
  • Threat Optics
  • Attack Tools
• Published Recording
• License

About The Instructors

• Defensive Origins
• Black Hills Information Security - Security Analysts

The 4 Day / 16 Hour Course:

• Find our 4-day / 16 Hour Training ($495): Defensive Origins Training

Slide Decks

Workshop Tooling

Workshop Venue & Hosts

• Defcon 28
• Red Team Village
• Defensive Origins

Threat Optics

• OlafHartong: Sysmon Modular
• Microsoft: Sysmon​
• Mark Russinovich: Explanation of EventID 23
• Microsoft: Windows Event Forwarding
• Microsoft: Windows Event Forwarding Survival Guide
• NSA: Event Forwarding Guidance​
• NSA: Windows Event Forwarding - NT6 Subscription
• Palanatir: Windows Event Forwarding​
• Elastic: WinlogBeat Configuration
• How to Deploy Windows Optics - Commands, Downloads, Instructions

Attack Tools

• Mitre: Technique 00024​
• Byt3Bl33d3r: SilentTrinity C2
• SpiderLabs: Responder
• SecureAuthCorp: Impacket
• SecureAuthCorp: Impacket - NTLMRelayx
• Byt3Bl33d3r: CrackMapExec​

Published Recording

• https://www.youtube.com/watch?v=xseK8BhN0vg

License

Portions of this content are owned by Defensive Origins. Please note each source repository may hold its own licensing. Additionally, Defcon and Red Team Village images have been used with permission for this recorded event.