A Crash Course of Practical Fast Forensics with a Red Teaming Perspective for Knowing Your Enemy

Attendees will first attack a Windows domain network consisting of Windows 11 22H2 and Windows Server 2022 with in-the-wild targeted attack malware and a post-exploitation framework using the same techniques as attackers such as:NTLM Relay AttackGolden/Silver/Diamond Ticket AttackDCSync and DCShadowCredential HarvestingRemote Code Execution/LogonThen, they will acquire various artifacts from the environment and analyze them with DFIR techniques such as:Memory ForensicsLive Response/ForensicsPersistence AnalysisProgram Execution Artifacts AnalysisEvent Log AnalysisTimeline AnalysisTriage CollectionYou will learn how attacks work and how to detect them, so you will have a better understanding of both. Finally, even if new attacks emerge, you will already know how to evaluate and detect them yourself after completing this course.We will be waiting for you with numerous exercises!