Back to All Events

Defend the Flag


  • secwest.net Vancouver Canada (map)

Description

Defend The Flag (DTF) is a unique two day hands-on training course designed to take the traditionally dry Windows security training workshop and make it interactive, personal, and visceral for each attendee. Students will gain the understanding of modern exploitation tools and techniques, in order to better learn how to protect their Windows systems. Practical implementations of Windows host hardening will demonstrate the effectiveness of defense in depth, especially in environments where patching is delayed for testing or just not possible for application compatibility reasons.

Students will hear from experts in Attack and Defense. Day One is a hands-on lab tutorial on both securing and attacking Windows. Half the day will be spent learning about network attacks, modern sophisticated attack tools, and understanding the attackers' mindset. The other half of the day will be spent on Windows hardening, basic intrusion detection, forensics, and incident response while under attack.

On Day Two, the students will form teams to compete against each other. Each student will have a chance to play both roles of attacker and defender throughout the day. Defenders (Blue Cell) will be responsible for keeping critical Windows servers and desktops up and running on a simulated corporate network. Meanwhile, the attackers (Red Cell) will attempt to penetrate other teams' systems and shut off critical services, steal passwords and data, and generally disrupt network communications.

The winning team will have the best Windows hardening skills and uptime for their systems and services throughout the day. May the best defenders win!

Day One

Attacking Windows

  • The attacker mindset - what are they thinking?

  • Techniques and methodology of attack.

  • Mapping target networks and identifying vulnerable systems.

  • Labs on using an exploit framework - so easy your grandmother might already be doing it.

Defending Windows

  • Preparing for an attack

    • Hardening Network protocols, system services, DCOM

    • Setting ACLs on file objects and on the registry

    • Security-relevant registry settings

    • User rights assignments

    • Audit and event logs

    • Account and password policies

    • Group Policy Settings

  • During the attack

    • How to find out that a system is under attack or has been compromised

    • How to stop the attack

  • After the attack

    • Basic forensics

    • How to prevent recurrence

Day Two

  • All-day melee-style competition, where each team has both attackers to disrupt the other teams, and defenders to try to keep their own systems up.

Prerequisite working knowledge

  • Basic Windows administration for servers and workstations

  • No previous hands-on attack experience necessary

Equipment

  • Laptops will be provided for the students pre-configured for the class

 

Instructor: Microsoft

No bio.