Price/availability: See our events schedule for availability
Perfect for: Individuals and teams looking to expand their cyber security skills and knowledge
Have you taken part in our hacking enterprises course? Our engaging 2-day defending enterprises training is the natural counterpart.
At In.security, our intensive threat hunting simulation has been designed to teach knowledge and skills required to rapidly identify and detect malicious activity in your network.
Our trainers conduct an enterprise breach where you can gain the practical experience you need and be prepared for a real-life attack. From setup and configuration to threat hunting, monitoring and alerting, guard your organisation’s infrastructure against attackers and threats with defending enterprises.
Course topics What you’ll learn.
Defending enterprises covers a wide array of topics across the 2 days to ensure you gain the knowledge you need:
- MITRE ATT&CK framework primer
- Defensive OSINT
- Linux auditing and logging
- Windows events, logging and Sysmon
- Using Logstash as a data forwarder
- Overview of KQL and Microsoft Sentinel
- Identifying Indicators of Attack (IOA) and Indicators of Compromise (IOC)
- Detecting phishing attacks (Office macros, HTA’s and suspicious links)
- Detecting C2 traffic and beacons
- Detecting credential exploitation (Kerberoasting, PtH, PtT, DCSync)
- Creating alerts and analytical rules in Microsoft Sentinel
- Detecting lateral movement (WinRM, WMI, SMB, DCOM, MSSQL)
- Detecting data exfiltration (HTTP/S, DNS, ICMP)
- Detecting persistence (userland methods, WMI Event Subscriptions)
- C2 communications
This course includes.
- 14-days lab access after training completes
- Discord support channel access where our security consultants are available
- Completion certificate
What you need Prerequisites.
- Understanding of networking concepts
- Previous pentesting and/or SOC experience advantageous, but not required
Technical training & workshops Upcoming events & workshops.
FREE Workshop – Catch Me If You Can: Seeing Red Through Blue
FREE Cyber Awareness
Here to help Defending Enterprises’ FAQs.
Our courses are delivered and accessible in a number of locations including: live virtual training at your premises or required location, through our training partners, and/or at special events and conferences throughout the year. You can find our scheduled events in our calendar.
Charges are dependent on the location of the course you’ve booked:
– Via our training partners: Contact the respective training partner for all amendment/cancellation queries
– At a conference or special event: Contact the respective conference/event coordinator for all amendment/cancellation queries
– At your premises/required location or via live virtual training: No cancellation fee until 21 days before the course is scheduled to run, after which a 50% cancellation fee is incurred. Cancellations 7 days or less before the course is scheduled to run incur a 100% cancellation fee.
Of course – If your 14-day complementary access isn’t enough, you can purchase a 28-day extension.