Defending Enterprises

Online Training date: October 21-22, 2021.

Abstract

New for 2021, our immersive 2-day Defending Enterprises training is the natural counterpart to our popular Hacking Enterprises course.

From SIEM configuration to monitoring, alerting and threat hunting, you’ll play a SOC analyst in our cloud-based lab and try to rapidly locate IOA’s and IOC’s from a enterprise breach. You’ll use a combination of Microsoft Azure Sentinel and Elastic platforms to perform practical exercises. In each instance, filters and/or expressions will be supplied for both platforms (where applicable).

Highlights of some of the key areas covered are…

  • Detecting phishing attacks
  • Detecting credential exploitation
  • Detecting lateral movement
  • Detecting data exfiltration
  • Detecting persistence activities
  • much more!

Description

New for 2021, our immersive 2-day Defending Enterprises training is the natural counterpart to our popular Hacking Enterprises course.

From SIEM configuration to monitoring, alerting and threat hunting, you’ll play a SOC analyst in our cloud-based lab and try to rapidly locate IOA’s and IOC’s from a live enterprise breach executed by the trainers in real time.

You’ll use a combination of Microsoft Azure Sentinel and Elastic platforms to perform practical exercises. In each instance, filters and/or expressions will be supplied for both platforms (where applicable).

We know 2 days isn’t a lot of time, so you’ll also get 14-days FREE lab time after class and Discord access for support.

Agenda

Day 1

  • MITRE ATT&CK framework
  • Defensive OSINT
  • Linux auditing and logging
  • Windows auditing, events, logging and Sysmon
  • Using Logstash as a data forwarder
  • Overview of fields, filters and queries in ELK and Azure Sentinel

Attacks and host compromises will be actioned by the trainers and delegates will be asked to configure real-time alerting and monitoring using the provided lab infrastructure, in order to identify these events.

  • Identifying Indicators of Attack (IOA) and Indicators of Compromise (IOC)
  • Detecting phishing attacks (Office macros, HTA’s and suspicious links)
  • Creating alerts and analytical rules
  • Detecting credential exploitation (Kerberoasting, PtH, PtT, DCSync)

Day 2

  • Detecting lateral movement within a network (WinRM, WMI, SMB, DCOM, MSSQL)
  • Detecting data exfiltration (HTTP/S, DNS, ICMP)
  • Detecting persistence activities (userland methods, WMI Event Subscriptions)
  • C2 Communications

About the Speakers