I will introduce Threat Modeling, explaining its necessity and preparation requirements. I will systematically deconstruct the process, highlighting risks at each stage and providing vulnerability examples. This session serves as an introductory reference for helping understand, examine, and establish Threat Modeling. Audience, regardless of experience, can take back mentioned risks and review those parts in own orgnizations.

Presentation on Enterprise Security Threats in Zero Trust Architecture (ZTA) and Advanced Social Engineering, with a Focus on CVE-2023-23397 Vulnerability. Delving into Red Team Attack Scenarios and Blue Team Responses, we'll share practical insights and defense recommendations. Emphasizing the importance of risk management and user education, we aim to empower the audience with actionable strategies to enhance enterprise security and Make the World a Better Place.

According to DEVCORE's statistics from dozens of Red Team Assessments conducted over the past year, more than 50% of enterprise internal networks have misconfigurations related to Active Directory Certificate Services (AD CS). These misconfigurations allow attackers to gain domain admin privileges within minutes, even with just a low-privileged domain account.

In this presentation, we will present anonymized examples of these misconfigurations in various enterprises, demonstrate how attackers exploit them, and emphasize the importance of regularly assessing AD CS as a critical infrastructure component within an organization's internal network. We will also provide guidance on avoiding common configuration mistakes and mitigating measures for specific scenarios.

In this era of heightened cybersecurity awareness, the implementation of various protection and alert tools and technologies has become common practice. However, have we truly done enough in handling alerts? This session will delve into how unaddressed alerts can evolve into breaches, leaving organizations continually exposed to risks.

Through case analyses, we will share the process of analyzing attack methods and identifying relevant clues, enabling a proper understanding of the current threats and the formulation of response measures.

Due to Active Directory (AD) being responsible for account privileges and access control in the network, there are certain overlooked misconfigurations that can be exploited by attackers, posing serious threats to network security. The presentation will focus on explaining misconfigurations in three key areas of AD: Windows authentication mechanisms, Access Control Lists (ACLs), and delegation mechanisms, as well as how to identify the security risks posed by these subtle modifications.

In this session, we will delve into the core differences between Active Directory and Azure Active Directory (Entra ID), and reveal the cybersecurity threats inherent in Azure and Entra ID. We will take a red team perspective to analyze the potential risks associated with Entra ID and demonstrate, through practical examples, how to use specific tools to perform enumeration and exploitation, exfiltration techniques, and even methods to bypass 2FA. Moreover, we will elaborate on lateral movement in Hybrid Identity attack techniques, including from on-premises to the cloud and even from the cloud back to the on premise Active Directory, such as techniques like Password Hash Sync, Pass-Through Authentication, and AD Federation Golden SAML.

In the face of increasing security threats and attacks, the Blue Team serves as the frontline of enterprise security, responsible for establishing security measures, monitoring abnormal situations, and swiftly responding and recovering. However, enterprises often struggle to effectively assess the overall effectiveness of their defense detection and resilience capabilities.

This program will share best practices and case studies from overseas on Blue Team strengthening, including how to apply attack simulation strategies and resilience assessment frameworks. It will cover resources such as the MITRE ATT&CK framework, Adversary Emulation Library, MITRE Caldera, ENISA CSIRT Maturity Framework, and more. These methods can assist enterprises in formulating future security enhancement blueprints to enhance overall security and resilience.

Launched in 2017, Taiwan's Red Team assessment service is now entering its seventh year. Through nearly 100 Red Team assessment, we've observed that companies with different levels of cybersecurity maturity have distinct goals and expectations for these drills. In our lecture, we will discuss the three stages of Red Team assessment as defined by DEVCORE, emphasizing how companies can adapt their mindset, expectations, and methodologies at each stage to maximize benefits. Additionally, we will share for the first time statistical data across different industries at these stages, offering recommendations on the awareness companies should possess before conducting Red Team assessment.

Sharing the experience of leveraging the Graylog Open edition to build a corporate cybersecurity situation center over the past few years. This includes recording, capturing, and analyzing key data to be displayed on easy-to-read information dashboards. It also involves integrating a variety of open-source intelligence sources for decision-making, creating more diverse chart dashboards to achieve the maximum effect at the lowest cost. Various dashboard examples will be shared during the session.