Empire Operations: Tactics (APT 28)

Empire Operations: Tactics (APT28)

Empire Operations: Tactics (APT28) is an intermediate-level course focusing on executing APT Tactics, Techniques, and Procedures (TTPs) using Empire. Students will evaluate Fancy Bear’s 2021-2022 campaign, using MSHTML RCE (CVE-2021-40444), OneDrive C2, and C# payloads.

Course Overview

1. Empire Ops: Tactics (APT 28)
2. Notices
3. Course Material
4. Immersive Labs
1. Threat Emulation Basics
2. Command and Control Theory
3. Overview of Fancy Bear and Their TTPs
1. Leveraging OneDrive as a C2
2. The Office Vulnerabilities that Just Keep Comping Back
3. Segmenting Architecture
1. .NET Trade Craft
2. Exploiting Outlook for Profit and Gain
3. DLL Exploitation
4. Leveraging Unmanaged Code for Use With .NET

Key Takeaways

Understand the Primary TTPs of Fancy Bear
Leverage Empire for Emulation of TTPs
Utilize OneDrive as a C2 Channel

Empire Operations: Tactics (APT28)

Course Overview

Introduction

Intro to Threat Emulation - Fancy Bear

Fancy Bear's Attack Infrastructure and Tools

Exploiting the Target

Key Takeaways

Interested in Taking This Course