Mar 8, 2020

3 min read

Red/Blue Team Testing Kungfu

The team recently conducted a 4-day-workshop coordinated by HKPC, the training is focusing on Red / Blue Team Testing.

The primary aim of this workshop is to train up the participants to equip with the skillset from the both sides of the world: RED team focuses on penetration testing of different systems and the levels of security programs, and to detect, prevent and eliminate vulnerabilities. Where BLUE team are there to find ways to defend, change and re-group defense mechanisms to make incident response much stronger.

A lab with different types of servers, clients (including web servers, mail servers, DNS servers, log servers, Windows client, etc…) are built, to simulate real-life environment for Red Team and Blue Team to experience how attacks can be launched and logs server / alert system will react, so as to build up the mindset of being Red Team and Blue Team.

Day 2 Hands on Blue Team and Final Challenge

From the traffic and attack logs gathered during the class, Blue Team got to analyze the collected logs. Using Graylog as example, trying to find out the suspicious cases, setting up alerts for malicious activities.

Day 3 Malware and Target Attack Analysis & Simulation

Learning what APT attacks are, what are the IOC, using a simulated environment to analyze what Blue Team can check if there are APT attacks. With static and dynamic analysis of samples, Blue team will get more ideas of the kind of attacks are happening. Besides, it is necessary for the team to know what yara rules are, such rules are for identifying the malware.

Day 4 Advanced Blue Team Techniques: Attack & Malware Detection with Machine Learning

In Day 4, Ken and Byron talked about what maching learning can help in cyber security, what kind of indicators can be found in Malware and Server Logs. It is also important to have the idea of how to train the model to have a better result to identify the malware.

Did you enjoy this post? Want to find out more about us? Contact us

Originally published at https://www.vxrl.hk on March 8, 2020.

VXRL Team is founded by group of enthusiastic security researchers, providing information security services and contribute to the community. https://www.vxrl.hk

Love podcasts or audiobooks? Learn on the go with our new app.