Developed and delivered by trainers who teach internationally at global security conferences such as Black Hat, our Defending Enterprises training is an intensive threat hunting simulation designed to teach the knowledge and skills required to rapidly identify and detect malicious activity in your network.
Our immersive 2-day Defending Enterprises training is the natural counterpart to our popular Hacking Enterprises course.
From setup and configuration, to threat hunting, monitoring and alerting, you’ll play a SOC analyst in our lab and try to rapidly locate IOC’s and IOA’s from an enterprise breach executed by the trainers in real time.
Over the 2 days we’ll cover the following topics:
- MITRE ATT&CK framework primer
- Defensive OSINT
- Linux auditing and logging overview
- Windows events, logging and configuring Sysmon
- Configuring ELK, Splunk and data forwarders
- Filters, regex and visualisations
- Configuring monitoring and alerting
- Identifying IOC’s and IOA’s
- Detecting phishing attacks (Office macros, HTA’s and suspicious links)
- Detecting credential exploitation (Kerberoasting, PtH, PtP, DCSync)
- Detecting lateral movement (WinRM, WMI, SMB, DCOM, MSSQL)
- Detecting data exfiltration (HTTP/S, DNS, ICMP)
- Detecting persistence (userland methods, WMI Event Subscriptions)
- Identifying C2 communications
- Understanding of networking concepts
- Previous SOC and/or pentesting experience is advantageous, but not required
Details of all our scheduled courses can be found on our events calendar.
Students Will Receive
- Completion certificate
- 14-day extended LAB access after the course finishes
- Discord support channel access where our security consultants are available