Introducing… Insider Threat: Attack & Detect
Coming soon!
Perfect for: Pentesters/red teamers/SOC analysts/threat hunters/purple teamers
Insider Threat Attack & Detect arms you with the skills to both attack and detect adversarial techniques from insider threat and assumed breach scenarios.
Threats aren’t always the unknowns probing your defences, seeking out unpatched systems or looking for open doors. They already have accounts and access to your network. Now what?
You will play multiple roles during the training; as a disgruntled, malicious and then negligent employee, you will have access to a company provided (and very restricted) VDI. As you progress, you’ll gain the knowledge and techniques to bypass restrictions, identify and exfiltrate corporate secrets, as well as perform damaging and malicious actions within a safe training environment!
On the blue side, using our Microsoft Sentinel SOAR you’ll cover everything from threat logic generation to detecting environment breakouts, deploying canaries for active defense, through to alert generation and Data Loss Prevention (DLP), not forgetting continuous OSINT for ongoing monitoring.
Insider Threat: Attack & Detect course topics: What you’ll learn.
Insider Threat: Attack & Detect covers a wide array of topics to ensure you gain the knowledge you need:
- Account activity anomalies
- Intro to parsing logs with Microsoft KQL
- Restrictive environment breakouts in Windows
- PowerShell without PowerShell
- Subverting group policy
- Sysmon and ETW
- Shadow IT & data exfiltration
- Logical application vulnerabilities
- C2 infrastructure & beacons
- Ransomware attacks
- Phishing vectors – credentials, QR codes, redirects and attachments
- Exfiltrating secrets
- Attack Surface Management (ASM)
- Leveraging Microsoft SharePoint
- AD and Entra enumeration
- Data Theft and Data Loss Prevention (DLP)
- Canaries and active defence
What you need Prerequisites.
- Suited to system/network administrators, penetration testers and anyone working in a technical IT role
- A firm familiarity of Windows and Linux command line syntax
- Understanding of networking concepts
- Previous pentesting and/or SOC experience advantageous, but not required
- You will need to bring a laptop with local administrator/root access
Other training courses & workshops: View our upcoming events.
Hacking Enterprises – 2025 Red Edition
Defending Enterprises – 2025 Edition
Here to help: Hacking Enterprises’ FAQs.
Our courses are delivered and accessible in a number of locations including: live virtual training at your premises or required location, through our training partners, and/or at special events and conferences throughout the year. You can find our scheduled events in our calendar.
Charges are dependent on the location of the course you’ve booked:
– Via our training partners: Contact the respective training partner for all amendment/cancellation queries
– At a conference or special event: Contact the respective conference/event coordinator for all amendment/cancellation queries
– At your premises/required location or via live virtual training: No cancellation fee until 21 days before the course is scheduled to run, after which a 50% cancellation fee is incurred. Cancellations 7 days or less before the course is scheduled to run incur a 100% cancellation fee.
Of course – If your 14-day complementary access isn’t enough, you can purchase a 28-day extension.
