This workshop covers the importance of post-exploitation research in enterprise environments and practical use cases. It helps participants understand and simulate adversary tactics with scenarios focused on lateral movement, persistence, and evading defenses using deception. The session concludes by analyzing adversary tactics with security controls, emphasizing the significance of defensive security and the collaboration between red and blue teams (purple teaming) to enhance product security.
1. The Importance of Post-Exploitation Research in Enterprise Environments
Understanding why post-exploitation is crucial for simulating real-world adversaries.
2. Importance of Authenticated Enumeration in Modern Cyberwarfare and Commonly Targeted Scenarios (De-Militarized Zones) [Theory]
2.1 Use Case: Targeted Authenticated Enumeration on a Simulated Enterprise
Network [Practical]
Exploring specific enumeration techniques and their impact on enterprise security.
3. Understanding and Identifying Lateral Movement Scenarios – Cross-Network and
Cloud Environments [Theory]
3.1 Use Case: Targeted Lateral Movement within the Environment [Practical]
Demonstrating lateral movement techniques and their detection challenges.
4. Defense with Deception and Techniques to Evade Them in Enterprise
Environments [Theory and Practical]
Discussing deception technologies and how adversaries can circumvent them.
5. Analyzing Detection Possibilities for Post-Exploitation Activities with Enterprise
Security Controls [Theory]
5.1 Use Case: Using Open-Source SIEM for Attack Detection [Practical]
Investigating how enterprise security controls detect post-exploitation activities.
6. Importance of Purple Teaming in Enterprise Environments and Conclusion
[Theory]
Highlighting the value of collaboration between red and blue teams to strengthen
security.