Defending Enterprises
2-Day Training | Virtual
| 21-23 November 2021

Defending Enterprises

New for 2021, in.security's 2-day Defending Enterprises training is the natural counterpart to their popular Hacking Enterprises course. From SIEM monitoring, alerting and threat hunting, you’ll play a SOC analyst in their cloud-based lab and try to rapidly locate IOA’s and IOC’s from an enterprise breach. You’ll use a combination of Microsoft Azure Sentinel and Elastic platforms to perform practical exercises. In each instance, filters and/or expressions will be supplied for both platforms (where applicable).

14-DAYS FREE LAB TIME AFTER CLASS AND DISCORD SUPPORT
Co-founder, in.security
Co-founder, in.security

Available seats

TBA

Difficulty

Intermediate
US$ 2,299

Attend in-person

TBA

Attend online

via livestream

Date

21-23 November 2021

Time

09:00 to 17:00 GST/GMT+4
To be announced

New for 2021, in.security's 2-day Defending Enterprises training is the natural counterpart to their popular Hacking Enterprises course.

From SIEM monitoring, alerting and threat hunting, you’ll play a SOC analyst in their cloud-based lab and try to rapidly locate IOA’s and IOC’s from an enterprise breach.You’ll use a combination of Microsoft Azure Sentinel and Elastic platforms to perform practical exercises. In each instance, filters and/or expressions will be supplied for both platforms (where applicable).

We know 2 days isn't a lot of time, so you'll also get 14-days FREE lab time after class and Discord access for support.

This training is suited to a variety of students, including:

  • SOC analysts
  • Security professionals
  • Penetration testers / Red Team operators
  • IT Support, administrative and network personnel
  • Understanding of networking concepts
  • Previous SOC and/or pentesting experience is advantageous, but not required
  • Previous experience with the Kusto Query Language (KQL) is beneficial, but not required
  • Students will takeaway detection queries that can be immediately used and leveraged to help better protect their networks.
  • The training includes underlying knowledge of each offensive attack, which in turn provides a deeper insight for defenders to better understand the attacks they are facing and produce reliable detection queries.
  • Students will be detecting attacks in up to date environments, running the latest versions of Windows and malware definitions, ensuring detections don't take place in actively weakened environments.

• Students will need to have access to a laptop and their favourite browser!

+Testimonials

No data was found

+agenda

Title

Details

Date

Day 2 - Defending Enterprises Training

Day 2

• Detecting lateral movement within a network (WinRM, WMI, SMB, DCOM, MSSQL)
• Detecting data exfiltration (HTTP/S, DNS, ICMP)
• Detecting persistence activities (userland methods, WMI Event Subscriptions)
• C2 Communications

23 November 2021
Day 1 - Defending Enterprises Training
• MITRE ATT&CK framework

• Defensive OSINT
• Linux auditing and logging
• Windows auditing, events, logging and Sysmon
• Using Logstash as a data forwarder
• Overview of fields, filters and queries in ELK and Azure Sentinel

 

Attacks and host compromises will be actioned by the trainers and delegates will be asked to configure real-time alerting and monitoring using the provided lab infrastructure, in order to identify these events.

 

• Identifying Indicators of Attack (IOA) and Indicators of Compromise (IOC)
• Detecting phishing attacks (Office macros, HTA’s and suspicious links)
• Creating alerts and analytical rules
• Detecting credential exploitation (Kerberoasting, PtH, PtT, DCSync)

22 November 2021

Book your spot for this training

+TRAINERS

Will Hunt
Co-founder, in.security

Will (@Stealthsploit) co-founded In.security in 2018. He’s been in infosec for over a decade and has helped secure many organisations through technical security services and training. Will’s delivered hacking courses globally at several conferences including Black Hat and has spoken at various conferences and events. Will also assists the UK government in various technical, educational and advisory capacities. Before Will was a security consultant he was an experienced digital forensics consultant and traine

Owen Shearing
Co-founder, in.security

Owen (@rebootuser) is a co-founder of In.security, a specialist cyber security consultancy offering technical and training services based in the UK. He has a strong background in networking and IT infrastructure, with well over a decade of experience in technical security roles. Owen has provided technical training to a variety of audiences at bespoke events as well as Black Hat, Wild West Hackin’ Fest, NolaCon, 44CON and BruCON. He keeps projects at https://github.com/rebootuser.

+OTHER COURSES YOU MIGHT BE INTERESTED IN

x86-64 All You Can Learn Buffet!
US$ 4,299
x86-64 All You Can Learn Buffet!

This class is run a little different from most classes. We provide you purpose-built recorded lectures instead of trapping you in realtime with live-lectures. But fear not, the instructor is always right there eagerly waiting to mingle with the students and answer any questions you have. (The instructor really likes being asked questions. It shows you're paying attention ;)). One of many benefits is that you can watch lectures at 2x speed and zoom ahead of the other students and get to the hands on labs quicker. Or if there's bits of material you already know, you can just skip them and move on to the bits you don't know! Another big benefit is that you get to take the full lectures and labs with you! That means if you forget stuff and then need it in 6 months, you can quickly re-bootstrap yourself! Or you can watch the class twice, to really grow those neural connections and cement it in your brain! And unlike live lectures, our lectures are always getting more factually accurate, by having any accidental errors edited out.


Go HERE to join the 2-day x86-64 Assembly class. Or,
Go HERE to join the 2-day x86-64 OS Internals class. Or,
Go HERE to join the 4-day x86-64 Reset Vector Firmware class.
4-Day Training Hybrid
x86-64 Reset Vector Firmware
US$ 2,299
x86-64 Reset Vector Firmware

This class is designed to give you all the background you need to understand how x86-64 reset vector firmware works, and what the most common security misconfigurations are. It will prepare you to be able to read and understand the existing attack and defense research in the space, taking an explicit walk through of the attack and defense moves and counter-moves threat tree. And as always, this classes teaches you to be comfortable with Reading The Fun Manual (RTFM!) to go seek out the most accurate details of how things work, and to see out new problems in new areas that no one's read yet with a security mindset.

You can also opt to attend this class on 23 & 24 Nov instead. To do so, just email info@cyberweek.ae

Go HERE to join the 2-day x86-64 Assembly class. Or,
Go HERE to join the 2-day x86-64 OS Internals class. Or,
Go HERE to join the 4-day x86-64 All You Can Learn Buffet class.
2-Day Training Hybrid
x86-64 OS Internals
US$ 2,299
x86-64 OS Internals

This class teaches you about the fundamental hardware mechanisms which all operating systems, virtualization systems, and firmware *must* interact with in order to run successfully on x86 hardware. This is taught in a *mostly* OS-agnostic way focusing on Intel-isms rather than OS-isms (albeit with using Windows as reinforcement, thanks to its excellent kernel-level debugging support.) This class also teaches you to be comfortable with Reading The Fun Manual (RTFM!) to give you self-sufficiency when seeking out the most accurate details of how things work.

You can also opt to attend this class on 23 & 24 Nov instead. To do so, just email info@cyberweek.ae

Go HERE to join the 2-day x86-64 Assembly class. Or,
Go HERE to join the 2-day x86-64 Reset Vector Firmware class. Or,
Go HERE to join the 4-day x86-64 All You Can Learn Buffet class.
2-Day Training Hybrid
x86-64 Assembly
US$ 2,299
x86-64 Assembly

This class teaches you how to disassemble binaries, read x86-64 assembly language, and debug black-box binaries in WinDbg and GDB. This knowledge of assembly is the fundamental skill which is required to learn reverse engineering and vulnerability exploitation. Reverse engineering is in turn a fundamental skill which is required for malware analysis and vulnerability hunting.

 

You can also opt to attend this class on 23 & 24 Nov instead. To do so, just email info@cyberweek.ae

 
Go HERE to join the 2-day x86-64 OS Internals class. Or,
Go HERE to join the 2-day x86-64 Reset Vector Firmware class. Or,
Go HERE to join the 4-day x86-64 All You Can Learn Buffet class.  
2-Day Training Hybrid