Defending Enterprises [HITB+ Cyberweek 2021]



2 days

Delivery Method




Seats Available



2 days

Delivery Method




ATTEND ONLINE: Virtual via Zoom and LMS

DATE: 22-23 November 2021

TIME: 09:00 to 17:00 GST/GMT+4

Date Day Time Duration
22 November Monday 09:00 to 17:00 GST/GMT+4 8 Hours
23 November Tuesday 09:00 to 17:00 GST/GMT+4 8 Hours

14-days FREE lab time after class and Discord access for support

New for 2021,’s 2-day Defending Enterprises training is the natural counterpart to their popular Hacking Enterprises course.

From SIEM monitoring, alerting and threat hunting, you’ll play a SOC analyst in their cloud-based lab and try to rapidly locate IOA’s and IOC’s from an enterprise breach.

You’ll use a combination of Microsoft Azure Sentinel and Elastic platforms to perform practical exercises. In each instance, filters and/or expressions will be supplied for both platforms (where applicable).

We know 2 days isn’t a lot of time, so you’ll also get 14-days FREE lab time after class and Discord access for support.


  • Day 1

    • MITRE ATT&CK framework • Defensive OSINT • Linux auditing and logging • Windows auditing, events, logging and Sysmon • Using Logstash as a data forwarder • Overview of fields, filters and queries in ELK and Azure Sentinel Attacks and host compromises will be actioned by the trainers and delegates will be asked to configure real-time alerting and monitoring using the provided lab infrastructure, in order to identify these events. • Identifying Indicators of Attack (IOA) and Indicators of Compromise (IOC) • Detecting phishing attacks (Office macros, HTA’s and suspicious links) • Creating alerts and analytical rules • Detecting credential exploitation (Kerberoasting, PtH, PtT, DCSync)

  • Day 2

    • Detecting lateral movement within a network (WinRM, WMI, SMB, DCOM, MSSQL) • Detecting data exfiltration (HTTP/S, DNS, ICMP) • Detecting persistence activities (userland methods, WMI Event Subscriptions) • C2 Communications

Why You Should Take This Course

This training is suited to a variety of students, including:
  • SOC analysts
  • Security professionals
  • Penetration testers / Red Team operators
  • IT Support, administrative and network personnel

Who Should Attend


Key Learning Objectives

  • Students will takeaway detection queries that can be immediately used and leveraged to help better protect their networks.

  • The training includes underlying knowledge of each offensive attack, which in turn provides a deeper insight for defenders to better understand the attacks they are facing and produce reliable detection queries.

  • Students will be detecting attacks in up to date environments, running the latest versions of Windows and malware definitions, ensuring detections don't take place in actively weakened environments.
  • Prerequisite Knowledge

    • Understanding of networking concepts
    • Previous SOC and/or pentesting experience is advantageous, but not required
    • Previous experience with the Kusto Query Language (KQL) is beneficial, but not required

    Hardware / Software Requirements

    • Students will need to have access to a laptop and their favourite browser!

    Your Instructor

    No data was found