Event Calendar
Prev MonthPrev Month Next MonthNext Month
Asia Pacific Chapter Meeting
Champion Tower
3 Garden Road
Central, Hong Kong China
Thursday, February 28, 2019
Category: Chapter Meeting

Virtual AttendeesRegister via GoToWebinar

Venue: 22nd floor, Champion Tower, 3 Garden Road, Central

Time: 18:00 - 19:00 (Registration starts at 17:30)


Topic: Purple Team Tactics (PTTs): Emulating Attacker Strategies for Domain Dominance

Purple Teaming incorporates blue team "monitor, detect and respond" processes with the red team "surveil and assault" strategies to support one key mission: To improve the organization's security posture. One of the biggest targets for an adversary (and most poorly monitored assets) on your network is your Active Directory! As an adversary achieves control (or "Domain Dominance") of AD Domain Services, they gain easy avenues of lateral movement, persistence and further reconnaissance and entrenchment. Blue teams often have poor visibility into AD compromise and few have detection capabilities to identify attacks like the golden/silver ticket, kerberroasting or skeleton key. An experienced red team can provide realistic attacker emulation, modeling the same AD attacks a threat actor would bring to bear. The controlled test scenario allows the blue team to put their SIEM detections and triage and investigative strategies to their test. 

With adversary emulation and targeted red team exercises we can test the "load bearing" capacity of a team's threat detection and response (TDR) people, process and technology. Throw a team into simulations of the hard stuff; real world challenges that model complex multi-pronged AD attacks to ascertain monitoring and detection coverage. In this one-hour session, experienced incident response analyst and Principal SANS Instructor Alissa Torres will walk-through some Active Directory compromise and detection techniques and how they can best be employed in a purple team collaboration today.

Alissa Torres has more than 15 years of experience in computer and network security spanning government, academic, and corporate environments, Alissa has the deep experience and technical savvy to take on even the most difficult computer forensics challenges that come her way. Her current role as an Incident Response Manager at Cargill provides daily challenges "in the trenches" and demands constant technical growth. Alissa is also founder of her own firm, Sibertor Forensics, and has taught internationally in more than 10 countries.

Visit HERE for Alissa's full bio and the list of classes that she teaches for SANS.


Contact: Bonnie So, President Asia Pacific HTCIA, [email protected]