Introducing… Defending Enterprises

Have you taken part in our hacking enterprises training course? Our engaging 2-day ‘Defending Enterprises’ cyber threat hunting training is the natural counterpart.

Price/availability: See our events schedule for availability

Perfect for: Individuals and teams looking to expand their cyber security skills and knowledge

At, our intensive cyber threat hunting simulation has been designed to teach knowledge and skills required to rapidly identify and detect malicious activity in your network.

Our trainers conduct an enterprise breach where you can gain the practical experience you need and be prepared for a real-life attack. From setup and configuration to threat hunting, monitoring and alerting, guard your organisation’s infrastructure against attackers and cyber threats with defending enterprises.

Cyber threat hunting course topics: What you’ll learn.

Defending enterprises covers a wide array of topics across the 2 days to ensure you gain the knowledge you need:

  • MITRE ATT&CK, CAR and D3fend frameworks
  • Defensive OSINT
  • Linux/Windows auditing, logging and Sysmon
  • Windows events, logging and Sysmon
  • Using Logstash as a data forwarder
  • Overview of KQL and Microsoft Sentinel
  • Identifying Indicators of Attack and Compromise (IOA and IOC)
  • Detecting phishing attacks and living off the land (LOLBAS) abuse
  • Detecting C2 traffic and beacons
  • Detecting credential exploitation (Kerberoasting, PtH, PtT, DCSync)
  • Detecting Azure AD cloud attacks (Pass-the-PRT)
  • Detecting Active Directory Certificate Services (ADCS) attacks
  • Creating alerts and analytical rules in Microsoft Sentinel
  • Detecting lateral movement (WinRM, SMB, DCOM, MSSQL)
  • Detecting data exfiltration (HTTP/S, DNS, ICMP)
  • Detecting persistence (userland methods, WMI Event Subscriptions)
  • C2 communications

This threat hunting course includes.

  • 14-days lab access after training completes
  • Discord support channel access where our security consultants are available
  • Completion certificate

What you need Prerequisites.

  • Understanding of networking concepts
  • Previous pentesting and/or SOC experience advantageous, but not required

Other training courses & workshops: View our upcoming events.

Hacking Enterprises – 2024 Red Edition

Las Vegas @ Black Hat USA
Hacking Enterprises – 2024 Red Edition

Defending Enterprises – 2024 Edition

Las Vegas @ Black Hat USA
Defending Enterprises – 2024 Edition

Defending Enterprises – 2024 Edition

Las Vegas @ Black Hat USA
Defending Enterprises – 2024 Edition

Here to help: Defending Enterprises’ FAQs.

Where do your courses run?

Our courses are delivered and accessible in a number of locations including: live virtual training at your premises or required location, through our training partners, and/or at special events and conferences throughout the year. You can find our scheduled events in our calendar.

If I need to cancel a course, is there a charge?

Charges are dependent on the location of the course you’ve booked:
– Via our training partners: Contact the respective training partner for all amendment/cancellation queries
– At a conference or special event: Contact the respective conference/event coordinator for all amendment/cancellation queries
– At your premises/required location or via live virtual training: No cancellation fee until 21 days before the course is scheduled to run, after which a 50% cancellation fee is incurred. Cancellations 7 days or less before the course is scheduled to run incur a 100% cancellation fee.

I would like to purchase additional hacklab access, is there an option for this?

Of course – If your 14-day complementary access isn’t enough, you can purchase a 28-day extension.