Silvio
Dr. Silvio La Porta is CEO and Co-Founder at RETooling defining and developing Threat Actor emulation platform enabling red team to recreate a realist attack scenario. Previously he was a Senior Cyber Security Architect designing security products and researching advanced detection technology for complex malware/APT. Silvio previously was a lead research scientist with EMC Research Europe based in the Centre of Excellence in Cork, Ireland. His primary research focus areas were real-time network monitoring and data analysis in smart grids to detect malware activity in SCADA systems and corporate networks. He was also leading Security Service Level Agreement (Sec-SLA) and end user security/privacy protected data store projects for hybrid Cloud environment. He is a frequent speaker in professional and industry conferences. Before joining EMC, Silvio worked as a Malware Reverse Engineer in Symantec's Security Response team in Dublin, Ireland. Silvio holds a PhD in Computer Network Security from the University of Pisa, Italy.
Sessions
This workshop explores adversary emulation activities, focusing on creating false flags to mimic real attacks. Using Microsoft Defender as a case study, we analyze signature formats to create samples that trigger specific detections. Participants will learn how to generate working samples which triggers specific detection gaining insights into Windows Defender's signature mechanisms.
Full write up: https://retooling.io/blog
Prerequisites:
A Windows virtual machine and download the following material
https://github.com/t0-retooling/defender-recon24/
.