2-Day Training | 22-23 Nov

Defending Enterprises [HITB+ Cyberweek 2021]

Duration 2 days
Seats Available 15
Difficulty intermediate


Register Now


ATTEND ONLINE: Virtual via Zoom and LMS

DATE: 22-23 November 2021

TIME: 09:00 to 17:00 GST/GMT+4

Date Day Time Duration
22 November Monday 09:00 to 17:00 GST/GMT+4 8 Hours
23 November Tuesday 09:00 to 17:00 GST/GMT+4 8 Hours

14-days FREE lab time after class and Discord access for support

New for 2021, in.security’s 2-day Defending Enterprises training is the natural counterpart to their popular Hacking Enterprises course.

From SIEM monitoring, alerting and threat hunting, you’ll play a SOC analyst in their cloud-based lab and try to rapidly locate IOA’s and IOC’s from an enterprise breach.

You’ll use a combination of Microsoft Azure Sentinel and Elastic platforms to perform practical exercises. In each instance, filters and/or expressions will be supplied for both platforms (where applicable).

We know 2 days isn’t a lot of time, so you’ll also get 14-days FREE lab time after class and Discord access for support.

Why should you take this course?

This training is suited to a variety of students, including:

  • SOC analysts
  • Security professionals
  • Penetration testers / Red Team operators
  • IT Support, administrative and network personnel

Key Learning Objectives

  • Students will takeaway detection queries that can be immediately used and leveraged to help better protect their networks.
  • The training includes underlying knowledge of each offensive attack, which in turn provides a deeper insight for defenders to better understand the attacks they are facing and produce reliable detection queries.
  • Students will be detecting attacks in up to date environments, running the latest versions of Windows and malware definitions, ensuring detections don't take place in actively weakened environments.

Prerequisite Knowledge

  • Understanding of networking concepts
  • Previous SOC and/or pentesting experience is advantageous, but not required
  • Previous experience with the Kusto Query Language (KQL) is beneficial, but not required

Hardware / Software Requirements

• Students will need to have access to a laptop and their favourite browser!


Expand All

Day 1

• MITRE ATT&CK framework
• Defensive OSINT
• Linux auditing and logging
• Windows auditing, events, logging and Sysmon
• Using Logstash as a data forwarder
• Overview of fields, filters and queries in ELK and Azure Sentinel

Attacks and host compromises will be actioned by the trainers and delegates will be asked to configure real-time alerting and monitoring using the provided lab infrastructure, in order to identify these events.

• Identifying Indicators of Attack (IOA) and Indicators of Compromise (IOC)
• Detecting phishing attacks (Office macros, HTA’s and suspicious links)
• Creating alerts and analytical rules
• Detecting credential exploitation (Kerberoasting, PtH, PtT, DCSync)

Day 2

• Detecting lateral movement within a network (WinRM, WMI, SMB, DCOM, MSSQL)
• Detecting data exfiltration (HTTP/S, DNS, ICMP)
• Detecting persistence activities (userland methods, WMI Event Subscriptions)
• C2 Communications

Sign Up For an Account

to track your favorites

Sign Up

Want a Training Not Seen Here?

Write to Us

Contact Us