⚡ PowerUp Red Teams Ops with RedELK ⚡

During in minutes 165 min
Start 9:45 am
address 28 avenue George V 75008 Paris

From the core developers of RedELK comes this 3 hour workshop that will help you to become more in control of your red team operations.
For blue teamers, this will help you understand the artefacts that common investigation techniques leave behind.
Detection of detection, this will be a fun workshop!
Using a serie of assignments, you will go from understanding, installing and configuring RedELK to maximising its functionality for operational oversight and for detection of blue team activities.
You can make use of a realistic lab environment including Outflank’s OST Stage1 C2 and Cobalt Strike!
Make sure to bring a government identification (e.g. ID-card, pasport, etc.). We need to validate your identification before you can make use of the export controlled tools in the lab.

Workshop Outline
Module 1 – basics

  • Background of modern red teaming and concepts of RedELK
  • Technical components overview of RedELK

Module 2 – Lab environment

  • Setting up your lab environment
  • Accessing your C2 servers and Outflank Security Tooling

Module 3 – Installation

  • Installing RedELK components

Module 4 – C2 data

  • Start C2 servers and generate implants
  • Hack your target lab and generate operational data

Module 5 – Operational Oversight

  • Finding relevant data in RedELK
  • Using RedELK views, dashboards and advanced searches

Module 6 – RedELK alarm lvl 1

  • Understanding and configuring alarms in RedELK

Module 7 – RedELK alarm lvl 2

  • Perform blue team actions on your offensive infra
  • Experience and tune alarms of RedELK

Module 8 – Advanced

  • Adding your own C2 server to RedELK
  • Advanced modifications to RedELK

Who Should Attend

This workshop is suited for both red and blue team members.
We set it up in a way that we can welcome both beginners and advanced red teamers, blue teamers and RedELK users.

Technical / Hardware / Software Requirements
Delegates will need to bring their own system that can do ssh, rdp and web browsing.