Price/availability: See our events schedule for availability

Perfect for: Individuals and teams looking to expand their cyber security skills and knowledge

Have you taken part in our hacking enterprises course? Our engaging 2-day defending enterprises training is the natural counterpart.

At, our intensive threat hunting simulation has been designed to teach knowledge and skills required to rapidly identify and detect malicious activity in your network.

Our trainers conduct an enterprise breach where you can gain the practical experience you need and be prepared for a real-life attack. From setup and configuration to threat hunting, monitoring and alerting, guard your organisation’s infrastructure against attackers and threats with defending enterprises.

Course topics What you’ll learn.

Defending enterprises covers a wide array of topics across the 2 days to ensure you gain the knowledge you need:

  • MITRE ATT&CK, CAR and D3fend frameworks
  • Defensive OSINT
  • Linux/Windows auditing, logging and Sysmon
  • Windows events, logging and Sysmon
  • Using Logstash as a data forwarder
  • Overview of KQL and Microsoft Sentinel
  • Identifying Indicators of Attack and Compromise (IOA and IOC)
  • Detecting phishing attacks and living off the land (LOLBAS) abuse
  • Detecting C2 traffic and beacons
  • Detecting credential exploitation (Kerberoasting, PtH, PtT, DCSync)
  • Detecting Azure AD cloud attacks (Pass-the-PRT)
  • Detecting Active Directory Certificate Services (ADCS) attacks
  • Creating alerts and analytical rules in Microsoft Sentinel
  • Detecting lateral movement (WinRM, SMB, DCOM, MSSQL)
  • Detecting data exfiltration (HTTP/S, DNS, ICMP)
  • Detecting persistence (userland methods, WMI Event Subscriptions)
  • C2 communications

This course includes.

  • 14-days lab access after training completes
  • Discord support channel access where our security consultants are available
  • Completion certificate

What you need Prerequisites.

  • Understanding of networking concepts
  • Previous pentesting and/or SOC experience advantageous, but not required

Technical training & workshops Upcoming events & workshops.

FREE Workshop – Catch Me If You Can: Seeing Red Through Blue

Virtual @
FREE Workshop – Catch Me If You Can: Seeing Red Through Blue

FREE Cyber Awareness

Virtual @
FREE Cyber Awareness

Password Cracking 101+1

Virtual @
Password Cracking 101+1

Here to help Defending Enterprises’ FAQs.

Where do your courses run?

Our courses are delivered and accessible in a number of locations including: live virtual training at your premises or required location, through our training partners, and/or at special events and conferences throughout the year. You can find our scheduled events in our calendar.

If I need to cancel a course, is there a charge?

Charges are dependent on the location of the course you’ve booked:
– Via our training partners: Contact the respective training partner for all amendment/cancellation queries
– At a conference or special event: Contact the respective conference/event coordinator for all amendment/cancellation queries
– At your premises/required location or via live virtual training: No cancellation fee until 21 days before the course is scheduled to run, after which a 50% cancellation fee is incurred. Cancellations 7 days or less before the course is scheduled to run incur a 100% cancellation fee.

I would like to purchase additional hacklab access, is there an option for this?

Of course – If your 14-day complementary access isn’t enough, you can purchase a 28-day extension.

Latests news & insights Related articles & resources.