Welcome to Diana Initiative 2021 Virtual Conference schedule.
For more information, please see our virtual conference page here :
Back To Schedule
Friday, July 16 • 12:00pm - 1:00pm
Making It Real: Turning an Attack Chain Into a CTF

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Capture The Flag (CTF) is a staple at cybersecurity conferences and an effective way to teach practical skills. At the beginner levels, publicly available CTFs tend to have challenges that are mostly unrelated to each other, which may not represent real-life attack scenarios and provide less value in raising your team's security awareness. In this talk, we will tell our story of building an in-house, jeopardy-style CTF that recreates a realistic adversarial attack chain and is 100% customized to the way our Red team and business partners do things using our actual TTPs (Tactics, Techniques, and Procedures). We put our CTF attendees into the shoes of attackers who already have some basic access and now try to perform internal recon, webapp code review, build pipeline compromises, and Active Directory lateral movements and attacks. We will discuss what the intended attack chain looks like, the infrastructure setup, the making of challenges, and things to watch out for. This talk aims to share our learnings and perspectives with other security professionals who are passionate about cybersecurity education and want to include CTFs as part of the security training experience for their organizations.

avatar for Khoa Nguyen

Khoa Nguyen

Security Software Engineer 2, Microsoft
Khoa Nguyen is a Security Software Engineer 2 on the SERPENT Red Team at Microsoft in EDG Security (Edge + Platform, Devices, and Gaming). As a Red teamer, she performs Red/Purple team assessments against software products and services in scope, as well as helps driving a few security... Read More →
avatar for Scott Riese

Scott Riese

Principal Security Engineer, Microsoft
Scott Riese is a Principal Security Engineer at Microsoft and a member of the SERPENT Red Team with a background in Active Directory and Azure Operations. Prior to joining Microsoft, Scott served in the United States Marine Corps and the Department of Defense

Friday July 16, 2021 12:00pm - 1:00pm PDT
Stage 2 https://app.hopin.com/events/2021-diana-initative/stages/90e343b7-a0ab-4c29-bd43-af794fc0b3ee