WORKSHOP 6Monday 27 May 2019 - Focus Rooms, Sunninghill

Red team/Blue team skills, techniques and best practices

Dr James Stanger, Chief Technology Evangelist, CompTIA (USA)

Dr James Stanger, Chief Technology Evangelist, CompTIA (USA)

In this half-day workshop, you will learn about the various activities conducted by both the red team and blue team. You will look at different types of attacks and the indicators of compromise they leave behind. Some of the topics that will be discussed include the basic elements of the hacker lifecycle, how to analyze and investigate cloud computing, IoT, and advanced network environments, how an attacker leaves behind evidence of an attack and how it’s possible to record evidence of these attacks, and how the blue team can begin to hone its skills based on the activities of pen testers.

The next session will review the purpose of a red team/blue team, demonstrate pen testing tools and why certain tools are used, investigate log files and approaches used by the blue team and how to create advanced techniques for creating resilient networks.

The final session will discuss industry best practices for modelling threats in your organization. It will also examine the role of user behaviour analytics in the activities of a security data analyst and will discuss how you can operationalize your findings and work with management to make sure that the company really is improving its security posture.

By attending this workshop you will gain:

  • The ability to map steps of the hacker lifecycle to signatures, traces and evidence as discussed in Locard’s Exchange Principle
  • An understanding of the proper relationship between the red team and the blue team
  • The importance of moving from the "defender’s dilemma" to the "hacker’s dilemma" as you plan defence strategies
  • A hands-on perspective of how to map indicators of compromise to steps of the hacker lifecycle
  • A detailed understanding of how to conduct essential pen testing skills, including how to evaluate systems using network scans, OSINT, exploitation of WiFi networks, buffer overflows, keylogging and brute force/dictionary attacks

Who should attend:

  • Network administrators
  • Security analysts
  • Pen testers/red team members
  • Technical support/help desk professionals who want to learn more about security
  • Individuals who wish to gain CompTIA Continuing Education credits
  • This workshop is aimed at an individual with 2 years of security and networking experience. For example, an individual who has the A+, Network+, and Security+ certifications would get the most out of this workshop
  • Pen testers and security analysts will also get a lot of value from the workshop
  • Anyone with 2 years or more of help desk/networking experience can get value from the workshop. This is not the ideal audience, but they can learn quite a bit

What to bring:

  • A notebook computer
  • Have a virtualization environment installed (e.g., VirtualBox, VMWare). Dr Stanger uses VirtualBox with a Windows host system. He then runs Kali Linux, other versions of Linux, as well as Windows, from VirtualBox
    • At least one version of Kali Linux installed in your virtualization solution
    • At least one version of Windows 7 installed in your virtualization solution


Registration and lunch
Refreshments and networking
Close of workshop
  • Session 1: Demystifying Red Team / Blue team activities: The hacker’s dilemma
  • Session 2: Key pen testing and analytics techniques: Moving beyond a tools-based approach
  • Session 3: Custom frameworks and your network environment: a discussion

Event Sponsor

Diamond Sponsor

Platinum Sponsors

Security Survey & Executive Roundtable Sponsor

Gold Sponsors

Silver Sponsors

Bronze Sponsors

Display Sponsors

Showcase Sponsor


Endorsed by


pDBException: [1]: Database not defined