Leszek Miś is the Founder of Defensive Security (www.defensive-security.com), Principal Trainer and Security Researcher with over 16 years of experience in Cyber Security and Open Source Security Solutions market. He went through the full path of the infosec carrier positions: from OSS researcher, Linux administrator, and system developer and DevOps, through penetration tester and security consultant delivering hardening services and training for the biggest players in the European and global market, to become finally an IT Security Architect / SOC Security Analyst with deep non-vendor focus on Network Security attack and detection. He’s got deep knowledge about finding blind spots and security gaps in corporate environments. Perfectly understands technology and business values from delivering structured, automated adversary simulation platform.
Recognized speaker and trainer: BruCON 2017/2018, Black Hat USA 2019, OWASP Appsec US 2018, FloCon USA 2018, Hack In The Box Dubai / Amsterdam / Singapore / Abu Dhabi 2018/2019/2020, 44CON UK 2019, Confidence PL, PLNOG, Open Source Day PL, Secure PL, Advanced Threat Summit PL
Member of OWASP Poland Chapter.
Author of many IT Security trainings:
- Open Source Defensive Security → The Trinity of Tactics for Defenders
- In & Out → Network Exfiltration and Post-Exploitation Techniques [RED EDITION]
- In & Out → Detection of Network Exfiltration and Post-Exploitation Techniques [BLUE EDITION]
- System Internals – Network, OS and Memory Forensics
- SELinux → Development & Administration of Mandatory Access Control Policy
- Advanced RHEL/CentOS Defensive Security & Hardening
- ModSecurity → Development and Management of Web Application Firewall rules
- FreeIPA → Identity Management for Linux Domain Environments & Trusts
Holds many certifications: OSCP, RHCA, RHCSS, Splunk Certified Architect.
His areas of interest include network “features” extraction, OS internals and forensics. Constantly tries to figure out what the AI/ML Network Security vendors try to sell. In free time he likes to break into “IoT world” just for fun. Still learning hard every single day.
What students say about this training:
“The content of in and out was great. Lots of gained knowledge and hands on!”
“Great course! A truly huge number of topics and tools covered”
“Leszek was a really good trainer, he covered a lot of material, and had a very good personality.”
“Leszek Miś is very knowledgeable in the topics covered in the course. He also shares real life scenarios which were useful for participants to better understand application of material presented. The content was very good, it covers many leading open source projects which I find useful. I would recommend this course to my colleagues”
This training is based on the PurpleLabs Cyber Range Playground. It’s a dedicated, virtual infrastructure for detecting and analyzing the behavior of attackers in terms of the techniques, tactics, procedures, and used offensive tools. The environment is to serve the continuous improvement of competences in the field of threat hunting and learning about current trends from offensive scope (red-teaming) vs direct detection perspective (blue-teaming) and DFIR. By providing high-quality training materials with the lab environment in a scalable online format, we want to enable businesses to improve the detection capacity of their SOC teams and achieve better visibility and resistance to attacks. Having hands dirty with PurpleLabs will allow you to:
- Develop the team’s analytical skills required to work in the Security Operation Center environment
- Increase awareness of the complexity and dependencies between the elements of the APT campaigns, malware and the areas of detection
- Deliver a periodic knowledge transfer and systematic expansion of team competences in the field of Red + Blue = Purple teaming
- Acquire Attack Paths / Attack Lifecycles and Security Event Chains skills by combining attacker’s single techniques, tactics and procedures (Chain Attack Scenarios)
- Understand the value of the Assume Breach approach and simulation of threats after early access (C2, post-exploitation, Lateral Movement, Persistence, Evasion)
- Understand what threat hunting is and why it is important
- Understand proactive DFIR and why it is important
- Acquire skills related to generating suspicious events on the layer of network and Windows and Linux operating systems and methods of their detection
- Understand the potential of Sigma rules and their values for SIEM solutions.
- Run a validation of the current security status of the organization’s network and the risks involved
- Obtain knowledge on supplying/creating a complete SOC environment using Open Source software.
About Defensive Security
Defensive Security delivers high-quality cyber security services including Linux / Windows digital forensics, incident response, latest threat analysis, and hunting, penetration testing, and infrastructure hardening. We successfully deliver a combination of Threat/Adversary Emulations vs network/endpoint investigations and log analysis at scale which is known as Purple Teaming.
Defensive Security offers advanced, hands-on cyber security training programs backed by PurpleLabs – a fully customized Cyber Range Environment enriched by step-by-step offensive/defensive lab instructions. Want to sharpen your Purple team skills? Try PurpleLabs where you will be playing with chained attack paths, emulating attacker’s TTPs, and running detection/response at the same time by using Sysmon and EVTX, Auditd, Wazuh, Graylog, HELK, ElastAlert, Falco, OSQuery, Velociraptor, Zeek, Suricata, Moloch FPC, Volatility Framework, theHive, MISP, and Sigma Rules.
Our mission is to help organizations have more secure infrastructures, better utilize Open Source software in Security Operations, and enable businesses to improve the detection capacity and skills of their SOC/IR teams.
We are trusted by the biggest customers from the private, oil and gas, insurance, and financial sector. It was an honor for us to conduct training workshops during the biggest conferences including Hack In The Box, BruCON, 44CON, OWASP AppSec US, and Black Hat US.
Our almost 20 years of hands-on experience with Open Source Security Solutions go directly into the full spectrum of technology solutions to support customers achieving better visibility and detections, improving offensive and defensive Red / Blue and Purple team skills, validating defensive technology stacks, and helping understand the value of the Assume Breach approach and emulation of threats after getting initial access (C2, post-exploitation, Lateral Movement, Persistence, Evasion).
- In & Out (Purple Edition) - Detection as Code vs Adversary Simulations
- Free Workshop: Threat Detection and Hunting with PurpleLabs #1 [16 February]
- Free Workshop: Threat Detection and Hunting with PurpleLabs #2 [16 March]
- BLUE EDITION In & Out: Network Data Exfiltration Techniques | 24 & 25 September 2020 2020-09-24
- In & Out - Adversary Simulations vs Hunting: PURPLE Edition [March 2021] 2021-03-29
- In & Out - Adversary Simulations vs Hunting: PURPLE Edition [HITB2021AMS Virtual] 2021-05-24
- In & Out - Attack, Detection & Hunting with PurpleLabs [HITB2021SIN] 2021-08-23
- In & Out – COMBO Attack, Detection & Hunting with PurpleLabs [HITB+ CYBERWEEK 2021] 2021-11-21
- In & Out – Linux Attack, Detection & Hunting with PurpleLabs [HITB+ CYBERWEEK 2021] 2021-11-21
- In & Out – Windows Attack, Detection & Hunting with PurpleLabs [HITB+ CYBERWEEK 2021] 2021-11-23
- Linux Forensics Inspection and Incident Response at Scale 2022-05-11