BEGIN:VCALENDAR
VERSION:2.0
PRODID:Data::ICal 0.24
BEGIN:VEVENT
DESCRIPTION:   'Title: Ransomware ATT&CK and Defense\n   When: Friday\, Aug
  12\, 13:00 - 14:30 PDT\n   Where: Virtual - BlueTeam Village - Workshops\
 n   Speakers:Daniel Chen\,Esther Matut\,Ronny Thammasathiti\,Nick Baker\,B
 en\n   Hughes\n\n   SpeakerBio:Daniel Chen\n   DFIR consultant and penetra
 tion tester at Polito Inc. I investigated\n   numerous ransomware incident
 s\, hunted for adversaries\, and assisted\n   with red teaming.\n\n   Spea
 kerBio:Esther Matut\n   To be completed.\n\n   SpeakerBio:Ronny Thammasath
 iti\n   Ronny Thammasathiti (@ronnyt) started out as an aspiring concert\n
    pianist but later took a big switch to cyber security with Polito Inc\n
    in the past 4 years. His main role at the company is as a detection\n  
  Engineer using Elasticsearch and developing tools and applications\n   us
 ing his knowledge of Python language.\n\n   SpeakerBio:Nick Baker\n   Nick
  Baker has over 10 years in cybersecurity. Prior to Polito\, Nick\n   spen
 t 20 years as a Signal Warrant Officer in the U.S. Army. He\n   performed 
 over 10 years in the cybersecurity field with a heavy focus\n   in compute
 r network defense by providing expertise for the proper\n   employment\, s
 upport\, and defense of strategic and tactical information\n   networks\, 
 systems\, and services in operations supporting the Army’s\n   cyberspac
 e domain. Nick’s other 10 years was providing IT support\,\n   operation
 s\, and functions. I hold multiple credentials including SANS\,\n   CompTI
 A and ICS2.\n\n   SpeakerBio:Ben Hughes\n   Ben Hughes (@CyberPraesidium) 
 brings over 15 years of diverse\n   experience in cybersecurity\, IT\, and
  law. He leads Polito Inc.'s\n   commercial cybersecurity services includi
 ng threat hunting\, digital\n   forensics and incident response (DFIR)\, p
 enetration testing\, red\n   teaming\, adversary emulation\, and training.
  Prior to Polito\, Ben\n   worked on APT hunt teams at federal and commerc
 ial clients. He\n   currently holds CISSP\, GCFA\, GWAPT\, and endpoint se
 curity vendor\n   certifications.\n\n   Description:\n   This hands-on tra
 ining workshop will walk attendees through threat\n   hunting exercises to
  detect and investigate common Tactics\,\n   Techniques\, and Procedures (
 TTPs) frequently used by ransomware threat\n   actors during an attack. Fr
 om Reconnaissance and Initial Access to\n   Exfiltration and Impact\, atte
 ndees will be exposed to a compressed\n   ransomware attack lifecycle whil
 e being able to leverage attack TTPs\n   including commands\, scripts\, to
 ols\, communication channels\, and\n   techniques that we frequently see a
 nd use in the wild. Tactics and\n   techniques will be mapped to the MITRE
  ATT&CK Framework\, and will be\n   inspired by ATT&CK's Adversary Emulati
 on Plans. The workshop will\n   accordingly incorporate offensive operatio
 n elements such as adversary\n   emulation and red teaming\, but with an e
 mphasis on purple teaming and\n   blue teaming. In other words\, we will e
 xplore the logs and other\n   artifacts potentially left behind by our att
 ack TTPs and how the blue\n   team might utilize endpoint and network logs
  and defensive tooling to\n   detect and disrupt the ATT&CK kill chain com
 ponents. Examples of tools\n   and threat intelligence sources that will b
 e incorporated include\n   Atomic Red Team\, open-source offensive securit
 y tools such as\n   Mimikatz\, Living off the Land Binaries and Scripts (L
 OLBAS) including\n   PowerShell\, real-world or Proof-of-Concept malware s
 amples and\n   exploits\, and leaked ransomware playbooks supplemented by 
 other\n   open-source intelligence (OSINT) sources\; and specifically on t
 he blue\n   team side\, popular security logging pipeline and Security Inf
 ormation\n   and Events Management (SIEM) tools such as Sysmon and Elastic
  Stack.\n\n   This hands-on training workshop will walk attendees through 
 hunting\n   for Tactics\, Techniques\, and Procedures (TTPs) frequently us
 ed by\n   ransomware adversaries. From Reconnaissance and Initial Access t
 o\n   Exfiltration and Impact\, attendees will be exposed to a compressed\
 n   ransomware attack lifecycle. Workshop TTPs will be mapped to the MITRE
 \n   ATT&CK Framework\, and it will incorporate offensive operation elemen
 ts\n   such as adversary emulation\, but while emphasizing purple and blue
 \n   teaming. We will explore the endpoint and network logs left behind by
 \n   attack TTPs and how the blue team can utilize such logs and defensive
 \n   tooling to detect and disrupt the attack.\n\n   '\n\n
DTEND:20220812T213000Z
DTSTART:20220812T200000Z
LOCATION:BTV - Virtual - BlueTeam Village - Workshops
SUMMARY:Ransomware ATT&CK and Defense
END:VEVENT
END:VCALENDAR