- Active Directory Exploitation
- Purple Teaming
- Threat Hunting
- Software Development
- Hunting Skeleton Key Implants
- Hunting for Impacket
- Attacking Insecure ELK Deployments
- Lateral Movement Collection
- Hunting for Suspicious LDAP Activity with SilkETW and Yara
- Streamlining BloodHound Anaylitics
- Not All Paths are Created Equal
- Extending BloodHound
-
Active Directory - Detecting Resilient Adversaries: More than 95 percent of the biggest corporates use Active Directory (AD) to manage identity, enforce policies and control business-critical assets. Despite AD represents the single point of failure in most cases, companies are still struggling with securing it; More than often, after obtaining an initial foothold, the attackers gain the maximum privileges within a short time period and even without being noticed before it’s too late. The aim of this talk is to bring awareness on the techniques that adversaries might employ whilst providing practical advices on how to stop and detect them.
-
Attack Detection Workshops - Initial Access: Presented the first episode of F-Secure’s Attack Detection Workshops (https://www.f-secure.com/en/consulting/events/attack-detection- fundamentals-workshops) that covered: The techniques threat actors use to bypass mail filtering controls and obtain foothold; making use of open-source tools to emulate the initial access vectors of Emotet and those used in Operation Cobalt Kitty; Learning how to detect these attacks using endpoint logs or memory analysis
- eCPTX
- OSCP
- eCTHP
- eMAPT
- eWPT
- CREST CPSA
- eCPPT