Empire Operations: Tactics (Turla) with Anthony ‘Cx01N’ Rose and Jake ‘Hubbl3’ Krasnov

Description:

Empire Operations: Tactics is an intermediate-level course series that focuses on executing Advanced Persistent Threat (APT) Tactics, Techniques, and Procedures (TTPs) using Empire. In this hands-on course, students will evaluate Turla’s 2020 campaign for deploying backdoors and stealing sensitive documents in a targeted cyber-espionage campaign against high profile targets. Students will learn to execute specially crafted emulation plans to gain initial access using a Microsoft Office Remote Code Execution Vulnerability – Follina (CVE-2022-30190), Reflectively Load DLLs, and Dropbox C2 Communications. Students will learn the basics of IronNetInjector, Turla’s .NET injector built in IronPython, and deploy Empire’s ultra-modern IronPython agent for emulation. Finally, attendees will master the individual components of Empire and apply them to executing a red team operation. The Turla TTPs learned throughout the course will be tested on a comprehensive range using a provided emulation plan.

Course Outline:

Introduction, Background, & C2 Theory
Turla (Venomous Bear)
Empire Basics & IronPython Agents
Attack Infrastructure
C# and DLL Exploitation
Privilege Escalation, Lateral Movement, & Exfiltration

What will students be provided with:

1-week access to the comprehensive course range
A copy of all course material
Course Swag & Coin

Minimum Course Requirements:

Laptop with 8GB of RAM
Virtualization Software (VMware, VirtualBox, etc.)
Up-to-date Kali Linux Virtual Machine
Modern Web Browser (Chrome, Firefox, etc.)
Microsoft Office (any version) or OpenOffice

Prerequisites:

Basic understanding of Offensive Security Tools.
Familiarity with C2 Frameworks.
Willingness to learn in a fast-paced environment.

Target Audience:

This course is aimed at intermediate red team operators who are looking to upgrade their skills in executing modern Advanced Persistent Threat (APT) Tactics, Techniques, and Procedures (TTPs).

Trainers Biography:

Anthony “Cx01N” Rose, CISSP, is a Lead Security Researcher and Chief Operating Officer at BC Security, where he specializes in adversary tactic emulation planning, Red and Blue Team operations, and embedded systems security. He has presented at numerous security conferences, including Black Hat, DEF CON, and RSA conferences. Anthony is the author of various offensive security tools, including Empire and Starkiller, which he actively develops and maintains. He is recognized for his work, revealing wide-spread vulnerabilities in Bluetooth devices and is the co-author of a cybersecurity blog at https://www.bc-security.org/blog/.

Jake “Hubbl3” Krasnov is the Red Team Operations Lead and Chief Executive Officer of BC Security. He has spent the first half of his career as an Astronautical Engineer overseeing rocket modifications for the Air Force. He then moved into offensive security, running operational cyber testing for fighter aircraft and operating on a red team. Jake has presented at DEF CON, where he taught courses on offensive PowerShell and has been recognized by Microsoft for his discovery of a vulnerability in AMSI. Jake has authored numerous tools, including Invoke-PrintDemon and Invoke-ZeroLogon, and is the co-author of a cybersecurity blog at https://www.bc-security.org/blog/.