BEGIN:VCALENDAR VERSION:2.0 PRODID:Data::ICal 0.24 BEGIN:VEVENT DESCRIPTION: 'Title: Active Directory Attacks: The Good\, The Bad\, and T he LOLwut\n (Pre-Registration Required)\n When: Saturday\, Aug 12\, 09 :00 - 12:59 PDT\n Where: Flamingo - Exec Conf Ctr - Foyer - Workshop Che ckin - [1]Map\n Speakers:Aaron Rosenmund\,Brandon DeVault\,Ryan Chapman\ n\n SpeakerBio:Aaron Rosenmund \, Director of Security Research and Cont ent\n at Pluralsight\n Aaron Rosenmund is the Director of Security Res earch and Content for\n Pluralsight\, where he has also authored over 11 5 courses and technical\n labs across offensive and defensive security o perations topics. Part\n time work includes service as an Cyber Warfare Operations office in\n the Delaware Air National guard\, where he has al so lead a 100+ member\n red team for the largest cyber exercise in the N ation\, Cybershield. 4\n years of highly rated talks and workshops have earned him the\n Distinguished speaker title from RSAC\, and he looks fo rward to\n returning for the 3rd year to Defcon Workshops to bring pract ical\n emulation and testing capabilities to the people who need it most .\n\n SpeakerBio:Brandon DeVault \, Pluralsight\n Brandon DeVault is a security researcher\, blue teamer\, and educator.\n Currently works as an author for Pluralsight and member of the FL Air\n National Guard. Pri or experience includes work at Elastic and multiple\n deployments with S pecial Operations Command.\n\n SpeakerBio:Ryan Chapman\n Ryan Chapman is the author of SANS’ “FOR528: Ransomware for\n Incident Responders ” course\, teaches SANS’ “FOR610: Reverse\n Engineering Malware” course\, works as a principal incident response\n consultant for $dayJo b\, and helps run the CactusCon conference in\n Phoenix\, Arizona\, USA. Ryan has a passion for life-long learning\,\n loves to teach people abo ut ransomware-related attacks\, and enjoys\n pulling apart malware. He h as presented workshops at DefCon and other\n conferences in the past and knows how to create a step-by-step\n instruction set to maximize hands- on learning.\n\n Description:\n Threat actors such as ransomware affil iates around the world are\n carrying out attacks on Active Directory (A D) at scale. When doing so\,\n such actors often stick to the mainstream in terms of attack\n methodologies and tooling. But… that’s lame! W hy borrow tactics\,\n techniques\, and procedures (TTPs) that are so wel l known and thus\n readily detectable?! Come hang out with us as we prov ide an overview\n of AD\, show the most common attack scenarios\, then s how you how to\n detect and prevent those very attacks. Stick around as we then\n transition to covering what you could\, and should\, be doing instead.\n\n We will be providing a remote network range to which you wi ll connect.\n Once in the range\, you will be acting as the ransomware t hreat actor\,\n “pentester” as they like to call themselves. You wil l carry out\n attacks such as enumeration via Bloodhound\, credential di scovery and\n compromise\, pass the hash attacks\, and kerberoasting via common tools\n such as Mimikatz & Rubeus. After carrying out the attack s yourself\,\n you’ll then learn how to prevent and detect those very attacks.\n We’ll then show you custom-developed methods to carry out t he same\n attacks without the reliance on well-known TTPs/tools. And eve n\n better\, we’ll show you how you could\, at least where it’s even \n possible\, detect the more custom/advanced methodologies.\n\n Join us if you are a blue teamer\, red teamer\, purple teamer\, cyber\n defen der\, DFIR analyst… basically anyone who wants (or needs!) to\n learn to defend and/or attack Active Directory. Come for the tech\,\n stay for the humor. See ya there!\n\n Skill Level: Intermediate to Advanced\n\n Prerequisites for students:\n\n * The primary requirement for this c ourse is a desire to learn and\n the determination to tackle challen ging problems. In addition\,\n having some familiarization with the following topics will help\n students maximize their time in this co urse:\n\n * A general background in Digital Forensics & Incident Respo nse\n (DFIR)\n\n * Familiarity with blue team-oriented tools\n\n * An understanding of general networking concepts\n\n * Familiari ty with Active Directory – though we’ll cover\n everything stude nts need to know\n\n Materials or Equipment students will need to bring to participate: - A\n laptop with Linux/Windows/Mac desktop environment - Networking\n capability: Students will be connecting to a remote netwo rk range –\n They will need a wireless NIC (assuming the workshop area provides\n Wi-Fi\, not not we’ll need to know) that can be enabled al ong with\n administrator privileges on their system - IMPORTANT: This wo rkshop\n relies on network connectivity. Any student not able to connect to our\n range will be unable to follow along with the hands-on portion of the\n workshop.\n\n '\n\n 1. #FlamingoLowerLevel\n\n\n DTEND:20230812T195900Z DTSTART:20230812T160000Z LOCATION:WS - Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin SUMMARY:Active Directory Attacks: The Good\, The Bad\, and The LOLwut (Pre- Registration Required) END:VEVENT END:VCALENDAR