|22 November||Monday||09:00 to 17:00 GST/GMT+4||8 Hours|
|23 November||Tuesday||09:00 to 17:00 GST/GMT+4||8 Hours|
New for 2021, in.security’s 2-day Defending Enterprises training is the natural counterpart to their popular Hacking Enterprises course.
From SIEM monitoring, alerting and threat hunting, you’ll play a SOC analyst in their cloud-based lab and try to rapidly locate IOA’s and IOC’s from an enterprise breach.
You’ll use a combination of Microsoft Azure Sentinel and Elastic platforms to perform practical exercises. In each instance, filters and/or expressions will be supplied for both platforms (where applicable).
We know 2 days isn’t a lot of time, so you’ll also get 14-days FREE lab time after class and Discord access for support.
• MITRE ATT&CK framework • Defensive OSINT • Linux auditing and logging • Windows auditing, events, logging and Sysmon • Using Logstash as a data forwarder • Overview of fields, filters and queries in ELK and Azure Sentinel Attacks and host compromises will be actioned by the trainers and delegates will be asked to configure real-time alerting and monitoring using the provided lab infrastructure, in order to identify these events. • Identifying Indicators of Attack (IOA) and Indicators of Compromise (IOC) • Detecting phishing attacks (Office macros, HTA’s and suspicious links) • Creating alerts and analytical rules • Detecting credential exploitation (Kerberoasting, PtH, PtT, DCSync)
• Detecting lateral movement within a network (WinRM, WMI, SMB, DCOM, MSSQL) • Detecting data exfiltration (HTTP/S, DNS, ICMP) • Detecting persistence activities (userland methods, WMI Event Subscriptions) • C2 Communications