Empire Operations: Tactics (Lazarus) is an intermediate-level course designed to immerse students in the Advanced Persistent Threat (APT) Tactics, Techniques, and Procedures (TTPs) utilized by the notorious Lazarus Group, using the Empire framework. This practical course offers a deep dive into the group’s infamous campaigns, including the global WannaCry ransomware attack and the SWIFT banking system breach. Participants will gain hands-on experience in crafting and emulating complex cyber-attacks, focusing particularly on ransomware deployment strategies. The course emphasizes mastering Empire’s components, enabling attendees to execute comprehensive red team operations. Participants will apply their knowledge in a simulated environment, testing the Lazarus Group TTPs against a range of scenarios based on a carefully designed emulation plan. This approach ensures a thorough understanding of both offensive and defensive aspects of modern cybersecurity challenges.
- Basic understanding of Offensive Security Tools.
- Familiarity with C2 Frameworks.
- Willingness to learn in a fast-paced environment.
This course is aimed at intermediate red team operators who are looking to upgrade their skills in executing modern Advanced Persistent Threat (APT) Tactics, Techniques, and Procedures (TTPs).
Anthony “Cx01N” Rose, CISSP, is a Lead Security Researcher and Chief Operating Officer at BC Security, where he specializes in adversary tactic emulation planning, Red and Blue Team operations, and embedded systems security. He has presented at numerous security conferences, including Black Hat, DEF CON, and RSA conferences. Anthony is the author of various offensive security tools, including Empire and Starkiller, which he actively develops and maintains. He is recognized for his work, revealing wide-spread vulnerabilities in Bluetooth devices and is the co-author of a cybersecurity blog at https://www.bc-security.org/blog/.
Jake “Hubbl3” Krasnov is the Red Team Operations Lead and Chief Executive Officer of BC Security. He has spent the first half of his career as an Astronautical Engineer overseeing rocket modifications for the Air Force. He then moved into offensive security, running operational cyber testing for fighter aircraft and operating on a red team. Jake has presented at DEF CON, where he taught courses on offensive PowerShell and has been recognized by Microsoft for his discovery of a vulnerability in AMSI. Jake has authored numerous tools, including Invoke-PrintDemon and Invoke-ZeroLogon, and is the co-author of a cybersecurity blog at https://www.bc-security.org/blog/.