Defending Enterprises – Coming 2021!
Developed and delivered by trainers who teach internationally at global security conferences such as Black Hat, our Defending Enterprises training is an intensive threat hunting simulation designed to teach the knowledge and skills required to rapidly identify and detect malicious activity in your network.
Due in 2021, our immersive 2-day Defending Enterprises training will be the natural counterpart to our popular Hacking Enterprises course.
From setup and configuration, to threat hunting, monitoring and alerting, you’ll play a SOC analyst in our lab and try to rapidly locate IOC’s and IOA’s from an enterprise breach executed by the trainers in real time.
Over the 2 days well cover the following topics:
- MITRE ATT&CK framework primer
- Defensive OSINT
- Linux auditing and logging overview
- Windows events, logging and configuring Sysmon
- Configuring ELK, Splunk and data forwarders
- Filters, regex and visualisations
- Configuring monitoring and alerting
- Identifying IOC’s and IOA’s
- Detecting phishing attacks (Office macros, HTA’s and suspicious links)
- Detecting credential exploitation (Kerberoasting, PtH, PtP, DCSync)
- Detecting lateral movement (WinRM, WMI, SMB, DCOM, MSSQL)
- Detecting data exfiltration (HTTP/S, DNS, ICMP)
- Detecting persistence (userland methods, WMI Event Subscriptions)
- Identifying C2 communications
IF YOU WOULD LIKE TO BE NOTIFIED WHEN DEFENDING ENTERPRISES IS PUBLICLY SCHEDULED PLEASE LET US KNOW