In & Out – Attack, Detection & Hunting with PurpleLabs [HITB+ CYBERWEEK 2021]
3-Day Training | Hybrid
| 21-23 November 2021

In & Out - Attack, Detection & Hunting with PurpleLabs [HITB+ CYBERWEEK 2021]

Participants will thoroughly familiarize themselves with the content of the available Sigma detection rules and their structure, better understand the essence of offensive actions, learn the low-level relationships between data sources, and thus achieve knowledge in creating their own detection rules (and eventually bypassing them).

Seats available

15

Difficulty

Intermediate
US$ 3,299

Attend in-person

Available

Attend online

Available

Date

21-23 November 2021

Time

09:00 to 17:00 GST/GMT+4
To be announced
The “In & Out - Attack, Detection & Hunting with PurpleLabs” is an intermediate hands-on PurpleLABS training created to present:
  • The value of the Assume Breach approach and simulation of threats after getting early access to the target. (Discovery, C2, Lateral Movement, Persistence, Evasion, Exfiltration, Execution, Credential Access)
  • The importance of Blue and Red team cooperation and how to effectively run hunting activities and write security notes.
  • “Feel the network and systems” approach to get and understand the baseline behavior of devices, OS and network.
  • Different ways for playing with many important data sources including Sysmon, Windows Event Logs, Syslog, Falco, Yara, eBPF, Zeek, Suricata, OSQuery, memory dumps and Full Packet Captures.
  • How to run adversary simulations effectively including a development of Attack Paths and Chain Attack scenarios by combining the attacker's techniques, tactics and procedures.
  • Visibility, detection methods and capabilities of well recognized Hunting and Detection tools including HELK, Splunk, Elastiflow, Moloch, Kolide Fleet, Wazuh, Graylog, theHive and MISP.
  • The potential of Sigma rules (+ElastAlert) and their values ​​for SIEM engines.
  • Engineering and analytical skills required to work in the Security Operation Center environment.
  • Verification methods and techniques for Cyber Security product and service providers → in terms of internal testing and supporting PoC / PoV programs.

The primary goal of this training is to show and teach you how to generate offensive attack events/symptoms that you will detect in parallel by using PurpleLABS SOC stack powered by Sigma Rules - the open standard event description ruleset - and the rest of the dedicated, Open Source security solutions in use.

Participants will thoroughly familiarize themselves with the content of the available Sigma detection rules and their structure, better understand the essence of offensive actions, learn the low-level relationships between data sources, and thus achieve knowledge in creating their own detection rules (and eventually bypassing them).

  • Red and Blue team members
  • Security / Data Analytics
  • CSIRT / Incident Response Specialists
  • IT Security Professionals, Experts & Consultants
  • Network Security Engineers
  • SOC members and SIEM Engineers
  • AI / Machine Learning Developers
  • Open Source Security Enthusiasts

This course takes on an “Adversary Simulations vs Hunting” approach in a condensed format. This will allow a gradual escalation of the level of knowledge in the scope of red / blue / purple teaming to both experienced specialists and beginners while maintaining the attractiveness and pleasure of performed tasks. Detection does not have to be boring and tedious!

  • Realistic 100% pure lab-oriented offensive and defensive security use cases.
  • Minimum theory, maximum hands -on with high level of expertise.
  • A lot of accumulated knowledge in one place with a focus on high priority elements.
  • An intermediate level of command-line syntax experience using Linux and Windows
  • Fundament knowledge of TCP/IP network protocols
  • Penetration testing experience performing enumeration, exploiting, and lateral movement is beneficial, but not required
  • Basic programming skills are a plus, but not essential
  • Learn current trends, techniques, and offensive tools for Discovery, C2, Lateral Movement, Persistence, Evasion, Exfiltration, Execution, Credential Access against Linux and AD Windows machines.
  • Learn ways to improve detection and sharpen your event correlation skills across many different data sources.
  • Find the malicious activities and identify threat details on the network.
  • Prepare your SOC team for fast filtering out network noise and allow for better incident response handling.
  • Find out how Detection / DFIR Open Source Software can support your SOC infrastructure.
  • Understand values of manual and automated approach to simulate attackers and generate anomalies.
  • Identify blind spots in your network security posture.

+Testimonial

No data was found

+agenda

Title

Details

Date

No data was found

+you might be interested