On 7 February 2019, Nagarro and Cybereason invite you to a 'Bring Your Own Malware' Party!
Brew Dog BD57 Grünerløkka, Markveien 57 Oslo
Thursday, 7 February 2019
18:00-21:00
You bring your hacking A-game, while we provide beer and snacks. Measure your hacking skills against Cybereason's EDR and hunting engine. Your goal is to compromise a corporate network without detection, landing on a client computer, before pivoting to a domain controller and obtaining a secret file from the DC.
In the end, your goal is to bring havoc to the environment, in any way you might choose.
The main prize: noise cancelling wireless Bose Headphones!



You have access to a Kali Linux server running in AWS for Command and Control and a laptop with ssh access to this server.
One domain is pointing at the attack server.
You have 10 minutes for the attack, with a 5 minute extension after initial compromise is achieved.
You get points based on the number of activities in the kill chain you are ale to perform without detection.
The scored kill chain parts are:
Initial compromise / code execution, Privilege Escalation, Credential access, Lateral Movement, Exfiltration (gain the secret file), Command and Control, Create havoc (destroy the environment, hide your tracks, make the attack clear)
You get points for any part of the kill chain that are not detected, even if an earlier step was detected.
If there is a tie, the organizers will determine the winner out of a subjective malware "coolness" factor.
Do not attack anything other than the two systems, for instance the AWS infrastructure or the virtual machine host.
Details of the environment
Client machine:Windows 10 1803 fully patched.
Member of a Windows AD domain
The user running malware is member of local administrators
A domain admin is logged into the same system
The Cybereason agent is running on the system
Domain controller:Windows Server 2016
Domain controller of a Windows AD domain
Has SMB, RDP and WinRM available from the client
Some secret file is available on the Administrator desktop
The Cybereason agent is running on the system
Attack machineKali AWS instance
Fully patched on the day of the event
Has a domain pointed to it, which will be given to the contestants.
No other tools pre-installed