ATTEND ONLINE: Virtual via Zoom and LMS
DATE: 22-23 November 2021
TIME: 09:00 to 17:00 GST/GMT+4
|22 November||Monday||09:00 to 17:00 GST/GMT+4||8 Hours|
|23 November||Tuesday||09:00 to 17:00 GST/GMT+4||8 Hours|
14-days FREE lab time after class and Discord access for support
New for 2021, in.security’s 2-day Defending Enterprises training is the natural counterpart to their popular Hacking Enterprises course.
From SIEM monitoring, alerting and threat hunting, you’ll play a SOC analyst in their cloud-based lab and try to rapidly locate IOA’s and IOC’s from an enterprise breach.
You’ll use a combination of Microsoft Azure Sentinel and Elastic platforms to perform practical exercises. In each instance, filters and/or expressions will be supplied for both platforms (where applicable).
We know 2 days isn’t a lot of time, so you’ll also get 14-days FREE lab time after class and Discord access for support.
Why should you take this course?
This training is suited to a variety of students, including:
- SOC analysts
- Security professionals
- Penetration testers / Red Team operators
- IT Support, administrative and network personnel
Key Learning Objectives
- Students will takeaway detection queries that can be immediately used and leveraged to help better protect their networks.
- The training includes underlying knowledge of each offensive attack, which in turn provides a deeper insight for defenders to better understand the attacks they are facing and produce reliable detection queries.
- Students will be detecting attacks in up to date environments, running the latest versions of Windows and malware definitions, ensuring detections don't take place in actively weakened environments.
- Understanding of networking concepts
- Previous SOC and/or pentesting experience is advantageous, but not required
- Previous experience with the Kusto Query Language (KQL) is beneficial, but not required
Hardware / Software Requirements
• Students will need to have access to a laptop and their favourite browser!
• MITRE ATT&CK framework
• Defensive OSINT
• Linux auditing and logging
• Windows auditing, events, logging and Sysmon
• Using Logstash as a data forwarder
• Overview of fields, filters and queries in ELK and Azure Sentinel
Attacks and host compromises will be actioned by the trainers and delegates will be asked to configure real-time alerting and monitoring using the provided lab infrastructure, in order to identify these events.
• Identifying Indicators of Attack (IOA) and Indicators of Compromise (IOC)
• Detecting phishing attacks (Office macros, HTA’s and suspicious links)
• Creating alerts and analytical rules
• Detecting credential exploitation (Kerberoasting, PtH, PtT, DCSync)
• Detecting lateral movement within a network (WinRM, WMI, SMB, DCOM, MSSQL)
• Detecting data exfiltration (HTTP/S, DNS, ICMP)
• Detecting persistence activities (userland methods, WMI Event Subscriptions)
• C2 Communications