Racketeer - Prototyping Ransomware Operations - Dimitry Snezhkov - Ekoparty 2021 - Red Zone Space
Ekoparty Security Conference via YouTube
Overview
This course focuses on teaching participants how to prototype and exercise a controlled ransomware campaign in an enterprise using the tool Racketeer. The learning outcomes include understanding the design considerations and implementation of an offensive ransomware implant, simulating encryption and decryption capabilities, managing data and key components, and implementing operational security in simulated operations. The course covers skills such as agent communication, ransomware toolkit implementation, configuration, encryption, and policy execution. The teaching method involves a demo by the speaker showcasing the tool's features and functionalities. This course is intended for red and purple teams, cybersecurity professionals, ethical hackers, and individuals interested in offensive security testing and adversarial simulation.
Syllabus
Introduction
Ransomware business case
How to disrupt ransomware
Simulation and feedback
Agent presence
Agent communication
Agent comms
Ransomware Toolkit
Implementation
Configuration
Racketeer Overview
Policies
Starting the server
Policy exec
Encryption
Deep dive into policy
Defensive summary
Outro
Taught by
Ekoparty Security Conference