ATTACK TECHNIQUES FOR BEGINNERS

Advanced Projects

With @sambowne, @djhardb, @infosecirvin, and @KaitlynGuru.

Scoreboard · Submit Flags

Final Black Hat 2020 Class 1 Scores

Advanced Networking with Python

Elizabeth

VP 220: DNS  95
VP 230: Obfuscated HTTP  50

Advanced Cryptography with Python

Sam

VP 310: XOR  65
C 105: Two-Time Pad  85
VP 320: AES  55
C 106: The Rho Method  30
VP 330: Argon2 Hashes  47
C 401: RSA with Very Small Keys  30
C 402: Cracking a Short RSA Key  50

Android Emulator Setup

Sam

Mac or Linux

M 101: Genymotion 15
M 103: Burp 20

Windows

Do M 108 below first
M 104: BlueStacks 15
M 106: Burp and Nox 20

Any OS

M 105: Plaintext Login    15
M 107: GenieMD Broken SSL (Harvard & IBM)    15 + 40 extra
M 108: Kali Virtual Machine 15
Download Kali VM

Android Debug Bridge

Mac or Linux

M 201: ADB on Genymotion on a Mac    15
M 202: BlueStacks on a Mac 15 extra

Windows

M203: ADB & Nox on Windows    15

Any OS

M 208: WireGuard VPN    10
M 204: Equity Pandit    15 + 50 extra
M 207: ES Explorer Command Injection    10

Smali

M 401: Trojaning Progressive and Bank of America    20 + 20 extra
M 402: mAadhaar Code Modification    20
M 410: Exploiting an Android Phone with Metasploit    15 extra

Defending Linux Servers

IR 201: Splunk & Suricata  45
IR 202: Metasploit & Drupalgeddon  85
IR 308: osquery  15

Defending Windows

IR 301: Installing Splunk on a Windows Server  15
IR 330: Detecting Ransomware with Splunk and Sysmon  20
IR 303: Capturing a RAM from a Process  15
IR 304: VirusTotal & Wireshark  35
IR 305: PacketTotal  45
IR 306: Yara  40
IR 307: Prefetch Forensics  15
IR 340: GRR Rapid Response  25
IR 350: Zeek Interactive Tutorial  59
IR 351: Installing and Using Zeek  25

ATT&CK Matrix

Reference: ATT&CK Matrix for Enterprise
(show sub-techniques)
ATT 1: ATT&CK Tactics  10
ATT 2: ATT&CK Techniques for Tactics 1-3  10
ATT 3: ATT&CK Techniques for Tactics 4-6  10
ATT 4: ATT&CK Techniques for Tactics 7-9  10
ATT 5: ATT&CK Techniques for Tactics 10-12  10
ATT 6: ATT&CK Groups  10
ATT 7: ATT&CK Navigator  10
ATT 100: Caldera  25+
ATT 101: Caldera Operation  15

Burp, ZAP, & Postman

W 510: Intro to Burp  60
W 520: SAML  15
W 230: Manual Audit of Hackazon  20
W 530: Exploiting ECB Encryption  75
W 200: Google Cloud Linux Servers  15
ED 290: Desktop on a Cloud Linux Server  10
W 220: Zed Attack Proxy  20
W 300: Using an API with Postman  15
W 301: Using the Github API with Postman  10

Basic Defenses

W 10: Configuring an HTTPS Server  15
W 20: reCAPTCHA  15
W 30: CanaryTokens  5

Alternate Cyber Ranges

Sam

Cyber Range Planning
H 202: Kali Virtual Machine  15
H 220: Windows Virtual Machine  15
H 240: WireGuard VPN  15
ED 290: Desktop on a Cloud Linux Server  10

More Training

Workshops
Classes

Last updated 8-2-2020