Developed and delivered by trainers who teach internationally at global security conferences such as Black Hat, our Defending Enterprises training is an intensive threat hunting simulation designed to teach the knowledge and skills required to rapidly identify and detect malicious activity in your network.
Our immersive 2-day Defending Enterprises training is the natural counterpart to our popular Hacking Enterprises course.
From setup and configuration, to threat hunting, monitoring and alerting, you’ll play a SOC analyst in our lab and try to rapidly locate IOC’s and IOA’s from an enterprise breach executed by the trainers in real time.
Over the 2 days we’ll cover the following topics:
- MITRE ATT&CK framework primer
- Defensive OSINT
- Linux auditing and logging
- Windows events, logging and Sysmon
- Using Logstash as a data forwarder
- Overview of fields, filters and queries in ELK and Azure Sentinel
- Identifying IOC’s and IOA’s
- Detecting phishing attacks (Office macros, HTA’s and suspicious links)
- Creating alerts and analytical rules
- Detecting credential exploitation (Kerberoasting, PtH, PtT, DCSync)
- Detecting lateral movement (WinRM, WMI, SMB, DCOM, MSSQL)
- Detecting data exfiltration (HTTP/S, DNS, ICMP)
- Detecting persistence (userland methods, WMI Event Subscriptions)
- Identifying C2 communications
- Understanding of networking concepts
- Previous SOC and/or pentesting experience is advantageous, but not required
Details of all our scheduled courses can be found on our events calendar.
Students Will Receive
- Completion certificate
- 14-day extended LAB access after the course finishes
- Discord support channel access where our security consultants are available