Defending an enterprise network is increasingly challenging. With various components and integrations, implicit trusts, third party applications, various operating systems, backward compatibility and legacy applications present in a network, often an adversary just need to go for a weak default misconfiguration or feature to get a foothold. Once a foothold is available, adversaries can laterally move and abuse features and trusts to gain access to key information and data. This can be done by "living off the land" and using only the built-in tools of an operating system.
The days of reacting to an attack are past. Defenders and Blue Teams must exploit the attacker mind-set of going for "the lowest hanging fruit". Deception provides capabilities of detecting and shaping the path an adversary with less chances of false positives, increased certainty and reveal what an adversary wants to get from your network. Deception definitely increases the costs for an adversary.
In this training, we will understand, learn, implement and design different types of deceptions and use of decoys, lures, canaries, accounts, tokens and a lot more. We will use built-in OS tools and scripts to quickly deploy deception techniques enterprise-wide with and without agents on computers. We will see some unique deception techniques and also use existing ones.
Deception for Red Teams will also be practiced. Red Teams have been using deception more effectively – Social engineering, phishing, fake documents and more attacks. We will practice some of the attacks but focus more on identifying deception by Blue Team and counter-deception. We will also see case studies of stopping advanced adversaries using deception techniques.
Some of the deception techniques, used in the course:
- Documents – MS Office and others
- Files – Trusted executables, scripts and more
- Active Directory – Groups, SPNs, ACLs and more
- Credentials – Windows, SSH, AD
- Databases – data, credentials and more
- Host and Enterprise applications
- Designing deception
- Wireless Deception
- Identification
- Rapid deployment at scale using WMI and PowerShell
System with 4 GB RAM and ability to install OpenVPN client and RDP to Windows boxes.
Attendees will get free one month access to a lab mimicking an Enterprise network, during and after the training.
One month subscription to Pentester Academy