⚡ PowerUp Red Teams Ops with RedELK ⚡
Learn how you can spot blue teams investigating red teaming infrastructure and gain better operational oversight with RedELK.
From the core developers of RedELK comes this 3 hour workshop that will help you to become more in control of your red team operations. For blue teamers, this will help you understand the artefacts that common investigation techniques leave behind. Detection of detection, this will be a fun workshop!
Using a serie of assignments, you will go from understanding, installing and configuring RedELK to maximising its functionality for operational oversight and for detection of blue team activities.
You can make use of a realistic lab environment including Outflank's OST Stage1 C2 and Cobalt Strike!
Make sure to bring a government identification (e.g. ID-card, pasport, etc.). We need to validate your identification before you can make use of the export controlled tools in the lab.
- Background of modern red teaming and concepts of RedELK
- Technical components overview of RedELK
- Setting up your lab environment
- Accessing your C2 servers and Outflank Security Tooling
- Installing RedELK components
- Start C2 servers and generate implants
- Hack your target lab and generate operational data
- Finding relevant data in RedELK
- Using RedELK views, dashboards and advanced searches
- Understanding and configuring alarms in RedELK
- Perform blue team actions on your offensive infra
- Experience and tune alarms of RedELK
- Adding your own C2 server to RedELK
- Advanced modifications to RedELK
This workshop is suited for both red and blue team members. We set it up in a way that we can welcome both beginners and advanced red teamers, blue teamers and RedELK users.
Delegates will need to bring their own system that can do ssh, rdp and web browsing.