APT29 Evals Detection Hackathon!¶
If you want to learn about the APT29 evals scenarios through data and help develop basic detection rules with free telemetry (e.g. Windows Security, Sysmon, etc), this is the event for you! Join us on May 2nd, 2020 and meet others in the community willing to share and contribute back!
In late 2019, the ATT&CK Evaluations team evaluated 21 endpoint security vendors using an evaluation methodology based on APT29. On April 21st, 2019, they released the results of that evaluation here and the resources used to manually execute the emulation as well as a plug-in developed for CALDERA here.
One of the goals of the Mordor project is to release datasets created after emulating adversarial techniques and help the community expedite the development of detections. Therefore, this is a great research opportunity to get together, learn about how the APT29 Evals environment was built in the Mordor labs and learn about the adversarial techniques executed, but from a data perspective!
When? May 2nd, 2020
General Session: 10:00 AM - 11:30 AM EST
Hands-On Session: 12:00 PM - 16:00 PM EST
General Session: Microsoft Teams Live Event
Hands-On Session: Microsoft Teams Regular Event (Via E-mail to anyone who registered!)
How Much? Free
If you want to learn about the APT29 evals scenarios through data and help develop basic detection rules, this is the event for you!
Registration form: https://bit.ly/APT29DetectionHackathon
Go over the APT29 Evals environment setup via Azure Resource Manager (ARM) templates.
Go over the emulation plan
Share datasets courtesy of the Mordor project
Share and develop detections
Contribute to projects such as SIGMA.
Event GitHub Repository¶
Place for resources used during the Mordor Detection hackathon event featuring APT29 ATT&CK evals datasets