APT29 Evals Detection Hackathon!

If you want to learn about the APT29 evals scenarios through data and help develop basic detection rules with free telemetry (e.g. Windows Security, Sysmon, etc), this is the event for you! Join us on May 2nd, 2020 and meet others in the community willing to share and contribute back!

In late 2019, the ATT&CK Evaluations team evaluated 21 endpoint security vendors using an evaluation methodology based on APT29. On April 21st, 2019, they released the results of that evaluation here and the resources used to manually execute the emulation as well as a plug-in developed for CALDERA here.

One of the goals of the Mordor project is to release datasets created after emulating adversarial techniques and help the community expedite the development of detections. Therefore, this is a great research opportunity to get together, learn about how the APT29 Evals environment was built in the Mordor labs and learn about the adversarial techniques executed, but from a data perspective!

Quick Information

  • When? May 2nd, 2020

    • General Session: 10:00 AM - 11:30 AM EST

    • Hands-On Session: 12:00 PM - 16:00 PM EST

  • Where?

    • General Session: Microsoft Teams Live Event

    • Hands-On Session: Microsoft Teams Regular Event (Via E-mail to anyone who registered!)

  • How Much? Free

Registration Form

If you want to learn about the APT29 evals scenarios through data and help develop basic detection rules, this is the event for you!

  • Registration form: https://bit.ly/APT29DetectionHackathon

Event Agenda

  • Go over the APT29 Evals environment setup via Azure Resource Manager (ARM) templates.

  • Go over the emulation plan

  • Share datasets courtesy of the Mordor project

  • Share and develop detections

  • Contribute to projects such as SIGMA.

Event GitHub Repository

Place for resources used during the Mordor Detection hackathon event featuring APT29 ATT&CK evals datasets

Link: https://github.com/OTRF/detection-hackathon-apt29